Please Help me / forgotten pin code

it sounds like you want two separate things:

1. for the firmware to be inaccessible to endusers
2. for a paid subscription service that jolla promises to reflash it for you

there’s nothing wrong with #2, except that it’s strange to want to pay money for it, but you could accomplish #1 with an optional firmware locking password, like what Bohdan is suggesting. then it would actually be opt-in.

i don’t understand what you want this for, except to spite thieves. it wont prevent the theft, and if what you’re worried about is your data, then you can just use that cryptographically secure password for data encryption instead of firmware locking…

If there is no recovery then you have to use specialist tools, not just usb cable and crack/hack.exe, this isn’t latest galaxy phone selling millions, so the 2 thieves with this phone have exactly 0 reason to pool their resources to pay some russian hacker to unlock them so they can resell their stolen stock, being niche is an extra layer of security, having people opt-in for 2fa validation on factory reset of their hw-id connected to original purchase costs jolla literally as much as a phone call or sending an email, people pay way much more for more ridiculous ‘security’ measures. If it’s opt-in again I cannot see what’s wrong with that. They’re not selling millions of devices where it is problematic as you have thousands of real people forgetting pins, you sell 1k, you get 1 guy with bad memory, and maybe few dozens who would like a feature like that, it’s already in place you know by accident

i think maybe you misunderstand me. let me try to explain myself better:

• none of the current or proposed features prevent the physical theft of the phone
• none of the current or proposed features help you recover a stolen phone
• protecting your sensitive data is VERY important
  • NOW, the C2 currently prevents casual thieves from getting your data, but it wont for long. either jolla will release recovery mode, or someone will figure out how to read the encrypted partition and then break the weakly encrypted LUKS
  • BUT this could instead be easily accomplished with an opt-in stronger encryption key, typed at device boot

your proposed feature buys you, the enduser, nothing beyond what strong encryption would. the most it can do is maybe prevent the thief from benefitting from having stolen it (so maybe they will steal another to make up for the lost sale?).
meanwhile, the cost of your proposed feature is denying everyone the right to install whatever OS they choose, regardless of pin lockouts or encryption.

How can i reflash the system, can you provide me a link to a tutorial video?
I really need help and I actually feel bad because i locked me out of y phoe. I apprciate every form of help. Kind regards Stefan

sorry my friend, as far as i know, you cannot. even if jolla releases the recovery mode tomorrow, you will be unable to use it because you wont be able to upgrade. (every other sailfish device except the C2 is user-reflashable, and i personally find it offensive that the C2 is not).

on the bright side, jolla will very likely reflash it for you if you send it back.

Strong encryption you can already achieve yourself, just type 30 digit pin each and every time you unlock your device, shorter pins for encrypting ram loaded pin are a bunk and israelis can break pixels that were initially unlocked (Ability to prevent encryption to become enabled - #51 by throwaway69), this is not about this, this is about an accidental feature where currently with C2 and forgotten pin you can only send it back, doing 2fa validation by jolla on factory resetting such hw probably already happens, but you have people reselling their C2s, soon noone will have track of who owns which one (the OG orders), right now there are maybe 3-5 new owners of C2 not in jolla’s DB, being niche is actually working great for this scenario, as they can offer you to opt in (if you were the OG buyer) that they will not reflash if the C2 comes from unknown nigerian account and will consult with you what to do with it, costs nothing and adds a layer of security not iphone, not android offers (of course zero vs CIA/Mossad/FSB, but it’s not aimed at that) (people who experienced theft, might just want to say F you to thieves for a fiver/year, good luck average pickpocket hacking turkish device with few k devices total in EU)
edit: and inb4 NO I do not plan to opt-in into such service as I expect to break my C2 way too many times while hacking on it, if they do come back up for sale might consider it for a daily driver that is just for regular use and not for hacking, but whatever it’s neither here nor there

yes, this is what i was saying it amounts to.

yea, that’s bonkers for everyone, and absolutely not what i proposed. a 15-character ascii password, at boot only, fixes this issue fully, israelis or no. loading the full pin in ram, using only a short pin to encrypt it, sounds like a bad idea to me. encryption key for a device should never be stored on that device.

in my proposal, the pin-unlocking and data encryption are unrelated. if the phone is turned on but locked, you have 20 guesses before the phone turns off. if you can get unlock the phone without the pin while it is still turned on, then there is nothing you can do to prevent full exploitation, with encryption or firmware locking.
but once the phone is off, you would then be unable to boot the phone or recover the data from the phone without the ~105 bits of entropy in the key.

pls read the linked article, pixels are safe from israelis only powered down (that means before you enter your 15 char ascii password into ram), your super idea is so super hard to implement bloody googol with their own custom hw chip effed it up

what? pixel devices don’t require you to type long encryption keys at boot, how is this my proposal?
google effed it up because no amount of handwaving in the world will make a 5-digit pin have 100 bits of entropy.

my proposal is definitely easy to do, it’s just that it doesn’t work for most users who don’t want to enter a long password when restarting the phone, or ever.

Your proposal is exactly what is being proposed by all amateur/enthusiast security specialists and what is employed in android/ios, long boot-up phrase, but then we don’t bother you that much, we surely have software ways to prevent bruteforce of the smaller key while google with thousands of engineers is pwned by israeli company, iOS <18 apparently too on 5 year old devices, somehow apple is not in portfolio of data extraction company most likely employed by your national police force, but please continue telling us how your solution is super easy to implement and in sw only as jolla cannot just magic in security enclave/titan chip (and googol with titan chip shat the bed anyway)

i see. you are confused about what i am saying.
you are now talking about breaking dm-crypt or LUKS or whatever FDE you are using by getting access to the key in RAM from a running, already un-encrypted device. but there is nothing to discuss about that. either it’s hackable, or it’s not, but locking the firmware OR using a 128-bit encryption key will not help.

we were talking about cases where your solution (locking the firmware) or my solution (strong FDE key) could possibly help. that concerns only recovering the data once the phone is off, and there is no key in RAM.

my argument is that an opt-in, strong FDE key could prevent a phone that is turned off from having the data recovered by a hacker with good equipment…as long as you do NOT store the key on the device at rest with another short pin encrypting it. jolla already does not do that, so this would, in fact, be easy.

yeah that’s the whole thing, there is literaly zero development required to productize this bug/lacking feature into a premium feature people paiyng 5 bucks a month for vpn might consider valuable, pay us 5 bucks, enter your IMEI, we will call you back to make sure you want this and we just cash your bucks, boom, original product not android or iOS device provides

i will give you that; the disturbing lack of recovery mode on the C2 is easier to leave in place than to remove, but who would still want to buy it?

my proposal requires development, but very little. you can already use a 5-digit pin without using FDE in SFOS, and you can already set the FDE key to something long in SFOS. just do both of those things at once and you’re done…

If you use 30 digit pin every time, you probably will spend one cappucino on your hw not being deflowered.

my proposal requires development, but very little

please understand that what you consider super easy, is in fact super hard to not introduce sidechannel attacks, google failed in securing their flagship with their own hw chip, but your solution I’m sure when you discuss it high level is just super easiest, implement in sw with no custom hw chips, then come back to us, just give us the solution not the general idea (we got the general idea, just invent AI and ask it for the solution, still noone implemented)

again, you switch topics. i am not trying to solve the problem of using a simple pin to get real security. i think google just showed us that this is a fool’s errand. you are trying to make me sound like i am making an outlandish claim of security expertise exceeding google, but i am simply not talking about that problem.

this is about using the off-the-shelf LUKS solution that jolla already uses, which most of the security folks on here say would be good enough with 128-bit keys.

as a project manager, i’ll be the first to admit that projects that sound this simple can have major unforeseen obstacles, but i would absolutely be willing to work on a PR for this soln right now:

• allow alphanumeric FDE key entry
• do not use the screen unlock PIN for FDE of $HOME

I’d say to spite thieves is basically the most important reason for 99% of all security features. Once word gets around that this or that thing is not worth stealing, other thieves won’t/shouldn’t be interested in stealing your device anymore. And, well, if they still end up stealing it, you get to spite the damn thieves.

wait, am i free to do so? i don’t think those repos are FOSS. i will happily do this if i’m wrong!

Pass, you do you man, I’m out, gn, I’m sure google will pay you a few million for your super easy secure idea of what they were trying to implement for the last decade, so good luck

heh, how many times do i need to say that i am not talking about solving that problem? i dont think it IS solvable, at least not in the long-term.

lol, why do you think google doesn’t pay you a few million for your ‘lets lock the bootloader and pay a subscription fee’ solution? neither proposal is related to that problem.

This post was flagged by the community and is temporarily hidden.