Android_12_FRPBypass
Android_12_FRPBypass copied to clipboard
wuseman
FRP Bypass all Samsung devices incl. latest security patch from 2022-02-01, No third-party-tools is needed all you need is adb and latest firmware from Samsung installed Step By Step howto with previ...
(Work on all Samsung devices until Security Patch: 2022-02-01)
No worries, I got you covered with a newer version (they are fast but not fast enough so I decided to share this wiki to the public - This hack works perfect for all Samsung devices with latest securit patch (2022-02-01) while the wiki is created it works awesome still (2022-02-21),.This method does NOT work on Android 11 so you have an Android 11 FPR locked device so you can upgrade to the latest firmware from Samsung)
I share it freely because it's fun and because I can and because I think it's fun to share knowledge, I never report exploits or security issues for money! For me, time is more valuable than money.
1) Power on your device with Android 12 installed
2) Press start at welcome screen
3) Press End user license agreement and move on
4) Select wifi network
- Now connect to Wi-Fi..
5) Press volume up + power button
6) Draw your finger from bottom left to right then up
7) Allow talkback record audio: Choose only this time
8) Remove always show this message in the popup window
9) Now press on: use voice commands
10) Allow talkback record audio: Choose only this time
11) Say slowly: Google Assistant
12) Bixby will start
13) Login to your samsung account
14) Accept agreements
15) Press cancel when bixy asking for a faster way to sign in
16) Press start
17) Say: Open Google Chrome
18) Press Accept and Continue
19) Press no thanks on turn on sync
20) Browse to Nr1
21) Scroll down to "Alliance Shield X(Galaxy Store)"
22) Install "Alliance Shield X(Galaxy Store)" from samsung store
23) Once done, open Alliance Shield X Application
24) Press Next in welcome window
25) Press Next again in permission window
26) Press Next in privacy promise window
27) Press on Got It on getting started
28) Login on your account
29) Enter DEVICE Name, I tried this hack with a SM-G975F + SM-G985F
30) Enable Device Admin in device setup screen
31) Press activate in the activate device admin application
32) Press Next
33) Enable knox in samsung knox window, press next (dont remember exactly right now)
34) Press continue in "Knox License Activation"
35) You should see "Know license validation completed"
36) Press next
37) Press finish in import window
38) Press app manager in upper left corner
40) Press service mode
41) Press activities
42) Press service mode
43) Press open in the popup window
44) Choose MTP+ADB and press OK
45) Accept the adb request on your phone
- Now via
adb, execute below on device:
content insert --uri content://settings/secure \
--bind name:s:user_setup_complete \
--bind value:s:1
- For everyone that is interested more deeply, logcat gives us:
02-20 23:25:40.306 936 8470 D RestrictionPolicy: isSettingsChangesAllowedAsUser, userId 0 : true
02-20 23:25:40.306 936 8470 D SettingsProvider: ret = 1
02-20 23:25:40.318 936 8470 I GenerationRegistry: mBackingStore.isClosed() : false
02-20 23:25:40.320 5655 5655 I AODSettingsHelper: content://settings/secure/user_setup_complete changed
02-20 23:25:40.322 5655 5655 I AODSettingsHelper: mKey=user_setup_complete, mIntValue=1, mStringValue=null
02-20 23:25:40.322 5655 5655 I AODSettingsHelper: onChange() COMPLETED elapsed= 2
02-20 23:25:40.322 5655 5655 I AODSettingsHelper: **#### onSettingsValueChanged for content://settings/secure/user_setup_complete
02-20 23:25:40.322 5655 5655 I AODSettingsHelper: **#### onSettingsValueChanged callbackList == null
02-20 23:25:40.323 936 1133 D PackageManager: SetupWizardFinished: true
02-20 23:25:40.323 17664 17664 D hw-ProcessState: Binder ioctl to enable oneway spam detection failed: Invalid argument
02-20 23:25:40.325 17664 17664 D AndroidRuntime: Shutting down VM
02-20 23:25:40.344 5655 5655 I AODSettingsHelper: content://settings/secure/user_setup_complete changed
02-20 23:25:40.346 5655 5655 I AODSettingsHelper: mKey=user_setup_complete, mIntValue=1, mStringValue=null
02-20 23:25:40.346 5655 5655 I AODSettingsHelper: onChange() COMPLETED elapsed= 1
02-20 23:25:40.346 5655 5655 I AODSettingsHelper: **#### onSettingsValueChanged for content://settings/secure/user_setup_complete
02-20 23:25:40.346 5655 5655 I AODSettingsHelper: **#### onSettingsValueChanged callbackList == null
02-20 23:25:40.346 5655 5655 D DeviceProvisionedControllerImpl: Setting change: content://settings/secure/user_set
46) Press volume up + power
47) Draw your finger from bottom left to right then up
48) Say slowly: Open Settings
49) When bixby launches, press volume up + power again to turn off talkback settings
50) Press record button
51) Now say: Open Account Settings
52) Press add account
53) Add your google account
You are now signing in without any issues
54) And you're in!! :)
- As you might notice, you are now signed in.
!!! alert "ITS NOT DONE!!! DONT JUST RUSH INTO A FACTORY RESE OR SOMETHING, CONTINUE READING.."
55) Lets head back to welcome screen, turn back as many times as it neededed to get there
56) You can now press next, accept license and policies and wifi should already be fixed so press next and you will now see, nothing...
58) IT STOPS! You wont be able to continue, DON'T PANIC!
59) ...Once again, lets get bixby started :)
60) Press volume up + vpower`
61) Draw your finger from bottom left to right then up
62) Say Google Assistant and when bixby launches, press volume up + power to turn off talkback settings
63) When you hear the beep, slowly say: Open Settings
64) Go to "Apps" sections wich has been locked all the time until we added our google account as you probably tried already, settings application crashing when pressing on it but now its unlocked:
65) Scroll to One UI Home application, open it
66) Press: Set Home Screen
67) Select: One UI Home and when you press on it System UI will launch and you bypassing the earlier setup wizard
68) And it results in below scren when you press on one ui':
-
You have just hacked samsung's latest security patch and there are a thousand reasons why i do not use cell phones ;)
-
Since adb shell is still open, clear all samsung applications so we can take control over lock settings without any bruteforcing:
cmd package list packages \
|cut -d: -f2 \
|egrep samsung > /storage/self/primary/clear.txt
sed 's/^/pm clear --user 0 /g' /storage/self/primary/clear.txt \
> /storage/self/primary/clear_script.sh
sh -x /storage/self/primary/clear_script.sh
cmd package list packages \
|cut -d: -f2 \
|egrep google > /storage/self/primary/clear_google_apps.txt
sed 's/^/pm clear --user 0 /g' /storage/self/primary/clear.txt \
> /storage/self/primary/clear_google_apps.sh
sh -x /storage/self/primary/clear_script.sh
Your lock settings is NOT disabled if you are using an FRP locked Device, however you can confirm this with cmd:
cmd lock_settings get-disabled
cmd lock_settings is the new way we used locksettings in past (you probably seen my wbruter script wich is very old and slow nowdays, use cmd instead) and since lock_settings was introduced in cmd we simply can use below to disable lock screen without any hacking:
cmd lock_settings set-disabled true
Since we still love ADB and working in cli rather then GUI (at least that's me) set your pin code with:
cmd locksettings --set-pin XXXX XXX
And for GUI fantasts, open settings and browse to Biometrics and Security either with below command or via your homescreen
am start -a android.settings.SETTINGS
Add your fingerprint and face recogntion and set your pin
You have just hacked the latest Security Patch from Samsung (2022-02-01)
This tutorial is licensed under the GNU General Public License v3.0 - See the LICENSE.md file for details - Feel free to copy this wiki but if you do, please share an url to this original post. Thanks alot!
- Happy Hacking and Never Give up!
wuseman