Hello
I am unsure if this goes here, since this is a generic question that would apply to most Android phones, I decided to put this here or on the General forum
I assume it's also not possible to do what I mention due to the way it's designed.
Let's say I have a new phone and I would like to get a backup of the whole phone partitions and partition table before doing any modification to it, using no root
Would there be a way to get the list of partitions of the phone using cat proc/partitions for example, or any other way
Then use dd to get bin/img files of the device, including bootloader, modem/radio, etc.
Use, let's say, sgdisk command to backup the partition table
I am open to other ideas I might haven't figured out yet.
In short words, I would love to dump my whole device low level data (such as EFS). I usually do this when I am already root, but maybe there's a way to do this without "tampering" the device on first place.
Thanks
Related
Hi all,
So in order to try out JCase's PIE root method, I used RSLite to roll back from 19.6.3 to 19.5.3, unfortunately I didn't realise that this was a full reflash, and because I was in too much of a hurry to try get root, I ended up wiping a bunch of photos of my recent trip that I hadn't backed up (Along with other things, but nothing else as important as the photos).
Now I've gone through WarTickler's recovery method by using busybox and netcat to transfer a copy of the userdata block off of the phone, then mount it up in windows and attempt to use recovery software to browse and recover stuff - the problem is, All I can see are some very large oddly named things - How exactly does the Mini/Maxx/Ultra store the separate types of user data?
I know that when you connect the phone via usb you switch modes and can get completely different filesystems for media/downloads and camera storage - are these separate virtual disks under the userdata area? it would possibly explain the large odd looking things showing up under the recovery software if so.. although I'm not sure how to proceed from here...
The background: thought I had everything backed up but didn't realize there was something I missed. A quick wipe of all partitions on the phone has removed the data partition's file index. Then I realized I was missing data from my backup.
The problem: file recovery tools I've come across thus far don't seem to want to look for this particular type of file... simple XML. I'm also trying to limit use of the phone itself because installing of new apps to try and recover the data may overwrite sectors that are needed for the recovery. I'm already feeling sort of lucky that this is a 32GB internal memory device and my estimate of the file size is going to be <200MB. In that respect odds of data already having been overwritten in the minimal use I've had since should be slim, and if it has occurred it is probably something I can fake my way around.
Steps taken so far: from TWRP recovery's terminal I performed a dd of /dev/block/mmcblk0p38 (data partition on my Moto XT926M) to a file on an external card. This has enabled me to more easily work with the data from my Ubuntu desktop and also to not have to worry about further changes of the data from phone usage. I've already located via grep and parsed out via dd two XML files that I lost but those were easy as they were each under 100KB. I've located the start of the last XML file I want to recover but after about 1.5MB the trail goes cold. Either the data was contiguous and has already been overwritten at that point or the original file was being written, encountered a next block that was already occupied and continued writing elsewhere. I'm hoping for the latter.
SO...
With this image of the data partition and the knowledge of "this is where the file starts" does anyone have thoughts on how I can continue to work to find the missing pieces of this file? Assuming that from the staring point I've found that the original write just had to skip and continue writing at a different block, in f2fs is there a way to see that from the vicinity of the data I've located? I seem to think when looking at low-level data for some disk format method that the last handful of bytes (or maybe in some sort of header bytes?) of one file segment would indicate what block/sector/offset the next file segment would start but I don't know if that is the case here. Better yet any Linux based utilities that can take an f2fs partition dump and do advanced forensic recovery? I'm able to instruct it that the file starts at byte X of the image. I could try an Android app based solution but 1) that partition will continue to evolve and risk further destruction of desired data and 2) apps I've examined so far are great for finding pictures and videos, not so much at anything else.
My alternative is going to be to continue grepping through the image searching for known XML tags and manually trying to piece things together. At that point the 32GB MMC size changes from a blessing to a curse. Needle, meet haystack.
Oops, in hindsight I probably should have had this under "Android General" instead of this sub forum. Mods, I leave it to your discretion regarding movement but you can't argue that this is highly technical.
Any Luck
Pow_2k said:
Oops, in hindsight I probably should have had this under "Android General" instead of this sub forum. Mods, I leave it to your discretion regarding movement but you can't argue that this is highly technical.
Click to expand...
Click to collapse
Hi mate .. have you been able to recover files .. i am in a same situation ( forgot to back up my pictures and formatted internal sd to F2FS ..
please let me know
Thanks
I would recommend the link here.
At the end you will find all the interesting tools as link.
https://articles.forensicfocus.com/...bile-devices-running-android-operating-system
Best regards!
Sent from my HTC One_M8 using XDA-Developers mobile app
just some more useless link
https://www.magnetforensics.com/resources/recovering-evidence-from-f2fs-file-systems-with-ief
has anyone ever undeleted single file?
So I'm in a scenario where I'll end up needing to install lineage with a custom kernel for around 15 devices or so. Typically the word of the wise on flashing is to obviously just install a custom recovery and install system images through there. However, since I'm going to need to do this in bulk it becomes more of a thing to script out, and flash images via fastboot. Though this shouldn't ever *reasonably* be an issue, I'd like to make a backup of the entire phone's nand, including the partitions associated with actual phone things. Though I believe that this should be reasonably accomplished by dd'ing /dev/block/mmcblk0, I want to make sure there are no other storage mediums on the phone that could be altered by fastboot that I'm overlooking. Thanks!
Deciding among:
(1) Samsung Galaxy S Flagship
(2) Pixel
(3) iPhone
Samsung -- offers Smart Switch to create good-enough system backups. Not to mention Samsung DeX and SideSync. Killer and easy-to-use. Apps that don't want you copying their "private data" will obviously have their "private data" get left behind. No big deal.
iPhone -- their local backup feature is sweet and reliable. Plus there are 3rd Party Apps that let you browse thru your backups if that's your thing. It seems to grab almost everything except for things like Signal's messaging data and Banking Apps' data, which is fine with me. Apps that don't want you copying their "private data" will obviously have their "private data" get left behind. No big deal.
Pixel -- this is why I'm here and what I'm bugging out about. I love stock Android. But, there is no native backup-to-computer function. I'm fine with having to use some "advanced tools" like adb. I'm familiar with CLIs. But, I don't have much experience with flashing ROMs and stuff. I basically only have 1 phone right now. So, I can't experiment on it.
Based on some reading:
Here's what I want to accomplish with a Pixel phone WITHOUT ROOTING IT:
(1) Buy a Pixel 4a 5G and set it up as desired.
(2) Use TWRP to backup the whole thing to my PC via adb/USB.
(3) Then, let's say I accidentally break my Pixel 4a 5G 128GB into pieces. But, I go to Best Buy and get/buy a new one as a replacement.
(4) Now, on the replacement unit: I put in the right SIM card, unlock the bootloader, use adb and fastboot to load up TWRP, and then restore the aforementioned backup from the computer.
(5) Now, when I reboot, everything will be essentially back to what it was like in the original phone?
Is this even possible? Do I sound ignorant here? Be honest. Hit me with the truth.
To create a NAND backup phone must be rooted.
jwoegerbauer said:
To create a NAND backup phone must be rooted.
Click to expand...
Click to collapse
And, this TWRP thing cannot backup without root?
Sorry, I'm a bit new to these terms.
Maybe I shouldn't even be using them.
So, adb is deprecated and there is no safe non-root way to create a backup except to get a Samsung phone.
As soon as the SU-binary got copied to Android Android is rooted. You don't need to install TWRP or other things to perform a full NAND backup. This can be done by means of ADB utilizing the dd command once SU-binary is present in Android.
Wouldn't a dd backup be unnecessarily large?
I'd prefer something that replicates the entire partition table and directory structure over to the new or same phone.
Does rooting always reset your phone as you have to unlock the bootloader?
nixnixnixnix4 said:
Wouldn't a dd backup be unnecessarily large?
I'd prefer something that replicates the entire partition table and directory structure over to the new or same phone.
Click to expand...
Click to collapse
The dd command creates a bitwise copy of the partition selected, thus it isn't "unnecessarily large".
Pseudo code:
copy SU-binary onto Android
make SU-binary executable
using SU-binary mount whole Android as RW
get list of all Android partitions - i.e. corresponding block devices
for each block device found copy its content by means of adb exec-out <- dd to pc
jwoegerbauer said:
The dd command creates a bitwise copy of the partition selected, thus it isn't "unnecessarily large".
Pseudo code:
copy SU-binary onto Android
make SU-binary executable
using SU-binary mount whole Android as RW
get list of all Android partitions - i.e. corresponding block devices
for each block device found copy its content by means of adb exec-out <- dd to pc
Click to expand...
Click to collapse
Don't I have to unlock the bootloader, which wipes the phone, in order to get root?
I thought there was no way to root a Pixel without unlocking the bootloader?
nixnixnixnix4 said:
Don't I have to unlock the bootloader, which wipes the phone, in order to get root?
I thought there was no way to root a Pixel without unlocking the bootloader?
Click to expand...
Click to collapse
As I can see you didn't get it - for whatever reason. I'm no longer participating this thread ...
jwoegerbauer said:
copy SU-binary onto Android
Click to expand...
Click to collapse
Where and how do you find it for a Pixel?
Hi there,
As the title suggests, I would like to acquire a physical disk image of my Samsung Galaxy A01 which I will be using Autopsy to analyze. My research has lead me to believe that in order to do so one must first root the device. So my questions are:
1. If I root the device will all the data I am attempting to analyze be deleted/erased in the process?
2. Does anyone know of a good guide for Android disk image acquisition?
I have been following the DFIRScience channel on youtube but in his video on disk image acquisition he uses KingoRoot which according to this rooting guide (last section at bottom of article) by XDA is bad practice.
This rooting guide from guidetoroot.com mentions that during the rooting process all the data will be erased, and this is where my confusion has come from. If that is true it would seem counter productive to the purpose of acquiring a disk image. My operating system is Win 8.1 Pro by the way.
I would very much appreciate it if someone could help me out with this.
Dune_Rat said:
Hi there,
As the title suggests, I would like to acquire a physical disk image of my Samsung Galaxy A01 which I will be using Autopsy to analyze. My research has lead me to believe that in order to do so one must first root the device. So my questions are:
1. If I root the device will all the data I am attempting to analyze be deleted/erased in the process?
2. Does anyone know of a good guide for Android disk image acquisition?
I have been following the DFIRScience channel on youtube but in his video on disk image acquisition he uses KingoRoot which according to this rooting guide (last section at bottom of article) by XDA is bad practice.
This rooting guide from guidetoroot.com mentions that during the rooting process all the data will be erased, and this is where my confusion has come from. If that is true it would seem counter productive to the purpose of acquiring a disk image. My operating system is Win 8.1 Pro by the way.
I would very much appreciate it if someone could help me out with this.
Click to expand...
Click to collapse
The guides that discuss the device being wiped during the root process only applies to devices that have locked bootloader. These devices have to unlock the bootloader before they can modify the device, the device gets wiped by default as part of the process of unlocking the bootloader.
Droidriven said:
The guides that discuss the device being wiped during the root process only applies to devices that have locked bootloader. These devices have to unlock the bootloader before they can modify the device, the device gets wiped by default as part of the process of unlocking the bootloader.
Click to expand...
Click to collapse
Ah I see, thanks very much, Droidriven. Do you perhaps know of any good recent guides for android disk image acquisition?
Dune_Rat said:
Ah I see, thanks very much, Droidriven. Do you perhaps know of any good recent guides for android disk image acquisition?
Click to expand...
Click to collapse
The term "disk image" does not apply to android. What do you mean by "disk image"?
If you are asking if there is a way to backup the operating system on your device and all other data on your device before you attempt to root your device, there is no way to do that without either root or TWRP custom recovery. You don't need both, but, you do need at least one of them. There are ways to backup user data using adb without root but you can't backup the operating system or anything else in the system partition.
Without root, you, as the user, can only backup user installed apps and their corresponding app data/settings, user data stored in internal storage and device settings.
If the operating system gets corrupted during your rooting attempt, you will have to flash your device's stock firmware via Odin then restore any data that you backed up.
Droidriven said:
The term "disk image" does not apply to android. What do you mean by "disk image"?
If you are asking if there is a way to backup the operating system on your device and all other data on your device before you attempt to root your device, there is no way to do that without either root or TWRP custom recovery. You don't need both, but, you do need at least one of them. There are ways to backup user data using adb without root but you can't backup the operating system or anything else in the system partition.
Without root, you, as the user, can only backup user installed apps and their corresponding app data/settings, user data stored in internal storage and device settings.
If the operating system gets corrupted during your rooting attempt, you will have to flash your device's stock firmware via Odin then restore any data that you backed up.
Click to expand...
Click to collapse
Thanks for the info. By "disk image" I was referring to the "cloning" of the device once rooted. I would like to test out some digital forensic software like Autopsy with a real world device like my A01 by acquiring/making a physical disk image of it.
That's the term they use in digital forensics...there's physical and then there's logical disk images. Logical disk images are used more for surface analysis and has limitations on what can be done with it and does not appear to need rooting. Physical disk images on the other hand provide full unrestricted access to all files. Well, that's my understanding of it, anyway.
I would like to try using FTK Imager for this purpose (acquiring a disk image) but it's not detecting the device so I'm also hoping that will be sorted out once the phone has been rooted.
Dune_Rat said:
Thanks for the info. By "disk image" I was referring to the "cloning" of the device once rooted. I would like to test out some digital forensic software like Autopsy with a real world device like my A01 by acquiring/making a physical disk image of it.
That's the term they use in digital forensics...there's physical and then there's logical disk images. Logical disk images are used more for surface analysis and has limitations on what can be done with it and does not appear to need rooting. Physical disk images on the other hand provide full unrestricted access to all files. Well, that's my understanding of it, anyway.
I would like to try using FTK Imager for this purpose (acquiring a disk image) but it's not detecting the device so I'm also hoping that will be sorted out once the phone has been rooted.
Click to expand...
Click to collapse
You're looking for what we call a "nandroid backup", a copy of all data that is stored on the device. Typically, creating a nandroid backup requires either rooting the device then using adb commands to pull a nandroid backup or it requires installing a custom recovery such as TWRP that has an option to create a nandroid backup from within recovery mode.
Your device probably doesn't have a custom recovery/TWRP. Custom recoveries are built specific to the model number that they are to be installed on, there is no such thing as a universal custom recovery that can be used on all android devices. If no developer has chosen to build a version of TWRP for your specific model number then your device can't use TWRP unless you manage to build it for yourself.
These days, most Samsung devices cannot be rooted because they have bootloaders that cannot be unlocked. The only hope of rooting a Samsung device that has a locked bootloader that cannot be unlocked is to find an android app or PC program that has an exploit that your device is vulnerable to. But, these kinds of apps and programs have not been able to root devices since somewhere around the time that android Lollipop or Marshmallow was released, they are no longer able to root today's devices.
You may have to choose another device to experiment with. Preferably one that already has a custom recovery available for that specific model number or has known working root method for that specific model number.
What is your A01's specific model number? That is what will determine wgat is or isn't available for your device and what you can and can't do with it.
Thanks so much for the thorough responses, Droidriven. This has cleared everything up for me. The specific model number of my phone is SM-A015F/DS.
Dune_Rat said:
Thanks so much for the thorough responses, Droidriven. This has cleared everything up for me. The specific model number of my phone is SM-A015F/DS.
Click to expand...
Click to collapse
Apparently, there is a version of TWRP for your model number, but, from what I've been reading, you need to be on android 11 in order to unlock your bootloader then install TWRP. Once you have TWRP installed, you can use it to create a nandroid backup by using the Backup option in TWRP. In your case, you probably want to backup absolutely everything that can be backed up, therefore, when you choose the Backup option in TWRP, on the next screen you'll see a list of partitions to backup, select the partitions you want to backup then initiate the backup by sliding the slider at the bottom. Then you'll have to find the correct tools to extract the data from the backup, it can be tricky because of the type of file that TWRP creates.
unofficial twrp 3.5.2 Root Samsung Galaxy A01 SM-A015F
Download unofficial twrp 3.5.2 Root Samsung Galaxy A01 SM-A015F, user who own Galaxy A01 can root it by following the below Instructions
unofficialtwrp.com
Awesome, this looks promising...I'll take a look at it. Thanks again for all the info, Droidriven, you've been a star.