A couple weeks ago I upgraded from ICS to Jelly Bean, but likely because my phone was rooted, it decided to crash on me during the upgrade process and I was forced to do a factory reset to regain access to my phone. Unfortunately I had enabled disk encryption, and I had lost access to my SD card. Even though I know my PIN number, I could not access my SD card or data on it. I purchased an SD reader for my PC and I am able to see the pictures and other files that were encrypted, however, I cannot successfully open them.
I read this article that someone had successfully brute forced an attack against the encryption for the Android platform: <url removed because I'm a new user>
I also read this article that discusses how the encryption works: <url removed because I'm a new user>
I know my PIN and I also know that the phone had generated a random salt that was wiped when I did the factory reset, so I'm guessing my data may be lost forever. But I just wanted to ask if was possible that an exploit might help in a situation when the PIN is known but the generated salt is not (due to a factory reset).
Thanks,
Mark
Related
Hi all,
So I've got a new Nexus S, and I'm running the stock 4.0.3 from Google. This phone hasn't yet been rooted or had the bootloader unlocked.
I'm a big security fan, and I've read about how tools exist that can simply slurp all the data off a phone without even breaking a sweat, and I'd like to be able to defeat such abilities. Ideally, I'd even like to be able to have su access to a device as the authorized user and owner (This is a Wind Mobile Canada phone, the carrier has no stake in it at all). I remember hacking away at my T-Mobile G1, and being a little concerned that merely pressing a button to get into the recovery at boot-time would enable full access to everything on the device for a knowledgeable attacker.
So I see under "Settings - Security" there's an "Encrypt Phone" option. Google has documentation here for the Galaxy Nexus, but it lacks specifics.
Can anyone here provide or point me to proper details? What is encrypted, how is it encrypted, how strong is the encryption, how much impact does this have on performance and battery life?
*edit - I just found this. If I'm reading this right, this is FDE on the /data partition, which is very good. Still doesn't do anything for the sdcard/usb partition though.
Have you tried it? On my Nexus S 4g (which is, I grant you, slightly different) it DOES encrypt the sdcard as well. I'm interested in other's experiences with FDE. Particularly weaknesses and developing procedures for restoring/flashing after enabling FDE.
Hi,
As part of setting up a work email account, I had to encrypt my Nexus S including the SD card. Unfortunately, that meant that I could not access the SD card to transfer music, photos...or most importantly, new ROMs to flash. I did a factory reset, which seemed to be the only option to get rid of it.
I have now gone back to Gingerbread as it does not have full encryption as an option ( so allows me to keep my work exchange account with just a pin password) But I am keen to try ICS again.
Does anyone have any solution for accessing the SD card on an encrypted phone?
Cheers
What would be really interesting if there is a way to password protect the bootloader. Does anyone know?
Best regards,
SuperMaz
Don't worry, it's a security question alright.
I live in Eastern Europe, which is on the far side of the Samsung support network and I have samsung galaxy s3 phone (GT-9300 i guess). My repair options look a little bit bleak. I must either ship it back to France, from where it is bought, or I must seek help of non-licensed technicians. Thank God, there are quite a lot around here and for problems like this they do wonders.
I am worried though that the technicians may try to meddle with the software of my phone and do something nasty with it while the phone is in their possession. I use the phone quite a lot to access various servers trough ssh and the servers contain semi-sensitive information about customers, phones, the equivalents of social security numbers in my country and etc. Of course I will delete my present information, but how about the future. If someone has hacked versions of the firmware, it will be a child game to get the passwords for my servers.
So I need to secure the software of my phone somehow and I'm not sure of my options, so I'm asking for advice which is better. I have experience with Linux, but about Android I'm a quite noob. I had my Amazon FireHD Tablet rooted and installed with CyanogenMOD, so I know a little bit about ROM images. The phone itself is unrooted with original software and is not locked to a carrier.
Should I:
1. Try to back up my entire ROM image?
There are various questions here. It looks that I cannot download standalone original ROM image directly from Samsung so I must back up mine. But in the bootloader (which opens with volume up/down + home + power) it seems that there are no options for backing up rom image, only for restoring trough ADB of SD card. Should I try to root, install alternative bootloader and then back up everything.
There is one very important sub-question here: Will the phone signal me somehow If someone replaces the original bootloader with say, non-signed one? What If someone changes the bootloader as well as the system image?
2. Should I try to ecrypt my phone.
I cannot get easily information about what exactly is encrypted. Pretty sure that the bootloader itself cannot be encrypted anyway. How about the system image. Is it encrypted ?
I'll be thanful for any help about these two ideas as well as any others?
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
84598432951
fadedout said:
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
Click to expand...
Click to collapse
Thank You for the informative answer!
I had to do this once and what I did was:
- Root phone (which I always wanted to do)
- Perform a full backup to SD card
- Remove SD card and perform a factory reset of the phone
Then off to repairs.
Once back, I did again a factory reset (just in case) and then restore the lot
Seems a lot to do, but I have some sensitive data on it and didn't want to risk it too much. Besides during the restore I took the opportunity to upgrade to 4.3 (at the time)
glass
why dnt you buy a chinese glass and change it yourself its so easy and cheap, around 10 euros or so? i did the same for my old phone
Dear XDA-Community,
I'm writing to you after extensive google search without any proper help for this weird situation. I'm on a Galaxy S2 with a rooted android 4.1.2 afaik, and unfortunately I'm only the type of "forum expert" that can follow complex instructions but has no real clue about what exactly the software mechanisms behind are.
The phone has been encrypted for years now, password never changed and password is the same as on my tablet. The phone occasionally reboots because the second phone in my pocket pushes against the power button of the S2. Has been annoying but never a problem.
Now today, the same happens. Phone reboots and asks for decryption password as usual. I type it in, short delay, "Please type again". I carefully retype and get the same result. I check keyboard layout or anything and type again while checking every character carefully -> same result. Because at this point I doubt my own intelligence, I check if the same password works on my tablet and it works without problems.
So basically it appears as though my phone "forgot" the pass, if that even makes any sense. I know enough about encryption that that should be impossible and trying other passwords is basically pointless.
What is strange, is that it seems as if there is almost a second delay between submitting the correct password and getting the "please type again" answer, while with incorrect passwords the prompt immediately shows.
I've tried some useless things like entering the pass in recovery mode, whiping the cage and davyk cage (iirc). Restoring obviously don't work because I didn't backup before. Backing up to internal SD yields the following messages:
ClockworkMod Recovery Screen after Backup attempt:
-Start-
ClockworkMod Recovery v5.8.1.8
SD Card space free: 1902MB
Backing up Boot Image....
Backing up Recovery Image...
Backing up System...
Backing up Data...
Can't mount /data!
-End-
only change that might have taken place recently is that a week ago the superSU software successfully downloaded an update and I'm not sure but the phone may not have been rebooted since. Can SuperSU mess with any encryption/decryption password things?
I'm down to 7 chances before my system is whiped and let me say, the amount of idiocy regarding what is on that phone that is not backed up somewhere is unimaginable.
So there I am begging for your wisdom.
Has any of this happened randomly before?
Thank you so much in advance and I wish you the best of days.
P.S.: Back that data up - from a moron who doesn't want to share his feeling of remorse with other undeserving droiders
I purchased two VS995's last year for myself and my wife from Verizon, and up until recently it worked great. Last month, I entered a boot loop that wouldn't stop and took it to a repair shop.
While looking into fixes that might work before contacting a shop, I remember reading that the V20 was encrypted by default as well as that by requiring a user to input a PIN during boot your device also was encrypted.
I assumed this would hinder recovery efforts and that I was throwing money away by taking it to a repair shop, but was assured that it wouldn't matter during a chip off recovery, since no data is stored encrypted.
I am familiar with data recovery from broken hard drives and partitions on both Linux and Windows, but I'm not sure about how the process works with encrypted file systems and chip off methods on Android devices.
If anyone could offer any information on if the above is correct regarding the encrypted file system and it not being a problem, or how to deal with it if it is, I would really appreciate it.
My thought process was to get an image of the file system and load it into either something like BlueStacks as the local file system to extract data off that wasn't backed up to the cloud (Quickmemos, current browser session on Chrome, the list goes on and on), or mount it using linux like any other partition.
I'm not sure if I can go in and ask the repair shop to specifically make a binary image of the chip so that I can recover the data myself or not and provide them with a flash drive, but I figure it's worth a shot. I used my phone in place of a computer, and had pictures of my family's social security information that my work had requested as well as internal documents I had to learn as a manager when I was promoted. I figured they were protected by the boot up password until I could back them up, and the phone died a few days before my scheduled backup. Anyone who repair phones for a living have any thoughts on how to request specific things from a phone repair place or how you want your data handled?
I appreciate all the help, and apologize for the long winded post. I wanted to try to cover everything in one shot I also forgot to mention that the phone is 100% stock. Thanks in advance!
userdata (all your actual data) certainly is encrypted by default (though rooting usually disables the encryption), requiring a pin at boot or not is just changing how the real encryption key is stored ( encryption key of the encryption key). AOSP article goes into some more detail.
No idea how shops handle it, I've just done a bit of research on it before.
Background:
A person I know, dropped his phone (Android Oreo or above) into the water while at a beach. He tried keeping the phone in a bag of rice etc., but he can't get it to work. It won't even start. Samsung support said he'd need to replace the motherboard. He does not want the phone working again, but he wants the vacation photos from the phone. In Bangalore, there are some data recovery services that say they can recover the data for him (one of them mentioned some Spider technology).
Primary question:
Is the data recovery team's claim that they can recover the photos, actually legitimate? Can the photos be recovered from the phone in such a situation? How would they do it? Since the data on the phone would be encrypted (a password was needed to unlock the phone), would the data recovery team use a motherboard from a similar phone, connect it to the data storage and ask him to type his password to be able to access the data? If instead they removed the NAND storage and connected it to another board, wouldn't it be impossible to access the data without typing the phone's unlock password to decrypt it?
Concerns:
They might be bluffing, and this could just be a way to get paid for the "effort" that they put in to try recovering the data even if they can't eventually do it.
The data recovery team could clone the data and use brute-force techniques to gain access to any other data.
They could misuse any payment information stored on the phone.
They may view WhatsApp chats or other WhatsApp data stored (he says his WhatsApp is protected by fingerprint recognition).
if privacy is the main concern here, do it through samsung, through the official means. whats more important, the price of a motherboard or their privacy ?