Is being rooted a security risk on an encrypted device? - General Questions and Answers

Before anyone yells at me and links different threads on encryption i've spent the past 3 hours already researching and trying to find an answer to this. I am also aware that custom recoveries can not be used as well as flashing being the only way to revert.​
I'm debating on whether or not doing a full disk encryption would be any less secure if the device was rooted since the root is isolated under the encryption. So my question is does being rooted allow for any sort of way to bypass the encryption or execute any sort of security vulnerability or at least help break the encryption? Or is it irrelevant since the root resides in the /data and that would be encrypted?
I want to the device to be as secure as possible and yes I know I will have to use a 16 char key phrase password to prevent the brute force attacks that have been shown effective on pins since the device uses your device password for the key.
Can anyone shed some light on this? I'm thinking it would be best to go back to stock without a root and encrypt from there, but if rooting is not a security risk on an encrypted device i'd very much like to keep the device rooted.
Thank you for your time.

Related

"Noob" security question

Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Yes it definitely is less seure
IronRoo said:
Yes it definitely is less seure
Click to expand...
Click to collapse
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Yes, basically everything is less secure. Eg
quote "By gaining root access, you get total control over the entire system. With the right skills and tools, you can read and modify almost any parameter on your device. This is the reason why some apps, as as SuperSU, require root access in order to work properly. However, this type of access is a double edged sword as with root access nothing is there to prevent malicious applications from wreaking havoc on your system: system files can be corrupted or deleted, personal information can be skimmed, and you could even soft brick your device."
https://www.androidpit.com/5-reasons-not-to-root-your-device
And possible even just having su binary installed is an issue, though it's not clear to me whether this has been confirmed, it seems precautionary to me, if it's just a LinageOS issue or more devices are vulnerable, however this weeks update to Linage OS is trying to address this. Anyhow the fix seems to have some extra benefits
https://lineageos.org/Changelog-9/
Also, just to be clear, you are still able to be hacked even if you are not rooted, but it's a whole lot more difficult.
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Also just to be a tad bit more correct in nature,
Rooting or unlocking your bootloader do NOT necessarily mean your device is any less secure than it is when you first turn it on after purchase.
Many people tend to misunderstand what rooting a phone is intended for, and most of the popular "One-Click" methods are simple apps you download install and run on your phone to acquire root access through a process called "Privlidge Escalation" which gains permission as root by simply climbing a chain that eventually lets it give you access to all your phones internals,
Thus in theory, any given app could be injected with that same code & then used to MALICIOUSLY root your device (without your knowledge or control) which would obviously be a MAJOR security flaw *Cough Cough* on Google's end *Cough Cough* but since it is generally only used by geeks who want to use a phone properly they don't look too much deeper past that. However rooting your device by yourself, unlocking your bootloader by yourself, controlling root permissions via SuperSU or like application ensures if anything TRIES to gain root access YOU being the owner of YOUR device can deny the possible threat instead of never being aware of it........
Thanks for your reply.
What is *Cough Cough* ?
BTW I understand that a malicious application can take control of my device without I know it, if it's not rooted, by using the same code as applications rooting your device.
Do I have well understood what you wrote ?
But how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application...
It's a veritable vicious circle.
?
The question you should be asking yourself is this. Why do I want to root my device?
Though, any device may have vulnerabilities which can be exploited to gain root like mentioned. If you want to keep your device secure, do not install or use anything from an unknown source.
samehb said:
The question you should be asking yourself is this. Why do I want to root my device?
Click to expand...
Click to collapse
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
iwanttoknow said:
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
Click to expand...
Click to collapse
SuperSU will automatically deny anything asking it to provide root access by default . When you have an app for rooted phones installed and you run it for the first time you will get a pop-up from the SuperSU app to say "Yes, go ahead" or "No!" to anything before it even runs. So for me I always try to get devices with a way to root available because its the only way I know if stuff is trying to gain root access without my permission & watch it's actions.
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Oh okay dude apologies the Open Source alternative to SuperSU is Phh's SuperUser & you can find it in the magisk related forum. SuperUser is only questioned as "Malicious" because ChainFire keeps the source closed from what I understand, so I believe it was Phusssion who came to light abt showing us systemless root methods with his open source root management app . You may need to root your phone with an unsafe method, & install Magisk Manager & deploy a magisk install to get the open source variant to work though, not 100% sure
It seems that it will be more and more difficult to root a mobile with new Android's versions.
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
I agree! And it also feels like its becoming a very heavy marketing plot aspect instead of another thing that made Android great. Like are we just supposed to pay ridiculously for the Pixel to obtain root? & for the record, that "Essential" phone, is still sorta essentially too expensive......
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Phh superuser with Magisk is a 100% open source method for managing root access on your device
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Primokorn said:
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Click to expand...
Click to collapse
Thanks I was trying to find one of those lol. As ive seen this question asked hundreds of times within recent months across forums
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
BIG_BADASS said:
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
Click to expand...
Click to collapse
Thanks a lot for your detailed answer.
If you need security, just root and install supersu or magisk.
If you have xposed framework, then try a nice fire wall like Xprivacy
As far as I can tell both SuperSU and Magisk are trusted and reliable, people wouldn't be using them, if they were untrustworthy. And I agree with Big's comments, freedom and ability to manipulate what you want in the device comes with a significant security issue. You are going to have to be careful about this either way.

Typical Rooting Problems.

I Successfully rooted my Huawei phone today without the need for going through DCUnlocker for the bootloader unlock code by using an alternate hardware level method and a tool called PotatoNV. Soon after I Unlocked the bootloader, I realised my fingerprint scanner stopped working. Not just that, All the options in the settings and apps that related to fingerprint sensor were missing. It was like, the functionality never existed on my phone.
After a bit of research, I discovered that these kinds of problems were very common, not just with Huawei phones, but with most popular manufacturers including Samsung. One of the community threads pointed out about the Knox security mechanism on Samsung phones is the reason that the fingerprint functionality stopped working after an attempt of unlocking bootloader or rooting the phone. So, Conclusion: It's the Security feature that causes this issue whenever you try to unlock the bootloader or try to root the phone.
My question to anyone who is interested in answering: Is there any walkaround like deleting or modifying a file in the root directory that might fix the issue?. I ask this because, I found on a Motorola/Lenovo manufacturer community forums, the issue was sorted just by deleting some files related to the fingerprint sensor from the root directory.
PS: I am pretty sure, this thread is going to be dead, but, someone once said: Hope is a good thing.
Rooting a phone's Android technically spoken is to add SU ( read: super user and/or switch user ) - what is missing by default - to Andoid's /system directory and/or /vendor directory. To do so it's NOT required that phone's bootloader gets unlocked before.
All you have to do is to disable AVB afterwards: this can get achieved by "avbctl" tool.
jwoegerbauer said:
Rooting a phone's Android technically spoken is to add SU ( read: super user and/or switch user ) - what is missing by default - to Andoid's /system directory and/or /vendor directory. To do so it's NOT required that phone's bootloader gets unlocked before.
All you have to do is to disable AVB afterwards: this can get achieved by "avbctl" tool.
Click to expand...
Click to collapse
Well it looks like you haven't rooted a huawei phone before

is it possible to us majisk without factory resetting?

i'm trying to recover data (mostly folders in my internal storage such as screenshots, screecaptures, etc.) but the programs i am using need my phone to be rooted. My phone runs on android 9 and needs it's bootloder to be unlocked but i need to know if there is a way to d this without factory resetting which may overwrite the lost data which i cannot recover when doing so.
A Factoy Reset only wipes files what means it deletes their entries in Android's inode-table , it doesn't overwrite them. The diskspace previously allocated by the now wiped files becomes orphaned, thus can get reused.
Use ADB pull to extract user-data files where a rooted Android isn't needed.
See also here:
How to Download Files to the Computer with ADB Pull - KrispiTech
You can actually copy and download files from your Android smartphone to the PC using some simple ADB Pull commands as long as you enabled USB Debugging.
krispitech.com
so i can still recover files i deleted prior to a factory reset needed to unlock my oem?
please reply
To recover deleted files Android must be rooted and a special commercial forensic software must be used. GIYF ...
xXx yYy said:
To recover deleted files Android must be rooted and a special commercial forensic software must be used. GIYF ...
Click to expand...
Click to collapse
do you know any that i should use?
Your device is encrypted with FDE. the same answer applies. One can't recover data after factory reset. encryption key is gone forever, and so is your data.
edit: if you haven't done factory reset yet, device might still encrypted with same crypto-footer. this leads you to hypothetical option to obtain temporary root shell and pull decrypted block partition /dev/block/dm-0 (or whatever)
assuming you found vulnerability/exploit and managed to get raw dump, still your chances to recover deleted files are low, because of the way android flash translation controller handles eMMC flash storage.
aIecxs said:
Your device is encrypted with FDE. the same answer applies. One can't recover data after factory reset. encryption key is gone forever, and so is your data.
edit: if you haven't done factory reset yet, device might still encrypted with same crypto-footer. this leads you to hypothetical option to obtain temporary root shell and pull decrypted block partition /dev/block/dm-0 (or whatever)
assuming you found vulnerability/exploit and managed to get raw dump, still your chances to recover deleted files are low, because of the way android handles eMMC flash storage.
Click to expand...
Click to collapse
if only i have discovered these posts sooner...
so those recovery apps are useless?
most of the data recovery tools / one-click-rooting apps aren't working anymore since marshmallow. there are however some companies like cellebrite claiming they can still hack. maybe they got somehow access to Samsungs OEM signing keys idk
Don't know if I got you right, you haven't factory reset your device, yet?
This app might help you to find existing files and thumbnails of deleted files. To my understanding it won't undelete anything but some users claim different. It will search for hidden trash can in gallery, maybe you are lucky...
FindMyPhoto – Recover Photos o - Apps on Google Play
A truely free app to recover deleted photos on Android devices.
play.google.com
aIecxs said:
Don't know if I got you right, you haven't factory reset your device, yet?
This app might help you to find existing files and thumbnails of deleted files. To my understanding it won't undelete anything but some users claim different. It will search for hidden trash can in gallery, maybe you are lucky...
FindMyPhoto – Recover Photos o - Apps on Google Play
A truely free app to recover deleted photos on Android devices.
play.google.com
Click to expand...
Click to collapse
i did factory reset...
i should probably give up and move on, shouldn't i?
the app looks really promising, but it has alot of one star reviews
just another useless app..
better root your device, factory reset again and disable encryption. this way you are prepared next time
aIecxs said:
just another useless app..
better root your device, factory reset again and disable encryption. this way you are prepared next time
Click to expand...
Click to collapse
have you actually used the app, seen the reviews, or both?
Best Cellebrite Alternatives & Competitors
Compare the best Cellebrite alternatives in 2023. Explore user reviews, ratings, and pricing of alternatives and competitors to Cellebrite.
sourceforge.net
Besides Cellebrite is there an alternative
Besides Cellebrite is there an alternative to capturing data from a cell phone on the physical side (ie deleted items)? In addition to bypassing the ...
www.forensicfocus.com
https://www.reddit.com/r/computerforensics/comments/a1j43j
These links have cellebrite alternatives and one person said that they use odin + twrp. I hope some of them are freeware/ have free trials. Can someone help me verify if these are legit?
moutsu said:
have you actually used the app, seen the reviews, or both?
Click to expand...
Click to collapse
another user suggested this app. but only helpful to find existing pictures in trash can. read full discussion here
https://android.stackexchange.com/q/231132
moutsu said:
These links have cellebrite alternatives and one person said that they use odin + twrp. I hope some of them are freeware/ have free trials. Can someone help me verify if these are legit?
Click to expand...
Click to collapse
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
aIecxs said:
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
Click to expand...
Click to collapse
aww
to let anyone know about how i ended up into this rabbit hole of recovery apps and finding out about xda, heres a backstory: some, if not all, of the folders were deleted in the storage/emulated/0 file directory after possibly me deleting them after they have popped up in an app that accessed your files. this is why i've been asking questions and doing research on how to recover them. i had to root my device according to the answers, but i didnt want to unlock the bootloader but i had to unlock it eventually. i really regret doing that. if this happens to someone in the future, i would ask anyone if it is possible to recover the files in storage/emulated/0 after they were deleted.
aIecxs said:
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
Click to expand...
Click to collapse
so there IS a way? if it's not impossible then it is possible!
x=1
Kds ld fhud xnt dwzlokd.

[Xiaomi] How to unlock phone after forgetting the password.

Hello,
today it happened that I forgot a password to my phone. I've tried to restore it by logging in into my xiaomi account and my google account. Unfortunately it only offers to wipe my data, which I want to avoid at all costs.
I have Poco F2 Pro on MIUI 13
Is there known a bug which could in any way make me unable to log into my phone?
Please help me. I am really desperate. I beg you. If you need any information about this case and it's sensible to share it there, please ask.
people report similar on updates, but I don't think it's official known bug. however, there is gatekeeper in background which will deny correct password after too many attempts, timeout increases up to 1 trial per day. if something corrupted it might happen this deny is silent without notifying you.
so best what you can do for now is nothing, just wait for 24 hours and keep on charging.
perwell said:
Hello,
today it happened that I forgot a password to my phone. I've tried to restore it by logging in into my xiaomi account and my google account. Unfortunately it only offers to wipe my data, which I want to avoid at all costs.
I have Poco F2 Pro on MIUI 13
Is there known a bug which could in any way make me unable to log into my phone?
Please help me. I am really desperate. I beg you. If you need any information about this case and it's sensible to share it there, please ask.
Click to expand...
Click to collapse
if you're decrypted you can delete your lockscreen in twrp if you're encrypted you'll need to remember your password otherwise it's wipe data
@jons99 if OP would have the availability to access lockdettings it would be also possible to backup data, right?
aIecxs said:
people report similar on updates, but I don't think it's official known bug. however, there is gatekeeper in background which will deny correct password after too many attempts, timeout increases up to 1 trial per day. if something corrupted it might happen this deny is silent without notifying you.
so best what you can do for now is nothing, just wait for 24 hours and keep on charging.
Click to expand...
Click to collapse
It would be strange to ask again for password every 2 minutes and silently block out for the whole day. Actually it would rather bad for the actual users rather than unauthorized break in.
I've tried many times and I'm quite sure that I've typed the correct password at least once. Are there any options like blocking it through Xiaomi cloud and maybe it would ask to log into the account. I've tried changing the password but it still does not work (maybe it was made after too many attempts).
Does the password to phone change when it is changed to the Xiaomi account?
as stated above, it doesn't matter you typed the correct password
aIecxs said:
@jons99 if OP would have the availability to access lockdettings it would be also possible to backup data, right?
Click to expand...
Click to collapse
any one with working twrp can access the lockscreen file but if your device is encrypted you'll be locked out if you delete it
Poco F2 Pro on MIUI 13 /data/system/lockdettings.db is unencrypted despites /data partition is encrypted?
aIecxs said:
Poco F2 Pro on MIUI 13 /data/system/lockdettings.db is unencrypted despites /data partition is encrypted?
Click to expand...
Click to collapse
if his data partition is encrypted then it doesn't matter deleting locksettings won't help
except for most Xiaomi devices encrypted with default_password where lockdettings.db can be deleted safely (if you would have access to decrypted /data partition, which would also allow you to backup /data)
aIecxs said:
except for most Xiaomi devices encrypted with default_password where lockdettings.db can be deleted safely (if you would have access to decrypted /data partition, which would also allow you to backup /data)
Click to expand...
Click to collapse
To access files I need to enable file transfers. Besides I also wouldn't want to risk bricking the phone.
as your bootloader is locked there is nothing you can do anyway... this was just side note question to @jons99
it's true that file-based encryption is tied to lock screen credentials, but MIUI 13 is insecure and implemented metadata encryption in a wrong way so that TWRP is able to decrypt without password, like it was common on full-disk encryption.
full-disk encryption requires decrypted partition first in order to access files on it, so the suggestion to delete locksettings.db is pointless as goal (access /data) would already achieved before. but I am curious about file-based encryption and metadata encryption leaves /data/system unencrypted. while it for sure would break file-based encryption, I am not quite sure this applies to MIUI weak metadata encryption too, if we delete locksettings.db
aIecxs said:
as your bootloader is locked there is nothing you can do anyway... this was just side note question to @jons99
it's true that file-based encryption is tied to lock screen credentials, but MIUI 13 is insecure and implemented metadata encryption in a wrong way so that TWRP is able to decrypt without password, like it was common on full-disk encryption.
full-disk encryption requires decrypted partition first in order to access files on it, so the suggestion to delete locksettings.db is pointless as goal (access /data) would already achieved before. but I am curious about file-based encryption and metadata encryption leaves /data/system unencrypted. while it for sure would break file-based encryption, I am not quite sure this applies to MIUI weak metadata encryption too, if we delete locksettings.db
Click to expand...
Click to collapse
I'm pretty sure xiaomi is using file based encryption and without the locksettings you won't be able to decrypt your data I mean the system will load but you won't be able to use it as it will show phone is starting message forever cause it won't be able to decrypt your data on the other hand I don't know much about xiaomi so I guess anything is possible
nope, actually it's metadata encryption (but I have never seen personally as I don't got such device in hands)
Code:
/dev/block/bootdevice/by-name/userdata /data f2fs noatime,nosuid,nodev,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,inlinecrypt,checkpoint_merge latemount,wait,formattable,fileencryption=ice,wrappedkey,keydirectory=/metadata/vold/metadata_encryption,quota,reservedsize=128M,sysfs_path=/sys/devices/platform/soc/1d84000.ufshc,checkpoint=fs
perwell said:
Hello,
today it happened that I forgot a password to my phone. I've tried to restore it by logging in into my xiaomi account and my google account. Unfortunately it only offers to wipe my data, which I want to avoid at all costs.
I have Poco F2 Pro on MIUI 13
Is there known a bug which could in any way make me unable to log into my phone?
Please help me. I am really desperate. I beg you. If you need any information about this case and it's sensible to share it there, please ask.
Click to expand...
Click to collapse
Hi my friend
Were you able to unlock your cell phone?
It just happened to me with a xiaomi redmi note 8 and every time I try, the device makes me wait 64 minutes.
SBUnlock said:
Hi my friend
Were you able to unlock your cell phone?
It just happened to me with a xiaomi redmi note 8 and every time I try, the device makes me wait 64 minutes.
Click to expand...
Click to collapse
Did you previously unlocked bootloader with Miflash Unlock Tool?
aIecxs said:
Did you previously unlocked bootloader with Miflash Unlock Tool?
Click to expand...
Click to collapse
Not yet
The truth is that I am new to this, when I investigated about Miflash Unlock Tool, I see that it is used to unlock bootloader, not to unlock cell phone security pattern.
I am right?
I need to unlock the security pattern of my cell phone
you can't unlock bootloader, it's too late. you are screwed. either give it back to the child for playing (hopefully one day it get unlocked) or factory reset phone. you can't break screen lock on locked bootloader no matter what encryption type used.
aIecxs said:
you can't unlock bootloader, it's too late. you are screwed. either give it back to the child for playing (hopefully one day it get unlocked) or factory reset phone. you can't break screen lock on locked bootloader no matter what encryption type used.
Click to expand...
Click to collapse
THANK YOU SO MUCH FRIEND,
Is there an android security option that after many failed attempts, blocks the correct pattern?
until now, theres still no solution to this bug

Reading directly from onboard flash

I was not sure where else to put this thread so I apologize if this forum is not appropriate. I am planning to desolder the flash chip from my old Samsung S6 and use either the ZX3 Easy-JTAG or the NuProg-E2 to read the contents of the chip. I just realized that the contents of the chips is probably encrypted, probably using the PIN to do so. Does anyone know if this is true? If so, what mechanism is used to encrypt it? I have no issue writing some software to decrypt it given the PIN if I knew how it was encrypted to begin with.
you don't need the pin it's just encrypted with default_password. But it's impossible to decrypt offline. either get mainboard back to life and boot into android, or just smash it with hammer and throw it into garbage.
aIecxs said:
you don't need the pin it's just encrypted with default_password. But it's impossible to decrypt offline. either get mainboard back to life and boot into android, or just smash it with hammer and throw it into garbage.
Click to expand...
Click to collapse
Thank you for your response, I do have a follow up question though. I read somewhere that since Android 10 the storage is encrypted. Doesnt that mean that it is encrypted via software, presumably from the Android software itself? Since Android is open source, wouldnt it be possible to decrypt it in the same manner as Android does when it loads it? I am hoping my reasoning is correct but I admit that there could always be something unbeknownst to me that makes this impossible, some as some firmware or onboard circuit in between the cpu and the storage. If it is possible, I am more open to buying those expensive flash chip readers I mentioned to recover the data.
android offers encryption since Android 5.0 Lollipop. you would have noticed that if you followed the link.
aIecxs said:
android offers encryption since Android 5.0 Lollipop. you would have noticed that if you followed the link.
Click to expand...
Click to collapse
Yea thats true but its not mandatory since Android 10.0, from what I read.
aIecxs said:
android offers encryption since Android 5.0 Lollipop. you would have noticed that if you followed the link.
Click to expand...
Click to collapse
Also, the link made it seem possible? Or am I missing something?
I also found this: https://source.android.com/docs/security/features/encryption/full-disk
```
Upon first boot, the device creates a randomly generated 128-bit master key and then hashes it with a default password and stored salt. The default password is: "default_password" However, the resultant hash is also signed through a TEE (such as TrustZone), which uses a hash of the signature to encrypt the master key.
```
I dont know what a TEE actually is, but I am guessing this is what makes it impossible? Unless the master key is stored somewhere other than the internal flash it seems that everything you need to decrypt is available to you, assuming you know the PIN.
(FDE) full-disk encryption is mandatory since Android 6.0.1 Marshmallow.
(FBE) file-based encryption is mandatory for devices shipped with Android 10.0 Quince Tart.
encryption keys are hardware-backed in TrustZone TEE yet another proprietary operating system not accessable from eMMC storage.
if the mainboard doesn't show any sign of life on lsusb just forget about it.
aIecxs said:
(FDE) full-disk encryption is mandatory since Android 6.0.1 Marshmallow.
(FBE) file-based encryption is mandatory for devices shipped with Android 10.0 Quince Tart.
encryption keys are hardware-backed in TrustZone TEE yet another proprietary operating system not accessable from eMMC storage.
if the mainboard doesn't show any sign of life on lsusb just forget about it.
Click to expand...
Click to collapse
Ok, thanks for clarifying. I originally based this project on this video:
Since I have an S6 myself I was hoping it would work for me but I have no idea if the storage was encrypted. I am hesitant to gamble a thousand dollars on a solution that may not work for me.
Also, theoretically, couldnt you get the encryption keys from the processor itself if you could somehow power it on in debug mode? Sorry if debug mode is not the correct term.
Thank you again for all your help.
theoretically... but SM-G920F is Exynos SoC
http://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html

Categories

Resources