So after a failed attempt to upgrade from CyanogenMod 10.1.3 to 10.2, I was unable to access /data or /sdcard because both systems were encrypted. I ended up having to factory reset my phone because it refused to co-operate or let me access my files. However, before I did that, I was able to run
Code:
adb shell "dd if=/dev/block/mmcblk0p2" > data.img
and
Code:
adb shell "dd if=/dev/block/mmcblk0p3" > sdcard.img
, which appears to have copied the raw partition images from the phone (at least, they're the right sizes).
According to my reading, Android (and, I'm inferring, CyanogenMod) encrypts filesystems using dm-crypt, with a AES-CBC ESSIV:SHA256 cipher, with the key being derived from the password using PBKDF2. Knowing the precious little I do about encrypted file systems, my guess is that if I configure the image in cryptsetup to create a drive mapping, I can mount the mapped drive and recover the data from the images.
According to /fstab.herring on my ahem, fresh, install of Android, the /data partition is in ext4 format whereas the /sdcard partition is vFAT. So, once I've gotten through the encryption on the partition images, they should mount normally, right?
I know that dm-crypt accepts plain, LUKS, LoopAES and TrueCrypt device formats. I'm inferring from the PBKDF2 extension that Android goes the LUKS route for encrypting. Is this conclusion correct?
Could someone explain whether it's possible to decrypt a dumped android image? I'm really hoping that the cypher information is stored on the file system and not on some key file that I nuked in the factory reset. If it can, in theory, be decrypted, am I using the right tools to approach the matter? If so, I'll continue fiddling with cryptsetup and mount, but no sense in wasting time if it's an impossible task.
Never did get a response to this question, so I'll try it again, but start with a simpler question:
If someone dds an Android (specifically Cyanogenmod 10.x) partition to an img file, is there any way to read that image from, say a Linux laptop? I dumped the contents of the /system partition using
Code:
adb shell "dd if=/dev/block/mmcblk0p1" > system.img
I expected system.img to be a normal ext4 partition. However, attempting to loopback mount it with
Code:
sudo mount -t ext4 -o loop,ro system.img ~/android/system
Gave me errors about corrupt group descriptors, bad magic numbers and other maladies indicative of a thoroughly corrupted file system. I'm assuming that:
/data has the same ext4 partition structure as /system; and
The process to mount /storage would be no different to mounting /system with the exception that the former uses vFAT as its file system
However, as my Android is currently working normally (well, as well as one can hope for Android to work), I know I don't have a corrupted file system.
So what's going on? Does Android use a special version of ext4 that other Linuxes don't recognise? Am I not dd-ing correctly? Is there a block-size issue I ignored to my peril?
Borden Rhodes said:
So after a failed attempt to upgrade from CyanogenMod 10.1.3 to 10.2, I was unable to access /data or /sdcard because both systems were encrypted. I ended up having to factory reset my phone because it refused to co-operate or let me access my files. However, before I did that, I was able to run
Code:
adb shell "dd if=/dev/block/mmcblk0p2" > data.img
and
Code:
adb shell "dd if=/dev/block/mmcblk0p3" > sdcard.img
, which appears to have copied the raw partition images from the phone (at least, they're the right sizes).
According to my reading, Android (and, I'm inferring, CyanogenMod) encrypts filesystems using dm-crypt, with a AES-CBC ESSIV:SHA256 cipher, with the key being derived from the password using PBKDF2. Knowing the precious little I do about encrypted file systems, my guess is that if I configure the image in cryptsetup to create a drive mapping, I can mount the mapped drive and recover the data from the images.
According to /fstab.herring on my ahem, fresh, install of Android, the /data partition is in ext4 format whereas the /sdcard partition is vFAT. So, once I've gotten through the encryption on the partition images, they should mount normally, right?
I know that dm-crypt accepts plain, LUKS, LoopAES and TrueCrypt device formats. I'm inferring from the PBKDF2 extension that Android goes the LUKS route for encrypting. Is this conclusion correct?
Could someone explain whether it's possible to decrypt a dumped android image? I'm really hoping that the cypher information is stored on the file system and not on some key file that I nuked in the factory reset. If it can, in theory, be decrypted, am I using the right tools to approach the matter? If so, I'll continue fiddling with cryptsetup and mount, but no sense in wasting time if it's an impossible task.
Click to expand...
Click to collapse
Can you give the result of the "file sdcard.img" and "file data.img" commands?
You are quite right. With regular LUKS container/partition, you would do (being root) the following. With the following commands, you can create a container named "safe", setup it, then format its content in ext3 and mount the partition:
Code:
dd if=/dev/zero bs=1M count=50 of=safe
losetup /dev/loop0 safe
cryptsetup luksFormat -c aes -h sha256 /dev/loop0
cryptsetup luksOpen /dev/loop0 safe
mkfs.ext3 /dev/mapper/safe
(losetup /dev/loop0 safe)
(cryptsetup luksOpen /dev/loop0 safe)
mkdir mnt
mount -t ext3 /dev/mapper/safe mnt
//HERE: do whatever you want in your mounted encrypted filesystem
umount mnt
cryptsetup luksClose safe
losetup -d /dev/loop0
For details, you can go there: http://blog.theglu.org/index.php/20...-couteau-suisse-du-chiffrement-de-partitions/
Sorry, the article is in French but you can translate it if you need to.
Here, using "hexdump", you can see the "safe" file has a LUKS magic at the beginning. And doing a "file safe" command, you can check it detects it as a "LUKS encrypted file".
If doing "file" on your .img files does not give you the same result, you may not be able to directly use the "cryptsetup" command and need to adapt it.
Finally: usually in Android the header containing the key is stored on another partition so you may have lost it when wiping your phone, sorry.
---------- Post added at 02:44 PM ---------- Previous post was at 02:41 PM ----------
Borden Rhodes said:
Never did get a response to this question, so I'll try it again, but start with a simpler question:
If someone dds an Android (specifically Cyanogenmod 10.x) partition to an img file, is there any way to read that image from, say a Linux laptop? I dumped the contents of the /system partition using
Code:
adb shell "dd if=/dev/block/mmcblk0p1" > system.img
I expected system.img to be a normal ext4 partition. However, attempting to loopback mount it with
Code:
sudo mount -t ext4 -o loop,ro system.img ~/android/system
Gave me errors about corrupt group descriptors, bad magic numbers and other maladies indicative of a thoroughly corrupted file system. I'm assuming that:
/data has the same ext4 partition structure as /system; and
The process to mount /storage would be no different to mounting /system with the exception that the former uses vFAT as its file system
However, as my Android is currently working normally (well, as well as one can hope for Android to work), I know I don't have a corrupted file system.
So what's going on? Does Android use a special version of ext4 that other Linuxes don't recognise? Am I not dd-ing correctly? Is there a block-size issue I ignored to my peril?
Click to expand...
Click to collapse
Can you give the result of the "file system.img" command?
Thanks, saidlike, for your reply:
saidelike said:
Can you give the result of the "file sdcard.img"...
Click to expand...
Click to collapse
sdcardPartitionDump.img: data
saidelike said:
... and "file data.img" commands?
Click to expand...
Click to collapse
data.img: data
saidelike said:
Can you give the result of the "file system.img" command?
Click to expand...
Click to collapse
system.img: Linux rev 1.0 ext4 filesystem data, UUID=57f8f4bc-abf4-655f-bf67-946fc0f9f25b (needs journal recovery) (extents) (large files)
Again, attempting to run
Code:
mount -t ext4 -o loop systemimg mountpoint/
yields
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
Click to expand...
Click to collapse
Ignoring the results of data.img and sdcard.img for the time being, the fresh dump of the system partition shows that it's an EXT4 filesystem, but that it's heavily corrupted. fsck.ext4 on that partition basically asks me to fix every single inode, so it's not a simple unclean journal issue. Therefore, is it fair to conclude that CyanogenMod (and maybe AOSP too) have modified the ext4 partiiton type?
@Borden Rhodes
Maybe, my reply is too late, but you could try to make the same experiment with backup of your current data.
If you get the same results as with the old pre-wipe backup, then you still have a hope.
Hello
I have mounted system.img with linux the format i think it ext4 but the file is not sparse so i was successful using the following command.
sudo mount -t ext4 system.img ~/firmware2 -o loop
When the system image is mounted i have made some edits to the live image then i have unmounted the image and transferd the image back to my windows computer and ran the system.img through ext4 unpacker and extunpacker shows that my changes havent been made and and the file is the same as before however when i remount the system.img on my linux pc it shows the changes.
Im really stuck here and if anyone could help that would be great.
I am only new here but when i possible i will contribute and repay favours.
ps with the unmount i use visual unmount but have also tried unmounting with commands i used are umount /firmware2
re
I have sorted this issue now and managed to fix.
Hi, I'd like to ask a general question about device boot. I'd like to mount /system, /data, and /cache partitions in selected locations based on detection of sdcard in the device.
How could I add an if ... then ... else statement to init.rc before that /system, /data, and /cache partitions are mounted? Any ideas?
Solved
I've found a way to perform this task. It's possible to place if ... then ... else statement into a shell script and put the shell script into ramdisk root directory of boot.img. Then, just run the script by busybox ash command from init.rc (with busybox located into ramdisk root directory).
cristian_c said:
I've found a way to perform this task. It's possible to place if ... then ... else statement into a shell script and put the shell script into ramdisk root directory of boot.img. Then, just run the script by busybox ash command from init.rc (with busybox located into ramdisk root directory).
Click to expand...
Click to collapse
Hey... I managed to mount /dev/block/mmcblk1p2 as my /data partition by editing my boot.img ramdisk(the 3. fstab files and the .rc files... i replaced [email protected] with dev/block/mmcblk1p2 wherever i saw them)
So i was trying to use an if statement in some of the .rc files to check if /dev/block/mmcblk1p2 was mounted on /data and if not then mount /dev/block/mmcblk0p9 (my usrdata partition) on /data... Soon i realised that this isn't exactly bash...
Please explain how you managed to get a .sh to run from your .rc files( or do you only need it in the init.rc, and remove all the /data mounting lines from them and do it all from the script???)
I don't always have access to a pc so if my sdcard somehow dies i want my phone to boot using the internal /data partition otherwise i will bootloop until i flash the original boot.img
nullbyte001 said:
Hey... I managed to mount /dev/block/mmcblk1p2 as my /data partition by editing my boot.img ramdisk(the 3. fstab files and the .rc files... i replaced [email protected] with dev/block/mmcblk1p2 wherever i saw them)
So i was trying to use an if statement in some of the .rc files to check if /dev/block/mmcblk1p2 was mounted on /data and if not then mount /dev/block/mmcblk0p9 (my usrdata partition) on /data... Soon i realised that this isn't exactly bash...
Please explain how you managed to get a .sh to run from your .rc files( or do you only need it in the init.rc, and remove all the /data mounting lines from them and do it all from the script???)
I don't always have access to a pc so if my sdcard somehow dies i want my phone to boot using the internal /data partition otherwise i will bootloop until i flash the original boot.img
Click to expand...
Click to collapse
I've found on fs_property:ro.mount.fs=EXT4 in init.rc. In that section, I've added the following iine:
Code:
exec /busybox ash /mount_partitions.sh
[of course, I've placed busybox arm compiled binary (the version provided by busybox android app should work) and a mount_partitions.sh script (created by myself) into boot image ramdisk (I mean / main directory, the same where init.rc is located) ]
You could also need to give permissions to busybox and to .sh script. You could also need to remount / in read-write mode, in case of issues with the above command.
my modem partition shows as protected in flashfire.im guessing its read only? how would i mount it as r/w in adb.I have root and busybox. the mmc block is /dev/block/mmcblk0p1
adb shell
su
# # mount -o remount,rw /dev/block/mmcblk0p1?
i've tried that command, i dont know if its correct it give no errors but its still read only
Sorry
But have you found a way to mount modem partition
What is the command for it?
I accidentally erased all by flash tool
And now SIM not working
Even after flashing stock rom
I have Lenovo phab plus
And I could only install twrp recovery and root
But the recovery can't mount
It returns to default again after restart
jass65 said:
my modem partition shows as protected in flashfire.im guessing its read only? how would i mount it as r/w in adb.I have root and busybox. the mmc block is /dev/block/mmcblk0p1
adb shell
su
# # mount -o remount,rw /dev/block/mmcblk0p1?
i've tried that command, i dont know if its correct it give no errors but its still read only
Click to expand...
Click to collapse
You need insecure ADB to do that, which requires ROM modification. Or do it in TWRP, which is insecure by default.
Insecure ADB is enabled by "adb root" on your PC.
Also, when remounting, you should specify the mount point - not the block device. E.g. /modem. You can check "mount" command to find the existing mount point.
Boot into TWRP and run:
adb shell mount -o rw,remount /modem or /firmware
But you may get errors as this partition is probably write-protected. You'd need to modify your fstab to make it always read-writeable
The best way to modify is to dump the partition and modify within Linux then reflash to the device
Strange problem - "/sdcard" becoming read-only during file copy - Please help!
Hello all, I am trying to load LineageOS on a Samsung Tab 3 (SM-T217S, aka "lt02ltespr") and I am having a very strange issue that I am really hoping someone can help me with. Specifically, when I'm trying to push the Lineage installer with adb, it starts copying normally, but 20-80MB into the copy it fails out as the /sdcard partition has suddenly become "read-only." If I copy significantly smaller files they copy over without error, but even then immediately after the copy the filesystem is read-only as before.
For reference, here's what I've done:
* I have wiped the stock OS
* I have loaded TWRP v3.1.0-0 on the tablet, but I previously had TWRP 2.7.0 on it and had the exact same problem.
* adb seems to be fully functional, other commands work as normal
* There is plenty of space available in /sdcard/, something like 11GB
* If I push the files to other locations (e.g. /tmp) they copy over just fine. But if I then try to move or copy the files from there to /sdcard the same problem happens
* /sdcard is definitely not read-only before the attempt to copy to it
* Problem occurs with other files as well, so not specific to the Lineage installer
My current attempted process is as follows:
* Boot into "recovery mode", aka TWRP
* Go in to mount and "Disable MTP" to make ADB functional
* Attempt to push Lineage installer (although same problem happens with other files) with the command:
* adb push lineage-14.1-20171221-nightly-lt02ltespr-signed.zip /sdcard/
It starts copying, but after a while the following happens:
adb: error: failed to copy 'lineage-14.1-20171221-nightly-lt02ltespr-signed.zip' to '/sdcard/lineage-14.1-20171221-nightly-lt02ltespr-signed.zip': remote write failed: Read-only file system
lineage-14.1-20171221-nightly-lt02ltespr-signed.zip: 0 files pushed. 6.1 MB/s (36499096 bytes in 5.700s)
Once this happens, i can't fix/change the /sdcard/ partition (even trying to remount it read-write doesn't work), and i need to reboot the phone back into TWRP again to delete the partially written file or make any other changes.
Any help here would be hugely appreciated, thanks!
Well after all that i fixed it. Needed an fsck.
In case anyone else experiences this problem, here was the fix:
# mount
...
/dev/block/mmcblk0p25 on /data type ext4 (rw,seclabel,relatime,data=ordered)
/dev/block/mmcblk0p25 on /sdcard type ext4 (rw,seclabel,relatime,data=ordered)
# umount /data
# umount /sdcard
# e2fsck -pcfv /dev/block/mmcblk0p25
When that finished I rebooted the device, and after that the file copies worked just fine.