A proper way to create complete backup? - Android Q&A, Help & Troubleshooting

Hello, maybe someone could point me in the right direction, just trying to make a complete backup of my phone ( samsung galaxy S22), so I could back everything up when needed, I have tried the 'titanium backup' and 'swift backup' tools so far, but they only back up the .apks, and my google login credentials are lost..
Really kind of lost browsing through some 11 year old topics about 'nandroid' and 'ClockWorkMod', do people use these tools today?
Thank you

no way. use samsung smart switch and cross fingers

I don't know Samsung from a hole in the ground.
If your device has Qualcomm EDL (and open Firehose loader) you could make a full raw backup of the entire flash.
That's not really helpful if you want to grab a single file but it means that you can restore your device to a snapshot.

@Renate restoring snapshot is not possible after factory reset, as the encryption key is not in userspace and therefore not in backup.
afaik there is no samsung signed firehose programmer leaked for SM8450 (and probably never will) and that device is also shipped with Exynos 2200.

aIecxs said:
Restoring snapshot is not possible after factory reset, as the encryption key is not in userspace and therefore not in backup.
Click to expand...
Click to collapse
Well, that's a good reason not to factory reset!
So, where is the encryption key stored?

get some coffee and read about tee...
encrypted file encryption keys are stored in files metadata, but DEK required for decrypting keys is random generated and securely deleted from TEE keystore on factory reset. I don't know exactly what triggers that deleteKey (it's another OS) but it can survive simple formatting userdata.

aIecxs said:
get some coffee and read about tee...
Click to expand...
Click to collapse
Well, I did have my second coffee already and I know about as much about TEE as I want (which is little).
My point being, if you make a full flash backup, then do whatever, then restore the complete flash, how is that not going to get you back wherever you were?
There are tons of ELF and data partitions used by TEE, TZ.
But are you telling me there is some state built into a device that is neither OTP or flash?

right, it's not in flash storage emmc/ufs.

Appreciate te replies!
Is there any other popular android device which would support the earlier mentioned flashing method?
Thanks!!

aIecxs said:
right, it's not in flash storage emmc/ufs.
Click to expand...
Click to collapse
I'd still like to know exactly where that is.
There are enough partitions called keymaster and other stuff.
Well, ok, but if you don't use factory reset a full flash backup is the best way to get you back to where you were.

actually, it IS in flash storage, but you won't see it
https://www.wikipedia.org/wiki/Replay_Protected_Memory_Block
Note: for all devices running old (FDE) full disk encryption, the static hardware master key is used directly, and the encrypted DEK is stored in crypto-footer (userspace) therefore restoring full raw backup was always possible.
Google and Samsung devices in general used to lack raw access. However, things have changed with Samsung started shipping MediaTek SoCs on their low-/mid-range lines.
But if you're looking for full backup solution, don't use any DRM related or banking apps and don't care about losing warranty and Samsung Knox, rooting and removing encryption is possible so you could just use TWRP or Swift Backup.

aIecxs said:
actually, it IS in flash storage, but you won't see it
https://www.wikipedia.org/wiki/Replay_Protected_Memory_Block
Note: for all devices running old (FDE) full disk encryption, the static hardware master key is used directly, and the encrypted DEK is stored in crypto-footer (userspace) therefore restoring full raw backup was always possible.
Google and Samsung devices in general used to lack raw access. However, things have changed with Samsung started shipping MediaTek SoCs on their low-/mid-range lines.
But if you're looking for full backup solution, don't use any DRM related or banking apps and don't care about losing warranty and Samsung Knox, rooting and removing encryption is possible so you could just use TWRP or Swift Backup.
Click to expand...
Click to collapse
Thank you, that's the thing, as a matter of fact I already have tried using swift backup tool, but all google accounts are lost when backing up, and the apps that have used google to log in ( like play store, google maps etc ) are also losing the connected account.
Any suggestions on how to transfer the google accounts as well?
Thanks again!

actually Swift Backup should work. it looks like some extended Google One fork with optional root features. google account is required for it to work, not sure what problems you are facing?

aIecxs said:
actually Swift Backup should work. it looks like some extended Google One fork with optional root features. google account is required for it to work, not sure what problems you are facing?
Click to expand...
Click to collapse
The main issue for me was that it doesn't back up my google signed in accounts.
After reading for one more day I stumbled upon one of your very interesting posts on this thread - https://forum.xda-developers.com/t/android-12-and-nandroid-backup.4420185/
Here you explain how it's possible to pull out the 'nandroid' image from the phone to the computer which is exactly what I was looking for, but couldn't express clearly.
That's 100% the functionality I am looking for
- Ability to pull out the exact state of the phone to a file on the computer
- Put it back in if things go south, and all my files are exactly as they were at that point.
1) From your experience, do you think it would be possible to achieve this on a Samsung phone?
2) As far as I understood, after doing a 'factory reset' I would no longer be able to put the old 'nandroid' image back, because of the encryption?
Thank you for your time!
P.s I would be happy to pay for a consultation on this topic from you or someone who has managed to do this.

I also would like to see a full nandroid backup solution tool similar to how Windows System image backup works - a full 1:1 flash image with all files and settings intact of an android device.

Renate said:
I don't know Samsung from a hole in the ground.
If your device has Qualcomm EDL (and open Firehose loader) you could make a full raw backup of the entire flash.
That's not really helpful if you want to grab a single file but it means that you can restore your device to a snapshot.
Click to expand...
Click to collapse
How do I do this @Renate with my one plus pro 9 phone? I have the MSM tool, how do I dump a full system image?

immortalwon said:
How do I do this with my one plus pro 9 phone? I have the MSM tool, how do I dump a full system image?
Click to expand...
Click to collapse
I don't know.
I've been trying to get down to brass tacks what's the difference between this MSM Tool and a generic EDL client.
I don't know about its authorization and phone-home-ness.
I'm not even sure if with VIP you can transfer complete device images.
OTOH, VIP is built into many loaders but not used.
I don't have a OnePlus. I'd need a USB capture to say anything intelligent.
I know on my Android 10 ereader I can simply (with my EDL client):
Code:
C:\>edl /r /s0 /c0 mybackup.img
That's for eMMC. For UFS you'd probably need six files.

Renate said:
I don't know.
I've been trying to get down to brass tacks what's the difference between this MSM Tool and a generic EDL client.
I don't know about its authorization and phone-home-ness.
I'm not even sure if with VIP you can transfer complete device images.
OTOH, VIP is built into many loaders but not used.
I don't have a OnePlus. I'd need a USB capture to say anything intelligent.
I know on my Android 10 ereader I can simply (with my EDL client):
Code:
C:\>edl /r /s0 /c0 mybackup.img
That's for eMMC. For UFS you'd probably need six files.
Click to expand...
Click to collapse
I found a way to do a full image readback using the msm tool, which downloads everything firmware related to my pc on the main C:/ drive. The question is, if I ever need to in the future, how do we use the restore function of the msm tool to restore these backups?
EDIT: I don't think it was a full image backup after all because the backups in total are 13gb, while my device is using a lot more storage then that.

@myndeswx what you have linked in post #14 is exactly what Migrate does. It creates tarball archives of apps of decrypted /data partition during runtime. Restoring will work after factory reset because it's a backup of plain files. However, it's far from complete, it is not atomic, still security critical apps using android keystore cannot restored, and it requires rooted device (with all its disadvantages)
For Samsung phones there is currently a hack to gain temporary access to /data with system privileges (uid 1000) floating around (haven't tried)
***LOCKED UNTIL FURTHER NOTICE*** System Shell Exploit - ALL Samsung Mobile Devices NO BL UNLOCK REQUIRED.
***MODERATOR ANNOUNCEMENT: THREAD CLOSED*** @K0mraid3 you are hereby required to provide proper credit in your OP as follows: Link the assigned CVE for this exploit as it mentions the author's blog and GitHub, OR Link the original research repo...
forum.xda-developers.com

hallo i have S22 exynos S908B
- Magisk 26.1
- Encrypted
- S-health working
- Health connect working
- Bank apps working
- Galaxy Watch 4 working
i extracted Titanium Baclups and see there is only installation apk because data in Android/data is encrypted so Titanium backup can't see it and not advise about not backupped data.
Android/data is accessible only by mtp/usb by pc.
So what option i have for backup?
by twrp can i baclup partitions with dd command? After can i restore it without factory reset? (can't factory reset because cause encryption keys lost)
Any working way for bakup?

Related

[Q] Questions About: Encryption + Backups

I've recently been getting into more security cautious habits with encryption and what not, due to this whole NSA/Big-brother is watching business... But I have a question (more may pop up as this discussion goes on). Sorry if I seem noob-y, I am still getting a hang of all this encryption business. But here's my first round (regarding just the files being backed up):
If I go ahead and do a full phone encryption with my GN2 where will I stand as far as backups to Dropbox/Copy/Google Drive/etc.?
I currently have photos and such backing up to copy, and I often move backups made through recovery to Dropbox and such. If I were to have photos automatically sync to copy or move system backups to dropbox wouldn't that render them basically useless as I am assuming they move out of the phone encrypted (not being decrypted as they exit).
The photos would be unusable anywhere besides my phone right? So moving them off my phone to share vacation photos for instance would be impossible, and if my phone were to crash they'd be irretrievable? Making the backup process pointless.
Wouldn't the back up be rendered useless as well, exactly when I might need said backup? If my phone were to ever crash or die for some reason, I would lose the encryption key, would even be able to do a full system restore through the recovery? It would seem that the encryption key wouldn't be kept with those back up files, so while it might place everything back in its correct place, it would still be unreadable. Or does it maybe keep the key in system files somewhere so that a full backup would restore the key as well?
And my second round of questions (regarding recoveries and what not):
I am also under the impression that I would not be able to flash through custom recovery either as the internal SD would be inaccessible from the recovery being it doesn't have the encryption key. I am currently running OmniROM and it is in a nightly stage still for my phone. I wouldn't be able to update nightly would I? I am assuming since it basically flashes/overwrites system each time, that I would be losing my encryption key and making everything besides system unusable then right?
And what about downloading ROMs to flash/update directly to my phone? As I download them from in browser or another app and they go to the default /downloads folder they would be encrypted. They wouldn't be accessible from there in recovery, but if I were to try and move them out of internal SD to the external SD they would retain encryption and still be inaccessible? So the only way to download ROMs and updates would be from PC and only move them to the external SD?
Overall, this seems to be crippling a lot of the way I use my phone...
Bump?
Sorry, this is already getting buried and I kinda want to know what's going on before I go ahead and do this...
Zombtastic said:
I've recently been getting into more security cautious habits with encryption and what not, due to this whole NSA/Big-brother is watching business... But I have a question (more may pop up as this discussion goes on). Sorry if I seem noob-y, I am still getting a hang of all this encryption business. But here's my first round (regarding just the files being backed up):
If I go ahead and do a full phone encryption with my GN2 where will I stand as far as backups to Dropbox/Copy/Google Drive/etc.?
Click to expand...
Click to collapse
I'm not (yet) an expert on this, but when you've encrypted your device, it encrypts the file system on your internal memory and SD card. You have to enter a PIN/password when you turn on your device (and when it times out) to gain access. When the correct PIN is entered at boot time, the file system is available as normal - the underlying data is still encrypted, but the file system can unencrypt it in "real time" for use by apps and the system.
So that means that Dropbox et al all see your files as normal, and any copying you do from your device to something on the net (Drive, Dropbox, a server, etc.) works as normal - the data appears normal to the apps and is copied as normal. So photos would copy across as photos, music as music, etc.
Think of it like this: You can't speak Urdu, only English. There is a book you own that is written in Urdu that you want to tell someone about. You find a translator to read the book and tell you what it says. He reads the first page in Urdu, translates it in his head to English, and tells you what it says. You then tell your friend what it says (in English, of course). Your friend writes down what you told him, in English, then tells you something in reply. You tell your Urdu translator what your friend said (again, in English). Your Urdu translator then translates (in his head) what you said from English to Urdu, and writes it down in the book in Urdu.
At no time do you understand Urdu, nor does your friend. Your friend doesn't even know the book is written in Urdu and doesn't care. He never sees it or accesses it directly. If anyone ever steals your book, they can't read it unless they can read Urdu. The book is only useful to you and your friends if you have an Urdu translator sitting there in the loop. (the analogy is imperfect and incomplete but you get the idea).
So, getting back to your phone, if you have it encrypted, the underlying file system deals with translating things on the fly if you've given it the correct password at boot and login time. No apps ever know about the encryption - they just see data as normal (unencrypted). So any app that wants to copy a photo to Dropbox just sees a normal photo - it never sees the underlying encrypted data. But if you don't enter the correct password at boot time, the phone can't boot, and anyone trying to access the data on the phone won't be able to read it unless they know the password.
Does that help or confuse?
Zombtastic said:
I currently have photos and such backing up to copy, and I often move backups made through recovery to Dropbox and such. If I were to have photos automatically sync to copy or move system backups to Dropbox wouldn't that render them basically useless as I am assuming they move out of the phone encrypted (not being decrypted as they exit).
Click to expand...
Click to collapse
Hmm, this does my head in a bit but lets untangle it:
- you boot into Recovery. The Recovery you're using (obviously) understands encrypted file systems (some versions of CWM do, some versions of TWRM don't for instance - see near the end of this post for a bit more on this). So when you boot into Recovery and enter your PIN/password, it can then read your file system. You can then do a Recovery-based backup of your file system (or individual files, though I'm not aware that you can do this). The backup it creates is written to the encrypted file system and thus encrypted with the same encryption keys used for everything else.
- You boot the phone back up as normal and enter your PIN/password, and start up Android. You then use Dropbox to copy the Recovery backup files to the cloud. So the question is, "Are these files encrypted?" and I think the answer is, "No". Why? Read the rest of this post and hopefully you'll work out the same conclusion. But I'm pretty sure that the data that ends up on the Cloud is not encrypted.
One general comment worth pointing out as an aside (sorry, this paragraph isn't really related to the above but I wanted to point this out somewhere and its still useful) is that each time you encrypt your phone, it creates a unique encryption key - even if you give it the same PIN/password to use. So if you're forced to rebuild/reflash/wipe your phone in the future, it won't be able to access any data that is still on there (in internal or SD memory) since it won't know the previous encryption key. So you'll have to wipe all data and start again. And at that point, if you choose to encrypt your fresh, newly initialized phone, it will have a new, unique encryption key that won't work on any encrypted data from previous. So if for instance, you plug in an SD card that was encrypted on your phone in an earlier ROM, it won't be readable even if you know the correct PIN/password, since your phone will be using a different underlying unique key.
Zombtastic said:
The photos would be unusable anywhere besides my phone right? So moving them off my phone to share vacation photos for instance would be impossible, and if my phone were to crash they'd be irretrievable? Making the backup process pointless.
Click to expand...
Click to collapse
So, if you're following this, you'll now understand that moving your photos off your phone could be done two ways:
- while you're using the phone as normal (ie. you've booted it, entered your PIN/password, and copying your photos to Dropbox via an app while you're logged on. If you do it this way, you're simply copying photos as normal that can be viewed as normal in Dropbox.
- by copying backups generated while in Recovery. But Recovery will be firstly mounting the encrypted file system successfully (if you gave it the right PIN/password and your version of Recovery supports encryption), which means it can read your photos as normal files, then backs them up into its own normal Recovery file/folder structure and writes them to your encrypted file system, so the underlying data is encrypted unbeknownst to Recovery. Then when you boot up your phone and log in successfully to Android, you can access that data as normal (and unencrypted). So when you then copy it to Dropbox, all you're copying is normal Recovery-created backup files. The copied data won't be encrypted (unless Recovery encrypts them itself, independently, which I don't think it does). So you could copy this data to anybody's phone, so long as they were using a compatible Recovery version and probably compatible ROM.
Zombtastic said:
Wouldn't the back up be rendered useless as well, exactly when I might need said backup? If my phone were to ever crash or die for some reason, I would lose the encryption key, would even be able to do a full system restore through the recovery? It would seem that the encryption key wouldn't be kept with those back up files, so while it might place everything back in its correct place, it would still be unreadable. Or does it maybe keep the key in system files somewhere so that a full backup would restore the key as well?
Click to expand...
Click to collapse
I'm not 100% sure on this, but I think your logic is correct. The backup would be useless if the phone loses the encryption key, which it would do if you re-initialized your phone and/or did a new encryption. So you can only recover your backed up data if you haven't done either of those things. A solution to this is to use backup software that runs on your phone (Titanium Backup) that gives you the option to encrypt your data. Some caveats to this approach should be obvious:
- you firstly need to decide if you trust your backup software's encryption
- you need to use a strong password and be able to recall it months/years from now when you go to restore your data
- you need to copy your backups off your phone (such as onto your SD card, cloud, dropbox, etc.) in case you lose your phone.
Zombtastic said:
And my second round of questions (regarding recoveries and what not):
I am also under the impression that I would not be able to flash through custom recovery either as the internal SD would be inaccessible from the recovery being it doesn't have the encryption key. I am currently running OmniROM and it is in a nightly stage still for my phone. I wouldn't be able to update nightly would I? I am assuming since it basically flashes/overwrites system each time, that I would be losing my encryption key and making everything besides system unusable then right?
Click to expand...
Click to collapse
Tricky - if you flash/update your phone with a new ROM, you will probably be OK so long as you haven't wiped the part of your phone's storage that holds the encryption information. I don't know where this is. But the nightly updates I do to my phone don't normally touch my data - all my apps are still there and it boots identically to the way it did before I updated it. HOWEVER, its possible that an update may force me to wipe my phone for some reason - the update may fail, it may contain significant changes, or I might screw something up. I probably end up completely wiping my phone at least once every 2 months just because I like to play with the latest and greatest ROMs, or I screw something up. So if that happens, I'm going to lose the encryption information and thus would lose everything on the phone.
Of course, I can always restore my apps and data via Titanium Backup, since I back up my stuff quite often and then copy it to Dropbox.
Zombtastic said:
And what about downloading ROMs to flash/update directly to my phone? As I download them from in browser or another app and they go to the default /downloads folder they would be encrypted. They wouldn't be accessible from there in recovery, but if I were to try and move them out of internal SD to the external SD they would retain encryption and still be inaccessible? So the only way to download ROMs and updates would be from PC and only move them to the external SD?
Click to expand...
Click to collapse
Hmmm - good question. A simpler question is, "Is my encrypted file system accessible while in Recovery?" I believe the answer is, "Yes, if you use CWM, No if you use TWRM". But I say that because from what I've been reading, some versions of CWM/TWRM can/can't handle encrypted devices. But you'll already have sorted this out at the time you're trying to encrypt your device anyway since the encryption process involves rebooting your phone into recovery I believe - and if you're not using the correct supported Recovery, this step will fail. But if you are using a supported recovery, this step will work, and therefore logically I'd assume that you can access your encrypted file system while in Recovery in the future. I'd imagine Recovery would prompt you for your PIN/password in order to mount the encrypted file system.
So assuming the above is correct, you would be able to access the newly-downloaded ROMs while in Recovery and thus can flash them. But of course, Caveat Emptor with flashing the new ROM - if it forces you to wipe anything, you may end up unable to access any of the data.
Zombtastic said:
Overall, this seems to be crippling a lot of the way I use my phone...
Click to expand...
Click to collapse
From what I've been researching, you won't have a problem anyway, because I haven't come across anyone that has successfully encrypted their phone using a custom ROM. Strangely, this ability seems to be unwanted by XDA people. My tinfoil hat tells me that there are people ensuring that this ability continues to not work on custom ROMs until/unless a backdoor capability is found. Hopefully I'm wrong on many counts.
douginoz said:
From what I've been researching, you won't have a problem anyway, because I haven't come across anyone that has successfully encrypted their phone using a custom ROM. Strangely, this ability seems to be unwanted by XDA people. My tinfoil hat tells me that there are people ensuring that this ability continues to not work on custom ROMs until/unless a backdoor capability is found. Hopefully I'm wrong on many counts.
Click to expand...
Click to collapse
Amazing post by the way! It does seem very helpful.
BUT it's very funny you mention it not working. Because that's exactly what happened. After not getting a response here or in the ROM's forum for a few days, I decided to just take the plunge and do it. I was just planning on testing everything out my self and figuring it out as I went. The first time it seemed fine, the encryption went through it seemed.
Being as I didn't know any of the info you just enlightened me with, I did fear that nothing was truly encrypted though. Everything was transferring to my computer with a drag and drop and working fine, so I was afraid (without evidence) that nothing was truly encrypted. I asked on the ROM's forum again (still waiting for an answer).
That night, my phone was left plugged in charging, yet some how had turned off in the night. I awake to my phone asking for an encryption key. I enter my key in to no avail. Nothing works and my phone is left unable to boot. It was utterly denying my password. I had to reflash. I asked about that in the forums as well, whether that was normal or if encryption was maybe not implemented yet, etc. The dev running the nightlies for my device has responded to the forum multiple times but not to me. Another user mentioned it might be that it is now merged together as a Galaxy Note 2 ROM and not specifically a T-mobile Galaxy Note 2 ROM (might be possible. Idk.).
Now, I have tried to re-encrypt. Multiple times. But I cannot for the life of me get it to even start now. Every time I go to start the encryption process it shows me the fullscreen image of the android unzipped horizontally (at which point it is supposed to reboot and start encrypting) and it hangs/sits there forever. Not rebooting, not anything. If I hit the back button, the image disappears and it goes back to my phone. Working perfectly fine, like it never even started doing anything. I am not doing anything differently. I don't know what could be happening to stop it from even getting as far as it did last time. Unless the devs maybe started working on it and have disabled it for the time being/screwed it up worse, I dunno.
Not you got me crafting a tin-foil hat...

Dealing with an encrypted android phone

I have a OnePlus 3 and I was thinking of encrypting it for additional security & privacy reasons. But since I flash various ROM level mods / use xposed modules on my phone, I was wondering about the negative consequences I have to face after encrypting an android phone.
I have a few doubts which need to be cleared.
1) Since my android phone would be encrypted, would I absolutely not be able to flash any new files/make nandroid backup from the recovery?
2) If 1) is true, which means, let's say I install an xposed module which causes a bootloop. Now I would have no way to disable all the active xposed modules from recovery since the files are encrypted, which means I would have to restore everything from scratch?
3) Is there absolutely no known way of decrypting android/access files unencrypted from recovery if we know the master PIN/password?
Can somebody who has dealt/dealing with an encrypted android phone please answer these questions? Thanks.
Deleted
Hi, thanks for your reply.
Just Passing By said:
1. When you access recovery on an encrypted phone, you have to decrypt your phone. After that, your recovery can do anything it normally could do. This would of course include flashing ROMs, zip files, and making nandroid backups.
.
Click to expand...
Click to collapse
2 things to say about that.
1)Decrypting just to flash files is a huge problem. TWRP/CWM should have a feature when it asks for the master PIN/password on the recovery, then after I enter it, it should decrypt the data on the fly and then mount the system and data partitions unencrypted so that I can flash files without going though all the decryption process.
2)Correct me if I'm wrong, but all android decryption processes I read online require wiping all data/doing a factory reset. That's again a huge problem. Why? In case I flash a mod/install a xposed module which causes a bootloop, I would have no way to decrypt my data, even if I have my master password. Which would mean I would lose all my files which I haven't backed up.
Problems like these could be avoided if TWRP provided permanent decryption/on the fly decryption using the master PIN. Comparing this with veracrypt on windows for e.g. , let's say my windows is encrypted with veracrypt and a hardware failure occurs at some point in the future & windows refuses to boot, but I'm able to load a live ISO. In this case, veracrypt offers a rescue ISO which I could use to decrypt the data without losing all my files after I enter the master PIN. So in this case, I can have security of encryption & also the convenience of decrypting it without losing all my files with the master password in case my main OS refuses to boot.
If I can't decrypt android from the recovery using the master PIN, that would mean in any case my android refuses to boot, I have lost all my files.
3. I'm assume you meant to say "... If we don't know the master PIN/Password?" And the answer to that is yes. If you can't decrypt your phone, you'll lose everything in it, so making periodic backups is a must. Otherwise, there'd be no point if you could just decrypt things right?
Click to expand...
Click to collapse
No, I did not say that wrong, sorry if I wasn't clear enough on my first post. I just wanted to know if there was a way to permanently decrypt android from recovery using the master PIN so that i would be able to recover my files to a USB in case my android refuses to boot.
Deleted

Retrieving data from locked device

My brother passed recently. I am in possession of his s9+ and want to either remove the lock screen PIN (preferable) or just retrieve the pictures (if all else fails). This is very important to me. It is a Verizon phone.
If the images are stored on an SD card and the card is not encrypted you can just take the SD card out and use it from a computer.
If the phone was configured to backup photos to samsung cloud you can try logging into that using the appropriate credentials. The URL for samsung cloud login is https://support.samsungcloud.com/#/login
If the images are stored on the internal storage you are most likely gonna have too contact samsung for help. I honestly don't know if there is a way to do this considering the phone is unrootable and what your asking is to break/remove the phone's security features.
In case it has twrp installed ,you can use it
a_t_21002000 said:
In case it has twrp installed ,you can use it
Click to expand...
Click to collapse
The G965U and G965U1 are unrootable at the moment... So any options for the OP that involve rooting the phone is not going to do much good
Recover file from G965U1
I have a G965U1 from which I want to recover a deleted video. I don't care if I brick the phone. I simply want the video. I'm tempted to rip open the phone, pull the memory and solder on a USB reader. Can you give me any good options prior to the rip.
stevearas said:
I have a G965U1 from which I want to recover a deleted video. I don't care if I brick the phone. I simply want the video. I'm tempted to rip open the phone, pull the memory and solder on a USB reader. Can you give me any good options prior to the rip.
Click to expand...
Click to collapse
Best suggestion (not just to you, this is in general for everyone who has this issue) is that in the future if there is a file you want to keep or is of great value to you make a backup of it elsewhere. I do this with what pics/videos I take on my phone for this very reason. There isn't a reason why no one can't make a backup of an important pic/video with this phone... It has a removable SD card, you can transfer files to a computer or use cloud backup.
Other suggestions:
Did you check the gallery trash to see if it is in there? When you delete a file using Gallery it ends up in the "trash" (essentially acts like the recycle bin on windows). In the gallery app look for the 3 dots that run vertically at the top right corner. Pressing on those will show a menu, the word "trash" will be listed.
Pressing the option to access the trash will show you what is able to be restored on the phone. Files you delete will be sent to the trash and remain there until you empty the trash or 15 days pass since the deletion. If you have the phone backing up the files to Samsung cloud you might be able to access the file(s) from the cloud using the link I posted previously.
If the gallery and cloud storage don't help:
I am afraid there really is no other good option.. The software I can find which does data recovery requires root access (which we can not do). Google searches pretty much yield the same result. There are some that say you can without root, but further reading into them show it's a misleading statement and that root is still needed. You may be able to find a software recovery service locally that might be able to do what you want... And I would suggest (unless you have the tools, software and ability) you go that route first before you try to CSI cyber your way to accessing that data. Please don't take this the wrong way, I do not believe what your thinking of doing will even work... Assuming the location where the video was has not been overwritten by data already (if it was then your SOL unfortunately), removing the memory and placing it onto a USB reader will most likely not resolve/remove any permission based issues.
This is a drawback of not having root ability on our phone
scottusa2008 said:
I am afraid there really is no other good option.. The software I can find which does data recovery requires root access (which we can not do). Google searches pretty much yield the same result. There are some that say you can without root, but further reading into them show it's a misleading statement and that root is still needed. You may be able to find a software recovery service locally that might be able to do what you want... And I would suggest (unless you have the tools, software and ability) you go that route first before you try to CSI cyber your way to accessing that data. Please don't take this the wrong way, I do not believe what your thinking of doing will even work... Assuming the location where the video was has not been overwritten by data already (if it was then your SOL unfortunately), removing the memory and placing it onto a USB reader will most likely not resolve/remove any permission based issues.
Click to expand...
Click to collapse
While this is older topic and probably it doesn't really matter anymore, i might add something. First of all, those phones are factory encrypted. Second, ability to recover deleted files from modern phones in nonexistent in practice. You may find that there was such file but it's already empty inside or not find any leftover that it was even there. You don't have to fully overwrite the space it occupied like on SD cards or HDDs for this to happen. There are mechanisms, like TRIM that take care of deleted content to maintain storage chip performance. It is possible to recover deleted data stored inside database files, like contacts, texts, chats, notes etc.
In general, there's no harm in trying but this requires you to create a decrypted memory chip dump and this either requires root or some fancy exploit, for example to boot custom kernel image with adb and root permissions that won't tamper with data. Achieving root on those devices without factory reset is not really possible for the time being, and enabling OEM unlocking (requires for TWRP and Magisk) itself triggers factory reset (there's a warning so that's good).
Desoldering memory chip and dumping it directly also won't work. First of all due to factory encryption, so no there won't be any useful data and it can't be decrypted outside that specific phone. Second, it's an UFS type memory and this requires expensive reader. The cheapest on the market is currently easy-jtag plus with adapters for UFS, but this still ~$1000 and i'm not sure it supports chips used in S9+.

How to recover deleted .zip from Android devices

Hello All,
I deleted a zip file from my android device(not rooted)., And I need to recover the zip file which contains photos approx 150Mb.
Is there a possible way to recover it., Even paid tools/apps I am ready to try.
Just need to know a valid method to recover it. Please help
Thanks.
siadathali said:
Hello All,
I deleted a zip file from my android device(not rooted)., And I need to recover the zip file which contains photos approx 150Mb.
Is there a possible way to recover it., Even paid tools/apps I am ready to try.
Just need to know a valid method to recover it. Please help
Thanks.
Click to expand...
Click to collapse
Without root? Probably not.
Sent from my SM-S767VL using Tapatalk
Android OS doesn't have a Recycle Bin as that's the case with for example Windows OS, unless you install such an extension.
jwoegerbauer said:
Android OS doesn't have a Recycle Bin as that's the case with for example Windows OS, unless you install such an extension.
Click to expand...
Click to collapse
That is true, but, deleted data doesn't truly get wiped/removed unless the data is overwritten. When a file is deleted, it doesn't get deleted, it just gets marked by the system to be ignored until the next time the system needs to write data, at such times, it will write the new data over the data that has been marked.
Data recovery software does have the ability to find this data that has been marked for deletion and recover that data. But it requires root.
Sent from my SM-S767VL using Tapatalk
Droidriven said:
Data recovery software does have the ability to find this data that has been marked for deletion and recover that data. But it requires root.
Click to expand...
Click to collapse
Most of the recently released higher-end Android devices running Android Lollipop or higher come with data encryption enabled out-of-the-box - in order to be more resistant to government snooping.
IMO even if it may be true that a data recovery software can find and recover deleted data, these data are encrypted and therefore without any use of all, unless you have appropriate forensic tools.
If I'm mistaken then please tell me the data recovery software that can bring back deleted data in decrypted way.
Data recovery software works for you, but all require the phone to be rooted, so you will need to do that first to your device. With root access, it can scan the files that would normally be inaccessible.
It can be recovered back with some data recovery software?If the.zip is too large,i tink it will be difficult to recover back.
Droidriven said:
That is true, but, deleted data doesn't truly get wiped/removed unless the data is overwritten. When a file is deleted, it doesn't get deleted, it just gets marked by the system to be ignored until the next time the system needs to write data, at such times, it will write the new data tover the data that has been marked.
Data recovery software does have the ability to find this data that has been marked for deletion and recover that data. But it requires root.
Sent from my SM-S767VL using Tapatalk
Click to expand...
Click to collapse
I Do not mind rooting now, but !! my understanding is that if I root the device now., It will wipe off all my data in my phone, coz rooting the phone is another way of flashing?? It will be more hard to recover file if my phone is wiped out.
Saenyu67 said:
It can be recovered back with some data recovery software?If the.zip is too large,i tink it will be difficult to recover back.
Click to expand...
Click to collapse
My file is hardly 150MB zip file. Not of huge size.
siadathali said:
I Do not mind rooting now, but !! my understanding is that if I root the device now., It will wipe off all my data in my phone, coz rooting the phone is another way of flashing?? It will be more hard to recover file if my phone is wiped out.
Click to expand...
Click to collapse
Yes, but, only if the rooting method requires unlocking your bootloader because unlocking the bootloader formats the data partition. But, if you can find a way of rooting without having to unlock the bootloader or flashing a custom recovery, it won't format your data partition.
Honestly though, your chances of rooting without unlocking bootloader or flashing custom recovery , aren't very good. To do so would require finding an app or PC program that is a "universal rooting tool" and it would require the tool having an exploit that works on your device.
Or, you could do a Google search for:
"Recover data android no root"
Then try the various tools and methods that finds, if you can find videos in that search, it may help you further.
Sent from my SM-S767VL using Tapatalk

Question Ways to return the device to stock?

I am a bit of a scaredy cat, and I don’t want to pollute the GSI thread with this question.
OnePlus is not offering fast boot flash images for their Nord 2. And the only way to get a custom rom is by flashing a custom vbmeta image and a system image for GSI.
The question now arises, how could one come back from a GSI into stock? I would assume I would need to do ADB push/pull and copy the whole system NAND to a file, then restore that if needed.
Would that be true? Or are there better / faster / safer ways to turn the phone to stock?
I have not yet received my unit, but i want to start tinkering with it as soon as I get my hands on it. So I want to know if there are any ways to undo any and all modifications i would do to the system.
Cheers
Can't twrp backup as system.img
ajaz35 said:
Can't twrp backup as system.img
Click to expand...
Click to collapse
I am unsure if this is being worded as a factual statement, or as a question.
I am telling that TWRP Backs up system as System.img in most Phones.
Same should apply to Nord 2.
ajaz35 said:
I am telling that TWRP Backs up system as System.img in most Phones.
Same should apply to Nord 2.
Click to expand...
Click to collapse
It should apply, but there's the issue of backups needing to be bit-perfect to ensure not to upset dm-verity
I have however found a bunch of commands that i will be testing in about 6 days, once i receive the terminal. I will be placing them for future reference, and for any poor souls who may need this:
Code:
adb backup --twrp -f /directory/to/save/dump.db
Not exactly my cup of tea, but this should combine bit-perfect system and vendor images with space-saving regular file copies of other lesser i mportant partitions, and ignoring the /data/media partition. Should be good enough.
Code:
adb root
adb shell 'dd if=/dev/block/mmcblk0 2>/dev/null' > mmcblk0.img
These two commands should, on an ideal world, with debugging enabled on the target device, and from within TWRP, create a bit-perfect copy of the entire nand and leave them on the CWD. however, the path may differ from what i've found, different chipset and all. However, that's nothing that a good old
Code:
lsblk -l
won't solve. The tricky bit will be actually pulling the file back. Since redirects can seemigly be used to copy the image file to the CWD, redirects may be able to be used to write to disk remotely. This one requires more research.
Alternatively, i will need to buy an OTG cable, get a large enough flash drive, and mount it for the purposes and DD'ing the file out and into the device. If all else fails, with 8GB of RAM it should be able to store 1/16 of the total NAND flash onto ram and slowly stitch the nand in chunks. Not shore how well would that go, too many points of failure. But keeping this for my own musings.
Another possible answer would be to boot into TWRP, running
Code:
lsblk -l
to see all the mount points, and using
Code:
adb push / adb pull
on each of them. Research indicates one can't copy the whole NAND this way, but individual partitions. Should suffice as long as the subsequent coopies are bit-perfect. Assuming one can push the generated image back, this may be the most satisfactory answer.
I will attempt to perform these tasks when i receive the phone and see if it can successfuly restore it's own backup.
ajaz35 said:
I am telling that TWRP Backs up system as System.img in most Phones.
Same should apply to Nord 2.
Click to expand...
Click to collapse
Additionally, one should note that i intend on fully backing up the NAND of the device. Just the system partition is insufficient. as there may be updates on the way that may make restoring the system partition from an OTA image impossible. Therefore, a full NAND copy is needed. altnernatively, if a low-level copy cannot be achieved, individual bit-perfect copies of individual partitions will need to suffice, and hoping no GSI or custom rom maniulates any of the protected partitions.
Do you flash the system.img from my backup?
Oneplus Nord 2 Oxygen 11.3 DN2103 EEA ROM
Flash at your own risk. I am not responsible for any damage or data loss to the device during this process! Downloads: The Fastboot restoration file can be downloaded in here: DN2103_11_A.07 DN2103_11_A.10 *deleted DN2103_11_A.11 *deleted...
forum.xda-developers.com
sakarya1980 said:
Do you flash the system.img from my backup?
Oneplus Nord 2 Oxygen 11.3 DN2103 EEA ROM
Flash at your own risk. I am not responsible for any damage or data loss to the device during this process! Downloads: The Fastboot restoration file can be downloaded in here: DN2103_11_A.07 DN2103_11_A.10 *deleted DN2103_11_A.11 *deleted...
forum.xda-developers.com
Click to expand...
Click to collapse
As I stated previously. I have yet to receive my terminal. So I haven’t flashed anything yet.
however, disabling dm-verity, installing your system image, see it it fails, and if it fails, backing up, will be a great way to test if my backups are effective.
I want to toy around with your image and PHH’s once I get the terminal. So I’m just trying to preemptively have backups in place for when I inevitably flash something without paying attention and bricking the device.
that reminds me, were you the one who needed a full system dump a few weeks ago on another thread? I can upload my image once I get it working
Edit: just checked it was phhusson who needed the dump. Sorry about the mix up
ZanaGB said:
As I stated previously. I have yet to receive my terminal. So I haven’t flashed anything yet.
however, disabling dm-verity, installing your system image, see it it fails, and if it fails, backing up, will be a great way to test if my backups are effective.
I want to toy around with your image and PHH’s once I get the terminal. So I’m just trying to preemptively have backups in place for when I inevitably flash something without paying attention and bricking the device.
that reminds me, were you the one who needed a full system dump a few weeks ago on another thread? I can upload my image once I get it working
Edit: just checked it was phhusson who needed the dump. Sorry about the mix up
Click to expand...
Click to collapse
I tested rhe gsi Versions, but not good i flash my system.img, dtbo, persist and vbmeta and go back to stock
Just got notified that the phone arrived. So this evening i will get it up and running then worry about backing up later.
Hi. How return the device to stock and lock bootloader? Is there manual?​
shnailcheg said:
Hi. How return the device to stock and lock bootloader? Is there manual?​
Click to expand...
Click to collapse
Assuming you didn't install any custom ROM, all you have to do is boot onto fastboot and type fastboot OEM lock or fastboot flashing lock. Forgot which exactly.
I have root installed
shnailcheg said:
I have root installed
Click to expand...
Click to collapse
restore your full NAND backup and godspeed
have you tried this method on nord 2?
shnailcheg said:
have you tried this method on nord 2?
Click to expand...
Click to collapse
I made a nand copy but never backed it up.I ended up not needing root for anything and I won't install any ROMs until there's any good ways to have a failsafe for backups. So to all effects I have a backup I haven't tested. I am not gonna risk losing my IMEI or having a zombified phone due to missing blocks on the backup.
To be specific. I have ways to get data OUT of the phone. But I don't have a reliable way to get the data IN and ensure nothing critical is missing or overwritten in the process. And I am too afraid to lose my phone just testing if backups ACTUALLY work.
K
ZanaGB said:
I am a bit of a scaredy cat, and I don’t want to pollute the GSI thread with this question.
OnePlus is not offering fast boot flash images for their Nord 2. And the only way to get a custom rom is by flashing a custom vbmeta image and a system image for GSI.
The question now arises, how could one come back from a GSI into stock? I would assume I would need to do ADB push/pull and copy the whole system NAND to a file, then restore that if needed.
Would that be true? Or are there better / faster / safer ways to turn the phone to stock?
I have not yet received my unit, but i want to start tinkering with it as soon as I get my hands on it. So I want to know if there are any ways to undo any and all modifications i would do to the system.
Cheers
Click to expand...
Click to collapse
Keep nandroid backup evry time you want to go back just restore that nandroid backup using twrp if you gets data restoration error just deselect data emmc win file in backup and restore.
Remember on android 12 gsi twrp data encryption issue so u can't able to access internal storage to restore the backup so first go back to android 11 gsi, now transfer that backup to twrp folder and then boot back to twrp and restore
I personally done this when I stuck on android 12gsi
pankspoo said:
K
Keep nandroid backup evry time you want to go back just restore that nandroid backup using twrp if you gets data restoration error just deselect data emmc win file in backup and restore.
Remember on android 12 gsi twrp data encryption issue so u can't able to access internal storage to restore the backup so first go back to android 11 gsi, now transfer that backup to twrp folder and then boot back to twrp and restore
I personally done this when I stuck on android 12gsi
Click to expand...
Click to collapse
One thing i have been reading from the TWRP Nandroid backups, is that people who install the GSI and then restore, lose their IMEI data and other baked-in addresses.
Is that the case? I would imagine that since TWRP backups aren't bit-for-bit it could cause problems. Have you tested for that?
EDIT: additionally, i guess i absolutely need an OTG adatper to properly restore the backup, since the mere ac of restoring the backup would destroy the backup in the process, wouldn't it?
ZanaGB said:
One thing i have been reading from the TWRP Nandroid backups, is that people who install the GSI and then restore, lose their IMEI data and other baked-in addresses.
Is that the case? I would imagine that since TWRP backups aren't bit-for-bit it could cause problems. Have you tested for that?
EDIT: additionally, i guess i absolutely need an OTG adatper to properly restore the backup, since the mere ac of restoring the backup would destroy the backup in the process, wouldn't it?
Click to expand...
Click to collapse
No if u r on android 12 gsi u need OTG there twrp will not work.
No issue in Restoration on android 11gsi
pankspoo said:
No if u r on android 12 gsi u need OTG there twrp will not work.
No issue in Restoration on android 11gsi
Click to expand...
Click to collapse
So. The way i understand it.
1: Full backup from the stock ROM ( Android 11 Based ) using TWRP
2: Install a GSI, for example, Android 12 GSI
3: In need of going back, first install the Android 11 GSI
4: Once with the 11 GSI installed, recover the TWRP Backup
Would that be correct?

Categories

Resources