[Q] Can you please explain what is the ROM? - General Questions and Answers

Hey, I have really basic information about computers and OSs so I really need some explanations for the case of android smartphone (qualcomm mainly). So let me tell you first what I know (I hope that this is true): For a computer they use EEPROM and it's a type of ROM which is erasable. The bios is stored there and it's the first thing loaded when starting the computer. (It's is easily updatable as I have already updated my bios). For the case of android smartphones I think that they use NVRAM, but I don't know what is NVRAM physically? is it a build-in memory separated from storage devices like on computers?! or is just a partition of internal storage? (internal storage I mean /dev/block/mmcblk0). I found that NVRAM can only be erased using JTAG on some websites but I found that device cloning is done copying mmcblk0 from one phone to another, so that means that NVRAM is located in mmcblk0. And if NVRAM is just a part of mmcblk0 so why is it a read only memory? we can easily write to other partitions, so why not NVRAM?! I'm really confused...
Please share your knowledge, I really need years of studying electronics and computer science to know all this by myself... Thank you all!!

AmineBY said:
Hey, I have really basic information about computers and OSs so I really need some explanations for the case of android smartphone (qualcomm mainly). So let me tell you first what I know (I hope that this is true): For a computer they use EEPROM and it's a type of ROM which is erasable. The bios is stored there and it's the first thing loaded when starting the computer. (It's is easily updatable as I have already updated my bios). For the case of android smartphones I think that they use NVRAM, but I don't know what is NVRAM physically? is it a build-in memory separated from storage devices like on computers?! or is just a partition of internal storage? (internal storage I mean /dev/block/mmcblk0). I found that NVRAM can only be erased using JTAG on some websites but I found that device cloning is done copying mmcblk0 from one phone to another, so that means that NVRAM is located in mmcblk0. And if NVRAM is just a part of mmcblk0 so why is it a read only memory? we can easily write to other partitions, so why not NVRAM?! I'm really confused...
Please share your knowledge, I really need years of studying electronics and computer science to know all this by myself... Thank you all!!
Click to expand...
Click to collapse
Well, I didn't understand a damn thing you just just said, but I can tell you this:
ROM, in the Android world, means the OS or firmware the device runs on. Like Windows or Linux. You can have the stock ROM, which is what the device ships with. Or, if the device allows it, you can install a custom ROM, such as Cyanogenmod.
"ROM" can mean other things in different contexts. You can find these out for yourself by using this thing called "google". But in the Android world, it simply means the operating system.

Planterz said:
Well, I didn't understand a damn thing you just just said, but I can tell you this:
ROM, in the Android world, means the OS or firmware the device runs on. Like Windows or Linux. You can have the stock ROM, which is what the device ships with. Or, if the device allows it, you can install a custom ROM, such as Cyanogenmod.
"ROM" can mean other things in different contexts. You can find these out for yourself by using this thing called "google". But in the Android world, it simply means the operating system.
Click to expand...
Click to collapse
Thanks for the quick reply! but I'm not talking about ROM files. I'm asking about this http://en.wikipedia.org/wiki/Read-only_memory
Of course I already tried googling it but it's just general information, I'm searching for information about android hardware (qualcomm mainly).

Any idea about android devices ROM (Read Only Memory) please?!

I'm not sure about low-level stuff (like the actual bootloader, which probably is isolated on different ROM chips on various devices), but most of what we normally consider the "ROM" -- i.e. the Android system software discussed above -- and even a sort of miniature OS for performing updates called the recovery -- is stored on a flash memory chip (sometimes eMMC) within the phone. Definitely not NVRAM/EEPROM, though the bootloader could be on one of those.

maclynb said:
I'm not sure about low-level stuff (like the actual bootloader, which probably is isolated on different ROM chips on various devices), but most of what we normally consider the "ROM" -- i.e. the Android system software discussed above -- and even a sort of miniature OS for performing updates called the recovery -- is stored on a flash memory chip (sometimes eMMC) within the phone. Definitely not NVRAM/EEPROM, though the bootloader could be on one of those.
Click to expand...
Click to collapse
Thanks! I think some information should be on NVRAM, if not why do people use JTAG to unlock devices?! Flash memory can be edited easily using usb cable only...

AmineBY said:
Thanks! I think some information should be on NVRAM, if not why do people use JTAG to unlock devices?! Flash memory can be edited easily using usb cable only...
Click to expand...
Click to collapse
I don't think it's possible to edit flash memory with USB cables alone on most devices; that's actually rather tough and requires a phone that's had its bootloader unlocked (even then, official bootloader unlocks -- like HTC's -- don't always let you write over certain bits of it). Not quite sure about the JTAG stuff -- that reaches the limits of my knowledge.

Related

[Q] Exchange the whole UI stack on Android

Hi
I am new to hacking android. I have built linux distros in the past, and have worked with Linux for 15 years,
I have just rooted a ZTE V965. It doesn't come pre-installed with Play store, and has all sorts of ZTE-specific Chinese apps. It has a good baseband circuit, a good screen, reasonable camera and I think is a great value phone, apart from the awful UI.
It is an android phone, although heavily customised. It has an MTK6589 processor coupled with 4Gb ROM and 512Mb RAM.
I have other phones which operate a much more "Vanilla" android. For example, the Guophone 9105 which also uses an MTK6589. This has a troubling tendency to reboot every random interval. Approx 6 times a week.
I have had success in the past running Linux systems built for much earlier kernels on later kernels. This suggests the ABI (application binary interface) for the Linux kernel changes rather slowly.
I am wondering how well the userland apps are separated from the kernel and drivers on Android.
Specifically, is it feasible to dump all the UI stuff from one phone onto another then change the init to launch the other UI?
Would this risk bricking the phone, or would the shell commands and ADB infrastructure still likely operate?
I guess I should change the bootloader to one that supports fastboot first, right? Is ther a how-to on achieveing this from the root shell?
Thanks for any thoughts
Nick.
Nick Hill said:
Hi
I am new to hacking android. I have built linux distros in the past, and have worked with Linux for 15 years,
I have just rooted a ZTE V965. It doesn't come pre-installed with Play store, and has all sorts of ZTE-specific Chinese apps. It has a good baseband circuit, a good screen, reasonable camera and I think is a great value phone, apart from the awful UI.
It is an android phone, although heavily customised. It has an MTK6589 processor coupled with 4Gb ROM and 512Mb RAM.
I have other phones which operate a much more "Vanilla" android. For example, the Guophone 9105 which also uses an MTK6589. This has a troubling tendency to reboot every random interval. Approx 6 times a week.
I have had success in the past running Linux systems built for much earlier kernels on later kernels. This suggests the ABI (application binary interface) for the Linux kernel changes rather slowly.
I am wondering how well the userland apps are separated from the kernel and drivers on Android.
Specifically, is it feasible to dump all the UI stuff from one phone onto another then change the init to launch the other UI?
Would this risk bricking the phone, or would the shell commands and ADB infrastructure still likely operate?
I guess I should change the bootloader to one that supports fastboot first, right? Is ther a how-to on achieveing this from the root shell?
Thanks for any thoughts
Nick.
Click to expand...
Click to collapse
Hi Nick, I have the same phone. I'm also very new to android, last phone was iOS and before that windows. I managed to root the V965 using Vroot. I also managed to install SuperSU and CWM. However, the CWM is not fully functional, I can only do a factory reset, not install any packages or roms. Probably the phone has a locked bootloader. I can't check, because the USB driver with the phone doesnt support fastboot.
I really need to get google play working in this phone, read a lot of stuff, tried many things, but I havent succeeded yet. Please let me know if you make any progress.
In China they are flashing this phone, found some ROMs even, but I am not sure how they manage and google translate isn't much help there.
http://www.romjd.com/Device/zte-v965/hot/all/1
Hmmm my V965 is having some issues now
After a factory reset, the setup wizard keeps crashing. Even after another resest. So I can't get in the phone anymore.
Any chance you can send me the USB drivers that are on the phone? My phone isnt deteceted anymore, so I can't access the drivers, which I want to reinstall. And of course they are not on the ZTE website.
Byte_Me said:
Hmmm my V965 is having some issues now
After a factory reset, the setup wizard keeps crashing. Even after another resest. So I can't get in the phone anymore.
Any chance you can send me the USB drivers that are on the phone? My phone isnt deteceted anymore, so I can't access the drivers, which I want to reinstall. And of course they are not on the ZTE website.
Click to expand...
Click to collapse
Hi
You can temporarily download the ZTE v965 USB drivers from
www dot nickhill dot co dot uk forward slash ztev965usb dot zip
Byte_Me said:
Hi Nick, I have the same phone. I'm also very new to android, last phone was iOS and before that windows. I managed to root the V965 using Vroot. I also managed to install SuperSU and CWM. However, the CWM is not fully functional, I can only do a factory reset, not install any packages or roms. Probably the phone has a locked bootloader. I can't check, because the USB driver with the phone doesnt support fastboot.
Click to expand...
Click to collapse
Fastboot and ADB appear to be standard protocols, at least on my Ubuntu, which don't need special drivers. However, it does appear that the stock boot loaader on the v965 does fail to incorporate the fastboot option.
If you remove the battery, replace it then turn on holding the volume down, you will get a menu, but fastboot is not there.
I don't know for a fact, but I do suspect that if you have access to the running android system as root, then you could in principle change any of the internal flash data. Therefore, in principle, I guess you could replace the boot loader or anything else in the running android system. Anyone please correct me if I am wrong, or confirm if I am right.
The feature set of this phone seems to be the same as the feature set of my Guophone. MTK6589, dual SIM, etc. So this image may be a good place to start if considering a transplant.
If you have ROMs, then perhaps it is possible to flash the ROM from a root terminal. I'm thinking add the uncompressed ROM to the Micro SD card, then using the dd command, block copy it to the appropriate image area on the internal ROM, reboot, reset to factory defaults.
If anyone more experienced than me with the nuts and bolts of Android can confirm or deny this will work, or where it should be put, please let me know.
An important factor is that the NAND is not locked on the ZTE V965. So if you have a root shell on the phone, you can issue the following command:
mount -o remount,rw /[email protected] /system/
Once you have done this, you will have read/write access to the system partition.
The only thing I then need to know is what should I avoid changing that may break the ADB bridge/root console?
And is all the UI stuff kept together, if so, where?
Shuffle it around a bit, make a new ROM
Thanks for the driver!
Unfortuntely it doesn't help
I found out the culprit, I tried to install gapps (google apps package) to the system app folder. I thought these changes would be reversed with a factory reset, but they are not. Setupwizard.apk keeps crashing and is preventing me from accessing my phone, so I must find a way to remove it from the system app folder. However, since this error occurred, I am not able to contact the phone in any way from the PC. Adb toolkit does not detect it, even when I reinstalled your driver. It's quite puzzling, I dont understand why in recovery mode I cannot connect adb-toolkit anymore.
Got my V965 working again, but it was a lot of hassle with shell access. Still not fully functional, no drives detected when i connect to USB, which is quite annoying, but not more than that. If you ever make any progress with google apps or flashing, please keep me informed, that would make this phone much more useable. I'll also keep hacking away at it, but without a bootloader unlock (I still think this is the problem), I don't think it will be possible.
I'm convinced it's possible to flash the phone, it seems they do it a lot in China.
I found a website with a couple of custom ROMs specific for the V965:
http://www.romjd.com/Rom/Detail/17086
And what I suspect is a rooting & flashing tool. Rooting works, I haven't figured out flashing yet.
http://dl.vmall.com/c0xa12brvo
I've also tried flashing from the settings - update menu in the phone, but it never finds the ROM (update.zip)
I did find another problem, I can't be reached on my phone, it always goes to voicemail. Same SIM in another phone works fine. No idea what's causing this.
Byte_Me said:
Got my V965 working again, but it was a lot of hassle with shell access. Still not fully functional, no drives detected when i connect to USB, which is quite annoying, but not more than that. If you ever make any progress with google apps or flashing, please keep me informed, that would make this phone much more useable. I'll also keep hacking away at it, but without a bootloader unlock (I still think this is the problem), I don't think it will be possible.
Click to expand...
Click to collapse
Hi
I might be able to help you with the problem.
I have a mint, unused ZTE v965. I have used MTK Droid root and tools to extract a backup of the entire new phone. It is currently uploading to www dot nickhill dot co dot uk forward slash ZTE-V965_new_backup.zip
You should be able to write this back to your phone using flashtool.exe.
I don't know for sure if this will work, so entirely at your own risk! Just trying to help. If unsure, ask around.
I am new to this forum, so please remember to click the thanks button if you find anything I have done helpful!
Meanwhile, the MTK droid root and tools has a function to remove much of the chinese stuff (once the system has been installed) and there is always the cyanogenmod gapps package. This may be worth investigating.
Nick Hill said:
Hi
I might be able to help you with the problem.
I have a mint, unused ZTE v965. I have used MTK Droid root and tools to extract a backup of the entire new phone. It is currently uploading to www dot nickhill dot co dot uk forward slash ZTE-V965_new_backup.zip
Click to expand...
Click to collapse
The file size should be 635,972,093 bytes and should finish uploading at 04:00 GMT
md5sum 17ecfdd1040d5dbfab70a3adbc24e07a
Thanks for the ROM, i'll give it a go. I will try to install it using the update option in the settings, that seems the safest.
Be careful with gapps. setupwizard.apk + factory reset = a lot of problems (if you install in system app folder)
OMG that tool is awesome. created CWM boot, installed your ROM, then installed a clean ROM, then installed gapps, all working!!!
Byte_Me said:
OMG that tool is awesome. created CWM boot, installed your ROM, then installed a clean ROM, then installed gapps, all working!!!
Click to expand...
Click to collapse
Firstly, I'm glad it's working for you.
Secondly, which tools did you use? Did you unpack the zip, open flashtools, select the scatter file then program the phone, or did you use some other method?
Which clean ROM did you then install, and how did you install it?
Did you then use MobileUncle to install CWM then use the cyanogenmod 10.1 gapps, or did you do something different?
It is useful to remember that MTKdroidtools has a useful function to remove chinese stuff. I think if more people contributed to the list of Chinese files that are safe to remove, that would be blade.
A detailed step-by-step guide might be helpful for anyone else with the same problem. One of the general problems I find is that there are plenty of guides around referring to this program, or that program, but few are detailed enough for someone who doesn't already know about those programs to use.
I pretty much bricked a Lenovo A766 yesterday, and it took several hours to learn about the tools to eventually unbrick it.
I would have rather spent my time understanding what is really going on, rather than spending my time learning vaguely what tool achieves what end result. If I understood more about the Android system, and built that knowledge on my understanding of Linux, I reckon I could achieve much more.
One thing I notice is that tablets and smartphones are actually replacing desktops and laptops. February this year, windows machines were down 7% YOY. I use Ubuntu for my main computer. Using these tools on Windows led me to significant frustration! This has led me to understand why there is a move. Maybe the tools provided for windows need to eventually move to android. We could then potentially use USB OTG to service other android devices. MTKdroidtools and flashtools runnng as a host on a separate Android system would be cool.
Nick Hill said:
Firstly, I'm glad it's working for you.
Click to expand...
Click to collapse
Thanks, me too
Secondly, which tools did you use? Did you unpack the zip, open flashtools, select the scatter file then program the phone, or did you use some other method?
Click to expand...
Click to collapse
I used MTK tools as described in that topic, rooted, made backup, installed CWM
Which clean ROM did you then install, and how did you install it?
Click to expand...
Click to collapse
I used the update tool from CWM to flash this ROM:
http://www.romjd.com/Rom/Detail/17086
That ROM is not very clean though, You might as well clean your own ROM
Did you then use MobileUncle to install CWM then use the cyanogenmod 10.1 gapps, or did you do something different?
Click to expand...
Click to collapse
CWM is installed using MTK Droid Root and Tools:
http://forum.xda-developers.com/showpost.php?p=44660171&postcount=417
This gapps version I installed: gapps-jb-20121011-signed
It's installed using CWM bootloader: install .zip package
It is useful to remember that MTKdroidtools has a useful function to remove chinese stuff. I think if more people contributed to the list of Chinese files that are safe to remove, that would be blade.
Click to expand...
Click to collapse
I used the delete China function, but it didnt catch very much. But with all the functions available now, it's quite easy to clean manually.
A detailed step-by-step guide might be helpful for anyone else with the same problem. One of the general problems I find is that there are plenty of guides around referring to this program, or that program, but few are detailed enough for someone who doesn't already know about those programs to use.
Click to expand...
Click to collapse
Yes, I plan to make a topic for this phone, but at the moment I am still testing many things.
I pretty much bricked a Lenovo A766 yesterday, and it took several hours to learn about the tools to eventually unbrick it. I would have rather spent my time understanding what is really going on, rather than spending my time learning vaguely what tool achieves what end result. If I understood more about the Android system, and built that knowledge on my understanding of Linux, I reckon I could achieve much more.
Click to expand...
Click to collapse
I know how you feel, I was ready to toss this phone in the trash
One thing I notice is that tablets and smartphones are actually replacing desktops and laptops. February this year, windows machines were down 7% YOY. I use Ubuntu for my main computer. Using these tools on Windows led me to significant frustration! This has led me to understand why there is a move. Maybe the tools provided for windows need to eventually move to android. We could then potentially use USB OTG to service other android devices. MTKdroidtools and flashtools runnng as a host on a separate Android system would be cool.
Click to expand...
Click to collapse
I have no idea about the possibilities there. I'm not a programmer, just someone who is good with computers and knows a little bit of everything.
PS. I could also use some thanks as well, maybe get some respect around here
Nick Hill said:
...
Click to expand...
Click to collapse
Did you give it a try yet? Another user did and google apps are working for him, so thats 2 for 2.
Are you still on your original ROM? If so, I have a question for you. Do you get notification badges on your icons, for instance, when you have a missed call, is there a red box with a 1 on the phone icon? Also, do your contacts get ID-ed when they call you? I have some problems with that, caused by the country code prefix. I am still running that ROM I downlaoded from the Chinese forum, but if your ROM doent have these issues, I will switch back ASAP.
Nick Hill said:
Firstly, I'm glad it's working for you.
Click to expand...
Click to collapse
as you are a Lenovo a766 owner, may you help me with this?
http://forum.xda-developers.com/showthread.php?p=49076877#post49076877
Where are configuration settings stored accross factory resets?
I have come to the (perhaps erroneous) conclusion that the user interface and what the user will experience is governed primarily from:
the APKs in
/system/app/
/system/vendor/operator/app/
and the configuration files pertaining to the installed apps, which is located at:
/data/user/0/
I guess that when the android device is factory reset, the /data partition is completely cleared, right?
Is there a set of standard configurations which are unpacked from somewhere into /data/user/0/ after a factory reset, or is it normal for all configurations to be stored in their respective APKs?

A question about android partitioning

Hello and sorry for bad english,
I just wanted to ask : is android does partitioning in any similar way to linux? Because they have similar kernels, can I dump emmc contents to something like a virtual hard drive then view partitions and edit them normally?
Because my family has several cheap chinese phones (mostly mtk) and they share in common this annoying system storage issue where apps could only be stored on 2gb (separated from the other 6gb of media storage(sdcard1))where there is only 0.5 gb free for you to install your applications. Custom rom flashing doesnt work, while app2sd works after some trouble, it still not stable and often problematic for the average users these phones belong to, flashing custom layouts brick phone no matter what i tried, while i tried to stay away from rooting i tried it and exposed plugins (or something) dosent even work, i gave up on this already but i would really prefer to expand my knowledge in android.
If phone's Android is rooted you always can dump contents of Android partitions.
See also here:
[GUIDE] Making Dump Files Out of Android Device Partitions - GSM-Forum
Use: The main purpose is to make a file that contains all data in android specific partition. This is really handy in case of dumping leak firmwares.
forum.gsmhosting.com
jwoegerbauer said:
If phone's Android is rooted you always can dump contents of Android partitions.
See also here:
[GUIDE] Making Dump Files Out of Android Device Partitions - GSM-Forum
Use: The main purpose is to make a file that contains all data in android specific partition. This is really handy in case of dumping leak firmwares.
forum.gsmhosting.com
Click to expand...
Click to collapse
Thank you, but can sp flash tool do the above?(does using the combo of wwr_mtk and sp flash tool achieve dumps that can be read in the same way?)
IDK
jwoegerbauer said:
IDK
Click to expand...
Click to collapse
I am away from home for some time so i cant try it, but my suggested method generates img files for everything
Also, can i in any way resize the partitions on the phone(maybe go your way then edit partitions on the pc then flash them back OR modify the sp flash tool scatter file(very unlikely to work, file size and partition size are different))or merge the internal and media partitions, or modify the rom so it stores apps in the media storage then flash it back. Any help would be appreciated.
IDK
jwoegerbauer said:
IDK
Click to expand...
Click to collapse
Ok, thanks anyway

Signatures in Android boot - making a copy of a factory-signed ROM

Hello,
I am not sure if this is the right subforum to post in but I figured that since my question is related to the Android boot process and signatures, it kind of touches security and this seemed as the best-fitting subforum (my apologies if it is not). Just to begin with, I am no computer noob. I write C code for a living and I know how cryptographic signatures work. However, I am completely unfamiliar with the Android ecosystem, so I may have some noob questions there...
Basically, I would like to know why it is not possible to take a bit-by-bit backup of an official signed ROM from the eMMC of an Android 9+ MediaTek-based device and then restore it later. Could someone please explain or point me to documentation about the technical mechanism that prevents this?
Background:
I bought a Gigaset GS290 smartphone with the intention of installing the /e/ operating system on it. However, since it is currently in mint condition, I was thinking it might be a good idea to first make a backup of the original factory firmware, in case I ever need to go back, especially since there is no official signed ROM available for this device.
I read that since this device has a MediaTek chipset, I can use the SPFlash tool to read/write arbitrary memory off/onto it. Therefore, I would think that I should be able to take a bit-by-bit image of the eMMC in its original factory state and then later take that image and write it back in order to restore the original software, including verified boot. However, according to [1], it is not possible since Android 9. My question is why. How does the operating system come into play?
Also, [2] mentions that the SPFlash tool is only able to create a backup that contains an unsigned image. How is that even possible if whatever is in the eMMC is signed?
I realize that there is a chain of trust originating probably in some TPM on the chipset that verifies the bootloader and the bootloader then verifies the system. I understand that by flashing an unlocked bootloader and modified system I break that chain of trust, BUT by restoring the original contents of the eMMC, I should be able to fully restore that chain, right? I mean the phone is a deterministic device that has a state (== the contents of its memories). Which part of the device's state will I not be able to restore using the aforementioned method? The only mechanism that I can think of is that the TPM would have to erase its keys when it is unable to verify a bootloader, which does not seem probable to me. Could someone please refute or confirm this?
Best Regards
Mike
[1] https://android.stackexchange.com/questions/220584/smart-phone-flash-tool-readback-emmc-user-backup
[2] https://forum.hovatek.com/thread-26015-post-155676.html#pid155676

is it possible to us majisk without factory resetting?

i'm trying to recover data (mostly folders in my internal storage such as screenshots, screecaptures, etc.) but the programs i am using need my phone to be rooted. My phone runs on android 9 and needs it's bootloder to be unlocked but i need to know if there is a way to d this without factory resetting which may overwrite the lost data which i cannot recover when doing so.
A Factoy Reset only wipes files what means it deletes their entries in Android's inode-table , it doesn't overwrite them. The diskspace previously allocated by the now wiped files becomes orphaned, thus can get reused.
Use ADB pull to extract user-data files where a rooted Android isn't needed.
See also here:
How to Download Files to the Computer with ADB Pull - KrispiTech
You can actually copy and download files from your Android smartphone to the PC using some simple ADB Pull commands as long as you enabled USB Debugging.
krispitech.com
so i can still recover files i deleted prior to a factory reset needed to unlock my oem?
please reply
To recover deleted files Android must be rooted and a special commercial forensic software must be used. GIYF ...
xXx yYy said:
To recover deleted files Android must be rooted and a special commercial forensic software must be used. GIYF ...
Click to expand...
Click to collapse
do you know any that i should use?
Your device is encrypted with FDE. the same answer applies. One can't recover data after factory reset. encryption key is gone forever, and so is your data.
edit: if you haven't done factory reset yet, device might still encrypted with same crypto-footer. this leads you to hypothetical option to obtain temporary root shell and pull decrypted block partition /dev/block/dm-0 (or whatever)
assuming you found vulnerability/exploit and managed to get raw dump, still your chances to recover deleted files are low, because of the way android flash translation controller handles eMMC flash storage.
aIecxs said:
Your device is encrypted with FDE. the same answer applies. One can't recover data after factory reset. encryption key is gone forever, and so is your data.
edit: if you haven't done factory reset yet, device might still encrypted with same crypto-footer. this leads you to hypothetical option to obtain temporary root shell and pull decrypted block partition /dev/block/dm-0 (or whatever)
assuming you found vulnerability/exploit and managed to get raw dump, still your chances to recover deleted files are low, because of the way android handles eMMC flash storage.
Click to expand...
Click to collapse
if only i have discovered these posts sooner...
so those recovery apps are useless?
most of the data recovery tools / one-click-rooting apps aren't working anymore since marshmallow. there are however some companies like cellebrite claiming they can still hack. maybe they got somehow access to Samsungs OEM signing keys idk
Don't know if I got you right, you haven't factory reset your device, yet?
This app might help you to find existing files and thumbnails of deleted files. To my understanding it won't undelete anything but some users claim different. It will search for hidden trash can in gallery, maybe you are lucky...
FindMyPhoto – Recover Photos o - Apps on Google Play
A truely free app to recover deleted photos on Android devices.
play.google.com
aIecxs said:
Don't know if I got you right, you haven't factory reset your device, yet?
This app might help you to find existing files and thumbnails of deleted files. To my understanding it won't undelete anything but some users claim different. It will search for hidden trash can in gallery, maybe you are lucky...
FindMyPhoto – Recover Photos o - Apps on Google Play
A truely free app to recover deleted photos on Android devices.
play.google.com
Click to expand...
Click to collapse
i did factory reset...
i should probably give up and move on, shouldn't i?
the app looks really promising, but it has alot of one star reviews
just another useless app..
better root your device, factory reset again and disable encryption. this way you are prepared next time
aIecxs said:
just another useless app..
better root your device, factory reset again and disable encryption. this way you are prepared next time
Click to expand...
Click to collapse
have you actually used the app, seen the reviews, or both?
Best Cellebrite Alternatives & Competitors
Compare the best Cellebrite alternatives in 2023. Explore user reviews, ratings, and pricing of alternatives and competitors to Cellebrite.
sourceforge.net
Besides Cellebrite is there an alternative
Besides Cellebrite is there an alternative to capturing data from a cell phone on the physical side (ie deleted items)? In addition to bypassing the ...
www.forensicfocus.com
https://www.reddit.com/r/computerforensics/comments/a1j43j
These links have cellebrite alternatives and one person said that they use odin + twrp. I hope some of them are freeware/ have free trials. Can someone help me verify if these are legit?
moutsu said:
have you actually used the app, seen the reviews, or both?
Click to expand...
Click to collapse
another user suggested this app. but only helpful to find existing pictures in trash can. read full discussion here
https://android.stackexchange.com/q/231132
moutsu said:
These links have cellebrite alternatives and one person said that they use odin + twrp. I hope some of them are freeware/ have free trials. Can someone help me verify if these are legit?
Click to expand...
Click to collapse
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
aIecxs said:
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
Click to expand...
Click to collapse
aww
to let anyone know about how i ended up into this rabbit hole of recovery apps and finding out about xda, heres a backstory: some, if not all, of the folders were deleted in the storage/emulated/0 file directory after possibly me deleting them after they have popped up in an app that accessed your files. this is why i've been asking questions and doing research on how to recover them. i had to root my device according to the answers, but i didnt want to unlock the bootloader but i had to unlock it eventually. i really regret doing that. if this happens to someone in the future, i would ask anyone if it is possible to recover the files in storage/emulated/0 after they were deleted.
aIecxs said:
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
Click to expand...
Click to collapse
so there IS a way? if it's not impossible then it is possible!
x=1
Kds ld fhud xnt dwzlokd.

How to acquire an Android physical disk image?

Hi there,
As the title suggests, I would like to acquire a physical disk image of my Samsung Galaxy A01 which I will be using Autopsy to analyze. My research has lead me to believe that in order to do so one must first root the device. So my questions are:
1. If I root the device will all the data I am attempting to analyze be deleted/erased in the process?
2. Does anyone know of a good guide for Android disk image acquisition?
I have been following the DFIRScience channel on youtube but in his video on disk image acquisition he uses KingoRoot which according to this rooting guide (last section at bottom of article) by XDA is bad practice.
This rooting guide from guidetoroot.com mentions that during the rooting process all the data will be erased, and this is where my confusion has come from. If that is true it would seem counter productive to the purpose of acquiring a disk image. My operating system is Win 8.1 Pro by the way.
I would very much appreciate it if someone could help me out with this.
Dune_Rat said:
Hi there,
As the title suggests, I would like to acquire a physical disk image of my Samsung Galaxy A01 which I will be using Autopsy to analyze. My research has lead me to believe that in order to do so one must first root the device. So my questions are:
1. If I root the device will all the data I am attempting to analyze be deleted/erased in the process?
2. Does anyone know of a good guide for Android disk image acquisition?
I have been following the DFIRScience channel on youtube but in his video on disk image acquisition he uses KingoRoot which according to this rooting guide (last section at bottom of article) by XDA is bad practice.
This rooting guide from guidetoroot.com mentions that during the rooting process all the data will be erased, and this is where my confusion has come from. If that is true it would seem counter productive to the purpose of acquiring a disk image. My operating system is Win 8.1 Pro by the way.
I would very much appreciate it if someone could help me out with this.
Click to expand...
Click to collapse
The guides that discuss the device being wiped during the root process only applies to devices that have locked bootloader. These devices have to unlock the bootloader before they can modify the device, the device gets wiped by default as part of the process of unlocking the bootloader.
Droidriven said:
The guides that discuss the device being wiped during the root process only applies to devices that have locked bootloader. These devices have to unlock the bootloader before they can modify the device, the device gets wiped by default as part of the process of unlocking the bootloader.
Click to expand...
Click to collapse
Ah I see, thanks very much, Droidriven. Do you perhaps know of any good recent guides for android disk image acquisition?
Dune_Rat said:
Ah I see, thanks very much, Droidriven. Do you perhaps know of any good recent guides for android disk image acquisition?
Click to expand...
Click to collapse
The term "disk image" does not apply to android. What do you mean by "disk image"?
If you are asking if there is a way to backup the operating system on your device and all other data on your device before you attempt to root your device, there is no way to do that without either root or TWRP custom recovery. You don't need both, but, you do need at least one of them. There are ways to backup user data using adb without root but you can't backup the operating system or anything else in the system partition.
Without root, you, as the user, can only backup user installed apps and their corresponding app data/settings, user data stored in internal storage and device settings.
If the operating system gets corrupted during your rooting attempt, you will have to flash your device's stock firmware via Odin then restore any data that you backed up.
Droidriven said:
The term "disk image" does not apply to android. What do you mean by "disk image"?
If you are asking if there is a way to backup the operating system on your device and all other data on your device before you attempt to root your device, there is no way to do that without either root or TWRP custom recovery. You don't need both, but, you do need at least one of them. There are ways to backup user data using adb without root but you can't backup the operating system or anything else in the system partition.
Without root, you, as the user, can only backup user installed apps and their corresponding app data/settings, user data stored in internal storage and device settings.
If the operating system gets corrupted during your rooting attempt, you will have to flash your device's stock firmware via Odin then restore any data that you backed up.
Click to expand...
Click to collapse
Thanks for the info. By "disk image" I was referring to the "cloning" of the device once rooted. I would like to test out some digital forensic software like Autopsy with a real world device like my A01 by acquiring/making a physical disk image of it.
That's the term they use in digital forensics...there's physical and then there's logical disk images. Logical disk images are used more for surface analysis and has limitations on what can be done with it and does not appear to need rooting. Physical disk images on the other hand provide full unrestricted access to all files. Well, that's my understanding of it, anyway.
I would like to try using FTK Imager for this purpose (acquiring a disk image) but it's not detecting the device so I'm also hoping that will be sorted out once the phone has been rooted.
Dune_Rat said:
Thanks for the info. By "disk image" I was referring to the "cloning" of the device once rooted. I would like to test out some digital forensic software like Autopsy with a real world device like my A01 by acquiring/making a physical disk image of it.
That's the term they use in digital forensics...there's physical and then there's logical disk images. Logical disk images are used more for surface analysis and has limitations on what can be done with it and does not appear to need rooting. Physical disk images on the other hand provide full unrestricted access to all files. Well, that's my understanding of it, anyway.
I would like to try using FTK Imager for this purpose (acquiring a disk image) but it's not detecting the device so I'm also hoping that will be sorted out once the phone has been rooted.
Click to expand...
Click to collapse
You're looking for what we call a "nandroid backup", a copy of all data that is stored on the device. Typically, creating a nandroid backup requires either rooting the device then using adb commands to pull a nandroid backup or it requires installing a custom recovery such as TWRP that has an option to create a nandroid backup from within recovery mode.
Your device probably doesn't have a custom recovery/TWRP. Custom recoveries are built specific to the model number that they are to be installed on, there is no such thing as a universal custom recovery that can be used on all android devices. If no developer has chosen to build a version of TWRP for your specific model number then your device can't use TWRP unless you manage to build it for yourself.
These days, most Samsung devices cannot be rooted because they have bootloaders that cannot be unlocked. The only hope of rooting a Samsung device that has a locked bootloader that cannot be unlocked is to find an android app or PC program that has an exploit that your device is vulnerable to. But, these kinds of apps and programs have not been able to root devices since somewhere around the time that android Lollipop or Marshmallow was released, they are no longer able to root today's devices.
You may have to choose another device to experiment with. Preferably one that already has a custom recovery available for that specific model number or has known working root method for that specific model number.
What is your A01's specific model number? That is what will determine wgat is or isn't available for your device and what you can and can't do with it.
Thanks so much for the thorough responses, Droidriven. This has cleared everything up for me. The specific model number of my phone is SM-A015F/DS.
Dune_Rat said:
Thanks so much for the thorough responses, Droidriven. This has cleared everything up for me. The specific model number of my phone is SM-A015F/DS.
Click to expand...
Click to collapse
Apparently, there is a version of TWRP for your model number, but, from what I've been reading, you need to be on android 11 in order to unlock your bootloader then install TWRP. Once you have TWRP installed, you can use it to create a nandroid backup by using the Backup option in TWRP. In your case, you probably want to backup absolutely everything that can be backed up, therefore, when you choose the Backup option in TWRP, on the next screen you'll see a list of partitions to backup, select the partitions you want to backup then initiate the backup by sliding the slider at the bottom. Then you'll have to find the correct tools to extract the data from the backup, it can be tricky because of the type of file that TWRP creates.
unofficial twrp 3.5.2 Root Samsung Galaxy A01 SM-A015F
Download unofficial twrp 3.5.2 Root Samsung Galaxy A01 SM-A015F, user who own Galaxy A01 can root it by following the below Instructions
unofficialtwrp.com
Awesome, this looks promising...I'll take a look at it. Thanks again for all the info, Droidriven, you've been a star.

Categories

Resources