I've been running SHOstock3 for a few days to get comfortable with it. Tonight, I decided to encrypt the device. It rebooted, encrypted itself, then rebooted again and asked me for the password. For over half an hour now, it's been playing the SHOstock3 boot animation over and over again. The SAMSUNG screen doesn't show up between loops.
Is that normal behavior? Should I just give it more time?
The power button was able to turn it off. After restarting, it would ask for the password and do the same thing. I should point out that entering the wrong password would make it ask again, so it was working "properly". I decided it was toast and tried wiping it. However, it still asked for the password. Repeatedly entering the wrong password to force a wipe didn't work properly either. It still remembered that it had a password, but forgot what it was.
To fix it, I had to go back to stock Jelly Bean (flash stock Gingerbread then use Kies to upgrade; Gingerbread doesn't know about encryption). When the newly flashed Jelly Bean asked for a password, but as soon as I entered something, it rebooted. I presume that it wiped whatever encryption information was left because it rebooted properly.
I'm still trying to decide where to go from here. I keep work stuff on my phone, so encryption is fairly important to me.
I found this information regarding encryption on Android:
http://source.android.com/tech/encryption/android_crypto_implementation.html
It's for Honeycomb, but I'm going to assume that it hasn't changed significantly. It looks like all the encryption information is stored at the end of the /data partition. However, it's not part of the filesystem itself. If init can't mount /data, it assumes that it's encrypted and takes appropriate action.
As such, I would assume that completely erasing the entire /data partition would take care of it. Note that the /data partition needs to be erased, not just the filesystem. Based on what I've read, I think that the /data partition needs to be wiped/erased/formatted in such a way that the last 16KB of the partition is erased. After that, a new filesystem would need to be created to keep it from asking for a non-existent password.
So, does anyone know what the wipes actually do in recovery?
A couple of observations.
I don't think it is advisable to work at this level of the file system while making assumptions. In my view, you make two very questionable assumptions in your remarks.
I don't have any information on the workings of wipe and format in recovery. You can, however, work with eMMC blocks using Linux commands. For instance, if you use the dd command to make a copy of the data partition, you will get the whole partition, not just the file system. You could then use reverse engineering to see what is contained in the last 16 kb of the partition. This would require a skill set that is certainly way beyond me, and I suspect beyond you. You could also use dd to write to just the last 16 kb as well.
Well, at this point, I'm not really trying to find a "solution", I'm just trying to understand why it's so hard to wipe the phone after it's been encrypted. The only reliable method I've found is to put on the stock firmware, then repeatedly enter the wrong password until it wipes itself.
I was poking around in the jeboo github (SHOstock3 uses the jeboo kernel) to see if I could figure out what's going on. I found the following line in fstab.smdk4210:
Code:
/dev/block/mmcblk0p10 /data ext4 noatime,nosuid,nodev,discard,noauto_da_alloc,journal_async_commit,errors=panic wait,check,encryptable=/efs/metadata
I'm currently running stock 4.1.2 and I found the same file with that line. After doing some research, I found that the encryptable flag tells the system to allow encryption for that particular filesystem. Its argument says were to keep the encryption metadata. In this case, it's kept in /efs/metadata. That file exists on my encrypted stock JB system and the file happens to be exactly 16KB. The first part of the file is plain-text and it appears to be encryption related. After further research, I found that "footer" is an acceptable value for encryptable. In that case, it stores the metadata in the last 16KB of the partition (but the filesystem can't extend into it for obvious reasons).
Given the behavior I've seen, my guess is that if init sees /efs/metadata, it asks for the password. This would explain how wiping /data would cause the system to still remember the password. Even if you were to erase everything in /data, /efs/metadata would still exist. I also suspect that certain methods of "wiping" /data don't actually do so because they attempt a check before doing the wipe. I'm far from an Android expert, most standard methods of checking a filesystem in linux would fail if said filesystem were encrypted.
So, I think I've figured out why wiping an encrypted phone is so hard, but I still haven't figured out why SHOstock3 doesn't boot after it encrypts the phone.
Jebo knows a lot about the kernel. You could probably get into a meaningful discussion with him on encryption. I don't know if he has a chat channel of his own, but he is probably in Shoman94's chat channel quite a lot. You can find that in the OP of the SHOstock3 thread.
Hey All
I'm new to Android but not linux.
Bought cheap Allwinner type 5.1.1 tablet - 10.6" Fusion5 108 Octa Core Android Tablet PC
rooted it using KingRoot, messed around with Supersume to remove KingRoot and now device won't boot properly. Using adb I can see dmesg is complaining about debuggered which is actually now a zero byte file. su won't work now and I don't have the rights to fix it.
Before I did any of this the first thing I did as root was backup the mmc partitions to a USB stick.
The bootloader and recovery areas have not been changed.
Can I use my system partition backup to create a update.zip for use in recovery mode?
Or maybe in fastboot though I'm currently having problems getting fastboot to see my tablet whether I use linux or windows so recovery mode fix prefered..
lol
Looks like the solution is to post here, and then find a partial answer 5 minutes later.
fastboot command on linux didn't work (despite adb working, udev configured etc)
Then tried with manufacturer id
fastboot -i 0x1f3a
then works
Then did
fastboot -i 0x1f3a erase system
fastboot -i 0x1f3a flash system /home/user/android/13-11-16/system
It complained that about magic so I suspect this DIDN'T work. although data was sent.
fastboot -i 0x1f3a reboot
and device came up in a graphical environment asking for wireless password. Judging by network trace on my router I think it might be trying to download a factory image over the Internet. Will see.
Bit confused as my system parition backup is like 900Mb but when I did flash system I think it said device reported size was 32MB approx. More to learn
OK
The 32Mb was referring to buffer size, so can confirm system flash did work.
Device was booting, getting to graphical environment, and then trying to connect some web servers - not sure why really but seem to have got past that point.
Now can't install apps - get stuff like
W/art ( 9462): Unable to open /data/dalvik-cache/. to delete it's contents: Permission denied
W/art ( 9462): Unable to open /data/dalvik-cache/arm to delete it's contents: Permission denied
W/art ( 9462): Could not create image space with image file '/system/framework/boot.art'. Attempting to fall back to imageless running. Error was: Unable to relocate image '/system/framework/boot.art' from '/system/framework/arm/boot.art' to '/data/dalvik-cache/arm/[email protected]@boot.art': Only the zygote can create the global boot image.
Think /data is corrupt so will flash my backup of that.
I'm more thinking outloud at this point rather than expecting people to do it for me But I'll post anyway if that's ok if only for my own reference - though any insights by all means.
Can't flash data backup.
Ended up with 13Gb file from mmc copy when system was working so after img2img didn't seem to be working used ext2simg on it as it was a ext image.
Created a more reasonable sparse 887335016 file.
fastboot wouldn't flash it though complaining that data partition was unknown. Searching seems to suggest that sometimes the bootloader doesn't know about all partitions (though it does about system which was flashed ok).
Tried playing with other recovery environments. Not willing to flash anything at this point so trying flashboot boot <img>. No luck so far - device just stays on bootloader splash screen. Probably not great that this device is a Allwinner A38 to which there doesn't seem to be huge support at the moment.
Even tried flashboot boot <recovery partition dump> file I made and that doesn't work.
Trimmed the first 0x800 so image starts with kernel code without joy.
A binwalk of the initrd image inside the dump shows a init.recovery.sun8i.rc file, and a default.prop with
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
in init
# Always start adbd on userdebug and eng builds
on property:ro.debuggable=1
write /sys/class/android_usb/android0/enable 1
start adbd
So assuming default.prop is used (I'm still learning) then that's why I can't adb when in recovery mode. Seems stupid to design it that way.
I'm thinking if I can restore data partition it will fix the can't install apps problem, though perhaps the /system part is fundamentally busted. If I can reinstall KingRoot and root again I assume the device will be usable as it would effectively undo my supersume attempt to remove it.
Env partition dump I made used by the bootloader there is
Code:
boot_normal=sunxi_flash read 40007800 boot;boota 40007800 boot
boot_recovery=sunxi_flash read 40007800 recovery;boota 40007800 recovery
Usage:
sunxi_flash read command parmeters :
parmeters 0 : addr to load(hex only)
parmeters 1 : the name of the part to be load
[parmeters 2] : the number of bytes to be load(hex only)
if [parmeters 2] not exist, the number of bytes to be load is the size of the part indecated on partemeter 1
Click to expand...
Click to collapse
So maybe I need to specify the correct memory location when I'm fastboot boot'ing
There's no image type header specifing load address at the start of the recovery part dump I made.
Didn't manage to boot the recovery image - don't know why but a challenge for another day. Would probably be easier with UART access or similar to see what is actually happening.
In the end I mounted my /system backup on my linux server, cleaned it of KingRoot crap, and flashed it. Now everything is fine! Except no root access and the script I added to give me it comes us as unlabeled in selinux and isn't accessible.
The learning journey continues
og0 said:
Didn't manage to boot the recovery image - don't know why but a challenge for another day. Would probably be easier with UART access or similar to see what is actually happening.
In the end I mounted my /system backup on my linux server, cleaned it of KingRoot crap, and flashed it. Now everything is fine! Except no root access and the script I added to give me it comes us as unlabeled in selinux and isn't accessible.
The learning journey continues
Click to expand...
Click to collapse
I know this is a 2 year old thread... but does the OP still have that firmware that fixed the tab??
I have a Fusion5_108 with the A83T allwinner processor, stuck in a boot loop, wont get past the 'no command' screen when trying to recover,
think my only option is to make an sd card with a working firmware on it, and load it onto the devise like that, but i cant find a firmware or anything for this tablet
Before I start, I'm aware there are great data recovery guides on this forum and elsewhere. Unfortunately, I was unable to find one pertaining to Nougat and my specific circumstances. Thank you for bearing with me.
How the Data Was Wiped
I ran "fastboot format userdata" to fix a "Decryption Unsuccessful" error message after going from LineageOS 14.1 to 15 on a Xiaomi Mi 5 Pro. Because I was in a hurry to get my phone back online, I foolishly assumed the wipe would leave /data/media intact, just like TWRP, without making sure of it. I know the assumption was wishful thinking at best and I can see the irony in then spending the rest of the day trying to undo the damage.
How the Data Was Dumped
Immediately after finishing the fastboot format, I booted back into TWRP 3.1.1-0 where I discovered the extent of the data loss. Since I hadn't flashed a ROM and didn't want to write anything else to my /data partition, I did a "adb pull /dev/block/sda14 sda14.img" on my computer over USB with my phone still in recovery. With a 128GB phone, the process took a whopping 8102.059s to finish.
How I attempted to Recover Data
I let both R-Studio 8.3 and UFS File Explorer Professional Recovery 5.23.4 scan through my dump to no avail. All they found were meaningless, small files, mostly in a .txt or .so format. I also attempted to mount the image using DiskInternals Linux Reader 2.6, but PhotoRec didn't recognise the volume.
Where do I go From Here?
Christian Weiske wrote about his attempt at recovering photos from a Galaxy S5 mini, running Marshmallow. He noted that data he pulled in Windows was broken using various commands until he tried "adb exec-out". Does the problem lie in my pulled data also being broken/incomplete, or is "fastboot format" actually capable of completely destroying more than 100GB worth of data in mere seconds on TRIM-enabled devices? If I am to do a second /data dump using a different method, I would have to do it directly to my computer as my phone doesn't have a microSD slot. I should add that, to the best of my memory, I never encrypted the storage, as I went directly from CyanogenMod to LineageOS using the experimental migration build.
To anyone who chimes in, if only to tell me that I should suck it up and stick to whatever data I have backed up and move on, I'll be most appreciative! Even more so if anyone can shed some light on modern-day Android data recovery/wiping and limitations.
I'm going thru a recovery process myself. Using a few guides. First I completed a raw dump of the whole phone w/out installing any os over the phone. I'm about to check that and see if testdisk can find something via https://roubert.name/joakim/androidfilerecovery/
In the background, I have another dump going on from https://forum.xda-developers.com/ga...de-internal-memory-data-recovery-yes-t1994705 guide. Hopefully, something comes up.
Hi everyone and Happy New Year,
I am trying to open ROM_0 file created with SP Flash tool. I have tried ROM explorer 0.9.1, I have tried various option converting with simg2img and opening with 7zip but nothing has worked so far.
The file is about 100GB and it is a SP Flash tool backup of my userdata on which I have a lot of images which i need to save.
I was using Dot OS 5.2 general image and a message popped up about trying Android 12 and I have clicked on it just to get rid of it but I assume it has triggered a download. My phone crashed yesterday evening when I started the cmera app and once restarted it was in a boot loop mode stuck on the dot os logo.
So far I have tried various options unsuccessful - I have reflashed the image which I originally flashed, I have set the partitions active - a and b and reverted to the initial active one which was "a".
I have also flashed system.img (with the treble general image) but still it is in a boot loop mode.
I have just decided to flash back the super.img image from the stock and guess what - still stuck.
Flashed the stock boot.img again thinking there might be an issue with the kernel but that didn't help.
I understand that it is the case of fully flashing back the stock ROM which will lock the bootloader and delete all my userdata in order to have the phone back.
However the phone IS NOT important, the ONLY IMPORTANT thing are the images in the userdata.
I have created the backup of it straight after the boot loop appeared. Tried to read here on XDA but it is not clear what format is that file and how I can access the data on it.
Looked for a recovery partition but there is none. Potentially hidden as you can get into stock recovery via fastbootd. But the options there are only to wipe the partitions/reset.
The phone is Umidigi Bison Pro and I have been having all but troubles with it.
Any help greatly appreciated it.
Regards
s80_gad said:
Hi everyone and Happy New Year,
I am trying to open ROM_0 file created with SP Flash tool. I have tried ROM explorer 0.9.1, I have tried various option converting with simg2img and opening with 7zip but nothing has worked so far.
The file is about 100GB and it is a SP Flash tool backup of my userdata on which I have a lot of images which i need to save.
I was using Dot OS 5.2 general image and a message popped up about trying Android 12 and I have clicked on it just to get rid of it but I assume it has triggered a download. My phone crashed yesterday evening when I started the cmera app and once restarted it was in a boot loop mode stuck on the dot os logo.
So far I have tried various options unsuccessful - I have reflashed the image which I originally flashed, I have set the partitions active - a and b and reverted to the initial active one which was "a".
I have also flashed system.img (with the treble general image) but still it is in a boot loop mode.
I have just decided to flash back the super.img image from the stock and guess what - still stuck.
Flashed the stock boot.img again thinking there might be an issue with the kernel but that didn't help.
I understand that it is the case of fully flashing back the stock ROM which will lock the bootloader and delete all my userdata in order to have the phone back.
However the phone IS NOT important, the ONLY IMPORTANT thing are the images in the userdata.
I have created the backup of it straight after the boot loop appeared. Tried to read here on XDA but it is not clear what format is that file and how I can access the data on it.
Looked for a recovery partition but there is none. Potentially hidden as you can get into stock recovery via fastbootd. But the options there are only to wipe the partitions/reset.
The phone is Umidigi Bison Pro and I have been having all but troubles with it.
Any help greatly appreciated it.
Regards
Click to expand...
Click to collapse
May I'm wrong, but I guess that if you didn't give it an extension then the file doesn't have a format; when you make a backup of a partition using SP Flash tool you should give it an extension, for example userdata_backup.img will work, in some devices, for some partition the .bin extension is used.
And to restore the device to a working state without losing data you could flash the stock ROM unchecking the userdata partition and using Download only option won't re-lock your bootloader.
If actually your userdata was not overwritten you still can try a second attempt to preserve it using mtk-client, search for it in GitHub, also consider what I stated about re-flash your original ROM preserving the userdata partition.
Thanks SubwayChamp, I appreciate your comment.
I have tried .img, .bin, ext4 etc but cannot open it - I am not sure if there is another application that can convert it in a readable format or maybe if we can mount it and access the files.
I had the impression that if you flash the stock rom the bootloader is locked and you loose everything.
But thanks for your advice - I will flash everything apart from the userdata partition which is last in the order anyway. Should I select or deselect the preloader partition- will that make a difference?
Regards
Just flashed the full stock rom without the userdata partition - still stuck on the logo in a boot loop . I really need to open the userdata backup file from SP flash tool as I feel I have to do a full reset/wipe.
Any other suggestions about explorer for the sp flash dump file, please?
Regards
s80_gad said:
Just flashed the full stock rom without the userdata partition - still stuck on the logo in a boot loop . I really need to open the userdata backup file from SP flash tool as I feel I have to do a full reset/wipe.
Any other suggestions about explorer for the sp flash dump file, please?
Regards
Click to expand...
Click to collapse
No, I didn't say to change the extension now and try it in various format, unfortunately I feel that if you didn't give you the extension at the time to make a backup then the file is unreadable, what I mean is that when you make the dump through SP Flash tool you have to give to the file a name and an extension, not letting it as is offered by SP Flash tool, for example you did see the name ROM_0 or similar, but you have to give it a name and an extension, in this case userdata_backup.img would work.
Did you check mtk-client?, you can read (dump) the userdata partition through this CLI tool, and after that you can restore it at any time.
Using the download option (only) you never re-lock your bootloader.
But wait a minute, keep in mind that your device is A/b, so you have to double-try all the things, for example, if you want to flash a specific partition like boot you have to be sure in which partition you are right now BUT unfortunately you don't know which partition is the working one, so better use fastboot to flash the missed partition, target to both slots.
And what about the option to get to a custom recovery? (I guess you had it previously to flash CR Droid) either taking a backup of userdata or re-flashing the same CR Droid that was functional previously.
Thanks SubwayChamp for your reply.
So I will try to dump the userdata again then - I still haven't touched it so I hope the partition and the data on it is fine.
I assume it is that mtkclient you are referring to. Will see if I can get some time today to try the live cd first as I am on Windows at this moment.
So my device is indeed A/B - the system is on "a" and I have flashed dot os using fastbootd and overwriting the system.img within the super.img. It worked fine for about 20 days until that crash (I only assume it is due to the update - nothing else has happened that could create trouble).
Also tried to set the b partition active but didn't help so switched back to "a".
Unfortunately there is no recovery partition, from what I learned the recovery is within the boot img. I have tried to load temporary unofficial twrp - fastboot boot twrp.img - and the first step is ok, but then it crashes. so no luck to load custom recovery even temporary in order to save the userdata on sdcard.
Tried to get to the contents trough adb shell but while some directories are listed, I get access denied to the userdata - I think maybe the links are broken?
I will try with the mtk to see if I can back it up - and what I'll do is I'll flash the full stock rom including the userdata and potentially will try to flash the old userdata through fastboot or sp flash or mtk.
TBH I don't understand why the phone is still in a bootloop - can't be only because I haven't cleared the userdata?
Regards
s80_gad said:
Thanks SubwayChamp for your reply.
So I will try to dump the userdata again then - I still haven't touched it so I hope the partition and the data on it is fine.
I assume it is that mtkclient you are referring to. Will see if I can get some time today to try the live cd first as I am on Windows at this moment.
Click to expand...
Click to collapse
It works on Windows though.
s80_gad said:
So my device is indeed A/B - the system is on "a" and I have flashed dot os using fastbootd and overwriting the system.img within the super.img. It worked fine for about 20 days until that crash (I only assume it is due to the update - nothing else has happened that could create trouble).
Click to expand...
Click to collapse
The issue was originated due to the lack of the other system files that also occupy this space; vendor, odm, product (may vary depending on the device), can be fixed flashing the super.img using fastbootd again.
s80_gad said:
Also tried to set the b partition active but didn't help so switched back to "a".
Unfortunately there is no recovery partition, from what I learned the recovery is within the boot img. I have tried to load temporary unofficial twrp - fastboot boot twrp.img - and the first step is ok, but then it crashes. so no luck to load custom recovery even temporary in order to save the userdata on sdcard.
Click to expand...
Click to collapse
Yes, this device doesn't have a dedicated recovery partition, but it is placed in a tiny portion of the boot image (usually the ramdisk) you can try by flashing the TWRP image onto the boot partition (flashing, not booting only) then boot to it, do the stuff you need through TWRP, from there you could solve the bootloop. To can boot to Android again you should need to flash a boot image.
s80_gad said:
Tried to get to the contents trough adb shell but while some directories are listed, I get access denied to the userdata - I think maybe the links are broken?
Click to expand...
Click to collapse
No, it's encrypted.
s80_gad said:
I will try with the mtk to see if I can back it up - and what I'll do is I'll flash the full stock rom including the userdata and potentially will try to flash the old userdata through fastboot or sp flash or mtk.
TBH I don't understand why the phone is still in a bootloop - can't be only because I haven't cleared the userdata?
Regards
Click to expand...
Click to collapse
When you flashed a system image onto the super partition the other partitions that are set dynamically didn't find a place to be recreated or couldn't play its role, added to this, a different system image that which is contained in the super image can differ in sizes either logical and/or dynamical (virtual sized).
SubwayChamp said:
The issue was originated due to the lack of the other system files that also occupy this space; vendor, odm, product (may vary depending on the device), can be fixed flashing the super.img using fastbootd again.
Click to expand...
Click to collapse
Flashed already the original stock rom super. img and everything else apart from userdata - it doesn't work.
see below
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SubwayChamp said:
Yes, this device doesn't have a dedicated recovery partition, but it is placed in a tiny portion of the boot image (usually the ramdisk) you can try by flashing the TWRP image onto the boot partition (flashing, not booting only) then boot to it, do the stuff you need through TWRP, from there you could solve the bootloop. To can boot to Android again you should need to flash a boot image.
Click to expand...
Click to collapse
Tried to flash it - it just restarts the phone straight away - in fact replaced it with sp flash tool as well which recognises only the "a" partition and flashes it there.
SubwayChamp said:
No, it's encrypted.
Click to expand...
Click to collapse
I see
SubwayChamp said:
When you flashed a system image onto the super partition the other partitions that are set dynamically didn't find a place to be recreated or couldn't play its role, added to this, a different system image that which is contained in the super image can differ in sizes either logical and/or dynamical (virtual sized).
Click to expand...
Click to collapse
I am guessing this is why I have to reflash the whole rom incl userdata in order to make the phone usable.
What I'll do is I'll try to dump userdata with mtk and then will reflash everything with the stock rom ()hopefully the phone will boot) and then will flash the dumped userdata with mtk. Hopefully that will work.
I'll see if I can somehow mount the mtk .bin file to see if I can get to the contents of it
Will have to use the live dvd as I have win 7 and python 3.9 cannot run on win 7.
EDIT: Can't start anything through the live dvd - is there any workaround for win 7 or is there a direct executable file which I can get to start the mtkclient?
Regards
Hello,
I also have an Umidigi Bison Pro that I am going to use as a daily driver. (It's a pity that it's unpopular it would be a great device for modding, it's cheap, rugged and has source code availability of the official ROM and kernel). I created a Telegram group about this phone if you want to join is https://t.me/UmidigiBisonPro
About your problem you can read this guide (it describes how to backup and extract from the file created by SP Flash Tool even the partitions that not visible such as the b slots) https://www.hovatek.com/forum/thread-21970.html
To give you an idea on my Bison Pro a total of 52 partitions were extracted.
If you have the full backup from before the bootloop (before the upgrade, when it was still working) my advice is to restore all partitions.
I consider myself a novice regarding modding but it is likely that after the upgrade the userdata partition is no longer readable.
I have read that you should not update the GSI ROMs but repeat the whole flash sequence.
I also recommend removing the forced encryption of the userdata partition (you can do this when rooting) to avoid exactly these problems where you have the partition backup but not the decryption key.
s80_gad said:
Flashed already the original stock rom super. img and everything else apart from userdata - it doesn't work.
see below
View attachment 5499133
Tried to flash it - it just restarts the phone straight away - in fact replaced it with sp flash tool as well which recognises only the "a" partition and flashes it there.
I see
I am guessing this is why I have to reflash the whole rom incl userdata in order to make the phone usable.
What I'll do is I'll try to dump userdata with mtk and then will reflash everything with the stock rom ()hopefully the phone will boot) and then will flash the dumped userdata with mtk. Hopefully that will work.
I'll see if I can somehow mount the mtk .bin file to see if I can get to the contents of it
Will have to use the live dvd as I have win 7 and python 3.9 cannot run on win 7.
EDIT: Can't start anything through the live dvd - is there any workaround for win 7 or is there a direct executable file which I can get to start the mtkclient?
Regards
Click to expand...
Click to collapse
Sorry for delay, I didn't receive any notification on this (or I didn't notice it), I hope you sorted out your issue, if not, let me know.
SubwayChamp said:
Sorry for delay, I didn't receive any notification on this (or I didn't notice it), I hope you sorted out your issue, if not, let me know.
Click to expand...
Click to collapse
I didn't received notification too on your message and I found out on profile account that the notification for new message on a thread are default disabled.
I recently had some problems and experimented with partitions.
Reducing the possible cases I think the decryption key for the userdata partition might be in these partitions: super , misc , nvdata , nvcfg , md_udc
and I noticed that if one of them is corrupted/different version the dm-verity check fails (in my case it is written on the screen) and it was necessary to reflash all partitions except userdata (I don't know if there is a faster combination, from the few tests done in this case I didn't find any)
Do you have more information about where the decryption key might be between those partitions?
I have made a brief description of the role of all the partitions encountered but I still don't know some of them:
boot_para
gz_a (/ gz_b)
md_udc
otp
spmfw_a (/ spmfw_b)
sspm_a (/ sspm_b)
teksunhw_a (/ teksunhw_b)
Werve said:
I didn't received notification too on your message and I found out on profile account that the notification for new message on a thread are default disabled.
I recently had some problems and experimented with partitions.
Reducing the possible cases I think the decryption key for the userdata partition might be in these partitions: super , misc , nvdata , nvcfg , md_udc
and I noticed that if one of them is corrupted/different version the dm-verity check fails (in my case it is written on the screen) and it was necessary to reflash all partitions except userdata (I don't know if there is a faster combination, from the few tests done in this case I didn't find any)
Do you have more information about where the decryption key might be between those partitions?
I have made a brief description of the role of all the partitions encountered but I still don't know some of them:
boot_para
gz_a (/ gz_b)
md_udc
otp
spmfw_a (/ spmfw_b)
sspm_a (/ sspm_b)
teksunhw_a (/ teksunhw_b)
Click to expand...
Click to collapse
Why do you think userdata has a decryption key? Unless the user set it in a backup done through a custom recovery or through the device itself, I don't think so, may I'm wrong, but which is your scenario?
SubwayChamp said:
Why do you think userdata has a decryption key? Unless the user set it in a backup done through a custom recovery or through the device itself, I don't think so, may I'm wrong, but which is your scenario?
Click to expand...
Click to collapse
Since the userdata partition is now usually encrypted either with FBE or FDE but once the system loads the files are readable and moveable even externally then it is clear that somehow the data has been decrypted precisely using the relevant decryption key, AES encryption usually.
So if the user has not specified any key this must be derived from the information already in the partitions from the factory.
Then by restoring the right combination of partitions the system can boot correctly by decrypting the userdata partition. Hence the tests and the report I wrote in my last post.
At the moment I was able to remove the forced encryption of the userdata partition by modifying super (specifically fstab present in the /vendor sub partition) but I would like to achieve the same systemless modification using Magisk (to be OTA compatible). Unfortunately, the options to remove dm-verity and forceencrypt have been hidden in the latest versions of Magisk to avoid problems with inexperienced uses.
Since I don't have a custom recovery on the Umidigi Bison Pro I can't force flag those options in the .magisk file so I have to find another way.
Werve said:
Since the userdata partition is now usually encrypted either with FBE or FDE but once the system loads the files are readable and moveable even externally then it is clear that somehow the data has been decrypted precisely using the relevant decryption key, AES encryption usually.
So if the user has not specified any key this must be derived from the information already in the partitions from the factory.
Then by restoring the right combination of partitions the system can boot correctly by decrypting the userdata partition. Hence the tests and the report I wrote in my last post.
At the moment I was able to remove the forced encryption of the userdata partition by modifying syper (specifically fstab present in the /vendor sub partition) but I would like to achieve the same systemless modification using Magisk (to be OTA compatible). Unfortunately, the options to remove dm-verity and forceencrypt have been hidden in the latest versions of Magisk to avoid problems with inexperienced uses.
Since I don't have a custom recovery on the Umidigi Bison Pro I can't force flag those options in the .magisk file so I have to find another way
Click to expand...
Click to collapse
Well, what I said is a different thing, the other user had a different interest than this. They did want to access to some data from a backup in a non-booting device, I referred to that, the userdata image backed up doesn't have an encryption by default, unless the user set one through a custom recovery, suppose that someone did take a backup from the userdata partition, this userdata image can be opened/readable for anyone with minimum skills and the appropriate tool.
In regard to your issue, I don't think, the userdata partition has any kind of restrictions to take OTA updates, most likely this resides in the bootloader, kernel or even a "silent/hidden" partition with no more functions than that.
As a side note, you should check some custom recoveries, specially in Xiaomi devices that easily allow taking OTA updates, for example I always can take OTA, when I use Orange Fox recovery, although I'm not interested, so I make updates manually, to be sure that all run fine.
SubwayChamp said:
Well, what I said is a different thing, the other user had a different interest than this. They did want to access to some data from a backup in a non-booting device, I referred to that, the userdata image backed up doesn't have an encryption by default, unless the user set one through a custom recovery, suppose that someone did take a backup from the userdata partition, this userdata image can be opened/readable for anyone with minimum skills and the appropriate tool.
In regard to your issue, I don't think, the userdata partition has any kind of restrictions to take OTA updates, most likely this resides in the bootloader, kernel or even a "silent/hidden" partition with no more functions than that.
As a side note, you should check some custom recoveries, specially in Xiaomi devices that easily allow taking OTA updates, for example I always can take OTA, when I use Orange Fox recovery, although I'm not interested, so I make updates manually, to be sure that all run fine.
Click to expand...
Click to collapse
The methodology I was referring to that is not OTA supported is to modify the super partition (the dynamic partition that from Android 8? contains system, vendor, product--for Project Treble) to disable the forced encryption of the userdata partition. In my case FBE (File Based Encryption) Android 11 encryption.
Even having disabled the dm-verity if you apply an OTA update the super partition is replaced with the one that does not have the modification to remove the forced encryption and from the tests I have done this refuses to read unencrypted partitions and asks to do a factory reset.
So, the userdata partition makes the OTA update problematic (it doesn't block it, but you lose your personal data).
I am sure that instead of modifying the super partition to disable encryption you can achieve the same result via Magisk and a modified boot partition.
Unfortunately despite many trials due to my inexperience with Magisk I could not do it.
I wanted to do all this to avoid problems as described in the case of this thread that is, have the userdata partition intact but not the rest to be able to describe it. But seems I must let the encryption and do a backup after every OTA update.
Werve said:
The methodology I was referring to that is not OTA supported is to modify the super partition (the dynamic partition that from Android 8? contains system, vendor, product--for Project Treble) to disable the forced encryption of the userdata partition. In my case FBE (File Based Encryption) Android 11 encryption.
Even having disabled the dm-verity if you apply an OTA update the super partition is replaced with the one that does not have the modification to remove the forced encryption and from the tests I have done this refuses to read unencrypted partitions and asks to do a factory reset.
So, the userdata partition makes the OTA update problematic (it doesn't block it, but you lose your personal data).
I am sure that instead of modifying the super partition to disable encryption you can achieve the same result via Magisk and a modified boot partition.
Unfortunately despite many trials due to my inexperience with Magisk I could not do it.
I wanted to do all this to avoid problems as described in the case of this thread that is, have the userdata partition intact but not the rest to be able to describe it. But seems I must let the encryption and do a backup after every OTA update.
Click to expand...
Click to collapse
If you want to apply an OEM vendor stock update then it is a restriction from the OEM itself, and if you want to apply a GSI based update, it's a different approach, not sure if the restriction is FBE related or if the userdata is encrypted or not but probably related to AVB.
There are some tools/scripts you should search for, that can unpack and repack super partition, maybe you find something in the ODM or product image, this is assuming that the super partition it is the culprit.
Just know that it's a nonsense that an order (script) to restore a specific partition, be placed just there, but in other partition.
You should check what the OTA update contains, try to catch the OTA update through some ADB script, then unpack it, and see inside.
Also, you can try backing up every partition, and restoring them one by one, seeing if it boots.
SubwayChamp said:
If you want to apply an OEM vendor stock update then it is a restriction from the OEM itself, and if you want to apply a GSI based update, it's a different approach, not sure if the restriction is FBE related or if the userdata is encrypted or not but probably related to AVB.
There are some tools/scripts you should search for, that can unpack and repack super partition, maybe you find something in the ODM or product image, this is assuming that the super partition it is the culprit.
Just know that it's a nonsense that an order (script) to restore a specific partition, be placed just there, but in other partition.
You should check what the OTA update contains, try to catch the OTA update through some ADB script, then unpack it, and see inside.
Also, you can try backing up every partition, and restoring them one by one, seeing if it boots.
Click to expand...
Click to collapse
I have already done these tests, not with an OTA update but with a different version of the firmware for all partitions, and set out the conclusions.
Obviously it's an OEM restriction since it left the forced FBE encryption on and the way it was created (so I guess also from AOSP) it refuses to read the userdata partition if it doesn't find it encrypted.