Basically, I want to force the connected devices to do re-handshake, and sniffer the data encryption process.
Any ideas?
Probably repairing is the easiest way to get the data decrypted. From the parameters in the handshake packets, the encrypted keys can be guessed. Then the original data like the phone conversion can be recovered.
I am just not sure how to do all this. Any papers, articles, or advice would be helpful.
Related
Hey there. Can't find any info about encryption and what it brings, so I'll just fire away a few questions about details for that matter. Not that I'm so obsessed with security, more like just curious about the possibility. And keeping things under protection is nice when dealing with business stuff.
What encryption brings? Only data in encrypted, or apps/system too?
Would someone be able to get something from TF by connecting it to a PC? Or he will fail even using ADB or nvflash?
How secure we're speaking about? Any info on encryption method and key length in bits.
If I forget my password, or any other weird thing happen, could I reset it with nvflash, loading new clean images? Maybe encrypted volumes are handled differently, and it's not so easy...
Clockwork Recovery. Would it work perfectly fine with encrypted tablet?
Custom ROMs (like Prime!). Any possible problems when messing with system files without total wipe?
Performance. How bad it could be affected? I'm not sure Tegra2 has RSA-optimized module built-in (or whatever method it's using).
Unlocking. Will I be prompted to enter password every time I see unlock screen, or only when I reboot?
Any known limitations, like password length (I like to set long passwords, it's more efficient and easier to remember).
Bump - heard that HC 3.2 enabled encryption at last. Anyone tried it and can answer any of my questions?
Never done it myself, but from information I read:
tixed said:
Hey there. Can't find any info about encryption and what it brings, so I'll just fire away a few questions about details for that matter. Not that I'm so obsessed with security, more like just curious about the possibility. And keeping things under protection is nice when dealing with business stuff.
What encryption brings? Only data in encrypted, or apps/system too?
Would someone be able to get something from TF by connecting it to a PC? Or he will fail even using ADB or nvflash?
How secure we're speaking about? Any info on encryption method and key length in bits.
If I forget my password, or any other weird thing happen, could I reset it with nvflash, loading new clean images? Maybe encrypted volumes are handled differently, and it's not so easy...
Clockwork Recovery. Would it work perfectly fine with encrypted tablet?
I guess this should be fine.
Custom ROMs (like Prime!). Any possible problems when messing with system files without total wipe?
Performance. How bad it could be affected? I'm not sure Tegra2 has RSA-optimized module built-in (or whatever method it's using).
I read that this would have lesser performance since it has to be decrypted on fly and also affects battery.
Unlocking. Will I be prompted to enter password every time I see unlock screen, or only when I reboot?
I guess every time when you unlock.
Any known limitations, like password length (I like to set long passwords, it's more efficient and easier to remember).
Click to expand...
Click to collapse
I found THIS little tid bit after a Google search.
I do know that it does NOT encrypt your removable MicroSD card or SD card. The encryption can take a considerable amount of time to encrypt all your data (1 to 3 hrs and has to be powered on and at 100%). It will require a PIN or Password prompt at power on and possibly for other data sensitive action. It will also allow for password mining which is the process by which you are required to reenter a new password after so long. Also once you encrypt the only way back is a factory reset. If you lose your PIN or Password your SOL about getting your sensitive data back.
You might be better off using an app that can encrypt individual files that you choose.
Cheers...
tixed said:
What encryption brings? Only data in encrypted, or apps/system too?
Would someone be able to get something from TF by connecting it to a PC? Or he will fail even using ADB or nvflash?
How secure we're speaking about? Any info on encryption method and key length in bits.
If I forget my password, or any other weird thing happen, could I reset it with nvflash, loading new clean images? Maybe encrypted volumes are handled differently, and it's not so easy...
Clockwork Recovery. Would it work perfectly fine with encrypted tablet?
Custom ROMs (like Prime!). Any possible problems when messing with system files without total wipe?
Performance. How bad it could be affected? I'm not sure Tegra2 has RSA-optimized module built-in (or whatever method it's using).
Unlocking. Will I be prompted to enter password every time I see unlock screen, or only when I reboot?
Any known limitations, like password length (I like to set long passwords, it's more efficient and easier to remember).
Click to expand...
Click to collapse
Had a brief experience with encryption before I wiped back to stock. I would strongly recommend against it unless you wish to stick to a stock system and very much need that type of security. From what I remember of my experience:
The data partition is encrypted (not sure what else, but not MicroSD). When your device boots, a prompt that somewhat resembles a lockscreen pops fairly early on when the OS attempts to mount those partition(s). Thereafter, everything is accessible as usual; you can grab things via ADB. You do not have to constantly enter the password (though you would probably want to lockscreen your device as general good practice). As to what nvflash would get you, I'm not sure, since that would be before the partition mount...probably nothing usable. The problem with having an encrypted partition is that CWM at moment can't really do anything useful to those partitions. You cannot flash, backup, or restore via CWM. This means your ability to work with custom ROMs is effectively crippled. In fact, to undo the encryption (or if you forget your password), I had to nvflash back to stock. Factory reset via CWM cannot be done since, again, the partitions are still encrypted.
If in the future, CWM is able to access the partitions like the stock recovery can, then you'd be fine. Performance was not noticeably slower in anyway.
Thanks for the replies. This feature seems pretty grim at the moment. Well, we can all hope that Google and ASUS will update it properly. At least, they did a lot of good updates recently.
I have thus far been unable to find the information I'm looking for in regards to full disk encryption for Android. When you encrypt the drive, Android uses the same password used for unlocking your phone. There are methods out there to defeat the lock screen. Does this bypass encryption as well?
I assume that if it's really encrypted then getting around the lock screen without the appropriate password/key combination would result in you being unable to access the data. If this is not the case then the question becomes whether or not the data can be considered encrypted while the hard drive remains on the phone.
Anyone have any practical knowledge of this, and of whether the key for turning the phone on is the same as for unlocking the phone? I would appreciate any input toward this discussion. Thank you!
-E
emccalment said:
I have thus far been unable to find the information I'm looking for in regards to full disk encryption for Android. When you encrypt the drive, Android uses the same password used for unlocking your phone. There are methods out there to defeat the lock screen. Does this bypass encryption as well?
I assume that if it's really encrypted then getting around the lock screen without the appropriate password/key combination would result in you being unable to access the data. If this is not the case then the question becomes whether or not the data can be considered encrypted while the hard drive remains on the phone.
Anyone have any practical knowledge of this, and of whether the key for turning the phone on is the same as for unlocking the phone? I would appreciate any input toward this discussion. Thank you!
-E
Click to expand...
Click to collapse
So, to be clear, any encryption can be bypassed. If the password is weak, then there is no issue and can be done in no time, if the password is strong (capital letters, numbers, symbols), then a brute-force attack can take years! Said that, you have to understand that Android devices has weaknesses, like every other device, and out there are also companies that guarantee they can decrypt any android device. Another way to decrypt an Android device is freezing the device at -10c (yes physically and no is not a joke). Researchers has demonstrated that if you freeze the device, and quickly disconnected and reconnected the battery will put the device in a vulnerable loophole. Even if encryption means data altering, and it requires a key to access/restore the data, this behavior probable occurs because the low temperatures causes data to fade from internal chips more slowly. That way is possible to obtain encryption keys and unscramble the phone's encrypted data. So, to reply to your question, yes, someone with enough knowledge can bypass your encryption.
Hey, thank you for your response! I read the article about bypassing encryption by slowing the rate of RAM fade and using FROST. I have a few minor follow on questions about that, however I'm not terribly concerned with tracking that down. I'm doing some research for a project, and I've just run out of time basically, so I can't try everything.
So, I know that it can be bypassed. I also know that you can run a kernel called Armored that supposedly keeps the keys for your encryption on the CPU instead of RAM, which supposedly shuts down cold boot attacks. I think that's a bit extreme for everyday situations, but it's there. I'm more curious about the authentication mechanism for the encryption I guess. It's ran through AES128, then salted with SHA, if I remember what I read. So without encryption, if you bypass the password, you're in. I'm curious, if you were to be able to bypass the encryption password (without actually getting it right). Would the system let you in, but leave everything encrypted and unreadable since you didn't provide the appropriate credentials?
-E
emccalment said:
Hey, thank you for your response! I read the article about bypassing encryption by slowing the rate of RAM fade and using FROST. I have a few minor follow on questions about that, however I'm not terribly concerned with tracking that down. I'm doing some research for a project, and I've just run out of time basically, so I can't try everything.
So, I know that it can be bypassed. I also know that you can run a kernel called Armored that supposedly keeps the keys for your encryption on the CPU instead of RAM, which supposedly shuts down cold boot attacks. I think that's a bit extreme for everyday situations, but it's there. I'm more curious about the authentication mechanism for the encryption I guess. It's ran through AES128, then salted with SHA, if I remember what I read. So without encryption, if you bypass the password, you're in. I'm curious, if you were to be able to bypass the encryption password (without actually getting it right). Would the system let you in, but leave everything encrypted and unreadable since you didn't provide the appropriate credentials?
-E
Click to expand...
Click to collapse
Encryption is carried out at boot time. After the device has booted, a lockscreen bypass will yield full access to the device's data. Encryption only protects your data when the phone isn't turned on, effectively. Or if you know the adversary won't be able to bypass the lockscreen, and would end up rebooting it without knowing it was encrypted.
pulser_g2 said:
Encryption is carried out at boot time. After the device has booted, a lockscreen bypass will yield full access to the device's data. Encryption only protects your data when the phone isn't turned on, effectively. Or if you know the adversary won't be able to bypass the lockscreen, and would end up rebooting it without knowing it was encrypted.
Click to expand...
Click to collapse
@pulser_g2 +++
Or if you have a tracking software that allows you to shut down your phone remotely... But in that case you may as well wipe your phone remotely.
I purchased two VS995's last year for myself and my wife from Verizon, and up until recently it worked great. Last month, I entered a boot loop that wouldn't stop and took it to a repair shop.
While looking into fixes that might work before contacting a shop, I remember reading that the V20 was encrypted by default as well as that by requiring a user to input a PIN during boot your device also was encrypted.
I assumed this would hinder recovery efforts and that I was throwing money away by taking it to a repair shop, but was assured that it wouldn't matter during a chip off recovery, since no data is stored encrypted.
I am familiar with data recovery from broken hard drives and partitions on both Linux and Windows, but I'm not sure about how the process works with encrypted file systems and chip off methods on Android devices.
If anyone could offer any information on if the above is correct regarding the encrypted file system and it not being a problem, or how to deal with it if it is, I would really appreciate it.
My thought process was to get an image of the file system and load it into either something like BlueStacks as the local file system to extract data off that wasn't backed up to the cloud (Quickmemos, current browser session on Chrome, the list goes on and on), or mount it using linux like any other partition.
I'm not sure if I can go in and ask the repair shop to specifically make a binary image of the chip so that I can recover the data myself or not and provide them with a flash drive, but I figure it's worth a shot. I used my phone in place of a computer, and had pictures of my family's social security information that my work had requested as well as internal documents I had to learn as a manager when I was promoted. I figured they were protected by the boot up password until I could back them up, and the phone died a few days before my scheduled backup. Anyone who repair phones for a living have any thoughts on how to request specific things from a phone repair place or how you want your data handled?
I appreciate all the help, and apologize for the long winded post. I wanted to try to cover everything in one shot I also forgot to mention that the phone is 100% stock. Thanks in advance!
userdata (all your actual data) certainly is encrypted by default (though rooting usually disables the encryption), requiring a pin at boot or not is just changing how the real encryption key is stored ( encryption key of the encryption key). AOSP article goes into some more detail.
No idea how shops handle it, I've just done a bit of research on it before.
Hi all,
Some expert advice please. My technophobe wife’s S7 Edge has suddenly decided to ignore her PIN, which has never been changed.
Phone isn’t registered with Samsung.
Google Device Manager no longer provides the remote unlock feature (swines!)
Against my better judgement, I tried Wondershare’s Drfone tool, but it doesn’t support the S7 so the only option it provides is “wipe device to remove PIN”. (Very bloody useful).
I’ve installed ADB Tools on my PC, but can’t do anything serious without USB debug enabled on the phone. It isn’t.
I’d hoped to be able to enable that through recovery mode. No go.
Obviously the phone is on stock firmware so there are no fancy tools installed.
Is there ANYTHING else I can try to bypass the amnesiac Lock Screen, or at least get onto the damn thing remotely to recover 4+ years of notes, contacts, etc?
TIA.
Password/hardware failures happen; been locked out of bios when it failed. Had no password been set there been no problem.
Rule #1 avoid password lockouts as you are the most likely one to get locked out!
Rule #2 or maybe #1, always have at least 2 hdd backups that are location/electronically isolated.
An earth grounded conductive box (Farraday cage) is preferable to protect from near close lightning strikes*, strong magnetic fields and EMPs
If no backup exist you may have just learned two things I and many others have learned the hard way. Yes, well...
Try a hard reboot (not reset!)
Try clearing the system cache, doubt either will get it but worth a shot.
If ADB is enabled on the device more options maybe available.
A data recovery expert may be able to recover the data.
Hopefully you can recover it but better protect your ass...ets in the future.
Start today with all your devices.
*they happen randomly and can completely wipe and/or destroy a unshielded drive, even many yards away.
Hi all,
I'm looking to find a "kill switch" for android phones. I know android already erases data when the wrong password is entered either within android or on boot in some cases. But there is ways of recovering that.
I need to have data completely unrecoverable if a phone is lost or stolen due to business and client data. (Gdpr and all that)
does anyone know or have a solution? Even if the device itself is not usable ever again.
If you override the data in question with zeroes or random numbers then these data are really unrecoverable, IMHO.
jwoegerbauer said:
If you override the data in question with zeroes or random numbers then these data are really unrecoverable, IMHO.
Click to expand...
Click to collapse
I mean the entire phone data
With regards to a mobile my understanding of "data" is that this term is used for account info, settings, saved activity data, game scores, and whatever is need to be kept permanently.