Hi everyone,
I am about to sell my old galaxy S3, and I would like to completly wipe it:
I have already read tons of topic, i don't want to:
- manually delete files
- wipe from recovery
- format from the setting menu
etc.. I have already done these steps before and i am not satisfied:crying:, i would like the next owner to not be able to find any file on my phone with softwares such as getDataBack or DiskDigger...
I read on xda that the only way to "erase" a file is to replace it.. so if i fill my phone with many useless files I may not be able to recover any file anymore..?
but that's why i poste here.. i would like to know if there is a software which can do this by itself ? or if there are other methods...
thanks a lot for your help
cheers
anyone ?
Here's a tutorial I found online!
Step one: Encrypting
I recommend encrypting your device before you are getting ready to wipe it. The encryption process will scramble the data on your device and, even if the wipe doesn't fully delete the data, a special key will be required to unscramble it.
To encrypt your device on stock Android, enter settings, click on Security, and select Encrypt phone. The feature may be located under different options on other devices.
Step two: Perform a factory reset
The next thing you will want to do is perform a factory reset. This can be done on stock Android by selecting Factory data reset in the Backup & reset option in the settings menu. You should be aware that this will erase all of the data on your phone and that you should backup anything you don't want to lose.
Step three: Load dummy data
Following step one and two should be enough for most people, but there's an extra step you can take to add another layer of protection when erasing your personal data. Try loading fake photos and contacts on your device. Why you ask? We will address that in the next step.
Step four: Perform another factory reset
You should now perform another factory reset, thus erasing the dummy content you loaded onto the device. This will make it even harder for someone to locate your data because it will be buried below the dummy content.
Still feeling a little paranoid? Repeat steps three and four as many times as you like. As I mentioned above, though, for most people simply following steps one and two should be enough. Without the encryption pin, which is overwritten in the initial factory reset, it will be almost impossible to unscramble your data.
Step five: Try using data recovery software to see if you succeeded in completely wiping your original data!
Then again, you could always take a hammer to your phone or toss it in the toilet. You know, if you aren't interested in selling it.
Hello, thank you very much for those explanations !
I will do all these steps and check if backup softwares find something
I have a OnePlus 3 and I was thinking of encrypting it for additional security & privacy reasons. But since I flash various ROM level mods / use xposed modules on my phone, I was wondering about the negative consequences I have to face after encrypting an android phone.
I have a few doubts which need to be cleared.
1) Since my android phone would be encrypted, would I absolutely not be able to flash any new files/make nandroid backup from the recovery?
2) If 1) is true, which means, let's say I install an xposed module which causes a bootloop. Now I would have no way to disable all the active xposed modules from recovery since the files are encrypted, which means I would have to restore everything from scratch?
3) Is there absolutely no known way of decrypting android/access files unencrypted from recovery if we know the master PIN/password?
Can somebody who has dealt/dealing with an encrypted android phone please answer these questions? Thanks.
Deleted
Hi, thanks for your reply.
Just Passing By said:
1. When you access recovery on an encrypted phone, you have to decrypt your phone. After that, your recovery can do anything it normally could do. This would of course include flashing ROMs, zip files, and making nandroid backups.
.
Click to expand...
Click to collapse
2 things to say about that.
1)Decrypting just to flash files is a huge problem. TWRP/CWM should have a feature when it asks for the master PIN/password on the recovery, then after I enter it, it should decrypt the data on the fly and then mount the system and data partitions unencrypted so that I can flash files without going though all the decryption process.
2)Correct me if I'm wrong, but all android decryption processes I read online require wiping all data/doing a factory reset. That's again a huge problem. Why? In case I flash a mod/install a xposed module which causes a bootloop, I would have no way to decrypt my data, even if I have my master password. Which would mean I would lose all my files which I haven't backed up.
Problems like these could be avoided if TWRP provided permanent decryption/on the fly decryption using the master PIN. Comparing this with veracrypt on windows for e.g. , let's say my windows is encrypted with veracrypt and a hardware failure occurs at some point in the future & windows refuses to boot, but I'm able to load a live ISO. In this case, veracrypt offers a rescue ISO which I could use to decrypt the data without losing all my files after I enter the master PIN. So in this case, I can have security of encryption & also the convenience of decrypting it without losing all my files with the master password in case my main OS refuses to boot.
If I can't decrypt android from the recovery using the master PIN, that would mean in any case my android refuses to boot, I have lost all my files.
3. I'm assume you meant to say "... If we don't know the master PIN/Password?" And the answer to that is yes. If you can't decrypt your phone, you'll lose everything in it, so making periodic backups is a must. Otherwise, there'd be no point if you could just decrypt things right?
Click to expand...
Click to collapse
No, I did not say that wrong, sorry if I wasn't clear enough on my first post. I just wanted to know if there was a way to permanently decrypt android from recovery using the master PIN so that i would be able to recover my files to a USB in case my android refuses to boot.
Deleted
A family friend has given me his Xperia Z5C (running 7.1.1.) as he's accidentally deleted some photos and wanted me to take a look at recovery.
We all know that to get the necessary access the device needs to be rooted, but this also requires wiping the device. My question then is how secure is the wipe / erase when rooting, is it a full overwrite (in which case there's little point trying) or is there a chance that some data might be present at the block level after rooting?
I'm not inclined to go through the process of rooting if it's futile, but if there's a chance there may be some files still recoverable, he'd probably want me to try.
Thanks for your help.
Hi everyone, I have a Moto Z2 Force (US Cellular if that's relevant) that's bootlooped. I don't have USB debugging enabled and it's not rooted so my chances of fixing it are slim. I want to recover pictures, videos, and a gpx file. If a factory reset resolves the bootloop, is there any software (windows or Android) that I can use to recover the deleted files? I'm willing to pay for software. I read somewhere that I have an opportunity to recover files immediately after the reset, before anything is written to storage, but I'm a beginner with this stuff.
ADB / FastBoot is the door to any phone. Because you haven't enabled USB-debugging, I guess you have no chance to recover the files in question after a Factory Reset.
USB debugging creates a connection between Android Phone and Android Software Developer Kit. It usually involves the use of USB cable between your android phone and PC. This feature allows you to view your log files on the PC.
If you don't have USB debugging enabled,you can't access the data on phone.
Let me clarify, after resetting I would be able to enable USB debugging etc, assuming that resolves the bootloop. Sorry if I wasn't clear. The question is about recovering data lost after the factory reset.
@motorolol
A Factory Reset wipes the user-storage used, data housed there become unaccessable. You need forensic tools to recover them.
jwoegerbauer said:
@motorolol
A Factory Reset wipes the user-storage used, data housed there become unaccessable. You need forensic tools to recover them.
Click to expand...
Click to collapse
I know, the thread is about how to recover the files after the reset. Is there any software available to the public that I can use?
motorolol said:
I know, the thread is about how to recover the files after the reset. Is there any software available to the public that I can use?
Click to expand...
Click to collapse
There is no guaranty that you can recover the files. Deleted does mean deleted. But there are a few programs out there that MAY be able to help.
A few of the programs you could try would be... DiskDigger, MobiKin, EaseUS and Tenorshare. They are all data recovery programs. There are many others out there, so check around and see which you would rather try.
Hello, maybe someone could point me in the right direction, just trying to make a complete backup of my phone ( samsung galaxy S22), so I could back everything up when needed, I have tried the 'titanium backup' and 'swift backup' tools so far, but they only back up the .apks, and my google login credentials are lost..
Really kind of lost browsing through some 11 year old topics about 'nandroid' and 'ClockWorkMod', do people use these tools today?
Thank you
no way. use samsung smart switch and cross fingers
I don't know Samsung from a hole in the ground.
If your device has Qualcomm EDL (and open Firehose loader) you could make a full raw backup of the entire flash.
That's not really helpful if you want to grab a single file but it means that you can restore your device to a snapshot.
@Renate restoring snapshot is not possible after factory reset, as the encryption key is not in userspace and therefore not in backup.
afaik there is no samsung signed firehose programmer leaked for SM8450 (and probably never will) and that device is also shipped with Exynos 2200.
aIecxs said:
Restoring snapshot is not possible after factory reset, as the encryption key is not in userspace and therefore not in backup.
Click to expand...
Click to collapse
Well, that's a good reason not to factory reset!
So, where is the encryption key stored?
get some coffee and read about tee...
encrypted file encryption keys are stored in files metadata, but DEK required for decrypting keys is random generated and securely deleted from TEE keystore on factory reset. I don't know exactly what triggers that deleteKey (it's another OS) but it can survive simple formatting userdata.
aIecxs said:
get some coffee and read about tee...
Click to expand...
Click to collapse
Well, I did have my second coffee already and I know about as much about TEE as I want (which is little).
My point being, if you make a full flash backup, then do whatever, then restore the complete flash, how is that not going to get you back wherever you were?
There are tons of ELF and data partitions used by TEE, TZ.
But are you telling me there is some state built into a device that is neither OTP or flash?
right, it's not in flash storage emmc/ufs.
Appreciate te replies!
Is there any other popular android device which would support the earlier mentioned flashing method?
Thanks!!
aIecxs said:
right, it's not in flash storage emmc/ufs.
Click to expand...
Click to collapse
I'd still like to know exactly where that is.
There are enough partitions called keymaster and other stuff.
Well, ok, but if you don't use factory reset a full flash backup is the best way to get you back to where you were.
actually, it IS in flash storage, but you won't see it
https://www.wikipedia.org/wiki/Replay_Protected_Memory_Block
Note: for all devices running old (FDE) full disk encryption, the static hardware master key is used directly, and the encrypted DEK is stored in crypto-footer (userspace) therefore restoring full raw backup was always possible.
Google and Samsung devices in general used to lack raw access. However, things have changed with Samsung started shipping MediaTek SoCs on their low-/mid-range lines.
But if you're looking for full backup solution, don't use any DRM related or banking apps and don't care about losing warranty and Samsung Knox, rooting and removing encryption is possible so you could just use TWRP or Swift Backup.
aIecxs said:
actually, it IS in flash storage, but you won't see it
https://www.wikipedia.org/wiki/Replay_Protected_Memory_Block
Note: for all devices running old (FDE) full disk encryption, the static hardware master key is used directly, and the encrypted DEK is stored in crypto-footer (userspace) therefore restoring full raw backup was always possible.
Google and Samsung devices in general used to lack raw access. However, things have changed with Samsung started shipping MediaTek SoCs on their low-/mid-range lines.
But if you're looking for full backup solution, don't use any DRM related or banking apps and don't care about losing warranty and Samsung Knox, rooting and removing encryption is possible so you could just use TWRP or Swift Backup.
Click to expand...
Click to collapse
Thank you, that's the thing, as a matter of fact I already have tried using swift backup tool, but all google accounts are lost when backing up, and the apps that have used google to log in ( like play store, google maps etc ) are also losing the connected account.
Any suggestions on how to transfer the google accounts as well?
Thanks again!
actually Swift Backup should work. it looks like some extended Google One fork with optional root features. google account is required for it to work, not sure what problems you are facing?
aIecxs said:
actually Swift Backup should work. it looks like some extended Google One fork with optional root features. google account is required for it to work, not sure what problems you are facing?
Click to expand...
Click to collapse
The main issue for me was that it doesn't back up my google signed in accounts.
After reading for one more day I stumbled upon one of your very interesting posts on this thread - https://forum.xda-developers.com/t/android-12-and-nandroid-backup.4420185/
Here you explain how it's possible to pull out the 'nandroid' image from the phone to the computer which is exactly what I was looking for, but couldn't express clearly.
That's 100% the functionality I am looking for
- Ability to pull out the exact state of the phone to a file on the computer
- Put it back in if things go south, and all my files are exactly as they were at that point.
1) From your experience, do you think it would be possible to achieve this on a Samsung phone?
2) As far as I understood, after doing a 'factory reset' I would no longer be able to put the old 'nandroid' image back, because of the encryption?
Thank you for your time!
P.s I would be happy to pay for a consultation on this topic from you or someone who has managed to do this.
I also would like to see a full nandroid backup solution tool similar to how Windows System image backup works - a full 1:1 flash image with all files and settings intact of an android device.
Renate said:
I don't know Samsung from a hole in the ground.
If your device has Qualcomm EDL (and open Firehose loader) you could make a full raw backup of the entire flash.
That's not really helpful if you want to grab a single file but it means that you can restore your device to a snapshot.
Click to expand...
Click to collapse
How do I do this @Renate with my one plus pro 9 phone? I have the MSM tool, how do I dump a full system image?
immortalwon said:
How do I do this with my one plus pro 9 phone? I have the MSM tool, how do I dump a full system image?
Click to expand...
Click to collapse
I don't know.
I've been trying to get down to brass tacks what's the difference between this MSM Tool and a generic EDL client.
I don't know about its authorization and phone-home-ness.
I'm not even sure if with VIP you can transfer complete device images.
OTOH, VIP is built into many loaders but not used.
I don't have a OnePlus. I'd need a USB capture to say anything intelligent.
I know on my Android 10 ereader I can simply (with my EDL client):
Code:
C:\>edl /r /s0 /c0 mybackup.img
That's for eMMC. For UFS you'd probably need six files.
Renate said:
I don't know.
I've been trying to get down to brass tacks what's the difference between this MSM Tool and a generic EDL client.
I don't know about its authorization and phone-home-ness.
I'm not even sure if with VIP you can transfer complete device images.
OTOH, VIP is built into many loaders but not used.
I don't have a OnePlus. I'd need a USB capture to say anything intelligent.
I know on my Android 10 ereader I can simply (with my EDL client):
Code:
C:\>edl /r /s0 /c0 mybackup.img
That's for eMMC. For UFS you'd probably need six files.
Click to expand...
Click to collapse
I found a way to do a full image readback using the msm tool, which downloads everything firmware related to my pc on the main C:/ drive. The question is, if I ever need to in the future, how do we use the restore function of the msm tool to restore these backups?
EDIT: I don't think it was a full image backup after all because the backups in total are 13gb, while my device is using a lot more storage then that.
@myndeswx what you have linked in post #14 is exactly what Migrate does. It creates tarball archives of apps of decrypted /data partition during runtime. Restoring will work after factory reset because it's a backup of plain files. However, it's far from complete, it is not atomic, still security critical apps using android keystore cannot restored, and it requires rooted device (with all its disadvantages)
For Samsung phones there is currently a hack to gain temporary access to /data with system privileges (uid 1000) floating around (haven't tried)
***LOCKED UNTIL FURTHER NOTICE*** System Shell Exploit - ALL Samsung Mobile Devices NO BL UNLOCK REQUIRED.
***MODERATOR ANNOUNCEMENT: THREAD CLOSED*** @K0mraid3 you are hereby required to provide proper credit in your OP as follows: Link the assigned CVE for this exploit as it mentions the author's blog and GitHub, OR Link the original research repo...
forum.xda-developers.com
hallo i have S22 exynos S908B
- Magisk 26.1
- Encrypted
- S-health working
- Health connect working
- Bank apps working
- Galaxy Watch 4 working
i extracted Titanium Baclups and see there is only installation apk because data in Android/data is encrypted so Titanium backup can't see it and not advise about not backupped data.
Android/data is accessible only by mtp/usb by pc.
So what option i have for backup?
by twrp can i baclup partitions with dd command? After can i restore it without factory reset? (can't factory reset because cause encryption keys lost)
Any working way for bakup?