[Encryption in Samsung] FBE File Based Encryption metadata leak - Android Q&A, Help & Troubleshooting

Hi,
I was checking the Samsung Galaxy S8+ and Samsung Galaxy Tab S4 for the encryption method used and found that the sdcard is getting FBE (File Based Encryption) without the file name encryption enabled. This is not really safe since the metadata leak (the file names are in clear so anyone who gets your sdcard can read what you've got there, except for the file contents).
Reading the AOSP manual on how FBE is done there, apparently they do encrypt the file names (cannot post the link since I am a new user...) - see "Encrypt file names with AES-256 in CBC-CTS mode". I don't really get why Samsung does not do that, it would have just taken switching on a single ecryptfs argument flag "ecryptfs_fnek_sig".
And, since I am not willing to root my devices, I presume that the only way to ensure in no metadata leak (encrypt filenames), would be to use Secure Folder (Knox).
- Does anyone know any reasonable workaround (without rooting the device), besides using the Secure Folder?
- Does anyone know whether one can run multiple Secure Folders (Knox containers)?
From below you can see that the sdcard is mounted without the "ecryptfs_fnek_sig" or "ecryptfs_enable_filename_crypto=y", whereas the Secure Folder (Knox) has the FNEK (File Name Encryption Key) enabled.
Code:
[email protected]:~$ cat /proc/self/mounts |grep ecryp
/mnt/media_rw/redacted /mnt/media_rw/redacted ecryptfs rw,seclabel,nodev,relatime,ecryptfs_sig=redacted,userid=0,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_enable_cc,ecryptfs_passthrough,base=,label= 0 0
/data/knox/secure_fs/enc_user /data/enc_user ecryptfs rw,seclabel,nodev,relatime,ecryptfs_fnek_sig=redacted,ecryptfs_sig=redacted,userid=0,sdp_enabled,partition_id=0,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_enable_cc,ecryptfs_passthrough,base=,label= 0 0
/data/knox/secure_fs/enc_media /data/knox/secure_fs/enc_media ecryptfs rw,seclabel,nodev,relatime,ecryptfs_fnek_sig=redacted,ecryptfs_sig=redacted,userid=0,sdp_enabled,partition_id=1,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_enable_cc,ecryptfs_passthrough,base=,label= 0 0

Related

UrukDroid 1.6 (Android) on ext4, full r/w access, su (root), SDE

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This is new Android distribution based on Linux, Android and Archos stock os, using SDE from Archos.
Features:
Easy install method for external (SDcard) and Internal storage
EXT4 (much faster than ext3, can store files >4GB comparing to FAT32)
Full read/write access to every part of system
root (su + superuser.apk) out of the box
new services like: samba, sshd, vpnc, openvpn, dvbt, nfs4
3G/usb tether support
Possibility to remove some google/Archos apps
Swap memory in RAM (CompCache) or on disk by default or when you need it
No 300MB limit for apps (and no faulty app2sd required)
You can have SD card Class 8/10 - that can be much faster than internal flash (check this thread)
Many new new kernel modules (usbserial, ntfs, 3G modems, nfs4, cifs, hfs, iptables etc.)
DVB-T support for selected tuners
updated modules, firmware (like WiFi)
User friendly UrukConfig application
... and much, much more - to much to mention all here - please read changelog
Since 1.0 release main documentation source for UrukDroid is on it's WiKi. Please use it as a first and primary information source for UD.
Link to project (googlecode) page is: http://code.google.com/p/urukdroid
Update (10.09.2015)
Since code.google.com is no longer working (read only for limited time) - here are working links to latest (and final) release of UrukDroid: Dropbox,
I hope that new, much more detailed and complete documentation will help you use UrukDroid at it's full potential.
Changelog, proposed futures
Changelog:
UrukDroid 1.6 (02.01.2012) "DOV FUS LOS Wahl ko Daar Sivaas!"
[CHANGE] Incorporated changes from Archos firmware 2.4.19, 2.4.65, 2.4.80 and 2.4.81
[CHANGE] Updated superuser apk and binaries
[FIX] Fixed some library linking
[NEW] Changed top bar button size to 32px permanently
[NEW] New overclock module from milestone-overclock to change CPU voltage and max frequencies on the fly
[CHANGE] Added overclock support to CPUGovernor service
[FIX] Restored proper busybox binary
[NEW] New patches on kernel from December update from Archos git
[NEW] Full iptables support (with NAT, conntrack etc) - so everything is now possible (redirect, proxies etc)
[NEW] Full kernel timing for power consumption monitoring
[NEW] Recompiled WiFi? and HDMI drivers
[NEW] Added python 2.7, iotop (for watching i/o operations), PowerTOP (for power consumption monitoring - but it's not as useful as on x86)
[NEW] Added ntfs-3g support - full read/write support for NTFS file systems (need to be used manually, vold does not use it)
[CHANGE] Added UrukDroid? Rescue Menu - Repair submenu with disabling overclocking (for those who made their device unbootable with overclocking) and Dalvik cache cleaner
[NEW] New feature in cpugovernor script (genconf, current)
[CHANGE] New features in update subsystem
scripts now tries to keep /data/.tmp directory cleaner,
for those with disk shortage /data/.tmp can be now symlink to directory on sdcard
updater now checks if you have enough free space in /data/.tmp before it begin installation
update process now can be during bootup (better one) if you have enough free space on rootfs, or on running system (not so nice - this is default behavior until UD 1.6 release)
[CHANGE] restoring backup in Rescue Menu now erases partition before restore (until now it was just overwriting)
[FIX] added (again ) xbox pad kernel support (was missed out in new kernel compilation)
[FIX] fixes scp/sftp-server (on some configuration refused to start child processes)
UrukDroid 1.5 (16.0.2011) Manamana!
[CHANGE] Since UrukDroid? 1.1 (both beta1/2/3 and release candidate 1/2/3) had stability and compatibility issues - that I was unable to trace down (too many changes on changes etc.) - I've decided to implement all stuff from beginning on fresh OS. Since all "reverse engineering" stuff was already made and I already have required knowledge - It should be the fastest method. So entire system is cleaned up, updated to latest binaries - and so far looks good . That's why I've bumped version to 1.5 - just to make it a bit more visible it's not a straight continuation of 1.0/1.1.
[FIX] No more "soft reboots" (system reloaded it's graphics UI part)
[FIX] No more turning off WiFi issue (but it happens that WiFi can't pop in after full reboot - another reboot is required)
[FIX] CIFS startup on boot (Issue 57)
[CHANGE] Update process should be now more chatty and report more errors
[CHANGE] Reverted back WPA service (which enable UrukDroid? WPA supplicant with AdHoc? support) - since some people reported problems with adding new networks with Uruk version of WPA supplicant.
[CHANGE] Merged changes from Archos 2.3.28 OS
[NEW] New wpa_supplicant - hopefully with all features and without most of known problems (sometimes it still refuses to start)
[CHANGE] Updated modules and kernel
[FIX] Fix camera support for A43
[CHANGE] Merged changes from Archos 2.3.26 OS
[CHANGE] Redesigned services to output more reliable status
[FIX] Mediascanner fixes (did not rescan data sometimes)
[NEW] Introduced in 1.0 "Rescue Menu" now fully functional (RM)
[NEW] RescueMenu now have Alternative OS? boot feature
[NEW] RescueMenu now have "bare metal" backup/restore functionality
[NEW] Update process will now communicate with user with help of UrukConfig
[NEW] Enabled cgroups
[FIX] "Moved" boot image on A101
[FIX] 3Gmodem_init.sh fixes
[NEW] You can dissable boot from SDCard by naming any of it's partition "noboot" ('[email protected]:/root# e2label /dev/block/mmcblk2p1 noboot')
[NEW] patch (by Sibere) increasing USB current in Host mode
[NEW] New default apps in UrukDroid 1.5: WiFi Manager, FileExpert, QuickPic, Opera browser
UrukDroid 1.0 (30.04.2011)
[FIX] sshfs missing files fix
[FIX] EasyInstall: changed datafs max size from 2GB to 1.95GB (for market to work), fixed partition sizes for A101 16GB when doing internal install with resize, fixed installation for A70H devices
[NEW] small script to copy UrukDroid files from SDCard (external) to Internall (copy_from_sd_to_internal.sh)
[CHANGE] Changed behaviour of dvb service (device configuration)
[FIX] Added some missing modules for DVB support
[CHANGE] New kernel modules for more dvb devices (but it requires manual loading and testing)
[NEW] rsync tool
[CHANGE] swap service now can work on swap partition (or like before on swap file), also after mounting sdcard ext4 partition
[NEW] Ad-Hoc WiFi connection support by default (networks are visible with "*" on beginning of it's SSID)
[CHANGE] Some new progress indicators during install/upgrade
[NEW] Simple Animation during late phase of bootup
[NEW] New service: cifs (to load cifs modules)
[NEW] Added cgroups kernel setting
[NEW] Moved some modules dependencies (cifs,ntfs,dvb) to /etc/modprobe.d
UrukDroid 0.7 (28.02.2011) you're damn right it's a gift!!
[NEW] NFSv4 client support
[NEW] FS-Cache (cachefilesd) support for NFS (local disk cache for NFS files)
[NEW] sshfs support
[FIX] OpenVPN fix - thanks to nenadr
[FIX] PPtP fix - thanks to nenadr
[NEW] vpnc tool for using Cisco VPN connections
[NEW] vpnc UrukDroid service
[CHANGE] Updated to libc6 2.11 (and all binaries recompiled/changed because of it - big change)
[NEW] new gnu tools: nmap
[NEW] EasyInstall now allows installing UrukDroid on internal (mmcblk1) storage in A70 and A101
[NEW] Integrated 3G USB modem and RNDIS USB tethering service by nenadr
[CHANGE] New iobench.sh (with new bonnie++ test)
[CHANGE] Changed device fingerprint to work better with google market (enable download some missing apps)
[CHANGE] Merged Archos 2.1.8 firmware changes
[CHANGE] Changed DVB subsystem support and kernel/modules dependencies to work with new v4l2 modules (it will brake compatibility with most other kernels probably)
[FIX] Changes it UrukUpdate mechanism to work every time when file is moved to "/data/UrukUpdate"
[NEW] Added required modules and iptables service configuration for DroidWall (firewall) application
[NEW] sudo subsystem for launching properly some root tasks
UrukDroid 0.6 (11.02.2011) Eye of the Uruk... in new logo
[CHANGE] Merged changes from Archos firmware 2.1.2/2.1.3/2.1.4
[CHANGE] DVB support with LiveTV.apk from chulri (for selected cards, there are more modules then listed in /etc/uruk.conf/dvb - but it requires to do some experiment and report it back)
[CHANGE] Changed Uruk service to work better with new UrukConfig
[NEW] New services: openvpn, mediascanner
[NEW] IO Benchmark tool: iobench.sh
[NEW] Possibility to turn off mediascanner and use it on demand only
[FIX] Fixed mount_sdcard.sh script to work with 2.1.2 ext3 partitions
[NEW] Updated boot sequence with progress during upgrade/install
[NEW] You can hide soft buttons (Archos buttons) with UrukConfig
[NEW] Easy Install method - no need to know anything about Linux - just plug and wait...
[NEW] Kernel modules for 3g dongle
UrukDroid 0.5 (27.01.2011) Tom Bombadil... in red
[NEW] CompCache (aka ramzswap) support
[NEW] New CPU governor - interactive. Ported from XDA CyanogenMOD
[NEW] DVB: applied patches by chulri, Siano SMS1XXX USB support
[NEW] DVB: modules from outside kernel tree
[NEW] Some more GNU tools: gzip utils, zip utils, unzip utils, nc (NetCut for DVB streaming)
[CHANGE] New services model - so they can be easily run/configured with help of UI
[NEW] New kernel modules: usbnet, lzo
[NEW] Mediascanner modification - it should has much, much smaller impact on system performance
[NEW] sqlite3 (3.5.9) installed, for easy database file manipulation
[NEW] after restart of UrukDroid it will boot once again to Uruk without need of pressing any buttons, to boot on stock OS please use boot menu
[FIX] mount_sdcard.sh fixed so it will mount first ext4 partition on sdcard if exist, and will not interfere with Vold if its vfat
[CHANGE] New update/upgrade/flash model - everything done on UrukDroid - no boot menu required
[NEW] New application to configure UrukDroid - UrukConfig.apk. Installed with this release. Can be uninstalled in default way.
[FIX] Fixed corrupted logo in A101
[NEW] Unified kernel for UrukDroid on SDCard and internal storage (A70S/A101)
[CHANGE] Services ENABLED with this release: CpuGovernor, CompCache
UrukDroid 0.4.2 (21.01.2011)
Just extracted as a separate update file GoogleMarket
UrukDroid 0.4.1 (15.01.2011) Myyy preciousssss...
Some more tools like: bc, proc utils, vim, tcpdump, bzip2, tar etc.
Android apps (Market, Maps, Talk, Calendar, Contact, Feedback, Locator, Updater) by default
Samba (3.2.5) support for sharing /mnt/storage (internal and sdcard storage) from Archos
Dropbear SSH server
Backported modprobe, depmod etc. tools for modules management
WiFI driver recompiled, WiFi HW firmware update (from 6.1.0.0.335 to 6.1.5.44.7)
Initial DVB-T support (Afatech AF9005, Afatech AF9015, DiBcom DiB0700, Terratec CinergyT2/qanu)
Bootlogo with progress steps
Cleanups of initramfs and rootfs
EXT4 drivers backported from 2.6.30 - some mount changes (to prevent config files corruption)
Initial A70H support
SDCard/HD layout changed
Autoupgrade service and installation helper
ADB fixes
Removed two apps. TelephonyProvider.apk, Phone.apk
Since 0.4 all services are DISABLED by default, to enable it edit proper config file in /etc/uruk.conf/
UrukDroid 0.3 (9.01.2011) Rise my Uruk... not yet Hai
iptables, ntfs support
some more USB modules: usbserial, pl2303
fixed bluetooth problem (not working in Uruk 0.2)
automounting improvements (much more bulletproof)
new configuration files (/etc/uruk.conf/) to enable/disable features
new Uruk services (/etc/uruk.d/)
some more GNU utils openssh-client, coreutils
USB charging enabled (NOT tested!!!) - It would required much more power then standard USB in PC can give, use USB wall/car charges or double/triple USB cables
UrukDroid 0.2 (5.01.2011) Go GNU release
"smart" automounting script (that will mount ext4/vfat third partition from sdcard in RIGHT place, AFTER internal storage is mount)
plenty of useful GNU tools: whole e2fstools (mkfs, fsck for ext2/ext3/ext4), parted (for partition resize, format etc.), vfat tools, new toolbox, mtr, top, strace, bash - and much more (look in /usr/local/bin and /usr/local/sbin)
swap memory ON by default (50MIB file /swap01.file)
required compiled libraries libparted, libncurses, libe2fs... etc. (look in /usr/local/lib)
new text editor in text mode: nano (my favourite)
some init.rc cleanups
kernel changes (mostly toward console output)
fixed small (but problematic) misconfiguration in Archos (yep original one) Android in linking /etc/mtab
UrukDroid 0.1 (30.12.2010) Initial "release"
recompiled kernel with ext4, nfs4, fb console
added su and superuser.apk
bootup changes (to make it work)
Features planed in next releases:
backup scripts
proxy settings
CynanogenMOD parts backported
OC/UC kernel be default
FAQ or Tips & Tricks
More information you can find in seperate thread on this forum - FAQ + Question/Awnsers
How to upgrade from previous releases
To upgrade from 0.5 you should download special upgrade file (UrukDroid-0.6-upgrade.tbz2) from first post. You need to place this file in directory "/data/UrukUpdate".
First method:
Put it on your internal storage by any means - this is /mnt/storage (also visible as /sdcard/). Then use file manager (like Astro or RooteExplorer - not build in one) or do as follow in terminal (or over ssh)
Code:
su
cd /sdcard/
mv UrukDroid-0.6-upgrade.tbz2 /data/UrukUpdate/
Second method:
Use UrukConfig to enable SSHD (if you don't have it started already), and use any SCP/SSH client (like WinSCP, or plain scp on Linux) to copy file (default username is "root", password is "UrukDroid") to "/data/UrukUpdate".
In both cases upgrade will start automatically; alter kernel, initramfs and when finished, device will reboot itself.
How to enable/disable and configure UrukDroid services?
UrukDroid services are configured by text files, that can be found in /etc/uruk.conf/ directory. You can use file manager like RootExplorer or Terminal to edit them, but most convinient way is to use SSHD service and some ssh client (for example putty).
You can also use UrukConfig application - build in since 0.5 release. After you do some changes, restart service (/etc/uruk.d/service_name stop/start) or simply reboot Archos. Since 0.5, by default only CompCache and CPUGovernor are enabled.
Currently available services
samba - it's SMBD server allowing mounting your Archos storage directory on your PC. Default user is "storage" and password "UrukDroid"
sshd - SSH server allows you to connect to your Archos with any ssh client, work on terminal. It also allows to copy files with scp/sft. Default user is "root", password "UrukDroid"
swap - this service enable swap memory. It can make Archos a bit less responsive but memory manager won't kill application so quickly (co you can use WWW browser, email an communicator simultaneously - for example of course)
iptables - this pseudo service will load necessary modules to use iptables (firewall) features
ntfs - if you plan to connect NTFS formatted devices to your Archos - enable this service
dvb - this service load necessary modules to watch TV on your Archos. This service requires configuration from your side - it won't work "as is". Please read and edit config file (/etc/uruk.conf/dvb)
compcache - Start/stop CompCache swap memory service. Compcache is a compressed part of memory, where less used object reside. Usual compression ratio is 70%
cpugovernor - Changes default CPU governor and it's parameters. Governor decides how to scale CPU frequency. Since 0.5 there is new "interactive" governor.
openvpn - It's an implementation of popular free VPN service for Uruk. It will act like the one used in Archos stock config with difference it will work all the time - whenever you go, and you have full flexibility of configuration. Config file resides in /etc/openvpn/archos.conf.
VPNC - It's open implementation of Cisco VPN service. You should edit /etc/vpnc/archos.conf file.
NFS4 - NFS v4 client service allows you to mount remote file storage with use of NFS (much faster then SMB for example). You can also enable use of cachefilesd sub-service - that will cache locally, files transferred with NFS (for smooth playback of movies for example)
How to remove some default apps?
App started at the boot time are stored in /system/app, I've already removed some of them by moving it to /system/app.old/ - but you can do it by your own - but remember - some of them are actually required to run system
Some filesystems benchmarks (that's the reason why I wanted ext4 so badly)
Write tests (I've testes different filesystem and partition sizes)...
Tests on Archos:
internal 8GB
0,71Mb/s ext3,ordered,noatime
5,45Mb/s fat32
Lexar 16GB
2,63MB/s ext3,ordered
6,25MB/s ext4,ordered
Test on computer (the same lexar card)
2.93Mb/s 1GB,ext3,noatime
2.78Mb/s 1GB,ext3
3.04Mb/s 1GB,ext2
8.62Mb/s 1GB,vfat
7.61Mb/s 1GB,btrfs
7.87Mb/s 1GB,ext4
7.87Mb/s 16GB,ext4
Card is 16GB SDHC Lexar class 6 only - so this toshiba nand inside is not state of the art either :/
How to roughly check your filesystem write speed
Go to directory where you can write and were is more then 100MiB of free space and do the line. It will sync devices (flush all write caches), write 100MiB file filled with zeros, and fush caches once again to measure real write speed without buffers. Then easy math... and my laptop disk has write speed 16,66MiB/s
Code:
[email protected]:/tmp$ sync; date; dd if=/dev/zero of=test.file bs=1M count=100 2>/dev/null; sync; date
Wed Jan 5 19:02:28 CET 2011
Wed Jan 5 19:02:34 CET 2011
[email protected]:/tmp$ bc -q
scale=4
100/(34-28)
16.6666
quit
UrukDroid configuration system
I've created (or recreated, since Google threw away existing Sytem V and other solutions) something that works like rc/init.d system. It's old fashion, but for only few services will do it's job.
There are few location to remember:
/system/etc/uruk.d/ - directory with services
/system/etc/uruk.conf/ - directory with configuration files
/system/etc/init.d/ - symlinks Sxxserice/Kxxservice (like S01swap) to be run during startup process
Proper path is /system/etc/ but it's symlinked on every Archos to /etc - so you can also work on /etc/uruk.d, /etc/uruk.conf etc.
To enable iptables support (load proper module) it's enought to edit /system/etc/uruk.conf/iptables
To change swap memory settings edit /system/etc/uruk.conf/swap
How to mount ext4 under Windows?
There is project called "ext2read" that claims to work with ext4 also (I've only tested it with ext2 long time ago - it worked) http://sourceforge.net/projects/ext2read/ - please write some commends if you use it.
What is current directory/disk layout?
/ -> SDCard first partition (512M) - for root filesystem
/data -> SDCard second partition (1GB) - for installed apps
/mnt/storage -> internal 6GB partition - for data used by installed apps
/mnt/storage/sdcard -> SDCard third partition - anything you want, nothing by default
/mnt/sdcard2 - proposed mount point for other volumes, not used by default
And there is something called symbolic links (symlinks) - witch is kind of Win shortcut used on UN*X extensively.
/sdcard -> /mnt/storage
/storage -> /mnt/storage
/mnt/sdcard -> /mnt/storage
So you can enter /sdcard - and you are be using files from /mnt/storage. You can also create symblinks by yourself
Code:
ln -s /source destinations
How to gather data report from UrukDroid
Best way is to use SSH. For this, please start "sshd" service on UrukDroid by using UrukConfig application or by editing /etc/uruk.conf/sshd file.
First start will take one minute or so - since sshd has to generate unique encryption keys.
If you use Windows download putty.exe (ssh client) and run it. Write your Archos IP (it has to be visible in network) and connect.
Use
Login: root
Password: UrukDroid
Click to expand...
Click to collapse
Now you can write Linux commands and cut/paste results for help/debug purpose.
Thanks!
I think you talked me into it! I'll play with it tomorrow.
I've found this on Nook Color thread http://forum.xda-developers.com/showthread.php?t=888216
Can someone test is it worth to do on Archos? I think we don't need phone service running in background. Ill try this tomorrow when i get back to home but maybe someone can test earlier?
sorry for asking,but what is the point in doing step 3,i mean what does it actually do?
This is backup of install instruction, leaving more space for custom approach. Instruction in first post is now much simpler with less 'if/or'.
Material for this thread came from discussion here. So please be kind read also this thread before getting to work
This is mini how-to boot modified Archos Android from SD card, using SDE. It's base on 2.0.71.
Since this Android mod/distribution required some name - let it be Uruk-Droid
Why bother:
ext4 (much faster than ext3, can store files >4GB comparing to FAT32)
full r/w access to every part of system
root (su + superuser.apk) out of the box
possibility to remove some google/Archos apps (already done partly)
swap memory when you need it
no 300MB limit for apps (and no faulty app2sd required)
you can have SD card Class 8/10 - and that's much faster storage than internal flash (inside is something equal class 6 or 4)
Warning
Be aware that this modification requires SDE and probably some Linux knowledge.
By doing described below steps you probably can't brick your Archos - but do it on your own risk.
Root access on your devices makes it less secure form malicious software (user more head - less fingers )
Known problems:
Android automounter (vold) does not recognize EXT4 in stock firmware - so it will claim SD card is damaged (it's just a message) (FIXED)
Before you start:
Read about SDE on forum
Install some terminal emulator from Market (eg. "Android Terminal Emulator")
You should have 2.0.71 already installed (I'm not sure if it's required but only with that configuration tested)
All operations described here, done on Linux or Android should be done from root user (you can switch to that user in terminal by typing "su" or "sudo su" command)
If you don't have Linux - find any recent Rescue CD, Live CD or Virtual disk (VirtualBox or VMware) - distributions does not matter
SD card partition design
First of all, preferably buy card class 6+. So it won't be slower than internal storage
I'm currently using 3 partitions
0,5GB / (rootfs)
1GB /data
rest /mnt/storage/sdcard/
but You can create one big partition instead - I've made my configuration because of easiness to backup and upgrade (rootfs is easy to upgrade later on, /data has only runtime data and application, rest is for movies etc.) Size of /data partition determines how many apps you can install on your device.
Here it's how it looks on fdisk
Code:
linux-machine:~# fdisk -l /dev/sdb
Disk /dev/sdb: 16.0 GB, 16012804096 bytes
199 heads, 44 sectors/track, 3571 cylinders
Units = cylinders of 8756 * 512 = 4483072 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/sdb1 1 121 529716 83 Linux
/dev/sdb2 122 362 1055098 83 Linux
/dev/sdb3 363 3571 14049002 83 Linux
Step one
Create at least one primary partition on SD card with fdisk, gparted, parted or any other partitioning tool. Assuming your SDCARD is visible as /dev/sdb (on Linux box - check "dmesg").
Code:
su (go root)
fdisk /dev/sdb
fdisk options (it's interactive):
p (print existing partitions)
d n (delete partition by it's number 1,2,3 etc)
n (create partition, you will be asked about type (primary, secondary - go primary), number (give first available), start sector (just enter will set first possible), size (you can give it as +1M, +2G etc)
w (write all changes, until you give this command no changes are made on disk physically)
Format partitions as EXT4 - but without huge_file option (it won't work with this feature since it requires special kernel option that brakes compatibility with existing modules).
Code:
su (go root)
mkfs.ext4 -O ^huge_file /dev/sdb1
If you created more partitions - do those steps for everyone.
Code:
mkfs.ext4 -O ^huge_file /dev/sdb2
mkfs.ext4 -O ^huge_file /dev/sdb3
Kind of "session log" for this steps you can find in this post.
Step two
Extract content of rootfs.tar.gz onto first partition on SD card (it HAS to be first one). Do it from root account on Linux/UNI*X box - or you won't transfer all permissions properly (mainly +s on su/superuser.apk).
assuming your SD Card is visible under Linux as /dev/sdb (you can check it by typing "dmesg" after you connect it)
open terminal/shell - go root: su, or sudo su
create mount point: mkdir /tmp/sdcard
mount it (if it's not mounted already) for example: mount /dev/sdb1 /tmp/sdcard
go to /tmp/sdcard directory: cd /tmp/sdcard
extract rootfs: tar -zxf /path_to_file/rootfs.tar.gz
exit directory: cd
umount your card: umount /tmp/sdcard
Flash initramfs.gz and zImage from SDE boot menu:
reboot Archos70, hold up or down volume key until you see Recovery menu,
choose "Recovery System"->"Developer Edition Menu"->"Flash Kernel and Initramfs",
connect Archos to PC and copy initramfs.gz and zImage to device
Reboot and hold up or down volume, choose "Developer Edition".
You should see all yours apps etc. - it should look like your Archos , but with su/superuser.apk etc. (check it on terminal emulator by typing "su" and enter).
Before go to next step make sure you have booted to SDE system AND it has root access! (check "su" in terminal, run root explorer or titanium backup)
Step three
It's kind of optional - since you have already working system - but it's not fun yet
Now you should copy /data files onto SD card. Use terminal emulator (from market can be "Android Terminal Emulator") or sshd (QuickSSHd and log into your tablet) and do:
If you have ONE partition
Code:
su
cp -rp /data/* /data.new/
If two or more
Code:
su
mount -t ext4 /dev/block/mmcblk2p2 /data.new
cp -rp /data/* /data.new/
umount /data.new/
Poweroff device.
Step four
Put card into computer and:
one partion
remove /data
rename /data.new to /data
On Linux it may look like this:
Code:
su (or sometimes "sudo su")
mkdir /tmp/sdcard
mount /dev/sdb1 /tmp/sdcard
cd /tmp/sdcard
rm -rf data
mv data.new data
edit /init.rc (it's /init.rc on Android - on Linux box it's going to be something like /tmp/sdcard/init.rc) - use any editor to modify file - do it as a root!
Code:
su
vi /tmp/sdcard/init.rc (edit the file)
umount /tmp/sdcard/
What to edit:
Code:
# Comment this
# mount ext3 /dev/block/mmcblk0p4 /data noatime nosuid
# Uncomment this
# mount ext4 /dev/block/mmcblk2p2 /data noatime
mount ext3 /dev/block/mmcblk0p4 /data.old noatime nosuid
two or more partitions
edit /init.rc (it's /init.rc on Android - on Linux box it's going to be something like /tmp/sdcard/init.rc) - use any editor to modify file - do it as a root!
Code:
su (or sometimes "sudo su")
mkdir /tmp/sdcard
mount /dev/sdb1 /tmp/sdcard
cd /tmp/sdcard
vi init.rc (edit file)
umount /tmp/sdcard
What to edit:
Code:
# Comment this
# mount ext3 /dev/block/mmcblk0p4 /data noatime nosuid
# Uncomment this
mount ext4 /dev/block/mmcblk2p2 /data noatime
mount ext3 /dev/block/mmcblk0p4 /data.old noatime nosuid
If you have third partition on SDCARD, whether it's EXT4 (recommended) or FAT32 it should by automounted since 0.2 version.
Reboot - it should work
End
Stuff you can do later:
Vold - automount daemon on android is quit.... crappy - to let go message about "sd card damaged" edit /etc/vold.fstab and hash the line "dev_mount_lun volume_sdcard /mnt/storage/sdcard...."
Other partitions - if, by any reason, you have more partition on SD card (more then 3) you can also mount it putting in init.rc (there are some potential issues with vold to be solved)
for ext4
Code:
mount ext4 /dev/block/mmcblk2p5 /mnt/sdcard2 noatime nosuid
For fat32 partition preferably tweak with Vold config (/etc/vold.fstab) - or add something like this (in init.rc)
Code:
mount vfat /dev/block/mmcblk2p3 /mnt/sdcard2 uid=1000 gid=1015 fmask=0000 dmask=0000
Files (UrukDroid-0.3):
Megaupload.com
initramfs.cpio.gz
zImage
rootfs.tar.gz
Dropbox.com (there can be server error because of download limit)
http://dl.dropbox.com/u/1017593/ArchosGEN8/UrukDroid-0.3/rootfs.tar.gz
http://dl.dropbox.com/u/1017593/ArchosGEN8/UrukDroid-0.3/initramfs.cpio.gz
http://dl.dropbox.com/u/1017593/ArchosGEN8/UrukDroid-0.3/zImage
Nm you said it's faster, interesting... I may test that out.
IMHO you should point out that it is a great security risk for having access to root without any password.
BTW this comment is not meant to insult you in anyway, but I think it is only fair to people that will use it and to cover your own ass.
Maurice
Does this require a clean system to do the SDE Root? what happens to everything already installed etc.
MoonPhantasm said:
Nm you said it's faster, interesting... I may test that out.
Click to expand...
Click to collapse
There was already link to my write speed tests (now I've pasted it to second post) - read speed is about the same. In quadrant I have something about ~2300 (one of quadrants test is I/O benchmark) - but that's not my goal - so I don't care much about that kind of speed.
divx118 said:
IMHO you should point out that it is a great security risk for having access to root without any password.
BTW this comment is not meant to insult you in anyway, but I think it is only fair to people that will use it and to cover your own ass.
Click to expand...
Click to collapse
Of course your are right - but that's kind of obvious, and that's the reason why superuser.apk requires to specify what process can gain root access (I know it's not strong security - but better something than nothing)
Is there any way to do this on the a32, or can will there be a solution for the 32.
I had SDE installed before, but I used the uninstall developer edition option in the boot menu. Now, regardless of if I use the .aos file from archos that has SDE, whenever I reboot holding a volume button, I get to a menu that says "Archos A101IT Recovery", and "Would you like to recover your system?" with the following options:
No
Update Firmware
Repair System
Format System
I select update firmware, and all I get is an update failed error.
I don't know what to do. I have a basic linux knowledge, so I have my sd card properly formatted, without the huge file option. I've extracted the contents of rootfs.tar.gz to the first partition.
Any ideas on what to do?
$aur0n said:
I don't have that problem since I use Linux everywhere
My mmcblk2p3 is also EXT4 partition (since fat 32 has 4/2gb file size limitation it's only place where I can put bigger files - mainly movies. It's one of ther reasons why ext4 is good for the task).
To mount (vfat or ext4) during but of Archos put in init.rc
Code:
mount ext4 /dev/block/mmcblk2p3 /mnt/storage/sdcard noatime nosuid
or
mount vfat /dev/block/mmcblk2p3 /mnt/storage/sdcard
just after mount of /data.old for example..
/mnt/storage/sdcard is the place where automounter would normally mount this device.
Click to expand...
Click to collapse
I did try to add it to init.rc, but it wouldn't mount.
Running "busybox mount -t vfat /dev/block/mmcblk2p3 /mnt/storage/sdcard" after boot seems to work however.
Is /mnt/storage mounted yet at that point? It seems to be separately mounted ("mount" shows /dev/block/vold/179:9 mounted on /mnt/storage, but I can't find any line related to that in init.rc)
Since "Preparing internal storage" appears after boot, I assume the SD card has to be mounted after that (unless I mount it somewhere else, which would break compatibility with some apps)
Actually, I'd prefer if the SD card was mounted on /mnt/storage, and the internal storage on /mnt/storage/internal, is there a way to do that?
Edit: Ah, I checked that /etc/vold.fstab file. It seems to be what I need to edit to auto mount the SD card, but I'm not sure what I need to edit.
The line currently reads:
dev_mount_lun volume_sdcard /mnt/storage/sdcard auto /devices/platform/usb_mass_storage/lun1 /class/block/mmcblk2
"auto" seems to be the partition number, I tried to change this to different values as well as changing mmcblk2 to mmcblk2p3, but they result in the same SD card damaged message. Is this a no-go and just won't work or am I doing something wrong? Either way, it seems like it's the only way to mount the SD card at boot if I want it mounted to /mnt/storage/sdcard.
Edit 2:
Adding these 2 lines to init.rc and commenting out the equivalent lines in /etc/vold.fstab seems to work:
mount vfat /dev/block/mmcblk2p3 /mnt/storage
mount vfat /dev/block/mmcblk1p1 /mnt/storage/internal
Now I have the SD card mounted on /sdcard
However, the settings won't show the space information now, so I have to connect it to the PC to check free space. Is there a better way to do it?
Jdbye said:
I did try to add it to init.rc, but it wouldn't mount.
Running "busybox mount -t vfat /dev/block/mmcblk2p3 /mnt/storage/sdcard" after boot seems to work however.
Is /mnt/storage mounted yet at that point? It seems to be separately mounted
Click to expand...
Click to collapse
No, this mount point (/mnt/storage/sdcard) is not ready yet at this point - that's why I've changed it to /mnt/sdcard2 in howto. It's not good solutions (since probably some tools won't find media - like movie player) - but the only one for now. Vold is crappy, and even so it should mount _first_ usable partition (with auto option) but it does not want to do that. I can't check it, since I don't have vfat on sdcard, but probably the only solution is to do separate script/service with delayed mount - that's what I'm going to do for now, later on (in next release).
Q: However, the settings won't show the space information now, so I have to connect it to the PC to check free space. Is there a better way to do it?
A: (kind of joke) - user "df -h" in terminal, probably some more smart tools with gui are also able to show space used by "other" devices.
hurrpancakes said:
Any ideas on what to do?
Click to expand...
Click to collapse
I guess it's some Archos SDE bug and you should report it (I thing that after uninstall of SDE and second install you should see developer menu back - if not,
it's error or faulty "watermarking" at work)
jab12 said:
Is there any way to do this on the a32, or can will there be a solution for the 32.
Click to expand...
Click to collapse
My guess - it may also work for you. All gen8 devices have the same kernel and system - so give it a try.
xShadoWxDrifTx said:
Does this require a clean system to do the SDE Root? what happens to everything already installed etc.
Click to expand...
Click to collapse
Everything that is installed on INTERNAL 8GB storage is untouch. So even when sde fails to boot, you can go back to original Archos Android and work on that.
When you follow my instr. you should see second Android with all yours application installed but on ext4 with root etc. etc.
$aur0n said:
I guess it's some Archos SDE bug and you should report it (I thing that after uninstall of SDE and second install you should see developer menu back - if not,
it's error or faulty "watermarking" at work)
Click to expand...
Click to collapse
I think the error may lie in the fact that I have to access my sd card by mounting it through my a101. Tomorrow (or later today, rather) I will get a sd card reader so I won't have to rely on using the tablet.
Hi, thanks for howto.
Can we keep the superuser mode explained in this topic http://forum.xda-developers.com/showthread.php?t=880321&page=13 And use your method (in case i forgot m'y sd card And need root access)

[Q] Backup of disk encryption master key

I've been extensively searching on this, but I just can't find any answer, although I really can't image I'm the first one to come up with this.
I have a Google Nexus 4 (rooted, of course) and I'm using the native phone encryption.
There is some information that can be found, revealing that google uses the native linux dmsetup tool for this.
Now, just in case anything goes wrong, I'd like to have a backup of the encryption master-key,
that I could use to restore the dm-crypt header.
On a normal linux system, this would be easy, only one call to dmsetup and I'm done.
However, I just can't find any info to do this on android.
The UI doesn't offer this option (as is to be expected) and I just don't know how to do it by using adb.
I've opened a root shell session and tried some commands (dmsetup, cryptsetup, some calls to "vdc cryptfs", etc...), but I just don't find a way to do it.
Has someone already found a way and can share how it's done, any ideas?
Thanks in advance
Does no one encrypt their android phones or is concerned about integrity of their data?
I think you overestimate Android: In most cases /data partition is not larger then a few GB's on smartphone devices.
Just insert Storage card with enough free space, and do a decrypted backup (for example from CWM recovery being root):
1) Make sure /system, /sdcard, and /data are all mounted inside recovery environment
2) /system/xbin/tar -C / -cf /sdcard/data.tar data
When integrity of your data is no longer given, you can factory reset the device, start again the encryption process (which will use a new key for encryption), and then restore your userdata back:
1) Make sure /system, /sdcard, and /data are all mounted inside recovery environment
2) /system/xbin/tar -C / -xf /sdcard/data.tar
No need to play around with keys and cryptsetups or being afraid you loose data because you have encryption enabled
---------- Post added at 04:12 PM ---------- Previous post was at 03:14 PM ----------
To answer your initial question:
Have a small lecture on h*t*t*p://source.android.com/tech/encryption/android_crypto_implementation.html
It is said, that the "The crypto footer contains details on the type of encryption, and an encrypted copy of the master key to decrypt the filesystem".
And that "[..]the filesystem doesn't extend into the last 16 Kbytes of the partition where the crypto footer is kept".
So basically by doing a backup of the last 16KB of the partition initially was mounted as /data before encryption you are THEORETICALLY save.
I am sorry not being able to give you exact commands, but i am sure someone can post you the right partition name (e.g. for HTC vision devices it would be /dev/block/mmcblk0p26), you can do backup/restore on blocklevel using dd, which is on my current ROM located at /system/bin/dd
You then need to find out the size of this partition, which in my case with /dev/block/mmcblk0p26 would be:
cat /sys/class/block/mmcblk0p26/size gives yout size of partition in blocks (in my case 2234367)
Now you have to reduce this by 16KB, whish i think should be (2234367*4096-16*1024)/4096=2234363, because i think on all Android devices Blocksize is 4096 (you can check the column Blksize on output of shell command "df" on Nexus).
Commands would be then something like this:
Backup: /system/bin/dd if=/dev/block/mmcblk0p26 count=4 bs=4096 skip=2234363 of=/sdcard/masterkey.dd
Restore: /system/bin/dd of=/dev/block/mmcblk0p26 count=4 bs=4096 skip=2234363 if=/sdcard/masterkey.dd
Because 16KB are 4x4096 Byte
With THEORETICALLY i meant that these are my thoughts based on the implementation description, which might be accurate enough about the master key, or not (often the master key is stored on a special sector, and they only mentioned a "region" for the crypto footer), and i never tested above Backup/Restore commands, yet.
Perhaps someone better knowledged can confirm my calculations, or someone who digged in the right passages of the Android source can tell us where exactly the master key is getting stored!
Thanks for the answer.
I'll give it a try and store a backup of that last few kb of the disk.
However, since I can't really test if a restore works,
I wouldn't put too much trust into that backup.
Thanks anyway
Has anyone been able to backup their key? Anyone confirmed the commands that rondald put?
This is ridiculous that the SD card is locked to the device. I need to transfer my SD Card to a new device and should not have to reformat my SD Card.
Encryption without key management = FAIL

[CM10.2]eCryptFS - How to manually create/mount an encrypted folder?

Hallo,
Android 4.x allows to encrypt the phone. I guess it's been done by ecryptfs. How can i use ecryptfs to manually encrypt a single folder? I've tried 'mount -t ecryptfs /sdcard/test /sdcard/test' how it's been usually initialized but on Android/CM10.2 it just throws an 'invalid argument'.
Edit: 'dmesg' throws 'Error parsing options; rc = [-22]'. I've found references on the web that this is because there is only the kernel part implemented and it needs the userspace tools as well (ecryptfs-utils). But how does Android/CM do it then to encrypt the whole phone?
Edit2: Looks like its not done by ecryptfs but dm-crypt via vold.
So, i guess its not possible at the moment to use that on single folders via shell...

[Q&A] [GUIDE] How to build CWM-based Recovery from source in Ubuntu 12.04 with CM-11

[Q&A] [GUIDE] How to build CWM-based Recovery from source in Ubuntu 12.04 with CM-11
Q&A for [GUIDE] How to build CWM-based Recovery from source in Ubuntu 12.04 with CM-11.0
Some developers prefer that questions remain separate from their main development thread to help keep things organized. Placing your question within this thread will increase its chances of being answered by a member of the community or by the developer.
Before posting, please use the forum search and read through the discussion thread for [GUIDE] How to build CWM-based Recovery from source in Ubuntu 12.04 with CM-11.0. If you can't find an answer, post it here, being sure to give as much information as possible (firmware version, steps to reproduce, logcat if available) so that you can get help.
Thanks for understanding and for helping to keep XDA neat and tidy!
My phone has 16mb recovery part but the recovery.img I made is 25 mb so I can't flash it In BoardConfig.mk, I can wrote at least 24.936.448 at the line of BOARD_RECOVERYIMAGE_SIZE to compile the recovery image. How can I solve this problem? Can I reduce the size of the .img file to 16 mb?
denizyildizi345 said:
My phone has 16mb recovery part but the recovery.img I made is 25 mb so I can't flash it In BoardConfig.mk, I can wrote at least 24.936.448 at the line of BOARD_RECOVERYIMAGE_SIZE to compile the recovery image. How can I solve this problem? Can I reduce the size of the .img file to 16 mb?
Click to expand...
Click to collapse
I don't understand how you ended up with such a big recovery... The biggest ramdisk I saw (in TWRP) is not more than 4-5 Mb. Do you have a kernel over 20Mb? It can't be, otherwise the stock recovery will be oversized too. Somewhere you made a mistake probably.
And to answer your question, no you can't reduce the size of recovery that big; if you have a kernel compressed in xz, you may try to compress the ramdisk in xz too, and the size will be smaller, but not enough... you need to downsize it with 9Mb, which is not possible.
So check again, to see if there isn't a mistake somewhere.
carliv said:
I don't understand how you ended up with such a big recovery... The biggest ramdisk I saw (in TWRP) is not more than 4-5 Mb. Do you have a kernel over 20Mb? It can't be, otherwise the stock recovery will be oversized too. Somewhere you made a mistake probably.
And to answer your question, no you can't reduce the size of recovery that big; if you have a kernel compressed in xz, you may try to compress the ramdisk in xz too, and the size will be smaller, but not enough... you need to downsize it with 9Mb, which is not possible.
So check again, to see if there isn't a mistake somewhere.
Click to expand...
Click to collapse
I took a screenshot of my CM11-0/out/target/product/msm8226/root folder which is 25 mb. There is a boot.img file. I think the problem is that file. I unpacked a few recovery.img files but none of them included that file. If problem is this, how can I remove that file from my ramdisk?
I removed that file and flashed new recovery.img but now my phone isn't booting in recovery mode.
denizyildizi345 said:
I took a screenshot of my CM11-0/out/target/product/msm8226/root folder which is 25 mb. There is a boot.img file. I think the problem is that file. I unpacked a few recovery.img files but none of them included that file. If problem is this, how can I remove that file from my ramdisk?
I removed that file and flashed new recovery.img but now my phone isn't booting in recovery mode.
Click to expand...
Click to collapse
No, for checking recovery root you need to look here: CM11-0/out/target/product/msm8226/recovery/root . But anyway that folder looks strange (I see a perl script there)....
Check my screenshot below.
And type a
Code:
make clobber
before stating a new build, or
Code:
make clean
between repetitive builds.
im getting this error each time i try to compile:
make: *** No rule to make target `/etc/init.rc'
please any suggestions
george676 said:
im getting this error each time i try to compile:
make: *** No rule to make target `/etc/init.rc'
please any suggestions
Click to expand...
Click to collapse
You need to be more specific: what recovery you try to build, in what environment (if it's not cm-11), and post a link to your device folder tree. That error means that the compiler can't find an init.rc file to add in ramdisk.
Compiler stops after a few segments
This is shown in my terminal:
Code:
cp: cannot stat ‘/home/paul/cm-10.2/out/target/product/Ultra/root/init.recovery.*.rc’: No such file or directory
make: [/home/paul/cm-10.2/out/target/product/Ultra/recovery/root.ts] Error 1 (ignored)
mkdir -p /home/paul/cm-10.2/out/target/product/Ultra/recovery/root/system/bin
cp -rf device/CherryMobile/Ultra/recovery/root /home/paul/cm-10.2/out/target/product/Ultra/recovery/
cp: omitting directory ‘device/CherryMobile/Ultra’
make: *** [/home/paul/cm-10.2/out/target/product/Ultra/recovery/root.ts] Error 1
[email protected] ~/cm-10.2 $ make clobber
And you wrote about the problem:
During the build process you may encounter some errors or warnings.
*********************
Code:
Code:
cp: cannot stat `/home/carliv/CM11-0/out/target/product/P780/root/init.recovery.*.rc': No such file or directory
make: [/home/carliv/CM11-0/out/target/product/P780/recovery/root.ts] Error 1 (ignored)
This will not stop the build, and it appears if you don't use a init.recovery.{hardware}.rc file. Can be ignored, as the build process does.
Though in my terminal it just stopped at that part so I had to rename mine which was originally init.recovery.qcom.rc to init.recovery.*.rc
--edit--
And yet it still would not continue ... Any ideas on how to fix this?
--edit # 2--
Here's the pastebin link just in case ->biQ7kjV8 add that to pastebin...(I can't post links)
--edit # 3--
I fixed it... Turns out that it was just a BoardConfig.mk parameter that I forgot to complete
Calculate proper BoardConfig.mk partition sizes
I have this log:
Code:
----- Making recovery image ------
/home/paul/cm-10.2/out/target/product/Ultra/recovery.img maxsize=8380416 blocksize=135168 total=8409088 reserve=270336
error: /home/paul/cm-10.2/out/target/product/Ultra/recovery.img too large (8409088 > [8650752 - 270336])
make: *** [/home/paul/cm-10.2/out/target/product/Ultra/recovery.img] Error 1
make: *** Deleting file `/home/paul/cm-10.2/out/target/product/Ultra/recovery.img'
Meaning I have wrong sizes for the partitions so I need help on it...
When I ran the following:
cat /proc/mtd
cat /proc/emmc
they both return: No such file or directory...
Now If I run the command: cat /proc/partitions
it comes up with this:
As far as I know.... mmcblk1p1 is my external sd card which is about 32 GB...
My system image is about 1 GB and more(confirmed) when I used the dd command(to dump it) and is located at mmcblk0p16
Userdata reaches more than 4 GB as reported by the dd command(file size too large) and is located at mmbblk0p25
here(recovery.fstab):
/boot mtd /dev/block/mmcblk0p10
/cache yaffs2 /dev/block/mmcblk0p18
/data yaffs2 /dev/block/mmcblk0p25
/misc mtd /dev/block/mmcblk0p20
/recovery mtd /dev/block/mmcblk0p19
/system yaffs2 /dev/block/mmcblk0p16
-- edit --
I solved this already
Help required for compiling CWM for android 4.4.2 version only?
I am on Ubuntu 14.0.4 and I am trying to build a CWM recovery for Celkon Q 5009android 4.4.2, Broadcom processor). I have set up build environment and currently working on syncing repo. I have heard that it takes too much time and disk space to complete this process. I am interested to know in the following particular scenario : want to build only CWM recovery from source for an android running on version 4.4.2. So do I have to download all repositories or is there any shortcut that would enable me to not download all, but a certain part that is required for android 4.4.2? If yes, how to go about it? please help.
Please help. I do not undertstand why 'repo sync' always fails at a particular stage, though I have 30+ GB of disk space available in my working folder named 'cm12'. Following is the last screen message :
Fetching project platform/external/ant-glob
Fetching projects: 8% (40/495) Receiving objects: 86% (2389/2771), 26.68 MiBerror: RPC failed; result=56, HTTP code = 200iB | 124.00 KiB/s
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed
remote: Sending approximately 1.94 GiB ...
remote: Counting objects: 85, done
remote: Finding sources: 100% (85/85)
error: RPC failed; result=56, HTTP code = 200iB | 88.00 KiB/s
fatal: The remote end hung up unexpectedly
Now should I run 'repo sync' again or should I use 'repo sync -j1' ?
fatal: early EOF
fatal: index-pack failed
error: Cannot fetch device/lge/mako-kernel
error: Exited sync due to fetch errors
Hey,
In which size are the values in BoardConfig.mk at BOARD_BOOTIMAGE_PARTITION_ZISE? bit?
And how I can convert blocks to this size because my lge only print out the partition sizes in blocks.
LG Noel
Black Manta said:
Hey,
In which size are the values in BoardConfig.mk at BOARD_BOOTIMAGE_PARTITION_ZISE? bit?
And how I can convert blocks to this size because my lge only print out the partition sizes in blocks.
LG Noel
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=60297989&postcount=51
Somewhere around that post you will find your answer.
Hi. Your guide is the most useful I found on the net. Much more than the official cyanogenmod wiki's porting one. Thanks a lot.
I'm trying to use it to build a cm 12.1 (lollipop) cwm on a mediatek device.
1) My stock rom (also Android 5.1) already ships a fstab.mt6795 file into the ramdisk. I moved it inside /recovery/root, and copied its content in /recovery/recovery.fstab
This is its content, should I make any change inside it?
Code:
# Android fstab file.
#<src> <mnt_point> <type> <mnt_flags and options> <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
/dev/block/platform/mtk-msdc.0/by-name/system /system ext4 ro wait
/dev/block/platform/mtk-msdc.0/by-name/userdata /data ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,resize,encryptable=footer
/dev/block/platform/mtk-msdc.0/by-name/cache /cache ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check
/dev/block/platform/mtk-msdc.0/by-name/protect1 /protect_f ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
/dev/block/platform/mtk-msdc.0/by-name/protect2 /protect_s ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
#please add cip or persist on project fstab
#/dev/block/platform/mtk-msdc.0/by-name/persist /persist ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
#/dev/block/platform/mtk-msdc.0/by-name/custom /custom ext4 ro wait
/devices/mtk-msdc.0/11230000.MSDC0 auto vfat defaults voldmanaged=sdcard0:[email protected],noemulatedsd
/devices/mtk-msdc.0/11240000.MSDC1 auto vfat defaults voldmanaged=sdcard1:auto
/devices/bus.2/11270000.USB3_XHCI auto vfat defaults voldmanaged=usbotg:auto
/dev/block/platform/mtk-msdc.0/by-name/frp /persistent emmc defaults
2) How can I find out which of the .rc files available in stock ramdisk include in my recovery, besides the renamed init.rc copied from /bootable/recovery/etc ?
3) My stock rom obviously already ships a init.mt6795.rc. Should I merge any of its lines to the one I copied from /bootable/recovery/etc in my /recovery folder?
Thanks in advance for your time and your efforts.
4javier said:
Hi. Your guide is the most useful I found on the net. Much more than the official cyanogenmod wiki's porting one. Thanks a lot.
I'm trying to use it to build a cm 12.1 (lollipop) cwm on a mediatek device.
1) My stock rom (also Android 5.1) already ships a fstab.mt6795 file into the ramdisk. I moved it inside /recovery/root, and copied its content in /recovery/recovery.fstab
This is its content, should I make any change inside it?
Code:
# Android fstab file.
#<src> <mnt_point> <type> <mnt_flags and options> <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
/dev/block/platform/mtk-msdc.0/by-name/system /system ext4 ro wait
/dev/block/platform/mtk-msdc.0/by-name/userdata /data ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,resize,encryptable=footer
/dev/block/platform/mtk-msdc.0/by-name/cache /cache ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check
/dev/block/platform/mtk-msdc.0/by-name/protect1 /protect_f ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
/dev/block/platform/mtk-msdc.0/by-name/protect2 /protect_s ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
#please add cip or persist on project fstab
#/dev/block/platform/mtk-msdc.0/by-name/persist /persist ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
#/dev/block/platform/mtk-msdc.0/by-name/custom /custom ext4 ro wait
/devices/mtk-msdc.0/11230000.MSDC0 auto vfat defaults voldmanaged=sdcard0:[email protected],noemulatedsd
/devices/mtk-msdc.0/11240000.MSDC1 auto vfat defaults voldmanaged=sdcard1:auto
/devices/bus.2/11270000.USB3_XHCI auto vfat defaults voldmanaged=usbotg:auto
/dev/block/platform/mtk-msdc.0/by-name/frp /persistent emmc defaults
2) How can I find out which of the .rc files available in stock ramdisk include in my recovery, besides the renamed init.rc copied from /bootable/recovery/etc ?
3) My stock rom obviously already ships a init.mt6795.rc. Should I merge any of its lines to the one I copied from /bootable/recovery/etc in my /recovery folder?
Thanks in advance for your time and your efforts.
Click to expand...
Click to collapse
First let me ask you where did you find a cwm for lollipop to build it? I'm interested to see that.
Second in recovery fstab you may want to add emmc partitions like boot, recovery... Check my github and look at elephone p6000 device folder (it's close enough to understand). If internal sdcard is on data/media you don't have to add it at all in fstab (at least that was the rule for kitkat... again I need to see the source for that lollipop cwm to tell you exactly). In elephone device recovery fstab you can see that usb and external sdcard are defined as auto for type not vfat because it is better to let minivold manage that.
Normaly for cm12.1 ther is no need to copy any rc file in root, only the fstab. {hardware}, which you said you did.
Again I can tell more if I will see the source code for the recovery, and last thing my guide is quite old now but I'm glad you found it useful.
Thanks for your quick reply.
I think I've not been so clear explaining what I'm doing: when I talk about "Lollipo CWM" I just mean that I'm working on 12.1 branch of cyanogenmod source tree, that as you know is based on the same sources of Lollipop, instead of the one the guide was originally aimed to.
1) I feel really dumb at this moment. I don't know exactly how many time I read that fstab file, and I never noticed that it lacks entries for partitions not managed by stock recovery. Sorry if I wasted your time with a stupid question.
2)For sdcards, then it's better to leave untouched the voldmanaged options, but change the filesystem type to auto?
3) I don't need to copy any other .rc file (init.mt6795.usb.rc, init.xlog.rc, etc...), nor to merge anything from init.mt6795.rc of the stock rom. Right?
Thanks again.
4javier said:
Thanks for your quick reply.
I think I've not been so clear explaining what I'm doing: when I talk about "Lollipo CWM" I just mean that I'm working on 12.1 branch of cyanogenmod source tree, that as you know is based on the same sources of Lollipop, instead of the one the guide was originally aimed to.
1) I feel really dumb at this moment. I don't know exactly how many time I read that fstab file, and I never noticed that it lacks entries for partitions not managed by stock recovery. Sorry if I wasted your time with a stupid question.
2)For sdcards, then it's better to leave untouched the voldmanaged options, but change the filesystem type to auto?
3) I don't need to copy any other .rc file (init.mt6795.usb.rc, init.xlog.rc, etc...), nor to merge anything from init.mt6795.rc of the stock rom. Right?
Thanks again.
Click to expand...
Click to collapse
I did understand it's cm12.1, but that was my question since there is no cwm for cm12.1 only cyanogenmod recovery which is different. At the moment I only recommend twrp for cm12.1+ and for that you have to use a different fstab, easy to find on github or here on xda in twrp threads.
Then, if I'm not too much confused:
- since CM12, Clockworkmod isn't anymore included in its source tree
- if I don't set any RECOVERY_VARIANT it defaults to CyanogenMod Recovery, not CWM anymore
- the recovery.img I built is, at its best, a Cyanogenmod recovery
- the recovery.fstab I used (the one i posted before, but now with /boot, /recovery and /nvram entries added) is in version 2 format, that twrp doesn't understand. So I have to find out how to convert in the old fstab format.
Am I right?
Another question: I used the last version of your CarlivKitchen. That doesn't offer anymore the choice to re/pack for standard android or for mtk images, because it automatically detect the format. But when it repacks, it adds the mtk header if the original image had it? Or am I forced to use a custom boot image maker?
4javier said:
Then, if I'm not too much confused:
- since CM12, Clockworkmod isn't anymore included in its source tree
- if I don't set any RECOVERY_VARIANT it defaults to CyanogenMod Recovery, not CWM anymore
- the recovery.img I built is, at its best, a Cyanogenmod recovery
- the recovery.fstab I used (the one i posted before, but now with /boot, /recovery and /nvram entries added) is in version 2 format, that twrp doesn't understand. So I have to find out how to convert in the old fstab format.
Am I right?
Another question: I used the last version of your CarlivKitchen. That doesn't offer anymore the choice to re/pack for standard android or for mtk images, because it automatically detect the format. But when it repacks, it adds the mtk header if the original image had it? Or am I forced to use a custom boot image maker?
Click to expand...
Click to collapse
Yes for all and for twrp fstab I think you can study device folders from twrp github (few are mediatek).
My kitchen now detects if image has mtk header and will repack it the same way (it stores a variable in unpacked folder which will tell that it must add a mtk header).
I decided to follow this guide to integrate the changes needed to build twrp instead of cwm: http://forum.xda-developers.com/showthread.php?t=1943625
It doesn't cover all the preparation steps like yours do. Do you think there are changes to be made to make your guide suitable for cm12 and twrp, or I can follow it until the " Build a CWM-based Recovery " paragraph?

Android 10 encryption issue after rom downgrade

Hi guys, I am asking you some help due to an emergency.
I had to downgrade an Android 10 rom where I had encryption turnen on (rom).
All I did was flashing a previous (minor) version of the rom via TWRP with just a "wipe cache/dalvik".
After rebooting my pin was not recognized anymore by both Android and TWRP.
I did many tentatives and at some point I typed "default_password" as pin, when asked by Android during the boot, and there was a important change:
1. After rebooting I typed my old pin, and now Android always tells me: "The password you entered is correct, but unfortunately your data is corrupt".
2. Now when TWRP asks for the password, it accepts the old pin too. But it is "unable to mount storage".
3. The system partition's contents are now visible: before they were not showing at all. The data partition is not accessible (error decrypting…).
I have done a lot of studying and tentatives to get the phone working without formatting and losing the data, but I could not solve the issue. I don't think the data is actually corrupted, because the rom downgrade was a minor version and it did not modify anything about encryption.
Could you please point me to the right direction? I am trying to understand what could have gone wrong, and find some possible solution.
EDIT: more details and list of the attempted solutions in this post: https://forum.xda-developers.com/t/...sue-after-rom-downgrade.4168821/post-85210619
JackSlaterIV said:
After rebooting I typed my old pin, and now Android always tells me: "The password you entered is correct, but unfortunately your data is corrupt".
Click to expand...
Click to collapse
Look inside here.
jwoegerbauer said:
Look inside here.
Click to expand...
Click to collapse
Both methods cause /data to be erased, which is what I don't want. Thanks anyway.
guess if something has changed since your dirty flash, it must be something in last 16384 bytes where the crypto footer is
there are some bytes which are most likely one or eight flag(s)
Flags : 0x00000000
you can locate and copy the crypto footer like this
- check fstab for location if it says encryptable=footer (or see recovery.log)
- get partition size and calculate the offset -16384
- extract the footer to /sdcard with dd (any file name)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
on PC open that file with Hex Editor
- the crypto footer will start with magic 0xD0B5B1C* (little endian). in my case it's C5 B1 B5 D0 as it's a samsung device.
- you should also see a string aes-cbc-essiv:sha256 (in my case aes-xts)
inspect the crypto footer with python script. you can't decrypt since android uses scrypt+keymaster but it will give you a nice layout
- install python 2.7
- run that script bruteforce_stdcrypto.py
Code:
Android FDE crypto footer
-------------------------
Magic : 0xD0B5B1C4
Major Version : 1
Minor Version : 3
Footer Size : 2352 bytes
Flags : 0x00001008
Key Size : 128 bits
Failed Decrypts : 36
Crypto Type : aes-xts
Encrypted Key : 0xCCE7D93B501B400D3D81726806F92936
Salt : 0x51B68B017C2A181E3ABD0B041FBFAA14
KDF : scrypt+keymaster
N_factor : 15 (N=32768)
r_factor : 3 (r=8)
p_factor : 1 (p=2)
crypt type : PIN
FS size : 52453304
encrypted upto : 52453304
-------------------------
as you can see in your case the flags are 0x00001008 so you can easier locate that in your Hex Editor
- convert the string little endian 0x00 00 10 08 -> 08 10 00 00
- you will find that four bytes at offset 13 in the first line
- reset the flags to 00 00 00 00 and save the file
if you prefer linux you can also use that shell script for doing that. fde_crypto.sh
Before messing up your data partition do a full dump for backup purposes (because we don't know what we are doing here, encryption is complicated stuff). In case you broke something you can just adb push it later
Code:
adb pull /dev/block/bootdevice/by-name/userdata
Now, write the new crypto footer back to end of userdata partition
- copy the file back to the device (another file name)
- get partition size and calculate the offset -16384
- write the footer to offset with dd (seek)
Code:
adb push data-footer.bin /sdcard
adb shell
cd /sdcard
blockdev --getsize /dev/block/bootdevice/by-name/userdata
dd bs=512 seek=$((52453336-32)) count=32 if=data-footer.bin of=/dev/block/bootdevice/by-name/userdata
Note: i don't know if that works. indeed, that's all guesswork based on your input in pm. good luck!
Hi and thanks again. As you wrote we spoke a lot via PM before your post.
I reset the footer flags to 00 00 00 00. Then used dd as you suggested to overwrite the userdata footer.
During the first Android boot, it asked me to enter the pin, but then it failed to decrypt, and now is always showing the old message "The password you entered is correct, but unfortunately your data is corrupt" .
So looks like the flag at least reset the default mode.
And TWRP still can't decrypt the partition.
It's no surprise because, as you showed me, the userdata partition may be corrupted.
I wanted to get the updated footer back from the phone to my PC. I used this:
dd bs=512 seek=$((52453336-32)) count=32 if=/dev/block/bootdevice/by-name/userdata of=/tmp/data-footer-new.bin
32+0 records in
32+0 records out
16384 bytes (16.0KB) copied, 0.009945 seconds, 1.6MB/s
Then Adb pull tmp/data-footer-new.bin
But it started downloading a few GB of data. I checked the size via ls -l:
-rw-rw-rw- 1 root root 26856108032 Dec 20 14:04 data-footer-new.bin
What I did wrong? Is it a bug?
usage problem - this is expected behavior for dd seek. when the output file is too small or doesn't exist, a zero padding is filled to create a big file before the offset starts, where it finally starts to write the real data (32 x 512 bytes)
you have mixed up parameters skip/seek, in your case copied first 16384 bytes from userdata into the end of a big file data.footer.bin
btw the userdata partition is not corrupt per se (or at least there is no proof i could show ever) you will never find ext4 file system magic 0xEF53 on encrypted userdata, only on dm-0 (if decrypted successfully). but true, mounting is a different case, indeed mount may fail even for successfully decrypted file system (like for Redmi 5). so the safest way to know if decrypted successfully is looking for zero paddings, first 1024 bytes will have enough of it...
you can try lot of other values for this flag (0x00001000 like for LG?) or try other (undiscovered) flags. you need a lot patient and time as you are the first one trying this. also reset the failed decrypts counter as this may important for gatekeeper timeout
i recommend to decrypt straight from twrp command line, should "work" without reboot
edit: i could even imagine automatizing that with script (10 sec/attempt - min timeout)
edit 2: interesting too would be binary (or checksum) compare of userdata before/after failed attempt (without footer) to figure out if changes happen elsewhere (other than footer)
even more interesting, you could factory reset and reproduce the mistake, make a snapshot before/after and bitwise compare where the changes happen
if the key itself has changed, there is no possible way to revert as the old key is lost
but decryption should still be possible on the newer android version, all you need is working twrp that fits
edit: factory reset is maybe not the best idea! turns out for FBE file-based-encryption the KEK is stored in TEE and depending on rollback resistance (not related to version binding) master key may deleted on factory reset. FBE is introduced with Android 7.1 - your device is still running good old FDE full-disk-encryption - but who knows what additional protections Android 10 enforces? can't guarantee that KEK is encrypted by hardware-backed RSA-2048 private key and screenlock credentials only and everything is stored in crypto footer only, although the documentation doesn't indicate contradictory
aIecxs said:
usage problem - this is expected behavior for dd seek. when the output file is too small or doesn't exist, a zero padding is filled to create a big file before the offset starts, where it finally starts to write the real data (32 x 512 bytes)
you have mixed up parameters skip/seek, in your case copied first 16384 bytes from userdata into the end of a big file data.footer.bin
Click to expand...
Click to collapse
Can you confirm this is the correct command to get the new footer?
dd bs=512 skip=$((52453336-32)) count=32 if=/dev/block/bootdevice/by-name/userdata of=/tmp/data-footer-new.bin
I think that this new big file may have caused some corruption.
I want to restore the userdata partition backup, but I read it's not easy as a simple adb push: https://android.stackexchange.com/q...n-image-of-android-partition-from-my-linux-pc
Can you tell me any reliable way to do this, apart using busybox as in the above replies?
btw the userdata partition is not corrupt per se (or at least there is no proof i could show ever) you will never find ext4 file system magic 0xEF53 on encrypted userdata, only on dm-0 (if decrypted successfully). but true, mounting is a different case, indeed mount may fail even for successfully decrypted file system (like for Redmi 5). so the safest way to know if decrypted successfully is looking for zero paddings, first 1024 bytes will have enough of it...
Click to expand...
Click to collapse
Thanks for clarifying this.
you can try lot of other values for this flag (0x00001000 like for LG?) or try other (undiscovered) flags. you need a lot patient and time as you are the first one trying this. also reset the failed decrypts counter as this may important for gatekeeper timeout
i recommend to decrypt straight from twrp command line, should "work" without reboot
edit: i could even imagine automatizing that with script (10 sec/attempt - min timeout)
edit 2: interesting too would be binary (or checksum) compare of userdata before/after failed attempt (without footer) to figure out if changes happen elsewhere (other than footer)
Click to expand...
Click to collapse
Indeed I had already tried 0x00001000 and resetting the counter, before the mess up with my dd command.
Do you know any other combination I could try?
Something I could try is see what happens to /userdata if I type default_password at the first boot.
yes, that is the right command
no, you didn't mess up with big file because of= is the only thing written (and /tmp is only in RAM)
yes, simple adb push is fine and works quite well for single partition. the link is talking about something different (whole eMMC including gpt and bootloader)
no, i have no clue about the flags. the source code might help but it's above my knowledge (yet)
found some explanation for flags
https://www.0xf8.org/2019/01/analyz...axy-s7-data-partition-with-samsung-encryption
have implemented the above link, not sure if i am doing it right but have a look into script fde_crypto.sh
Hello alecxs, thanks for your last messages. Sorry for this long delay.
I did not write any update because I couldn't find anything useful in the footer and the full data images. The phone is still not in use, in a drawer.
I had tried different flags, but after each tentative I had the same result. The "system" tells that data may be corrupted and updates the flag accordingly.
I had compared before vs after data images and did not find any difference. There is only one field in the footer that is modified after each tentative: the sha256 of the footer (offset 90c).
Without further information I cannot tell what causes this issue, if the data is corrupt or not. It would be useful having a more verbose mode in the mount command, so that it shows the reason of the failed mount. I guess it's not possible.
i think it is caused by rollback resistance and you should try higher android version (that one that messed up everything) with compatible TWRP. besides recovery.log you can check dmesg and logcat for additional information
Hi again,
I am attaching dmesg and recovery log, taken from TWRP after a failed mount of the data partition, using my pin, with the crypto footer flags reset to zero.
I could not find anything, so I hope someone reading this could give me a hint.
From what I can see, anti rollback and verified boot are disabled in Mi5 and in LineageOS based roms (see here).
Regarding TWRP I always used the same version recommended by the rom developer.
EDIT: file attachment not working for me...
See them here:
dmesg.log
Shared with Dropbox
www.dropbox.com
recovery.log
Shared with Dropbox
www.dropbox.com
looks like double encryption bug. try to dump content of dm-0 and restore it to userdata, that should at least eliminate the FDE encryption. second encryption is FBE? let binwalk analyze usually there is unencrypted area
aIecxs said:
... you should try higher android version [...]
Click to expand...
Click to collapse
just as a reference: for this you would find errors like
E vold : upgrade_key failed, code -38
E Cryptfs : Failed to upgrade key
which is not the case here.
(note: yes it says "upgrade" but in my example the installed key is from a higher version so actually a downgrade would be needed - which is not possible at all.)
(see a full example and details here and google details here)
JackSlaterIV said:
Hi again,
I am attaching dmesg and recovery log, taken from TWRP after a failed mount of the data partition, using my pin, with the crypto footer flags reset to zero.
I could not find anything, so I hope someone reading this could give me a hint.
From what I can see, anti rollback and verified boot are disabled in Mi5 and in LineageOS based roms (see here).
Regarding TWRP I always used the same version recommended by the rom developer.
EDIT: file attachment not working for me...
See them here:
dmesg.log
Shared with Dropbox
www.dropbox.com
recovery.log
Shared with Dropbox
www.dropbox.com
Click to expand...
Click to collapse
the interesting part is here:
Code:
<3>[ 5.880909] QSEECOM: __qseecom_process_incomplete_cmd: fail:resp res= -65,app_id = 0,lstr = 12288
<3>[ 6.007678] QSEECOM: __qseecom_process_incomplete_cmd: fail:resp res= -71,app_id = 0,lstr = 12288
<3>[ 6.007697] QSEECOM: __qseecom_set_clear_ce_key: process_incomplete_cmd FAILED, resp.result -71
<3>[ 6.007716] QSEECOM: qseecom_create_key: Failed to create key: pipe 2, ce 0: -22
<3>[ 6.007726] QSEECOM: qseecom_ioctl: failed to create encryption key: -22
<3>[ 6.098357] scm_call failed: func id 0x72000501, ret: -2, syscall returns: 0xffffffffffffffbf, 0x0, 0x0
<3>[ 6.225071] QSEECOM: __qseecom_process_incomplete_cmd: fail:resp res= -71,app_id = 0,lstr = 12288
<3>[ 6.225082] QSEECOM: __qseecom_set_clear_ce_key: process_incomplete_cmd FAILED, resp.result -71
<3>[ 6.225096] QSEECOM: qseecom_create_key: Failed to create key: pipe 2, ce 0: -22
<3>[ 6.225104] QSEECOM: qseecom_ioctl: failed to create encryption key: -22
the main error is likely:
Code:
<3>[ 5.880909] QSEECOM: __qseecom_process_incomplete_cmd: fail:resp res= -65,app_id = 0,lstr = 12288
[..]
<3>[ 6.007716] QSEECOM: qseecom_create_key: Failed to create key: pipe 2, ce 0: -22
<3>[ 6.007726] QSEECOM: qseecom_ioctl: failed to create encryption key: -22
-65 means: ATTESTATION_APPLICATION_ID_MISSING whatever that means actually.
aIecxs said:
looks like double encryption bug. try to dump content of dm-0 and restore it to userdata, that should at least eliminate the FDE encryption. second encryption is FBE? let binwalk analyze usually there is unencrypted area
Click to expand...
Click to collapse
interesting idea especially as it actually can decrypt /dev/dm0 according to the recovery.log but then failing to mount it.
I would +1 here and try if you can dump the content of /dev/dm0 after trying the decryption ( e.g. when you have an ext sdcard: `dd if=/dev/dm0 of=/external_sd/dump.img bs=4096` )
Other then that it might be an issue with your blobs - either in TWRP, or the device
i think your issue is bit different and the links provided are about FBE. afaik FDE does not hold keys in TEE (except for hardware-backed RSA-2048 private key which is not flushable) so i am not sure if upgradeKey affects crypto-footer but deleteKey is clearly some keystore thing
to eliminate issues with TWRP i would do decryption test on working block encryption (and maybe try OrangeFox) only then you can determine issues with faulty crypto-footer
Hello guys, thanks for your help.
I dumped both sda14 and dm-0 partitions (using adb dump).
The dm-0 ("decrypted" partition) is a smaller binary file (26.856.091.648 bytes) vs sda14 (26.856.108.032 bytes).
I compared these binary files using HxD and they look different. dm-0 does not contain the crypto footer section (the 16384 bytes difference).
I just installed binwalk for the suggested purpose, and started analyzing dm-0 (binwalk dm-0). It is outputting something and I don't have any idea of how much time it would take to complete the task.
Let's see if I can attach a screenshot..
okay not sure binwalk may just false detect random data or it may real files. anyway you can concatenate dm-0 with crypto-footer from userdata and check what TWRP says about this garbage then
aIecxs said:
okay not sure binwalk may just false detect random data or it may real files. anyway you can concatenate dm-0 with crypto-footer from userdata and check what TWRP says about this garbage then
Click to expand...
Click to collapse
Yes indeed.
I did not find any text in the dm-0 binary.
Can you suggest me how I concatenate these files? I have dm-0 and crypto-footer in separate files. EDIT: just by using HxD.
To overwrite the partition can I use "adb push dm-0-new /dev/block/sda14"?

Categories

Resources