I encrypted my device (both personal data and storage) through the Location and Security selection in the main menu under Data Encryption. Unfortunately now I cannot find anyway [besides the tedious process of e-mailing them to myself, which is inefficient and ineffective for videos] to get my pictures/videos onto my computer DECRYPTED.
Is it possible and how can it be done???
I tried mounting as Storage device, failed, gave 'invalid image' for pictures (taken after encryption enabled) and wouldn't load videos. Then I tried using Motorola Media Link import thinking 'of course Motorola would recognize the need to decrypt my damn files' - haha, not.
Im in the same boat
I am in the same boat. I was able to SU in an ADB shell and wipe the data partition, so I now have no screen lock code and all my apps are gone but I still cannot get my device to fully zero itself to new as it wants the password every time to decrypt storage.
I have an unlocked boot loader and CMW recovery installed, which fails on factory wipe/reset. Stock 4.1.2 FW
Any help from the peanut gallery?
slmclarengt said:
I encrypted my device (both personal data and storage) through the Location and Security selection in the main menu under Data Encryption. Unfortunately now I cannot find anyway [besides the tedious process of e-mailing them to myself, which is inefficient and ineffective for videos] to get my pictures/videos onto my computer DECRYPTED.
Click to expand...
Click to collapse
Hi,
following a recent reboot, my Samsung Galaxy S2 (UK version) is mounting the /data partition as read only, causing many FC's and the phone to be unusable. It is not rooted or customised, but I had enabled debugging for development purposes.
Due to Gingerbread's limited backup capabilities (without root), there are items in various applications that I need to recover, if possible.
Can someone please advise on the most straightforward way of getting fsck and enough priviledges on the S2 to fix the disk (assuming there's no hardware fault)?
Is there a version of adb that can give me root access without flashing the device, or is there any way to get the device to fix the disk itself, without doing a factory reset?
For the last week I've been searching with regards to rooting, updating kernels/firmware etc, but there seem to be so many options, that I'm not sure which would be the one that requires the smallest change to the system and therefore the lowest risk. (At thist stage it appears that loading ClockWorkMod using Odin is the way to go, but I may only have one chance not to mess this up, so want to be sure! Are there any critical do's and don'ts? How does Heimdall compare to Odin? What do the manufacturers use?) Also, how will I be able to tell if the Bootloader is locked? How do I unlock it and relock it once I'm done?
I never upgraded the Firmware/OS since I had it and would like to return it to stock when (hopefully) the system is recovered (following which I'll bring the OS up to date). The version is 2.6.35.7-I9100BUKE5-CL227058 [email protected] #2 .
If ClockWorkMod is the best way, can I just change the kernel, or is it best to replace the entire firmware? How do I backup the current factory firmware / kernel before I make changes? Is it possible to do all of this without incrementing the flash counter? Does incrementing the flash counter matter?
During my searches, I've also become aware of the emmc brick bug on the S2. Is this likely to be a problem during the kernal change or whatever may be required to fix the disk format? (I.e. not flashing a kernel that has MC_CAP_ERASE=1.)
If it's not possible to fix the disk, can I use the inbuilt dd command to make a sector backup of the disk and then mount as a partition under LINUX to retrieve the files / databases?
I've used Linux/UNIX for many years, but am quite new to Android and flashing etc. , but I've done similar things with other devices.
Can someone please advise?
Thanks.
Andy.
I have a OnePlus 3 and I was thinking of encrypting it for additional security & privacy reasons. But since I flash various ROM level mods / use xposed modules on my phone, I was wondering about the negative consequences I have to face after encrypting an android phone.
I have a few doubts which need to be cleared.
1) Since my android phone would be encrypted, would I absolutely not be able to flash any new files/make nandroid backup from the recovery?
2) If 1) is true, which means, let's say I install an xposed module which causes a bootloop. Now I would have no way to disable all the active xposed modules from recovery since the files are encrypted, which means I would have to restore everything from scratch?
3) Is there absolutely no known way of decrypting android/access files unencrypted from recovery if we know the master PIN/password?
Can somebody who has dealt/dealing with an encrypted android phone please answer these questions? Thanks.
Deleted
Hi, thanks for your reply.
Just Passing By said:
1. When you access recovery on an encrypted phone, you have to decrypt your phone. After that, your recovery can do anything it normally could do. This would of course include flashing ROMs, zip files, and making nandroid backups.
.
Click to expand...
Click to collapse
2 things to say about that.
1)Decrypting just to flash files is a huge problem. TWRP/CWM should have a feature when it asks for the master PIN/password on the recovery, then after I enter it, it should decrypt the data on the fly and then mount the system and data partitions unencrypted so that I can flash files without going though all the decryption process.
2)Correct me if I'm wrong, but all android decryption processes I read online require wiping all data/doing a factory reset. That's again a huge problem. Why? In case I flash a mod/install a xposed module which causes a bootloop, I would have no way to decrypt my data, even if I have my master password. Which would mean I would lose all my files which I haven't backed up.
Problems like these could be avoided if TWRP provided permanent decryption/on the fly decryption using the master PIN. Comparing this with veracrypt on windows for e.g. , let's say my windows is encrypted with veracrypt and a hardware failure occurs at some point in the future & windows refuses to boot, but I'm able to load a live ISO. In this case, veracrypt offers a rescue ISO which I could use to decrypt the data without losing all my files after I enter the master PIN. So in this case, I can have security of encryption & also the convenience of decrypting it without losing all my files with the master password in case my main OS refuses to boot.
If I can't decrypt android from the recovery using the master PIN, that would mean in any case my android refuses to boot, I have lost all my files.
3. I'm assume you meant to say "... If we don't know the master PIN/Password?" And the answer to that is yes. If you can't decrypt your phone, you'll lose everything in it, so making periodic backups is a must. Otherwise, there'd be no point if you could just decrypt things right?
Click to expand...
Click to collapse
No, I did not say that wrong, sorry if I wasn't clear enough on my first post. I just wanted to know if there was a way to permanently decrypt android from recovery using the master PIN so that i would be able to recover my files to a USB in case my android refuses to boot.
Deleted
Hello, maybe someone could point me in the right direction, just trying to make a complete backup of my phone ( samsung galaxy S22), so I could back everything up when needed, I have tried the 'titanium backup' and 'swift backup' tools so far, but they only back up the .apks, and my google login credentials are lost..
Really kind of lost browsing through some 11 year old topics about 'nandroid' and 'ClockWorkMod', do people use these tools today?
Thank you
no way. use samsung smart switch and cross fingers
I don't know Samsung from a hole in the ground.
If your device has Qualcomm EDL (and open Firehose loader) you could make a full raw backup of the entire flash.
That's not really helpful if you want to grab a single file but it means that you can restore your device to a snapshot.
@Renate restoring snapshot is not possible after factory reset, as the encryption key is not in userspace and therefore not in backup.
afaik there is no samsung signed firehose programmer leaked for SM8450 (and probably never will) and that device is also shipped with Exynos 2200.
aIecxs said:
Restoring snapshot is not possible after factory reset, as the encryption key is not in userspace and therefore not in backup.
Click to expand...
Click to collapse
Well, that's a good reason not to factory reset!
So, where is the encryption key stored?
get some coffee and read about tee...
encrypted file encryption keys are stored in files metadata, but DEK required for decrypting keys is random generated and securely deleted from TEE keystore on factory reset. I don't know exactly what triggers that deleteKey (it's another OS) but it can survive simple formatting userdata.
aIecxs said:
get some coffee and read about tee...
Click to expand...
Click to collapse
Well, I did have my second coffee already and I know about as much about TEE as I want (which is little).
My point being, if you make a full flash backup, then do whatever, then restore the complete flash, how is that not going to get you back wherever you were?
There are tons of ELF and data partitions used by TEE, TZ.
But are you telling me there is some state built into a device that is neither OTP or flash?
right, it's not in flash storage emmc/ufs.
Appreciate te replies!
Is there any other popular android device which would support the earlier mentioned flashing method?
Thanks!!
aIecxs said:
right, it's not in flash storage emmc/ufs.
Click to expand...
Click to collapse
I'd still like to know exactly where that is.
There are enough partitions called keymaster and other stuff.
Well, ok, but if you don't use factory reset a full flash backup is the best way to get you back to where you were.
actually, it IS in flash storage, but you won't see it
https://www.wikipedia.org/wiki/Replay_Protected_Memory_Block
Note: for all devices running old (FDE) full disk encryption, the static hardware master key is used directly, and the encrypted DEK is stored in crypto-footer (userspace) therefore restoring full raw backup was always possible.
Google and Samsung devices in general used to lack raw access. However, things have changed with Samsung started shipping MediaTek SoCs on their low-/mid-range lines.
But if you're looking for full backup solution, don't use any DRM related or banking apps and don't care about losing warranty and Samsung Knox, rooting and removing encryption is possible so you could just use TWRP or Swift Backup.
aIecxs said:
actually, it IS in flash storage, but you won't see it
https://www.wikipedia.org/wiki/Replay_Protected_Memory_Block
Note: for all devices running old (FDE) full disk encryption, the static hardware master key is used directly, and the encrypted DEK is stored in crypto-footer (userspace) therefore restoring full raw backup was always possible.
Google and Samsung devices in general used to lack raw access. However, things have changed with Samsung started shipping MediaTek SoCs on their low-/mid-range lines.
But if you're looking for full backup solution, don't use any DRM related or banking apps and don't care about losing warranty and Samsung Knox, rooting and removing encryption is possible so you could just use TWRP or Swift Backup.
Click to expand...
Click to collapse
Thank you, that's the thing, as a matter of fact I already have tried using swift backup tool, but all google accounts are lost when backing up, and the apps that have used google to log in ( like play store, google maps etc ) are also losing the connected account.
Any suggestions on how to transfer the google accounts as well?
Thanks again!
actually Swift Backup should work. it looks like some extended Google One fork with optional root features. google account is required for it to work, not sure what problems you are facing?
aIecxs said:
actually Swift Backup should work. it looks like some extended Google One fork with optional root features. google account is required for it to work, not sure what problems you are facing?
Click to expand...
Click to collapse
The main issue for me was that it doesn't back up my google signed in accounts.
After reading for one more day I stumbled upon one of your very interesting posts on this thread - https://forum.xda-developers.com/t/android-12-and-nandroid-backup.4420185/
Here you explain how it's possible to pull out the 'nandroid' image from the phone to the computer which is exactly what I was looking for, but couldn't express clearly.
That's 100% the functionality I am looking for
- Ability to pull out the exact state of the phone to a file on the computer
- Put it back in if things go south, and all my files are exactly as they were at that point.
1) From your experience, do you think it would be possible to achieve this on a Samsung phone?
2) As far as I understood, after doing a 'factory reset' I would no longer be able to put the old 'nandroid' image back, because of the encryption?
Thank you for your time!
P.s I would be happy to pay for a consultation on this topic from you or someone who has managed to do this.
I also would like to see a full nandroid backup solution tool similar to how Windows System image backup works - a full 1:1 flash image with all files and settings intact of an android device.
Renate said:
I don't know Samsung from a hole in the ground.
If your device has Qualcomm EDL (and open Firehose loader) you could make a full raw backup of the entire flash.
That's not really helpful if you want to grab a single file but it means that you can restore your device to a snapshot.
Click to expand...
Click to collapse
How do I do this @Renate with my one plus pro 9 phone? I have the MSM tool, how do I dump a full system image?
immortalwon said:
How do I do this with my one plus pro 9 phone? I have the MSM tool, how do I dump a full system image?
Click to expand...
Click to collapse
I don't know.
I've been trying to get down to brass tacks what's the difference between this MSM Tool and a generic EDL client.
I don't know about its authorization and phone-home-ness.
I'm not even sure if with VIP you can transfer complete device images.
OTOH, VIP is built into many loaders but not used.
I don't have a OnePlus. I'd need a USB capture to say anything intelligent.
I know on my Android 10 ereader I can simply (with my EDL client):
Code:
C:\>edl /r /s0 /c0 mybackup.img
That's for eMMC. For UFS you'd probably need six files.
Renate said:
I don't know.
I've been trying to get down to brass tacks what's the difference between this MSM Tool and a generic EDL client.
I don't know about its authorization and phone-home-ness.
I'm not even sure if with VIP you can transfer complete device images.
OTOH, VIP is built into many loaders but not used.
I don't have a OnePlus. I'd need a USB capture to say anything intelligent.
I know on my Android 10 ereader I can simply (with my EDL client):
Code:
C:\>edl /r /s0 /c0 mybackup.img
That's for eMMC. For UFS you'd probably need six files.
Click to expand...
Click to collapse
I found a way to do a full image readback using the msm tool, which downloads everything firmware related to my pc on the main C:/ drive. The question is, if I ever need to in the future, how do we use the restore function of the msm tool to restore these backups?
EDIT: I don't think it was a full image backup after all because the backups in total are 13gb, while my device is using a lot more storage then that.
@myndeswx what you have linked in post #14 is exactly what Migrate does. It creates tarball archives of apps of decrypted /data partition during runtime. Restoring will work after factory reset because it's a backup of plain files. However, it's far from complete, it is not atomic, still security critical apps using android keystore cannot restored, and it requires rooted device (with all its disadvantages)
For Samsung phones there is currently a hack to gain temporary access to /data with system privileges (uid 1000) floating around (haven't tried)
***LOCKED UNTIL FURTHER NOTICE*** System Shell Exploit - ALL Samsung Mobile Devices NO BL UNLOCK REQUIRED.
***MODERATOR ANNOUNCEMENT: THREAD CLOSED*** @K0mraid3 you are hereby required to provide proper credit in your OP as follows: Link the assigned CVE for this exploit as it mentions the author's blog and GitHub, OR Link the original research repo...
forum.xda-developers.com
hallo i have S22 exynos S908B
- Magisk 26.1
- Encrypted
- S-health working
- Health connect working
- Bank apps working
- Galaxy Watch 4 working
i extracted Titanium Baclups and see there is only installation apk because data in Android/data is encrypted so Titanium backup can't see it and not advise about not backupped data.
Android/data is accessible only by mtp/usb by pc.
So what option i have for backup?
by twrp can i baclup partitions with dd command? After can i restore it without factory reset? (can't factory reset because cause encryption keys lost)
Any working way for bakup?