I can't believe what I've seen!
A few days ago I encrypted my galaxy s3 running the old 4.1.2 with this guide to avoid having to enter an alphanumeric password each time I unlock the screen. Yesterday I installed an app called "Locker" that is supposed to reboot and wipe the device after a specified number of wrong lockscreen pin attemps.
When I woke up this morning I had a nandroid on the microsd (online nandroid backup app) performed overnight plus the internal storage backed up too and I decided to try that app. After 10 wrong attemps it actually rebooted to recovery but didn't wipe anything, probably cause I'm running a custom recovery (TWRP). No bad, after reboot you are prompted to enter the alphanumeric cryptopassword (different from the lockscrenn pin) so that method would be safe, I think. After entering the cryptopassword it forced reboot again, again stating I entered 10 wrong pin previously. At this point I was stuck so I tried restoring the nandroid, rebooted but guess what?? My cryptopassword was not recognized!!! I tried another time wiping everything, included internal storage, no good. I tried restoring a previous unencrypted image, incredibly it still asks me the cryptopassword and still doesn't recognize it!!
I was stuck and didn't know what to do, I said I'll try flashing a stock rom with odin, I started downloading it but I reflashed stock recovery back for another try. Wipe data/factory reset, then reflashed TWRP restored the overnight nandroid back again and guess what???
MY DEVICE ISN'T ENCRYPTED ANYMORE!!! It only asks the lockscreen pin, but if I go to settings => Security it shows itself as unencrypted!!
Such an incredible bug, yes, you'll lose your internal storage in the process and you need a nandroid to restore the /data partition. I can't believe it!!
Probably I understand what happened. The online nandroid backup is performed after the cryptokey has been entered, so it saves the data partition unencrypted.
The proof would be making a nandroid from recovery and seeing if this trick works the same
FDE on Android 4.x is already known as vulnerably and can be decrypt by various tools (not telling the name here - and don't ask me for it). Just saying, so no matter if you use it or not if an attacker have physical access to your device it's very easy to get your stuff and the fact you use a custom recovery makes it very easy (not that a stock recovery is not affected but needs some more steps to get the tools working..).
CHEF-KOCH said:
FDE on Android 4.x is already known as vulnerably and can be decrypt by various tools (not telling the name here - and don't ask me for it). Just saying, so no matter if you use it or not if an attacker have physical access to your device it's very easy to get your stuff and the fact you use a custom recovery makes it very easy (not that a stock recovery is not affected but needs some more steps to get the tools working..).
Click to expand...
Click to collapse
With other experiences I had with PCs, if you clone a bitlocker encrypted partition online, the resulting copy will be unencrypted, if you clone it booting from a live cd the resulting copy will be encrypted as well.
What I did was backing up my phone online, so the backup was of an unencrypted system. I'm sure if I restore a nandroid made in recovery environment, it will restore an encrypted system as well
I think the only way to get around it is brute forcing it, a 128 bit key is safe as long as you don't choose a short password
Related
Ok, so i'm new to all this stuff about custom recoverys and ROMs. How exactly do they work?
Let's say i make a custom recovery image of my current ROM, wich is stock, does it just backup the OS or my personal files (music, photos, apps, etc.) too?
I'm asking this primarly because i want to upgrade my phone, but to do so i have to flash the stock firmware because i've modified some system files. Wich bring to my other question, flashing ROMs wipe user data? i've read some split responses to this, some people say it does some say it doesn't.
And my final question, let's say i made a backup, wiped my phone flashed stock firmware and updated, now how i recover my data from the
backed up ROM, i mean it is a different version, does it have an option to just restore user data?
Thanks in advance, and sorry if these are too much questions.
it'll back up system, data, boot.img and dalvik cache.
your sd partition isn't backed up, but all the stuff on it will be readable by whatever new rom you put on it (unless you wipe EVERYTHING [not a good idea]).
when you're changing roms/etc, you want to place the rom.zip + gapps.zip (and custom kernel.zip if you're going to use one) on your sd partition. you do this because usb storage mostly doesn't work with custom recoveries as of yet on this device meaning once you've wiped, if you don't have a rom on your sd partition you're mildly screwed in that you'd have to reflash everything from a stock image (meaning you will lose root, all your personal files and whatever rom was on the phone - basically everything goes back to stock bar the bootloader).
e: as for restoring all apps data, use something like titanium backup. i always have a backup on my sd partition of all my current apps (plus wifi passwords, accounts info, sms messages etc to save time/effort when restoring after putting a new rom on). i also always set TB to backup all modified/new data every night at about 3am, then upload the backup to google drive so that if i either brick my phone or accidentally wipe everything, at least i can get back to where i left off.
If you forget to place the ROM zip, and have formatted the device, it is not necessary to flash stock. You use adb side load which is present in every recovery.
in that case i need to remember that for future use - i hardly ever use my pc with my phone now as you can pretty much do anything (update recovery etc) on the phone alone.
that, and i'm on windows 8.1 which afaik doesn't play nicely with fastboot or adb.
twist3d0n3 said:
....and i'm on windows 8.1 which afaik doesn't play nicely with fastboot or adb.
Click to expand...
Click to collapse
....i think this is a rumor. Never ever had any problems on W8.1
^ good to know, thanks
I'm considering encrypting my g900t still running Kitkat 4.4.2. I would like to get a good understanding of what encrypting my device will do to various functions. Some questions I am considering are,
1) how will it affect making a nandroid back and then later restoring that backup?
2) if I make a nandroid before the encryption, and decide to factory reset, will it then be non-encrypted and I can restore the pre-encryption nandroid?
3) If I make a nandroid after the encryption, and factory reset later, can I flash the nandroid and if so do I have to do that after re-encrypting the phone?
4) will I be able to flash a custom ROM after encrypting?
5) I have read that Lollipop and later have improved the slowdown by encryption, so what will I probably see if I encrypt my Kitkat phone?
6) after encryption, is it pretty much transparent to me, in that I can install and uninstall software as I please?
7) what kind of unlock screen will I see after encryption?
8) finally, when I reset my phone, there are directories on the internal SD that don't get backed up by Titanium Backup, and I generally copy those directories to my SD card and then recopy them to internal SD after setting up my phone again. How will encryption affect that process?
Thanks to anyone who will take the time to give me some understanding of these things.
This is a psa about restoring backups with our version of TWRP. I would advise anybody who can help it NOT to do a full system restore I am on EVR_AL00.
I do not know the details of its implementation but I do know that trying to restore a full system backup from 3 days ago become a huge problem when TWRP failed to properly restore the system and system image partition and the device could not mount them because of corruption. No combination of formatting and restoring seemed to have an impact on the results, but after painfully re-writing my drive many times I saw that the results inconsistently affected /vendor, /data, /system, and /system_image. TWRP did eventually give me a bootable system after running e2fsck -fv on my system partition, BUT it managed to kill the performance of my phone. There was noticeable lag on boot up before I could get full control of my system, but I might not have known if I did not use more cpu intensive tasks, such as viewing videos inside a linux chroot environment. The affect was not small by any means, it destroyed the usability of my environment. I believe that this was do to a failure to properly restore the block information, therefore killing read/write speed. Furthermore, the system was no longer able to boot with the stock boot.img, only through magisk. When I formatted the system_root partition, not realizing it was not included in the backup, it was no longer able to do that....
This become more of a pain in the ass when after restoring the stock erecovery it failed to restore the device, and the inconsistent performance of the huawei bootloader made it at times impossible to access either recovery or the system partition as I went about trying to get a stable system back on my device without erecovery or emui flasher. After messing around flashing different recovery images, eventually erecovery was able to restore the stock rom and I was able to re root my device and restore my TWRP /data backup.
I'm not complaining, as I do appreciate these tools for what they are, but I wanted to put this out there so that somebody could be saved from this experience. Due to my previous experience with TWRP I was happy to do a full system restore, even when I didn't need to, if only just to make sure I could. Turns out that was ill-advised.
I would highly advise that you only restore the /data partition through TWRP unless you absolutely must restore other partitions to recover a device. Through all of this I probably put near a full write cycle on my disk
AllanRSS said:
This is a psa about restoring backups with our version of TWRP. I would advise anybody who can help it NOT to do a full system restore I am on EVR_AL00.
I do not know the details of its implementation but I do know that trying to restore a full system backup from 3 days ago become a huge problem when TWRP failed to properly restore the system and system image partition and the device could not mount them because of corruption. No combination of formatting and restoring seemed to have an impact on the results, but after painfully re-writing my drive many times I saw that the results inconsistently affected /vendor, /data, /system, and /system_image. TWRP did eventually give me a bootable system after running e2fsck -fv on my system partition, BUT it managed to kill the performance of my phone. There was noticeable lag on boot up before I could get full control of my system, but I might not have known if I did not use more cpu intensive tasks, such as viewing videos inside a linux chroot environment. The affect was not small by any means, it destroyed the usability of my environment. I believe that this was do to a failure to properly restore the block information, therefore killing read/write speed. Furthermore, the system was no longer able to boot with the stock boot.img, only through magisk. When I formatted the system_root partition, not realizing it was not included in the backup, it was no longer able to do that....
This become more of a pain in the ass when after restoring the stock erecovery it failed to restore the device, and the inconsistent performance of the huawei bootloader made it at times impossible to access either recovery or the system partition as I went about trying to get a stable system back on my device without erecovery or emui flasher. After messing around flashing different recovery images, eventually erecovery was able to restore the stock rom and I was able to re root my device and restore my TWRP /data backup.
I'm not complaining, as I do appreciate these tools for what they are, but I wanted to put this out there so that somebody could be saved from this experience. Due to my previous experience with TWRP I was happy to do a full system restore, even when I didn't need to, if only just to make sure I could. Turns out that was ill-advised.
I would highly advise that you only restore the /data partition through TWRP unless you absolutely must restore other partitions to recover a device. Through all of this I probably put near a full write cycle on my disk
Click to expand...
Click to collapse
You only need to backup data and system image in TWRP. Don't mess with vendor, cust etc as they don't backup or restore properly on Huawei devices with TWRP. I've backed up and restored data and system plenty of times now.
Of course which partitions you need to backup or restore would depend entirely on the use case of the utility . I tend to 'mess with' alot of things for various purposes and it is good knowing that anything can be recovered quickly and easily if need be. I have been doing nandroid backups for a long time and it has always 'just worked' as long as you use it sensibly. Unfortunately, whatever the difference is with this device, that seems not to be the case. I'm sure if someone took a look at it it would be clear as a dd backup isn't exactly rocket science, but unfortunately I am far too preoccupied with my business and there isn't exactly a flourishing development scene for this phone
I'm bricking my device same way that you describe.... Restoring all partition that is possible to backup with TWRP. There is a way to put some files in the memory - "base folder" and something "no check ....." And seen a bunch of commands from "ADB shell" and it's restored. Will put a video of the process soon to be useful for anyone with not enough skills to bring back the device to live!
Thanks for checking in Ronin. Seeing as this is affecting multiple users it's good to get the word out so that new users don't end up messing up their device.
1. format of the "system" and "vendor" sections
2.restore only the "system" and "vendor"
3.restore only the "system image and vendor image"
4. restore the OEM
*otherwise it is a bootloop without OEM.
---------- Post added at 02:54 PM ---------- Previous post was at 02:52 PM ----------
i have used this order for restoring my phone succesfully.
Hi all,
I know phone SD cards are generally very hard to recover once wiped, all the same, I wanted to make sure.
Wiped Data through custom recovery
Wiped Caches
Installed stock OS
Restored stock recovery
Wiped
Are these enough steps to sure the phone is secure and no data can be recovered? Thanks.
If you want to fully wipe phone before sale security, try phone data eraser tool. Such tool can help us wipe all information on phone without recovery and make it like a new one. Then there is no need to worry about data leaked. Just search it online and choose the one you like. Good luck to you.
The same zero out technique I use for hdds, with a 5 pound sledge; flatten completely and then some.
Sometimes a oxyacetylene cutting torch... a nice bonfire gets it too.
Zero chance of data recovery and fun to do
ph3n0m. said:
Hi all,
I know phone SD cards are generally very hard to recover once wiped, all the same, I wanted to make sure.
Wiped Data through custom recovery
Wiped Caches
Installed stock OS
Restored stock recovery
Wiped
Are these enough steps to sure the phone is secure and no data can be recovered? Thanks.
Click to expand...
Click to collapse
As @blackhawk mentioned: Overwriting Android's user-space several times with zeroes is fully enough. You even can do this by means of ADB.
I always just plug up to my laptop and do a: sudo fastboot -w
I've sold quite a few devices of mine over the years since Android began and t.ive always just did a format data using fastboot.
If you had some super top secret information on there maybe use some type of cleaner software program like another user here already mentioned. I've never used anything like that but I've read about them over the years online. I think a ./flash-all.sh and and not removing the fastboot -w flag is enough though, but that's just me. There are things you can purchase that will supposedly wipe it to where three is no possible way of anything ever being retrieved.
One of the most thorough ways to wipe the Android device is the factory reset.
The f actory reset deletes the complete relevant data - both the system settings data and the user settings and user data. The system applications are reset to the delivery state.
The factory reset deletes all subfolders of data (only lost+found remains) and deletes cache/dalvik-cache.
Hello,
I just updated the rom Evolution X 11 on my Xiaomi Mi 9T Pro after using an older version for about half a year.
Now my phone does not boot anymore, its stuck in recovery (TWRP). Also all data seems to be encrypted and TWRP is not asking for a password.
Is there a way to get my phone to boot again or at least backup my data before I do a full wipe?
You should always do a full twrp backup before messing with roms.
The best solution would be to backup the "Data" and "Internal Storage" partitions. Data contains all apps, their appdata and settings, while internal storage contains all of your own files (photos, videos etc.). After you back these up, wipe your phone (system, data, cache, dalvik) and flash the version of evolution x you were using previously. Now restore data and internal storage and your device should be back to normal.
If you get a bootloop while booting after restoring data and internal storage, then wipe the device again and this time flash evolution x, but only restore internal storage. This way, it should boot and you will be able to recover your files, though your apps will be gone.
If you only restore internal storage then it will no doubt boot up and you will have access to your files, but since you'll have already backed up the important stuff (data + internal storage), you might as well try restoring data as well, as there is no harm, and if the phone boots correctly after restoring both partitions, your phone will be as it was before your updated your rom.
This happened a while back to me with my J5, the issue was that I made a full TWRP backup, then began to test other roms. After I was done, I tried to restore my backup, but it would constantly fail. I sat down for a while, confused and sad about how my TWRP backup had failed me. I tried every solution I could think of, eventually this solution I've mentioned in the above paragraph came to my mind. Thank god for putting it into my mind, otherwise I would've lost a lot of stuff (mainly whatsapp chats which werent backed up, and a lot of apps which I took the time to pain-stakingly configure in the best way for my device).
Anyways, enough of my story, hope this helps you out! If it does, message back here and let us know, and also mark my post as the solution if it was able to help you, so that anyone else who stumbles upon this thread can be saved too!
Cheers!
PhotonIce said:
You should always do a full twrp backup before messing with roms.
The best solution would be to backup the "Data" and "Internal Storage" partitions. Data contains all apps, their appdata and settings, while internal storage contains all of your own files (photos, videos etc.). After you back these up, wipe your phone (system, data, cache, dalvik) and flash the version of evolution x you were using previously. Now restore data and internal storage and your device should be back to normal.
If you get a bootloop while booting after restoring data and internal storage, then wipe the device again and this time flash evolution x, but only restore internal storage. This way, it should boot and you will be able to recover your files, though your apps will be gone.
If you only restore internal storage then it will no doubt boot up and you will have access to your files, but since you'll have already backed up the important stuff (data + internal storage), you might as well try restoring data as well, as there is no harm, and if the phone boots correctly after restoring both partitions, your phone will be as it was before your updated your rom.
This happened a while back to me with my J5, the issue was that I made a full TWRP backup, then began to test other roms. After I was done, I tried to restore my backup, but it would constantly fail. I sat down for a while, confused and sad about how my TWRP backup had failed me. I tried every solution I could think of, eventually this solution I've mentioned in the above paragraph came to my mind. Thank god for putting it into my mind, otherwise I would've lost a lot of stuff (mainly whatsapp chats which werent backed up, and a lot of apps which I took the time to pain-stakingly configure in the best way for my device).
Anyways, enough of my story, hope this helps you out! If it does, message back here and let us know, and also mark my post as the solution if it was able to help you, so that anyone else who stumbles upon this thread can be saved too!
Cheers!
Click to expand...
Click to collapse
Thank you for your help but backing up the data and internal storage doesnt seem possible right now because all the data is encrypted in TWRP...
If you can't backup anything, then wipe system, cache and dalvik, and flash the version of evolutionx you were previously using. Then boot, it should be fine. If it wont boot (give it some time, it will take the time of a fresh install), then this time wipe system+data+cache+dalvik, then flash whichever rom you like and you'll be able to access the files.
You can also try using platform tools and fastboot or adb ( i dont remember exactly which one) to copy the filess from your phone onto your pc.
Sorry if this doesn't apply to your situation, I've never used a phone which has been encrypted, as such I have no experience with them.
PhotonIce said:
If you can't backup anything, then wipe system, cache and dalvik, and flash the version of evolutionx you were previously using. Then boot, it should be fine. If it wont boot (give it some time, it will take the time of a fresh install), then this time wipe system+data+cache+dalvik, then flash whichever rom you like and you'll be able to access the files.
You can also try using platform tools and fastboot or adb ( i dont remember exactly which one) to copy the filess from your phone onto your pc.
Sorry if this doesn't apply to your situation, I've never used a phone which has been encrypted, as such I have no experience with them.
Click to expand...
Click to collapse
That sounds like a good idea. I found the old version on my PC.
Now I just need a way to install it... because twrp cant read the file. I tried with adb sideload but that results in an error for some reason. Flashing Magisk for example with adb sideload is possible.
Edit: Got it to work by using a tool called "Large Address Aware". Now waiting for the results...
PhotonIce said:
If you can't backup anything, then wipe system, cache and dalvik, and flash the version of evolutionx you were previously using. Then boot, it should be fine. If it wont boot (give it some time, it will take the time of a fresh install), then this time wipe system+data+cache+dalvik, then flash whichever rom you like and you'll be able to access the files.
You can also try using platform tools and fastboot or adb ( i dont remember exactly which one) to copy the filess from your phone onto your pc.
Sorry if this doesn't apply to your situation, I've never used a phone which has been encrypted, as such I have no experience with them.
Click to expand...
Click to collapse
This did not help unfortunately... Im still in the same recovery-bootloop and my data is still encrypted.
It's probably still bootlooping as the data partition got modified when you flashed the newer version of evolutionx, and now it will not work with the old one. You can try wiping system+data+cach+dalvik and then flashing any rom of your choice. This will give you access to your internal storage (photos, media etc), but it will remove your apps and their settings. Whatsapp images are stored in the internal storage so you won't need to worry about those.
Again, this is risky, as it may not work (I don't know much about encryption), or you might still not be able to access your files after flashing the new rom. Proceed at your own risk.
PhotonIce said:
It's probably still bootlooping as the data partition got modified when you flashed the newer version of evolutionx, and now it will not work with the old one. You can try wiping system+data+cach+dalvik and then flashing any rom of your choice. This will give you access to your internal storage (photos, media etc), but it will remove your apps and their settings. Whatsapp images are stored in the internal storage so you won't need to worry about those.
Again, this is risky, as it may not work (I don't know much about encryption), or you might still not be able to access your files after flashing the new rom. Proceed at your own risk.
Click to expand...
Click to collapse
Thank you for still helping me out but I already did a full reset yesterday. I did not lose much except for the time setting it all up again.
I still dont really get the point of encrypting all your data if you cant decrypt it even if you know the password...