Tom Busby

Google Authenticator, Discord, and My Broken Phone

Hardware
2023-06-04
Google Authenticator, Discord, and My Broken Phone
Tags

Last September I was browsing on my phone after work and it suddenly restarted. I thought “Huh that’s strange” then continued using it none the wiser. The next morning I woke up to my alarm, started using my phone for a couple minutes, and then it froze and started rebooting repeatedly.

Samsung Galaxy XCover Pro

The phone is a Galaxy XCover Pro. I chose it because it met my main criteria:

  • Has a replaceable battery

    The phone I had before it, a Galaxy S5, I used for over 5 years. I replaced the battery 3 times, and the back panel once.

  • Has expandable storage (SD card slot)

    I want to be able to put my music and videos on my phone for traveling on the go without having to worry about storage space, and no I’m not going to start paying $10 a month for Spotify.

  • Came out within the last 2 years

    This is really important, and the reason I sought out an upgrade to my Galaxy S5. I wanted to be able to use the latest software and get Android updates, and my Galaxy S5 was getting old. Also I wanted a phone with a very up to date OS, so that I could use it for a good long while. But obviously that didn’t happen.

I’m very disappointed with the phone. Because in addition to the above criteria, the phone is advertised as a rough and tough military grade man’s phone. Just look at the Amazon advertisement below. Some tough construction worker model sitting on the wheel of his big heavy machinery.

Amazon ad of construction man using phone

I never took this phone on some Seal Team 6 operation, or whatever this phone was built for. And yet it got this stupid rebooting issue.

Luckily I stored most of my pictures and videos I took with the phone on the SD card so I didn’t lose those. But what I did lose access to was Google Authenticator, and that really hurt, because I had it set up with a lot of accounts.

So with the assumption that I’d never get this phone to boot regularly again, I went through the process of removing and replacing the 2 Factor Authentication (2FA) from all my accounts. From using those backup codes I wrote down manually years and years ago (You know where your backup code are, right?), to contacting customer service and confirming who I am.

But one thing that slipped my mind that I had 2FA on, was Discord. I hardly ever needed to use my Authenticator app to log into Discord because they have that convenient QR code that you can scan.

screenshot of Discord login

So I went on for a long while just using the QR code to login, forgetting that I had 2FA setup on it. Then I went on a vacation recently, and I came back to find that Discord decided to log me out of every single device, including my phone! I guess they just log you out if you don’t use a device for over a week or something.

So I searched for how to remove Discord’s 2FA. You either have to have your Authenticator app handy, or have backup codes.

And silly me, I forgot to write down this particular set of backup codes 🥴

I’ve been on Discord since near the beginning. I’ve had a lot of good conversations with lots of good ideas, jokes, and what not, and I really didn’t want to lose all of that.

I searched around my computer, through all my hard drives, for a couple hours to see if maybe I took a screenshot of the codes and saved it somewhere. But I came up empty handed.

So it was back to the old Galaxy XCover Pro, that’s been accumulating dust on my shelf for the past 8 months or so.

XCover pro on bookshelf

I tried all the usual stuff. Try to boot without a battery (refused to boot without it), tried letting it fully discharge, letting it fully charge while repeatedly rebooting.

Then I tried getting into the recovery menu. It would seldom let me into the recovery menu while repeatedly rebooting. Something like once every 20 reboots, or once every 10 minutes, if even that. While there, I could wipe the cache, reboot, “fix apps”. But none of that worked.

I even went as far as trying to reinstall the firmware with Odin, Samsung’s official firmware flashing software. I downloaded the right firmware for my Galaxy XCover Pro with Frija, loaded it into Odin, and connected the phone to the computer. The XCover Pro was able to reliably get into it's firmware download mode no problem, so I thought that maybe reinstalling the official firmware would fix the issue. But unfortunately it was a dead end.

screenshot of Odin3

Then I just tried everything I came across. There were suggestions to massage the phone sensually (I’m not joking), and then if the Good Cop technique didn’t work then it was suggested to try hitting the phone all over. I made sure all my other phones watched, so they wouldn’t dare try this shit either.

group of phone behind XCover pro and a fist

One suggestion I came across was to put it in the freezer. I thought “fuck it, why not?” It’s supposed to be a military grade water resistant phone, and I don’t really have much to lose as well. So I put the phone in a freezer bag, slid it between a bag of peas and a bag of calamari, and forgot about it while watching YouTube videos.

XCover pro in freezer bag being put in freezer

Two hours later I pulled the frosty phone out of the freezer, plugged it in with a USB-C cable I didn’t care about, attempted to power it on, and I got something different. A symbol I’ve never seen before. A warning triangle with a thermometer in the center. The phone was apparently too cold to start. Never seen that before, but it’s the end of May and it’s rather warm, so I just let it sit and warm up. After a minute or two of sitting there, it suddenly started up! It got past the boot logo that it struggled to get past before, and showed me the lock screen.

My luck started to run out a little though because immediately the phone started audibly screaming (unsurprisingly) that there was moisture in the charging port. So I unplugged the phone, and it died immediately. Drats!

Putting my Nintendo 64 training to good use, I blew the moisture out of the charging port as much as I could, and tried to boot the phone again hoping that this cold trick still worked. And it did! I didn’t even expect this stupid freezer trick to work, so I didn’t even plan on what I’d do next.

Not knowing how long I had until the phone might die again I hastily opened up Google Authenticator, navigated to the Export Accounts section, typed in my pin, and got a QR code. All while wiping away the water droplets slowly forming from the melting frost.

I took a few pictures first with my phone and then my girlfriend’s phone with a better camera, just in case it was moments away from shutting down. It wasn’t however so I proceeded to download Aegis, another 2FA app, and import my accounts onto my newer phone.

With all my old Authenticator codes now on my new phone, I figuratively marched up to Discord’s login page, typed in my username and password, entered in the six digit authentication code, and I was finally back into my account.

Why Did This Work?

I’m not exactly sure why this worked, but I have a few theories.

The Battery

When batteries are subject to the cold, they tend to perform worse. For example Teslas are having many problems when subjected to the cold up north.

Perhaps the battery in my phone was putting out an incorrect voltage, and the phone detected that in the startup, and shutdown to save itself from potential harm.

I tested the battery though, and it's putting out ~3.85V, just as it specifies on the side.

Electrical Components and the Cold

Electrical components behave differently depending on their temperatures. In most metals when temperature increases, they allow less current to flow through them.

For example a thermistor is a special type of resistor that's resistance is highly dependent on temperature

thermistorAnsgar Hellwig - Wikimedia

So perhaps an electrical component on my phone malfunctioned and prevented my phone from booting. But reducing the temperature of my phone made that potentially malfunctioning component work just enough to allow my phone to boot.

Thermal Expansion

When objects heat up, they tend to expand slightly. This is why we have expansion joints on bridges. If it didn't have them, and sat in the hot summer sun long enough, it would crack from not having any room to expand. 

bridge expansion jointMatt H. Wade - Wikimedia

As you’d expect the opposite also happens when an object gets cold, it shrinks slightly. So perhaps one or two critical traces on the mother board could have broken slightly, or a component become slightly disconnected, and the cold cause the phone to shrink just enough so that those critical traces or components could be connected and allow the phone to boot.

Verdict

After getting all the important data that I wanted off the phone I started looking around the phone to see if it could give me a hint as to why this problem started in the first place. But after about an hour, the phone froze then started boot looping again. 

I've discovered that I'm able to take the battery out while it's boot looping, and it will continue to boot loop for a period of time. The phone just refuses to initially boot without a battery. So it's most likely not a battery problem. Perhaps some sensor on the phone went bad.

I could attempt to root the phone to try to look at root restricted logs like dmesg, but I don't want to risk bricking it in case it restarts in the middle of a firmware update. Plus I'd need to do the freezer trick again so the phone could boot and I could connect to it with adb (Android Debug Bridge).

Lessons Learned

Avoid Google Authenticator

Up until very recently Google Authenticator didn't have any good ways to backup your codes. You could take a picture of the QR code with a another phone, encrypt it, and save it somewhere. Or you could transfer your codes to an old phone of yours and keep that in a drawer somewhere as a backup. But now, in addition to changing the Google Authenticator logo to a rainbow butthole, you can now backup your codes to your Google account.

screenshot of Google article announcing synchronization

You’re still locked into Google’s ever expanding software empire however. And I’m trying to move myself away from Google’s shadiness. So like I said before, I went with Aegis. It’s a free, secure, and open source alternative to Google Authenticator, and it allows you to make external backups.

Double Check Your Backup Codes

I’m going to make doubly sure I have my backup codes written down for Discord and stashed in a safe place. I would encourage you to double check that you know where your backup codes are before it’s too late.

Be Wary Of Newer Samsung Phones

A lot of the advice I was looking through wasn't even for my phone, the Galaxy XCover Pro, it was for phones such as the Galaxy S10, S21, S22, S22+, S22 Ultra, etc etc. I'm not going to be buying another Samsung phone for the foreseeable future. It's a shame that the quality of Samsung phones has gone downhill.