blog.deanwild.co.uk

me@deanwild.co.uk

All | Cars | General | Tech

Android: Factory Reset Protection Bypass

 May 19, 2022

Android has a clever system implemented called Factory Reset Protection.

In essence, it's an anti-theft measure designed to make stolen phones/tablets worthless.

If you factory reset a device the "normal" way from within a booted up and unlocked device then you'll have no issue.

But if you factory reset a device (or wipe) via recovery mode then the next time you boot the thing up and try to run through the setup wizard you'll notice that the device will insist on you setting up an internet connection (you won't be able to skip this) and then you'll eventually hit a screen that says something like:

This device was reset. To continue, sign in with a Google Account that was previously synced on this device.

Like so:

There is obviously a flag which is written to /dev/block/*/by-name/frp which is cleared during a factory reset that is intiated  from the settings UI but NOT cleared when the device is wiped via some other means (e.g recovery).

If you happen to know the account then just go ahead and punch in your credentials.

If you actually stole this device (or bought it from somebody who stole it) then you're probably shit out of luck - sorry. You might see some old workarounds published but i'm fairly confident that all of those loopholes have been plugged.

In my case I did actually own this device but I genuinely had no idea which account had been used on it (some temporary development account with long lost credentials).

Luckily for me this tablet was unlocked and flashed with TWRP and Lineage a long time ago. The image that was flashed is actually an engineering build so ADB is on by default and I could ADB shell in even during the setup wizard and execute the following command:

adb shell content insert --uri content://settings/secure --bind name:s:user_setup_complete --bind value:s:1

adb reboot

After the reboot, the device immediately proceeds to the launcher / home screen.

I guess from here you could just go ahead and use the device but I think the FRP flag is still technically set, you just won't have any issues unless the device is once again reset via recovery.

I wanted to properly clear out the FRP flag however so I went ahead and executed a proper factory reset from the settings menu.

Sure enough after the reboot I was now able to perform a normal device setup without being asked for credentials.

Note: The FRP flag is only set when you log in with a Google account.

Currently there are no comments, so be the first!