Hello people,
I got a big problem:
TWRP won't restore my only backup. Unfortunately its encrypted...
The MD5 is alright and when checking the log it decrypts alright as well, but it fails on some firefox cache file in data/data.
So I would like to manually decrypt and extract the files (at least as much as possible) but I can't figure out how.
---
I know TWRP uses openaes for encryption. So I tried to run the following command on the backup files to decrpyt them:
Code:
openaes dec --key "[email protected]$$w0rd" --in backup-file --out backup-file.tar
But the resulting tar is not valid. So the password must be incorrect. (the password I wrote is not the one I used in TWRP to create the backup, but its a similar one with special symbols).
Someone please tell me how to hand the password to openaes correctly so it decrypts the backup file actually.
Given the password "[email protected]$$w0rd" as example..?
no special characters in TWRP openaes passwords
Late answer, but hey:
Your command seems correct. Make sure you use the same version of openaes (usually 0.7.0) as TWRP (you can find openaes version info in the log file along with you backups) .
When you try to make a new encrypted backup using TWRP you will recognize that most special characters are ignored for password input (except _ underscore).
So not your password was used for encryption, but simply the same without (almost) all special characters!
zroice said:
Hello people,
I got a big problem:
TWRP won't restore my only backup. Unfortunately its encrypted...
The MD5 is alright and when checking the log it decrypts alright as well, but it fails on some firefox cache file in data/data.
So I would like to manually decrypt and extract the files (at least as much as possible) but I can't figure out how.
---
I know TWRP uses openaes for encryption. So I tried to run the following command on the backup files to decrpyt them:
Code:
openaes dec --key "[email protected]$$w0rd" --in backup-file --out backup-file.tar
But the resulting tar is not valid. So the password must be incorrect. (the password I wrote is not the one I used in TWRP to create the backup, but its a similar one with special symbols).
Someone please tell me how to hand the password to openaes correctly so it decrypts the backup file actually.
Given the password "[email protected]$$w0rd" as example..?
Click to expand...
Click to collapse
If you can't remember the password, sorry but... you are screwed.
The command you're using seems to work.
Why dont you ask dees_troy? Login to irc freenode server join #twrp channel, find him there.. he will surely help you..
SO yes this is really old....but how to you decrypt a backup made with twrp on a PC? (Linux)
I had the same problem with encryption and I wasn't able to decrypt it at all no matter how much I have been trying.
What is the point of having a backup if you can't use the data?
Know one ever had to really use a TWRP backup to recover data?
How would one recover data from an encrypted backup if the phone was destroyed and lost from a copy of the backup you had on another location.
Related
My phone recently died and I have to factory reset it. I managed to use TWRP to recover some of my data first which included the Squid files.
According to their website rooted users can backup the database file and the required pages but it doesn't mention restoring them. I've tried copying the files back to the Squid data folder but they don't show up. I've also tried editing a papyrus.bak file (it's a zip) and adding my database/pages but when trying to restore them using the app it says restore failed.
Any ideas how I can do this?
I've got slightly further now. I managed to get Squid to load the database file after copying the backed up files to the data file. When I load Squid it shows the correct number of notes but they're all blank.
Yay! I fixed it. Apart from one file but I'm happy with that. The database I was trying to restore was looking for one extra page which didn't copy across when I was wiping my phone. Loaded up SQLiteBrowser, removed the entry from there, inserted everything into the papyrus.bak file and it restored them. Yay
hello i have a problem i save my note from squid becfause i reinstalled my rom but when i want to restore papyrus.bak it say wait for restoring datyabase... but it don't restore i waited all the night and it stay in that message.... is there another way to restore my data thanks for the help...
its very not good becfause i writed my journal of what i do in the journay and so i lost 1 month of journal..... i'm sad.... but i have the cfomplete papyrus.bak file it make 66,7 mb when i open it in a text software there is lot of text but i don't know what it say xd
Did you make a manual backup of the papyrus.bak file? And that's not working when you try to restore it with Squid?
The papyrus.bak file is a zip file with a database and other files so you need to rename it to .zip if you want to open it.
Thank you very much i restored all with winrar i repaired the papyrus. Zip and with the .pages and root explorer i renamed the blank squid notes with the pages from the papyrus. Zip and i restored all my Diary its too cool and without you i never can do it thank you and have a good day!
Hello everybody.
I need your help in a matter regarding Whatsapp database decryptions. I am currently trying to decrypt, modify and then encrypt again an msgstore.db.crypt12 file. I use Link2SD to freeze Whatsapp, and then I am using WhatCrypt for the decryption (Decrypt WhatsApp Database - path set to the db.crypt12 file - Decrypt Database). It creates a msgstore.db file which I open with aSQLiteManager and edit it (practically editing a phone number and a few messages). Afterwards, I go back to WhatCrypt and hit Encrypt WhatsApp Database - set path to the now modified decrypted msgstore.db - Encrypt Database. The thing is that now it creates a msgstore.db.crypt file, not a crypt12. Can someone please tell me what am I doing wrong? How can I get it to create a file with the crypt12 extension, which I can use to replace the original one? Sorry for the noob question, but I am really stuck here and I could really use your help. Thank you in advance !
Hi,
I recently used HiSuite to backup my honor 6x. When I backed-up the phone I chose to use a password to encrypt the files. The files are saved as .enc format. For example I have pictures saved as XXXXXXX.jpg.enc on my PC.
Here is the problem:
I lost my phone... And now I'm trying to go to the backup on my PC to recover my valuable contact information and pictures. How can I decrypt those .enc files and access my backup files?
Standing by for help.
Thank you!
Charley_CS said:
Hi,
I recently used HiSuite to backup my honor 6x. When I backed-up the phone I chose to use a password to encrypt the files. The files are saved as .enc format. For example I have pictures saved as XXXXXXX.jpg.enc on my PC.
Here is the problem:
I lost my phone... And now I'm trying to go to the backup on my PC to recover my valuable contact information and pictures. How can I decrypt those .enc files and access my backup files?
Standing by for help.
Thank you!
Click to expand...
Click to collapse
You just need any other huawei device to decrypt the files by restoring it.....
Khan ubaid said:
You just need any other huawei device to decrypt the files by restoring it.....
Click to expand...
Click to collapse
Good to know! I will try that out. Thank you!
Need help too
I have a similar problem and I already bought another Huawei... I did a backup with a Huawei p20 and lost it...
Get a new p20 but my files look like a mess is not a zip file when I open hisuite and try to restore the files, the program don't open the files or anything so I really need to get access to my back up
Hope someone can help me to sort it out.
I can help you.
If you know the password used for the backup, you can help decrypt it.
If you send encrypted backup folder and password by e-mail, we will decrypt and send it.
[email protected]
I did the same thing (backed up using HiSuite and password). Got extension .enc in every single file. Now, I'd like to open the file (video - .mp4) on my computer. So, I want to convert the .mp4.enc to just .mp4. How can I accomplish that? Thanks!
marret said:
I did the same thing (backed up using HiSuite and password). Got extension .enc in every single file. Now, I'd like to open the file (video - .mp4) on my computer. So, I want to convert the .mp4.enc to just .mp4. How can I accomplish that? Thanks!
Click to expand...
Click to collapse
Not sure if it will work but select the file, double click and select the option rename and then delete the .enc part. Before trying this copy the file to another location
marret said:
I did the same thing (backed up using HiSuite and password). Got extension .enc in every single file. Now, I'd like to open the file (video - .mp4) on my computer. So, I want to convert the .mp4.enc to just .mp4. How can I accomplish that? Thanks!
Click to expand...
Click to collapse
HI MArret,
I faced this unpleasant situation in August, on this I wrote an article on Linkedin, no login or account required
If you follow carefully my guide you will be able to see files content.
Here you are
linkedin.com/pulse/huawei-backup-decrypt-gherardo-magnini
bye
G
Here there are a Python3 script by dfirfpi and my "porting" to C# for latest HiSuite / KoBackup v9.x
Enjoy it!
Huawei backup decryptor
GitHub - RealityNet - kobackupdec - Huawei backup decryptor
GitHub - wizardgsz - kobackupdec .NET
hi, how do i open it? i am noob sorry
hi, how do i open it? i am noob, sorry but i tried to use both and i don`t know
caster74 said:
hi, how do i open it? i am noob sorry
Click to expand...
Click to collapse
Google for Perl, it is a programming language. You can also use my C# porting.
https://www.perl.org/
https://en.wikipedia.org/wiki/C_Sharp_(programming_language
which file should i edit in strawberry perl?
caster74 said:
which file should i edit in strawberry perl?
Click to expand...
Click to collapse
Here there is the Perl script, contact the author or ask to Perl developers for further info:
https://github.com/RealityNet/kobackupdec
And how restore if I tried rename it from ***.jpg.enc to ***.jpg . after unsucceed try I renamed it back to ***.jpg.enc
BUT NOW BACKUP PASSWORD NOT WORKING. SOMEBODY HELP.
pms91 said:
I can help you.
If you know the password used for the backup, you can help decrypt it.
If you send encrypted backup folder and password by e-mail, we will decrypt and send it.
[email protected]
Click to expand...
Click to collapse
What do i do if i forgot my password to my backups. Is there anyway i can decrypt the backup.....
Any guidance much appreciated
Hi all, thanks for all your time and input. Is there a way of decrypting the hisuite backup folder on a pc and then somehow transferring that data to a non-huawei phone?
Probably not, so maybe my best bet would be to borrow a spare Huawei phone and recover to that and then transfer phone to phone, I have the password.
Ps. Wish I hadn't changed over phones so fast
Hi,
I recently used HiSuite to backup my honor 8pro. When I backed-up the phone I chose to use a password to encrypt the files. The files are saved as .enc format. For example I have pictures saved as XXXXXXX.jpg.enc on my PC.
Here is the problem: now I'm trying to go to the backup on my PC to recover my valuable contact information and pictures. How can I decrypt those .enc files and access my backup files?
Thank you!
As the information is scattered all over, here is the latest summary of the steps to decrypt your HiSuite backup folder (thanks to all the previous contributors):
The example steps assume you are running Windows 10 64 bit and running python 3.8.6:
1. Download python windows 3.8.6 version (64 bit)
python-3.8.6-amd64.exe
or select your version here
python.org/downloads
2. Download decrypt package (64 bit and matches python version 3.8x)
pycryptodome-3.9.8-cp38-cp38-win_amd64.whl
or select your version here (to match the Windows/Linux 32/64 bit version and python version)
pypi.org/project/pycryptodome/#files
3. Download the decrypt python script
github.com/RealityNet/kobackupdec
eg. kobackupdec-master.zip
4. Install python
run python-3.8.6-amd64.exe
create new folder eg. d:\python38 and install
5. Install decrypt package
copy pycryptodome-3.9.8-cp38-cp38-win_amd64.whl to python38 folder then install as follows:
D:\Python38>py -m pip install pycryptodome-3.9.8-cp38-cp38-win_amd64.whl
Processing d:\python38\pycryptodome-3.9.8-cp38-cp38-win_amd64.whl
Installing collected packages: pycryptodome
Successfully installed pycryptodome-3.9.8
6. Copy the decrypt script to the python38 folder
kobackupdec.py
7. Decrypt the encrypted HiSuite folder eg. d:\Hisuite\HUAWEI P40 Pro_2020-06-12 19.16.10
Note: destination folder eg. f:\testrestore must be new (does not exist) and the backup_password is the password you used to encrypt the folder
D:\Python38>py -3 kobackupdec.py -vvv backup_password "d:\Hisuite\HUAWEI P40 Pro_2020-06-12 19.16.10" f:\testrestore
kcchan48 said:
As the information is scattered all over, here is the latest summary of the steps to decrypt your HiSuite backup folder (thanks to all the previous contributors):
The example steps assume you are running Windows 10 64 bit and running python 3.8.6:
1. Download python windows 3.8.6 version (64 bit)
python-3.8.6-amd64.exe
or select your version here
python.org/downloads
2. Download decrypt package (64 bit and matches python version 3.8x)
pycryptodome-3.9.8-cp38-cp38-win_amd64.whl
or select your version here (to match the Windows/Linux 32/64 bit version and python version)
pypi.org/project/pycryptodome/#files
3. Download the decrypt python script
github.com/RealityNet/kobackupdec
eg. kobackupdec-master.zip
4. Install python
run python-3.8.6-amd64.exe
create new folder eg. d:\python38 and install
5. Install decrypt package
copy pycryptodome-3.9.8-cp38-cp38-win_amd64.whl to python38 folder then install as follows:
D:\Python38>py -m pip install pycryptodome-3.9.8-cp38-cp38-win_amd64.whl
Processing d:\python38\pycryptodome-3.9.8-cp38-cp38-win_amd64.whl
Installing collected packages: pycryptodome
Successfully installed pycryptodome-3.9.8
6. Copy the decrypt script to the python38 folder
kobackupdec.py
7. Decrypt the encrypted HiSuite folder eg. d:\Hisuite\HUAWEI P40 Pro_2020-06-12 19.16.10
Note: destination folder eg. f:\testrestore must be new (does not exist) and the backup_password is the password you used to encrypt the folder
D:\Python38>py -3 kobackupdec.py -vvv backup_password "d:\Hisuite\HUAWEI P40 Pro_2020-06-12 19.16.10" f:\testrestore
Click to expand...
Click to collapse
I decrypted all the files as the procedure you said but images are in .tar format and every time open it shows error like archives in unknown format or damaged i tried downloading other archives like 7 zip or win zip but solved please help regarding this problem
NOTE THIS IS NOT "UNABLE TO BACK UP" THIS IS "UNABLE TO RESTORE"
Lots of people on this forum, and lots of people on the internet have errors trying to back up because of this dreaded error 255. But, for me, the backup was fine, but now I can't restore. This is a huge problem because I just tried out a custom ROM (which turned out to be a huge fail), and I want to go back to stock.
So I switched back to the other slot (A/B ftw), wiped all data, formatted SD card, set up the OS to have the same lock pattern as the backup, transferred the backup onto the phone and tried to restore, and, well, fuck.
Code:
[RESTORE STARTED]
Restore folder: '/data/media/0/TWRP/2020-11-08--22-06-46 PRE-RR'
Skipping Digest check based on user setting.
Calculating restore details...
Restoring 4 partitions...
Total restore size is 11276MB
Restoring Vendor Image...
[Vendor Image done (3 seconds)]
Restoring Boot...
[Boot done (0 seconds)]
Wiping Data (excl. storage)
Wiping data without wiping /data/media ...
Done.
Restoring Data (excl. storage)...
extractTarFork() process ended with ERROR: 255
It failed, and there is absolutely nothing I can do about it. TWRP is using buggy commands to extract the backup and I don't know what's triggering the bug.
As a result, right now all my data is in limbo. TWRP cannot restore this backup as-is. I can't just go back in time and use `pm remove-user 999` or `pm remove-user 10` because the backup has already been created. Any solution that has to be done before the backup phase is inaccessible to me now.
My hope is that some smart person here can help me find a way to get this backup back onto the phone. Right now the internet does not have a solution to this problem, no matter how many naive users spam discussion boards with "pm remove-user 999 totally worked". Serious answers only.
Relevant section in the recovery log:
Code:
==> extracting: //data/vendor_de/10/ (mode 40771, directory)
Cannot find key for 10
error looking up proper e4crypt policy for '//data/vendor_de/10/' - 1DE10
tar_extract_file(): failed to extract //data/vendor_de/10/ !!!
I:Unable to extract tar archive '/data/media/0/TWRP/2020-11-08--22-06-46 PRE-RR/data.ext4.win000'
Error during restore process.
I:Error extracting '/data/media/0/TWRP/2020-11-08--22-06-46 PRE-RR/data.ext4.win000' in thread ID 0
I:Error extracting split archive.
Error during restore process.
pigz: write error code 32
pigz: abort: write error on <stdout>
extractTarFork() process ended with ERROR: 255
I suppose the solution is to make it "find a key for 10", but how? Do I just need to somehow recreate the 10 user before restoring the backup?
EDIT NOTICE: THIS DIDN'T WORK, DON'T MAKE IT WORSE BY TRYING
ORIGINAL POST IS BELOW
Alright. Well, I found a solution. That was quick.
The error is triggered by the backup containing a user that isn't present during the restore, I think. One solution is (theoretically) to create the missing user... another solution is to remove the missing user from the backup.
Turns out, backups are not so hard to modify, even in their compressed form. However, it is a little bit unintuitive at first.
You can't use the `tar` command to modify the backup, at all. TWRP's tar doesn't even support the --delete flag, nor does the BSD tar command (what ships with macOS). Even after installing GNU tar, it still refuses to work on a compressed archive (probably for the better).
You either need a Windows system with WinRAR/7zip (allows opening/modifying compressed files without extracting them), or a macOS/Linux system with FUSE and archivemount. If you're on Windows, you will have to manually search every single folder for 10 or 999 folders and delete every single one. If you're on macOS/Linux, the process is a bit more technical but also a bit more automated. And in both cases you will have to do this many times, and it can easily take half an hour or more and many restore attempts.
First and foremost, you need the recovery log to find out where the process failed. Every time it fails you will need to go to Advanced > Copy Log, copy them to the SD card, then use the flipping horrible Android File Transfer program to transfer the recovery.log to your PC, then use the cat/tail command or a text editor of your choice to read the log file.
Somewhere around the end of that file you will find something that looks like this:
Code:
==> extracting: //data/misc_de/10/ (mode 41771, directory)
Cannot find key for 10
error looking up proper e4crypt policy for '//data/misc_de/10/' - 1DE10
tar_extract_file(): failed to extract //data/misc_de/10/ !!!
I:Unable to extract tar archive '/data/media/0/TWRP/2020-11-08--22-06-46 PRE-RR/data.ext4.win003'
This contains all the info you need: the archive where the tar command gave up, and the file it gave up on.
Destroy that file with extreme prejudice.
Make a mount point with `mkdir mnt`, and mount the archive with `sudo archivemount data.ext4.win003 mnt`. (Of course, substitute data.ext4.win003 with the culprit archive file.)
If you're like me and have this problem with 10 folders, or 999 folders, you can find every single one of its kind with `sudo find mnt -name 10`. You can then use `sudo rm -rf` to delete every one of them. If you're brave, try `sudo find data -name 10 -exec sudo rm -rf \{\} \;`. I'm not responsible for any data losses incurred by using powerful commands that don't prompt you for confirmation.
Notice how I'm repeatedly using `sudo` for this: FUSE is kind of quirky and so is the kernel about multi-user filesystems. If you don't use sudo to mount the archive, then the user won't have permission to represent files it doesn't own, even if root is the one asking. You'll get weird "No such file or directory" errors for files and directories that are contained in parent directories' file listings. If you don't use sudo for the find or rm commands, you won't have permission to look inside folders or delete folders. Really, do everything with sudo because it's the only way to do this correctly.
Once you're done scrubbing the problem files away (be careful, do not use a file explorer of any kind, especially macOS's, which generally craps .DS_Store files all over your filesystem), unmount and save the archive with `sudo umount mnt`.
The next part is very important because recompressing files is not instant.
You will need to run `watch -n 1 du -hs data.ext4.win003` and WAIT.
Watch the file size slowly grow; only continue once it has stayed the exact same for at least one minute. Yes, it can definitely stop for 30 seconds at a time and then resume. You will need to give it time to recompress. It's also probably normal for the recompressed file to be about half the size of the initial file; that's just an artifact of TWRP not using very good compression to begin with. archivemount will create a backup of the archive with .orig appended, so you can try again if your backup ends up getting corrupted. (I just created an entirely separate copy of the backup to use archivemount on)
Of course, if you're on Windows you can skip all this and simply delete the problem file from WinRAR/7zip, and it'll be gone instantly and you can just proceed to copy the archive over to your device and retry the backup. You will have to do all the searching manually though, or perhaps you could try your luck with WSL. (Does WSL support FUSE?)
Expect this process to fail multiple times, but all at different points; whenever it fails at a different file, you know it got past the one you just removed. all you need to do is repeat this process over and over, slowly fixing your backup until it restores properly. This is what needs to be done if you can't reproduce the event that created that user in the first place. I'm sure if the user is important, it'll get created again.
Also, looks like user 10 is what happens when Google Play updates Device Personalization Services. Is this the generic "updates for system apps" user or is it specifically for that app?
EDIT: But updating that app doesn't create user 10. Interesting...
EDIT 2: User 10 is the guest user!! All I needed to do was create user 10 and that allowed me to restore my backup!
My post above is still good to see what I tried at first but it actually bricked my device until I factory reset it again, so :/
LoganDark said:
Also, looks like user 10 is what happens when Google Play updates Device Personalization Services. Is this the generic "updates for system apps" user or is it specifically for that app?
EDIT: But updating that app doesn't create user 10. Interesting...
EDIT 2: User 10 is the guest user!! All I needed to do was create user 10 and that allowed me to restore my backup!
My post above is still good to see what I tried at first but it actually bricked my device until I factory reset it again, so :/
Click to expand...
Click to collapse
Glad you managed to get your device back!
I had the same problem on another phone. The reason I got the error was because I tried to restore a decrypted backup on an encrypted device. After choosing the option "Format" in TWRP and typing 'yes' to confirm the decryption process, I was able to restore my backup.
Im having the same error in my realme xt...
sir..please help me.. I have a twrp backup of system image vendor image data boot recovery persist but im unable to recover because it shows an "error extract tar fork process ended up with error 255".during backup i had a pincode for screenlock.
i also have a backup of my internal storage in twrp but im not able to restore because of this error
LoganDark said:
Also, looks like user 10 is what happens when Google Play updates Device Personalization Services. Is this the generic "updates for system apps" user or is it specifically for that app?
EDIT: But updating that app doesn't create user 10. Interesting...
EDIT 2: User 10 is the guest user!! All I needed to do was create user 10 and that allowed me to restore my backup!
My post above is still good to see what I tried at first but it actually bricked my device until I factory reset it again, so :/
Click to expand...
Click to collapse
Hi. Did you create user 10 in Source, or in destination?
How did you do that in source?
If in destination, then is it possible to do it via TWRP?
EDIT: disregard. Mine user in the error path is 0 :-( '//data/system_de/0/'
just use option format data when entering wipe selection
erosman23 said:
just use option format data when entering wipe selection
Click to expand...
Click to collapse
doesnt work
redmi k20 davinci
Nandoid B/U with TWRP. Seems to backup just fine, but (immediately) restore on the same device causes boot loops.
It looks like the backup filed are something like win000, win001, etc that are actually tar files.
I'm wondering if I got into terminal mode on TWRP, could I just extract the tar files to restore the partition?? I've always used tar to b/u and restore /data/media.
FWIW, the device is a Pixel 3a running android 11 and the version 11 compatible TWRP flash file.
Help if you can...... Thanks
Hi @Boowho 1234,
seems you have accidentially posted in the wrong forum. I have moved your question to the Google Pixel 3a Questions & Answers forum.
regards
alecxs
moderator
alecxs said:
Hi @Boowho 1234,
seems you have accidentially posted in the wrong forum. I have moved your question to the Google Pixel 3a Questions & Answers forum.
regards
alecxs
moderator
Click to expand...
Click to collapse
sorry......
You're welcome! Regarding your question. May you clarify why you want to extract tar files manually - did the restoring via TWRP menu not extract the files successfully? Usually TWRP would throw an Error code in that case, and you can always have a look into /tmp/recovery.log
alecxs said:
You're welcome! Regarding your question. May you clarify why you want to extract tar files manually - did the restoring via TWRP menu not extract the files successfully? Usually TWRP would throw an Error code in that case, and you can always have a look into /tmp/recovery.log
Click to expand...
Click to collapse
Restoring using the TWRP restore option restored the files perfectly. But, upon rebooting back to SYSTEM just boot loops. No error code thrown, but I've not looked at recovery.log
It's probably because of one or more outdated files restored. try to delete this. you should also try to restore on formatted userdata partition (beware of / data/media = /sdcard is not included in backup)
/data/unencrypted
/data/misc/keystore
/data/misc/gatekeeper
/data/misc/vold
/data/system/locksettings.db*
You should ask TWRP maintainer to fix that issue.
I'm now using a Windows .bat file to backup ALL partitions on the device. It works great except throws errors on these two partitions : mmcblk0 and mmcblk0rpmb
I've read that these two partitions are not REALLY partitions at all, but are some sort of "special" files within the /dev/block directory.
The question is do I have a complete Nandroid back up without these two included?? Anyone??
Thanks