How to properly flash an android phone assumed to be software infected? I'm using Oneplus 6T

criticals

New member
Apr 22, 2024
4
0
1
Visit site
Hi

I'm looking to clean up my OP 6T as much as possible short of buying a new phone. I am aware 6T has reached EoL but I still will have short term use of it.

Please do not tell me:
"You don't need to flash just do simple factory reset" (I have no idea why this inaccurate advice is so prevalent.)
"This is paranoia"
"How do you knooow you're infected (just another way for users to say paranoia. There clearly are infections go unnoticed in the hands of an amateur)
"Factory phone comes with malicious bloatware anyway" (yes but unless 3rd party malware somehow utilizes this it is not a top concern atm)
"Stop clicking/tapping things" (seriously it's incredible how many people think this decades old advice is enough and are just as unaware as us "illterates" yet have the audacity to say such things. It is really getting to me. Nobody is paying the Cable Guy tax. And I bet a LOT of people recently learned more about cybersecurity (you're welcome!!))

Anyway, I looked for clean image and brought me to this xda thread: https://xdaforums.com/t/tool-t-mobile-oneplus-6t-msmdownloadtool-firmware-9-0-13-8-9.3868916/

Followed directions and it seems to have worked on my phone. It was brought back to earlier os version and I had to get os updates and all my apps erased so I assume it was a clean installation and not a "dirty flash".

But it appears infection may still persist? If it's a reinfection I have no idea what it could be. I am just going to assume it persisted and is software related for now so as to not veer off topic. I just want to make sure I am flashing properly. If there are still problems I will look elsewhere.

Does that xda tool not completely flash the phone? If so, then what I am doing wrong here. I would ask there but it appears the thread questions aren't answered.

If not then how should I proceed? Directions did not have me use adb to input commands from pc if that's worth mentioning.
 

criticals

New member
Apr 22, 2024
4
0
1
Visit site
Hi there,

So the reason I didn't go into symptom details is so the thread focuses on proper flashing procedure. Since as long as that's done correctly and the threat is susceptible then it shouldn't matter what I'm dealing with.

If it would really help then I'll just say I believe it's spyware on a a system monitor level. But I do not have any digital evidence to share nor know how I should go about looking for it on the device.
 

TwitchyPuppy

Trusted Member
Feb 18, 2015
850
1
18
Visit site
Oh, okay. Thanks for the clarification!

Flashing reinstalls the OS, so the devices goes back to a "fresh out of the factory" state.

What makes you think it might still be infected?
 

criticals

New member
Apr 22, 2024
4
0
1
Visit site
Would you say the procedure I outlined in op was successful or is there not enough info to say that? Should I try a different way? No reason to the latter. Just a hunch.
 

criticals

New member
Apr 22, 2024
4
0
1
Visit site
Okay thanks for the 2nd opinion and would agree on that assessment. I read somewhere about a and b partitions and wondered if it had not been done properly nor if all partitions had not been flashed to. In any case something persisting through that appears to be a lost cause according to some expert opinions.
 

Mooncatt

Ambassador
Feb 23, 2011
10,839
441
83
Visit site
Please do not tell me:
"You don't need to flash just do simple factory reset" (I have no idea why this inaccurate advice is so prevalent.)

That is not inaccurate advice. A factory reset returns the phone to the out-of-box state, just like re-flashing, minus the extra steps. The only, and I do mean only, time I've seen malware survive a factory reset is when the phone was some cheep Chinese knockoff that they themselves baked into the firmware. In that case, downloading the firmware from them to re-flash the phone would put the malware back on. I've not heard of One Plus doing that.

If you have any links or anything showing third party malware has been capable of modifying the protected firmware files such that it survives a factory reset, I'd love to see it.
 
  • Like
Reactions: Laura Knotek

Forum statistics

Threads
945,013
Messages
6,923,983
Members
3,159,645
Latest member
sanakhan01