

Show HN: How I bypassed Exchange security on Android - maisemali

I was messing around with AOSPA, wanted to figure out a way to bypass the encryption requirement to get exchange mails.
Initially I thought I would have to modify the Email app or the part where the OS the administrative provisioning.
But as it turns out all I had to do was comment out 8 lines of code<p><pre><code>    private int getEncryptionStatus() {
        &#x2F;*String status = SystemProperties.get(&quot;ro.crypto.state&quot;, &quot;unsupported&quot;);
        if (&quot;encrypted&quot;.equalsIgnoreCase(status)) {
            return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE;
        } else if (&quot;unencrypted&quot;.equalsIgnoreCase(status)) {
            return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
        } else {
            return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
        }*&#x2F;
        return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE;
    }
</code></pre>
So now the OS always thinks that its encrypted, and it doesn&#x27;t ask for the encryption password on boot as that is done by a separate module.<p>Source - https:&#x2F;&#x2F;android.googlesource.com&#x2F;platform&#x2F;frameworks&#x2F;base&#x2F;+&#x2F;master&#x2F;services&#x2F;java&#x2F;com&#x2F;android&#x2F;server&#x2F;DevicePolicyManagerService.java Line 2592
======
gcb0
The Xposed framework adds a wrapper around every process, and it can overload
method calls on a per-process basis.

basically, you can ship a getEncryptionStatus_fake() that returns always
active. and tell Xposed to replace getEncryptionStatus() with
getEncryptionStatus_fake() ONLY for the mail application.

much safer. And it already have community modules that does that and more
(e.g. telling mail.app that you already have the remote administrator it
wants, or that you are using the idiotic PIN lock screen that your
administrator wants, even though you have a 20 char password instead)

------
knd775
Maybe they should make this a toggle or something in AOSPA. That would be nice
because I would rather not have to rebuild it every time there was an update.

