Chip Off recovery not possible due to encryption? - LG V20 Guides, News, & Discussion

I purchased two VS995's last year for myself and my wife from Verizon, and up until recently it worked great. Last month, I entered a boot loop that wouldn't stop and took it to a repair shop.
While looking into fixes that might work before contacting a shop, I remember reading that the V20 was encrypted by default as well as that by requiring a user to input a PIN during boot your device also was encrypted.
I assumed this would hinder recovery efforts and that I was throwing money away by taking it to a repair shop, but was assured that it wouldn't matter during a chip off recovery, since no data is stored encrypted.
I am familiar with data recovery from broken hard drives and partitions on both Linux and Windows, but I'm not sure about how the process works with encrypted file systems and chip off methods on Android devices.
If anyone could offer any information on if the above is correct regarding the encrypted file system and it not being a problem, or how to deal with it if it is, I would really appreciate it.
My thought process was to get an image of the file system and load it into either something like BlueStacks as the local file system to extract data off that wasn't backed up to the cloud (Quickmemos, current browser session on Chrome, the list goes on and on), or mount it using linux like any other partition.
I'm not sure if I can go in and ask the repair shop to specifically make a binary image of the chip so that I can recover the data myself or not and provide them with a flash drive, but I figure it's worth a shot. I used my phone in place of a computer, and had pictures of my family's social security information that my work had requested as well as internal documents I had to learn as a manager when I was promoted. I figured they were protected by the boot up password until I could back them up, and the phone died a few days before my scheduled backup. Anyone who repair phones for a living have any thoughts on how to request specific things from a phone repair place or how you want your data handled?
I appreciate all the help, and apologize for the long winded post. I wanted to try to cover everything in one shot I also forgot to mention that the phone is 100% stock. Thanks in advance!

userdata (all your actual data) certainly is encrypted by default (though rooting usually disables the encryption), requiring a pin at boot or not is just changing how the real encryption key is stored ( encryption key of the encryption key). AOSP article goes into some more detail.
No idea how shops handle it, I've just done a bit of research on it before.

Related

Password Protect ADB?

Has anyone thought about implementing password protection to the G1's adb interface? If someone finds (steals) your phone, it' seems like they can get easy access to your data using adb if it is enabled? Instead of forcing the default to adb-debug disabled, it seems like requiring a password would be more useful?
I realize that this might be risky since it might prevent recovery when the password is forgotten, but at that point, there is still the "wipe all my data" unlock method right?
Without this, I find it hard to trust any sensitive data to my phone (since I do not want to toggle adb on/off constantly).
I agree with you any one who find our g1 or steal it, can find easy in the internet how to use adb, or they can even find out how you can do a wipe if you turn the phone off and start the phone using Home+Power button. And they will be good to go to use the G1. I hope someone can add a password protection to this 2 options.
I guess it might be nice to add a password option to the "wipe" option, but that seems like it would sorta defeat the purpose then, wouldn't it?
I am more concerned about my data than the device itself. If someone steals my phone and they can't use it, it doesn't really help me. But, if I can at least prevent them from reading my data... I envision using my phone as a secure token to access various logins at some point (anyone want to code that up? . So, I just want to ensure that they cannot get any keys/passwords on it.
The other problem with preventing someone from wiping it is, "what do you do if you forget your own password"? I would prefer to let the thief use the phone (without my data) than to potentially brick the phone for myself. Lastly, locking it permanently off to thieves would not be a deterrent to theft unless every phone did it since they would not know about it until they stole your phone!
I am surprised that the "serious" hackers have not implemented adb protection yet, have they?
Yea its kinda a good and bad thing tho. Look at it like this .
You put the password on your phone to stop people from doing anything to it, then you forgot your password, how do you get back in? You cant. Unless you have a way around that which if you have a way around that the thief would to.
The only thing i would like is to be able to protect files so if you lost your phone someone wouldn't be able to get into it without wiping the phone.
xile6 said:
Yea its kinda a good and bad thing tho. Look at it like this .
You put the password on your phone to stop people from doing anything to it, then you forgot your password, how do you get back in? You cant. Unless you have a way around that which if you have a way around that the thief would to.
The only thing i would like is to be able to protect files so if you lost your phone someone wouldn't be able to get into it without wiping the phone.
Click to expand...
Click to collapse
I agree with you and at the same time don't (right now I don't put personal files in my sd for that very reason if I lost the phone anyone can see what I have on the sd) regarding to the password I guess that it will be up to the people if you know that you forget passwords just don't use it I personally use 2 password 1 for forum 6 letter something simple and easy to remember, and one for (very important stuffs) 12 characteres letters and numbers. Plus I thing that everyone in that will be using this are people to frequent this forum wich I don't think they tend to forget passwords.
In order to gain access to program data (not applicable to sdcard), you still need to be either root, or to possess the userid of the particular program whose data you're trying to gain access to. Use of one of those secure-root password prompt programs will give you the ability to limit root access since the 'su' command will fail without the password being entered in the GUI.
This is not absolute though, since you can still boot on a recovery image, backup, and extract. Without actually encrypting the storage, there is no way to absolutely protect your data, and with a mobile device, the encryption/decryption overhead will take up too much CPU time to be practical. It could, however, be implemented on a program-by-program basis or on a data-but-not-program basis, i.e. encrypt /data/data, or /data/data-enc might be a better idea - leave data for user-programs encrypted, but system-services unencrypted, and mount the encrypted partition on screen unlock (i.e. password unlock). LUKS would be great for this. Allowing optional encryption for SD-card and allowing multiple SD-card partitions to be mounted (i.e. one encrypted, one not) would be ideal.
Well, perhaps the bootloader should get a password also? Would having both an adp and a bootloader passwords secure things completely?
Of course not. Bootloader passwords are virtually useless. All they do is stop you from booting, they do nothing at all to protect your data except from a real amateur, the likes of whom wouldn't be able to get your data off the thing even WITH root access.
As long as there is unencrypted data stored on the device, it definitely can be read off.
Could you please explain why you believe that a bootloader password would not work?
In other words, if a user is locked out from performing commands via the screen without the appropriate gesture, locked out from using adb without a password, and they cannot boot into the recovery image (or access NVRAM with fastboot) without a password, how can they access data on the internal NVRAM? I am not saying they can't (I don't know), I am asking what method you think they could use? Can the NVRAM be easily removed and plugged into another device and read? Are there other boot methods that I am not aware of (likely, I am fairly new to this) that would allow them to access the data? Or, are you just assuming that there is a method that an intelligent cracker could use?
1) you can use fastboot to boot off a recovery image file that is NOT ON THE PHONE,
2) you can connect directly to the chip and read its contents.
etc.
Keep in mind the way that bootloader passwords work; the password is NOT embedded in the bootloader - that would be stupid since you risk bricking the device every time you change the password. A password protected bootloader will access some configuration file that will have the details of the password. Fastboot would (and must) come before this stage.
It seems like you are pretty much just repeating/rewording the weaknesses already pointed out? I am not trying to be rude, if you do have some extra info, or there is something subtle that I am missing, please accept my apologies.
Specifically:
#1 should be assumed to be prevented by the bootloader password, no? Is there any reason you think this would not be effective?
As for #2, I was already asking if the NVRAM could easily be removed from the HTC? Do you have any useful info on this, on what it would take to do it? I assume this would require surface mount de-soldering?
My personal threat model would assume that my data is less valuable to a thief than my phone is. While I would prefer my data to not be easily acquired by a thief, I have nothing so secret that I would expect a thief to specifically steal my phone for it. Therefor, I assume that a thief has no incentive to destroy my phone (which he is in possession of and can use) just to get at my data. Of course, if there is an easy method to get my data (there currently are easy software methods), I would expect a thief to do so. I am hoping to close those easy software methods. If there are easy hardware methods, such as unplugging a chip or sdcard and simply inserting it into another phone, well, then perhaps the software holes are not worth plugging. But, any hardware hacks involving soldering (especially surface mount soldering) the phone are beyond my desire to foil.
Again, that is my personal objective, I understand if you do not share it. Can you think of any additional info that might be valuable with this in mind?
Thanks!
MartinFick said:
#1 should be assumed to be prevented by the bootloader password, no? Is there any reason you think this would not be effective?
Click to expand...
Click to collapse
No, bootloader password won't help you here, and I already explained why.
As for #2, I was already asking if the NVRAM could easily be removed from the HTC? Do you have any useful info on this, on what it would take to do it? I assume this would require surface mount de-soldering?
Click to expand...
Click to collapse
Sure, thats one way. The other way is by whatever mechanism HTC uses to initially write the bootloader to the device. I haven't looked, but there is probably a jtag port or something similar on it somewhere.
My personal threat model would assume that my data is less valuable to a thief than my phone is. While I would prefer my data to not be easily acquired by a thief, I have nothing so secret that I would expect a thief to specifically steal my phone for it. Therefor, I assume that a thief has no incentive to destroy my phone (which he is in possession of and can use) just to get at my data. Of course, if there is an easy method to get my data (there currently are easy software methods), I would expect a thief to do so. I am hoping to close those easy software methods. If there are easy hardware methods, such as unplugging a chip or sdcard and simply inserting it into another phone, well, then perhaps the software holes are not worth plugging. But, any hardware hacks involving soldering (especially surface mount soldering) the phone are beyond my desire to foil.
Again, that is my personal objective, I understand if you do not share it. Can you think of any additional info that might be valuable with this in mind?
Click to expand...
Click to collapse
Unfortunately, even if it were possible, securing it against that possibility isn't going to help you since the thief doesn't know that its worthless to him. He'll steal it anyways, and then garbage it when it turns out to be useless to him.
No, bootloader password won't help you here, and I already explained why.
Click to expand...
Click to collapse
Uh, no you didn't. You rambled on about the password being in some config file and therefore assumed that it would not be possible or desirable to actually implement a proper bootloader password. I do not accept this criticism, people reflash their bootloaders all the time and it is up to them to determine the level of "brick risk" they want. Perhaps you don't like it, that doesn't make things impossible.
As for putting the password in a config file somewhere, it is not the only solution, one could easily create a separate tiny partition just for the password if you did not want to put FS reading code into the bootloader. (That was your point, right? That the bootloader is simple and cannot read a filesystem?) Surely the bootloader knows how to read partitions, or how would it be able to boot the kernel? With this you could reduce most "brick risk" by providing a "boot from external kernel for recovery after wiping the partitions" option.
And, finally, perhaps there is some other minimal byte storage on the HTC Dream where a password could be easily stored? Something analogous to the CMOS of a PC, something the bootloader could easily read/write to change the password?
Sure, thats one way. The other way is by whatever mechanism HTC uses to initially write the bootloader to the device. I haven't looked, but there is probably a jtag port or something similar on it somewhere.
Click to expand...
Click to collapse
Valid concern, easy for someone with the right tools, and some very specialized expertise perhaps. I would be plenty happy to foil all thiefs who do not own such tools or have such knowledge, I believe those are the ones likely to steal my phone.
Unfortunately, even if it were possible, securing it against that possibility isn't going to help you since the thief doesn't know that its worthless to him. He'll steal it anyways, and then garbage it when it turns out to be useless to him.
Click to expand...
Click to collapse
Why is not going to help me? If he can't get my data (easily without desoldering), it helps me. I agree and already pointed out that it would not be a deterrent. Nowhere in my objective did deterrence come up.
You make some good points, points that are worthy of serious consideration for anyone attempting to implement this, but I would say that your points hardly make it impossible, in fact, they illustrate very well what a designer would need to consider! Thanks!
I never said that *anything* was impossible. I simply pointed out that IF the password was compiled into the bootloader, then THAT would be extremely dangerous since rather than trying out a tried and true bootloader, every change of password would be a serious brick-risk.
Regarding partition vs file, there is no difference. A partition *IS* a file in a very simple filesystem -- that which we refer to as a "partition table". As such, the risk is identical. I certainly did not suggest that a bootloader is incapable of reading a filesystem, the reverse is in fact, and MUST be true, since if the bootloader couldn't read the filesystem, then how is it to load something that is stored on said filesystem? The point is that if the filesystem were in some manner corrupted, overwritten, updated, etc., then so is your ability to boot the system PERMANENTLY, unless you maintain fastboot prior to the password, in which case it is trivial to boot off a different system image anyways, or unless you go to hardware level to unbrick the device, the same approach, of course, could be used by someone else to gain access.
Oh, and when you say "My personal threat model would assume that my data is less valuable to a thief than my phone is.", that suggests that your priorities are hardware first and then data.
I still say that the most feasible approach to this is selective encryption. Keep the important data from being accessed and not worry about the hardware, since there is no technical way to make it undesirable to a thief except, of course, to make it real ugly. Pack the thing into an old-style Palm case. Take a look into LUKS. It could *definitely* be made to work and is probably easier than you think. What you would have to do is first install support for it at the system level (that might require that you rebuild the kernel), encrypt a partition on the SDCARD with it, and link password, mount, and unmount into the lock screen. Once thats done, you just move and symlink important data onto the encrypted partition. For that matter, you don't even need to automate it with the lock screen, you can just write an app to password, mount, and unmount, or even run it from the terminal. Yes, this is just a linux device. This approach is barely more than trivial.
I never said that *anything* was impossible.
Click to expand...
Click to collapse
Sorry, the sentence below sounded like you were implying that it is was impossible.
No, bootloader password won't help you here, and I already explained why.
Click to expand...
Click to collapse
Oh, and when you say "My personal threat model would assume that my data is less valuable to a thief than my phone is.", that suggests that your priorities are hardware first and then data.
Click to expand...
Click to collapse
No, it suggests that those are the priorties of the thief. I don't believe a thief would steal my phone for its data. I accept that it can be stolen easily or that I might simply leave it on a table in a restaurant or something. At that point I would simply prefer that no one be able to easily snoop my personal affairs. Currently it is VERY easy. I had adb access to my phone before even using the screen, (I needed to register via wifi), it really is simple, it takes little expertise.
Regarding partition vs file, there is no difference. A partition *IS* a file in a very simple filesystem -- that which we refer to as a "partition table". As such, the risk is identical. I certainly did not suggest that a bootloader is incapable of reading a filesystem, the reverse is in fact, and MUST be true, since if the bootloader couldn't read the filesystem, then how is it to load something that is stored on said filesystem?
Click to expand...
Click to collapse
Call it what you will, I was giving you the benefit of the doubt.
Many bootloaders do not understand the filesystem they load from, they simply get a pre-created list of the disk blocks to load a kernel from and then load them and execute them.
The point is that if the filesystem were in some manner corrupted, overwritten, updated, etc., then so is your ability to boot the system PERMANENTLY, unless you maintain fastboot prior to the password, in which case it is trivial to boot off a different system image anyways, or unless you go to hardware level to unbrick the device, the same approach, of course, could be used by someone else to gain access.
Click to expand...
Click to collapse
For someone who seems to understand things well, you seem to willingly miss important points already mentioned:
With this you could reduce most "brick risk" by providing a "boot from external kernel for recovery after wiping the partitions" option.
Click to expand...
Click to collapse
You encryption points are well taken, they probably would be simple to implement, however they would likely have a significant performance impact.
MartinFick said:
You encryption points are well taken, they probably would be simple to implement, however they would likely have a significant performance impact.
Click to expand...
Click to collapse
Only if you're encrypting everything (i.e. programs). There is no reason to encrypt everything -- just encrypt the data you want to protect. There is no reason to bother encrypting apps that you install or the operating system since this is all available elsewhere. If you have private documents, emails, etc., keep those encrypted. The performance impact will be negligible since these files will be fairly small.

[Q] Broke the glass on my screen, now I have to give my phone to a technician...

Don't worry, it's a security question alright.
I live in Eastern Europe, which is on the far side of the Samsung support network and I have samsung galaxy s3 phone (GT-9300 i guess). My repair options look a little bit bleak. I must either ship it back to France, from where it is bought, or I must seek help of non-licensed technicians. Thank God, there are quite a lot around here and for problems like this they do wonders.
I am worried though that the technicians may try to meddle with the software of my phone and do something nasty with it while the phone is in their possession. I use the phone quite a lot to access various servers trough ssh and the servers contain semi-sensitive information about customers, phones, the equivalents of social security numbers in my country and etc. Of course I will delete my present information, but how about the future. If someone has hacked versions of the firmware, it will be a child game to get the passwords for my servers.
So I need to secure the software of my phone somehow and I'm not sure of my options, so I'm asking for advice which is better. I have experience with Linux, but about Android I'm a quite noob. I had my Amazon FireHD Tablet rooted and installed with CyanogenMOD, so I know a little bit about ROM images. The phone itself is unrooted with original software and is not locked to a carrier.
Should I:
1. Try to back up my entire ROM image?
There are various questions here. It looks that I cannot download standalone original ROM image directly from Samsung so I must back up mine. But in the bootloader (which opens with volume up/down + home + power) it seems that there are no options for backing up rom image, only for restoring trough ADB of SD card. Should I try to root, install alternative bootloader and then back up everything.
There is one very important sub-question here: Will the phone signal me somehow If someone replaces the original bootloader with say, non-signed one? What If someone changes the bootloader as well as the system image?
2. Should I try to ecrypt my phone.
I cannot get easily information about what exactly is encrypted. Pretty sure that the bootloader itself cannot be encrypted anyway. How about the system image. Is it encrypted ?
I'll be thanful for any help about these two ideas as well as any others?
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
84598432951
fadedout said:
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
Click to expand...
Click to collapse
Thank You for the informative answer!
I had to do this once and what I did was:
- Root phone (which I always wanted to do)
- Perform a full backup to SD card
- Remove SD card and perform a factory reset of the phone
Then off to repairs.
Once back, I did again a factory reset (just in case) and then restore the lot
Seems a lot to do, but I have some sensitive data on it and didn't want to risk it too much. Besides during the restore I took the opportunity to upgrade to 4.3 (at the time)
glass
why dnt you buy a chinese glass and change it yourself its so easy and cheap, around 10 euros or so? i did the same for my old phone

Afraid Repair Shop may have stolen my data

Hi friends,
Today I did a most unwise thing: I left my smartphone in a repair shop without wiping all my personal data off of it. Now I'm afraid I may have fallen victim of stolen personal data.
I know this was plain dumb. I now ask myself what sort of trace that may have left behind. Log files? Perhaps Android somehow has recorded all access there has been to my files? I'm guessing the phone was connected by USB to a PC. Even if there is no such thing - or in the event that the phone was subjected to the creation of a some sort image file containing all its contents - maybe I can even rely upon some forensic tools in order to find out what interaction there has been with my phone during the hours I left it at the shop?
Phone: Vodafone Smart Prime 6 (VF-895N).
Android 5.0.2 Lollipop
Many thanks for any tries on alleviating my pain.
zeph7r said:
Hi friends,
Today I did a most unwise thing: I left my smartphone in a repair shop without wiping all my personal data off of it. Now I'm afraid I may have fallen victim of stolen personal data.
I know this was plain dumb. I now ask myself what sort of trace that may have left behind. Log files? Perhaps Android somehow has recorded all access there has been to my files? I'm guessing the phone was connected by USB to a PC. Even if there is no such thing - or in the event that the phone was subjected to the creation of a some sort image file containing all its contents - maybe I can even rely upon some forensic tools in order to find out what interaction there has been with my phone during the hours I left it at the shop?
Phone: Vodafone Smart Prime 6 (VF-895N).
Android 5.0.2 Lollipop
Many thanks for any tries on alleviating my pain.
Click to expand...
Click to collapse
Well, you can try reading some logs with CatLog app. There isn't much else to know except don't forget to wipe /data!

Regarding security & bootloader...

There are many sites selling Mix 3's some Chinese, some Global, some with locked bootloaders, and some with unlocked bootloaders, this thread is to help people "protect" the devices they have bought (or will buy).
It's through my understanding that the most "secure" way of protecting your phone & data from thief's is to have your bootloader locked, with no custom recovery, encryption on & usb debugging disabled right?
This is because with a unlocked bootloader, the thief has the ability to boot into TWRP (for example) & simply wipe your pin/password/lock off the phone completely, then just boot it up, factory reset it & sell it.
I know there is methods such as putting the phone in cold temperatures so you can retrieve the encryption keys from the RAM, but assuming the thief is just basic & what's to make some quick money off your phone...So...
What's the best way & most recommended thing to do with Xiaomi devices specifically, locked/unlocked, encrypted/not-encrypted, does it matter?, If not, why not?
Any help is appreciated! The more in-depth the better.
Even with a locked bootloader a thief can hold VolUp while booting, wipe phone and sell it. Wiping is possible in any case and thats not even the issue a stolen Phone is gone.
The issue are your data which can be stolen too when you have a unlocked bootloader. Simply boot to twrp connect usb and copy everything. But you can prevent that with encryption and enable "requires pattern to start". That way if your phone gets stolen the thief can still Install/use Twrp but he needs to enter a pattern to decrypt the storage. If he doesnt, twrp wont be able to read the partition and your data is safe. He can still wipe the Phone and sell it but you cant prevent that. I don't know if the pattern generates the encryption keys or retrieves them from somewhere but i'd assume it generates them, probably together with some device specific values, else that would be a flaw in my book. If someone could enlighten me here that'd be nice.
If your bootloader is locked he also can't access your data. Since stock recovers doesn't allow/support Usb-filetransfer. So a lockpattern is all you need there. Encryption shouldnt really matter against the normal thief.
I am going this way: Unlocked bootloader to get rid of Miui, Twrp to have a proper recovery menu, and encryption+pattern to save my data. Disable USB-Developer Options to prevent adb shenanigans.
But on the hand if you wan't to get really panariod a locked bootloader would be better since you still can read the system image from the phone from twrp, this means, and this is a easy way to do it, you could read it copy it to the pc and simply brutefroce the lockpattern. If you have the partitions you can simply try 3 patterns either it works or the phone locks itself up because you did 3 wrong. If it locks up you simply write the partitions back and try again. If you can do 3 in 30 seconds you are done in 45 days since there are only 390.000 different patterns on a 3x3 grid (which is what most people use since some Roms don't even allow for 4x4 or 5x5) but if you emulate it and can do 3 in 15 seconds you are down to 23 days. If you run it in 20 emulators you are done in 1 day. (That would be an awesome weekend project.) In emulation you could really optimize this since you can cut everything out what isn't needed for the attempt to encrypt the partition. you dont even need the screen to load, simply send the decryption module whatever the last module in the Numbers-from-touches-chain would have sent, everything that is loaded before the attempt to decrypt must be unencrypted therefore can be messed with, probably it's even universal across phones since that's a stock android thing. If it tries to write used attempts, save whatever what gets overwritten beforehand, let it write its thing, kill the process, revert changes and try again with the next set. Maybe you get it down to 3s or 4s for 3 attempts and boom you are at 6 hours to encrypt any android phone, no matter which version, with an unlocked bootloader which uses a 3x3 pattern. But your data would be really valueable to someone if they did this. You can't do that with a locked bootloader since you can't read the partitions or you could just use the 5x5 pattern, which you cant do on MIUI (i just tried and havent found where you could change it). But probably i have a giant oversight in there so this probably woudn't work
________________________________________________
On the other hand if you want to recover your phone you should make it as easy as possible to get the thief into your phone since you dont want them to run it off and wipe it. I DONT RECOMMEND THIS. But you could make a 2nd user who has no lock pattern on it. Concider your Data public at this point but while they are busy looking at your selfies you could use a app like prey to track the phone. But since Data are more important than a phone i'd never do or recommend that.
Or you could just buy a tin foil hat.
~phoeny~ said:
Even with a locked bootloader a thief can hold VolUp while booting, wipe phone and sell it. Wiping is possible in any case and thats not even the issue a stolen Phone is gone.
The issue are your data which can be stolen too when you have a unlocked bootloader. Simply boot to twrp connect usb and copy everything. But you can prevent that with encryption and enable "requires pattern to start". That way if your phone gets stolen the thief can still Install/use Twrp but he needs to enter a pattern to decrypt the storage. If he doesnt, twrp wont be able to read the partition and your data is safe. He can still wipe the Phone and sell it but you cant prevent that. I don't know if the pattern generates the encryption keys or retrieves them from somewhere but i'd assume it generates them, probably together with some device specific values, else that would be a flaw in my book. If someone could enlighten me here that'd be nice.
If your bootloader is locked he also can't access your data. Since stock recovers doesn't allow/support Usb-filetransfer. So a lockpattern is all you need there. Encryption shouldnt really matter against the normal thief.
I am going this way: Unlocked bootloader to get rid of Miui, Twrp to have a proper recovery menu, and encryption+pattern to save my data. Disable USB-Developer Options to prevent adb shenanigans.
But on the hand if you wan't to get really panariod a locked bootloader would be better since you still can read the system image from the phone from twrp, this means, and this is a easy way to do it, you could read it copy it to the pc and simply brutefroce the lockpattern. If you have the partitions you can simply try 3 patterns either it works or the phone locks itself up because you did 3 wrong. If it locks up you simply write the partitions back and try again. If you can do 3 in 30 seconds you are done in 45 days since there are only 390.000 different patterns on a 3x3 grid (which is what most people use since some Roms don't even allow for 4x4 or 5x5) but if you emulate it and can do 3 in 15 seconds you are down to 23 days. If you run it in 20 emulators you are done in 1 day. (That would be an awesome weekend project.) In emulation you could really optimize this since you can cut everything out what isn't needed for the attempt to encrypt the partition. you dont even need the screen to load, simply send the decryption module whatever the last module in the Numbers-from-touches-chain would have sent, everything that is loaded before the attempt to decrypt must be unencrypted therefore can be messed with, probably it's even universal across phones since that's a stock android thing. If it tries to write used attempts, save whatever what gets overwritten beforehand, let it write its thing, kill the process, revert changes and try again with the next set. Maybe you get it down to 3s or 4s for 3 attempts and boom you are at 6 hours to encrypt any android phone, no matter which version, with an unlocked bootloader which uses a 3x3 pattern. But your data would be really valueable to someone if they did this. You can't do that with a locked bootloader since you can't read the partitions or you could just use the 5x5 pattern, which you cant do on MIUI (i just tried and havent found where you could change it). But probably i have a giant oversight in there so this probably woudn't work
________________________________________________
On the other hand if you want to recover your phone you should make it as easy as possible to get the thief into your phone since you dont want them to run it off and wipe it. I DONT RECOMMEND THIS. But you could make a 2nd user who has no lock pattern on it. Concider your Data public at this point but while they are busy looking at your selfies you could use a app like prey to track the phone. But since Data are more important than a phone i'd never do or recommend that.
Click to expand...
Click to collapse
Really appreciate the time you took to type out this post, thankyou.

Possibility of recovering data from Android phone that fell into sea water?

Background:
A person I know, dropped his phone (Android Oreo or above) into the water while at a beach. He tried keeping the phone in a bag of rice etc., but he can't get it to work. It won't even start. Samsung support said he'd need to replace the motherboard. He does not want the phone working again, but he wants the vacation photos from the phone. In Bangalore, there are some data recovery services that say they can recover the data for him (one of them mentioned some Spider technology).
Primary question:
Is the data recovery team's claim that they can recover the photos, actually legitimate? Can the photos be recovered from the phone in such a situation? How would they do it? Since the data on the phone would be encrypted (a password was needed to unlock the phone), would the data recovery team use a motherboard from a similar phone, connect it to the data storage and ask him to type his password to be able to access the data? If instead they removed the NAND storage and connected it to another board, wouldn't it be impossible to access the data without typing the phone's unlock password to decrypt it?
Concerns:
They might be bluffing, and this could just be a way to get paid for the "effort" that they put in to try recovering the data even if they can't eventually do it.
The data recovery team could clone the data and use brute-force techniques to gain access to any other data.
They could misuse any payment information stored on the phone.
They may view WhatsApp chats or other WhatsApp data stored (he says his WhatsApp is protected by fingerprint recognition).
if privacy is the main concern here, do it through samsung, through the official means. whats more important, the price of a motherboard or their privacy ?

Categories

Resources