Android FDE crypto footer behavior/KeyMaster on Android 8 - Security Discussion

On a Qualcomm device (OnePlus 3T) running Android vers. 8, (rooted and stock more or less with TWRP), my question is this.
Is the cryptofooter always able to decrypt the device even after being destroyed and recreated (with the same PIN/password), or is there something special/distinctive that happens when the device is encrypted initially (like a random seed is used to encrypt) that is lost after the cryptofooter is destroyed, like the HMAC?
Explicitly, if I were to do the following:
1) set up the phone like new on Android v8.0.0, copy in a file onto the internal storage and then encrypt it with a pin
2) destroy/write over the cryptofooter (like installling a ZIP that overrides it) such that it could no longer be decrypted by TWRP or when booting into OS
3) back up the entire encrypted image of the phone in recovery via an ADB command (adb pull /dev/block/dm-0 file.img) to a PC
4) wipe all partitions on the phone and perform step 1) again with the same pin (generating a new cryptofooter)
5) go into ADB via TWRP, decrypt and mount the device storage/fs and pull the cryptofooter file structure/keys via adb
6) run adb push file.img /dev/block/dm-0 from TWRP to put the encrypted filesystem back
7) restore the cryptofooter from step 5 (via adb push)
8) unlock/mount the device internal storage utilizing the regenerated cryptofooter
would step 8 be possible?

Related

[SOLVED] Decryption Unsuccessful and a currently bricked M8

I previously ran LolliGPE but was long overdue for an update. I downloaded the latest version and copied the image to my phone and flashed the ROM. I decided to go try a dirty install first to see if I could keep everything I had, since I had already been running a previous version and after reviewing the changelog did not see anything recommending to wipe clean. After installing successfully, Android asked me to enter my password to decrypt my data (I don't recall ever encrypting my data?), and so I did. It then told me that my password was right, but the data was corrupt, and presented me a button to reset my phone. The button redirected me to recovery and automatically attempted to wipe /data and then re-mount it, but the wipe failed. I rebooted again with the same issue, same failed attempt to wipe. I went to install the zip again, and this time do a full wipe, but it was unable to mount my phone's storage nor my SD card. I am not able to mount either at all now.
What's the best course of action? I'd like to retain as much as I can and avoid wiping all of the internal storage clean. Is there a simpler fix to this or am I doomed?
HBOOT: 3.19.0.0000
RADIO: 1.09.20.0926
OS: 3.28.605.4
EDIT: For anyone else having a problem like this that at least wants to get their data back, here's what you should do (I assume you know how to work with Linux!):
Make sure you have the latest version of TWRP and ADB.
Boot the phone into recovery mode and connect the phone to your computer via USB
Run "ls -al /dev/block/platform/msm_sdcc.1/by-name" and check the output. Make a note of the partition marked "userdata" - for me, it was /dev/block/mmcblk0p48.
Either: simply use adb pull to copy this file to your computer (this will require about 26 gigs of space), or attempt to mount the file. To use adb pull, execute "adb pull /dev/block/<ID> ./data" (ID being what you marked down). Your data partition will be copied to /data. To mount, use "mount -t ext4 /dev/block/<ID> /userdata". Whatever's left of your data will be on your phone's new /userdata folder.
Use ADB to pull what files you want from /userdata. If you pulled the partition, skip this step.
If you copied the files you wanted over, you're done. If you pulled the entire partition, you're going to want to try and mount it. On Windows, there are various tools to mount Linux partitions, a quick Google will find some good ones. However, if the data is corrupt, it will not work. I recommend attempting to repair the partition on linux, with the command "e2fsck -f -y /path/to/data", replacing the path to your data file as necessary. Once done, run "mount -t ext4 /path/to/data /mnt/data", replacing the paths as necessary.
Once mounted, you can access your data wherever it was mounted. If e2fsck appeared to fix many errors, chances are most of your data will be in the lost+found folder, and you'll need to sort through this yourself. If you're lucky, then your data will be intact and readily usable. Internal SD card data is located at ./media/0.
To fix the partitions and get Android back up and running, you need to install the latest firmware, format your data in TWRP, factory reset, and then flash a ROM again. Here's what I did to do that, without an SD card. If you have an SD card, simply copy your ROM zip to the SD card and skip the final steps:
Make sure you have the latest version of TWRP and ADB, and download the latest copy of the firmware (check the development forum here).
Boot the phone (doesn't matter to what) and run adb reboot bootloader. When your phone reboots, double-check by running fastboot reboot-bootloader.
Put your phone in RUU mode with fastboot oem rebootRUU. The phone will restart and the HTC logo will come up.
Wait a couple seconds, then run fastboot flash zip firmware.zip, where firmware.zip is the firmware you want to flash.
The first time you do this, it will fail saying something like "FAILED (remote: 90 hboot pre-update! please flush image again immediately)". Ignore this, run the last command again: fastboot flash zip firmware.zip
The progress bar will appear and begin filling. Wait until fastboot is finished flashig it (the progress bar may not fill completely), wait an extra 5 seconds or so, and then do fastboot reboot.
The phone will reboot. Android will still be messed up, but you can verify the partitions are in working order by checking adb shell cat /proc/emmc.
Once you know the partitions are working, get back into TWRP/recovery: adb reboot recovery
Format /data and wipe /cache, /data, dalvik/art cache, etc (factory reset). You will lose the contents of your internal storage and everything else.
If you don't have the ROM zip on an sd card, make sure the zip is in the same directory as adb and run adb push rom.zip /sdcard/rom.zip, where rom.zip is the ROM. You can also copy it to the external sd by swapping /sdcard/rom.zip with /external_storage/rom.zip.
Once copied, reboot into recovery and flash the zip. Back to normal!
Update:
It's a firmware problem. Apparently there was a new firmware update that the ROM uses that I don't have. mmcblk0p42 was changed to "vzw_logger" (which I don't have), making mmcblk0p49 userdata instead of previously mmcblk0p48. The data partition it expects to be /data is /cache. Got this information by comparing 'cat /proc/emmc' with information of the latest version I found here.
Is there a way to fix this that allows me to preserve the contents of my internal storage (/sdcard)? Can I just flash an older version of the ROM to backup my data?
Klayderpus said:
Update:
It's a firmware problem. Apparently there was a new firmware update that the ROM uses that I don't have. mmcblk0p42 was changed to "vzw_logger" (which I don't have), making mmcblk0p49 userdata instead of previously mmcblk0p48. The data partition it expects to be /data is /cache. Got this information by comparing 'cat /proc/emmc' with information of the latest version I found here.
Is there a way to fix this that allows me to preserve the contents of my internal storage (/sdcard)? Can I just flash an older version of the ROM to backup my data?
Click to expand...
Click to collapse
I posted a warning about this change in the general section early on. For you to have the partition changes means you are on the newer firmware which doesn't match what you posted above for os. You very likely at this point have nothing left to salvage. Are you on the latest twrp?
dottat said:
I posted a warning about this change in the general section early on. For you to have the partition changes means you are on the newer firmware which doesn't match what you posted above for os. You very likely at this point have nothing left to salvage. Are you on the latest twrp?
Click to expand...
Click to collapse
I am on the latest TWRP, yes. Since this post, I've actually been making good progress in getting the data partition back, or so I think. I've been using dd to copy /dev/block/mntblk0p48 to an image file, but got stuck when I reached the FAT32 limit, so I re-formatted my SD card, except now it's read-only.
Klayderpus said:
I am on the latest TWRP, yes. Since this post, I've actually been making good progress in getting the data partition back, or so I think. I've been using dd to copy /dev/block/mntblk0p48 to an image file, but got stuck when I reached the FAT32 limit, so I re-formatted my SD card, except now it's read-only.
Click to expand...
Click to collapse
If you Dd the entire data partition it's gonna be almost 25 gigs. If you can't mount data in twrp and find anything usable when browsing via adb in twrp there's probably not anything usable in there.
dottat said:
If you Dd the entire data partition it's gonna be almost 25 gigs. If you can't mount data in twrp and find anything usable when browsing via adb in twrp there's probably not anything usable in there.
Click to expand...
Click to collapse
I did a DD before while in ADB and it only got to about 1.3 gigs, but after running the image through e2fsck I actually found some images and downloads. I think there's usable stuff in there and I'd like to at least try to get it. There's family pictures and stuff on there that have some value to me. My SD card is 32 gigs so I could probably do it if anything for the hell of it.
Do you happen to know how I can get the SD card mounted? mount -o rw,remount /dev/block/mmcblk1p1 [some dir] is what I've been trying, but I've been getting either Read only filesystem or Invalid argument.
I might be a little crazy
Klayderpus said:
I did a DD before while in ADB and it only got to about 1.3 gigs, but after running the image through e2fsck I actually found some images and downloads. I think there's usable stuff in there and I'd like to at least try to get it. There's family pictures and stuff on there that have some value to me. My SD card is 32 gigs so I could probably do it if anything for the hell of it.
Do you happen to know how I can get the SD card mounted? mount -o rw,remount /dev/block/mmcblk1p1 [some dir] is what I've been trying, but I've been getting either Read only filesystem or Invalid argument.
I might be a little crazy
Click to expand...
Click to collapse
Its already mounted.. Just boot into TWRP while connected to your PC. Open cmd prompt in your adb directory.
adb shell
cd sdcard
ls
See if your internal SD card contents are listed.
dottat said:
Its already mounted.. Just boot into TWRP while connected to your PC. Open cmd prompt in your adb directory.
adb shell
cd sdcard
ls
See if your internal SD card contents are listed.
Click to expand...
Click to collapse
TWRP lists the internal SD card as being size 0 under Mount -> Select Storage and /sdcard is empty. I re-formatted my external SD card to make a full size image but that's what wasn't mounting.
Klayderpus said:
TWRP lists the internal SD card as being size 0 under Mount -> Select Storage and /sdcard is empty. I re-formatted my external SD card to make a full size image but that's what wasn't mounting.
Click to expand...
Click to collapse
Did you try the repair option for /data listed under wipe in TWRP?
dottat said:
Did you try the repair option for /data listed under wipe in TWRP?
Click to expand...
Click to collapse
Doesn't work. There's a couple of messages about not being able to mount /data and then:
Code:
Repairing Data using e2fsck...
E:Unable to repair '/data'.
E:Error repairing file system.
Klayderpus said:
Doesn't work. There's a couple of messages about not being able to mount /data and then:
Code:
Repairing Data using e2fsck...
E:Unable to repair '/data'.
E:Error repairing file system.
Click to expand...
Click to collapse
try this
adb shell
mount -t ext4 /dev/block/mmcblk0p49 /userdata
df
show me the output of df...
and if to be sure of which firmware you are on.. reboot recovery... and do the following....
adb shell
mount -t ext4 /dev/block/mmcblk0p48 /userdata
df
and show me that DF
I got all of my data back successfully. I'm updating the OP with the steps I did to get it back.
What's the next step? Change firmware? I have a local copy of what I needed from the phone, so anything's game now.
edit: /dev/block/mmcblk0p48 for me is userdata, 49 does not exist. Both mounts fail.
Code:
df
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 933044 24 933020 0% /dev
tmpfs 933044 20 933024 0% /tmp
/dev/block/mmcblk0p47 1030828 16464 1014364 2% /cache
/dev/block/mmcblk1p1 30647232 12 29090436 0% /external_sd
/dev/block/mmcblk1p1 30647232 12 29090436 0% /and-sec
Klayderpus said:
I got all of my data back successfully. I'm updating the OP with the steps I did to get it back.
What's the next step? Change firmware? I have a local copy of what I needed from the phone, so anything's game now.
edit: /dev/block/mmcblk0p48 for me is userdata, 49 does not exist. Both mounts fail.
Code:
df
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 933044 24 933020 0% /dev
tmpfs 933044 20 933024 0% /tmp
/dev/block/mmcblk0p47 1030828 16464 1014364 2% /cache
/dev/block/mmcblk1p1 30647232 12 29090436 0% /external_sd
/dev/block/mmcblk1p1 30647232 12 29090436 0% /and-sec
Click to expand...
Click to collapse
I would say update firmware. Since you confirmed blk48 as user data I know you don't have lollipop firmware.
I posted a firmware zip that contains the newest twrp which is compatible with lollipop in tigerstowns firmware thread. You can use that to update.
Then wipe and reinstall whatever Rom you want to use.
I fixed it this morning by updating firmware and will update the OP with the rest of the steps for the Googlers. Thanks again.
Klayderpus said:
EDIT: For anyone else having a problem like this that at least wants to get their data back, here's what you should do (I assume you know how to work with Linux!):
Make sure you have the latest version of TWRP and ADB.
Boot the phone into recovery mode and connect the phone to your computer via USB
Run "ls -al /dev/block/platform/msm_sdcc.1/by-name" and check the output. Make a note of the partition marked "userdata" - for me, it was /dev/block/mmcblk0p48.
Either: simply use adb pull to copy this file to your computer (this will require about 26 gigs of space), or attempt to mount the file. To use adb pull, execute "adb pull /dev/block/<ID> ./data" (ID being what you marked down). Your data partition will be copied to /data. To mount, use "mount -t ext4 /dev/block/<ID> /userdata". Whatever's left of your data will be on your phone's new /userdata folder.
Use ADB to pull what files you want from /userdata. If you pulled the partition, skip this step.
If you copied the files you wanted over, you're done. If you pulled the entire partition, you're going to want to try and mount it. On Windows, there are various tools to mount Linux partitions, a quick Google will find some good ones. However, if the data is corrupt, it will not work. I recommend attempting to repair the partition on linux, with the command "e2fsck -f -y /path/to/data", replacing the path to your data file as necessary. Once done, run "mount -t ext4 /path/to/data /mnt/data", replacing the paths as necessary.
Once mounted, you can access your data wherever it was mounted. If e2fsck appeared to fix many errors, chances are most of your data will be in the lost+found folder, and you'll need to sort through this yourself. If you're lucky, then your data will be intact and readily usable. Internal SD card data is located at ./media/0.
[/LIST]
Click to expand...
Click to collapse
I have a laptop running Ubuntu: where do I run the "ls -al /dev/block..." command? As in what folder do I need to be in? The phone only appears in an mtp capacity...
EDIT: I figured that out but now I am stuck at "adb pull /dev/block/<ID> ./data". My ID was mmcblk0p28 but the command returns "Bash: mmcblk0p28: no such file or directory exists"
EDIT 2: Got that command to work but the file is too large to write (My disk is FAT32 ). So I then tried the mount command but again got "no such file or directory exists".
Same Issue "Decryption Unsuccessful"
I was trying to apply the OTA update for 5.1 on my M8 converted to GPE 5.01, but had to update to the stock recovery, and found myself in the same situation with the "Decryption Unsuccessful" message.
Following Klayderpus' steps to recover, but I'm running into a few issues:
1) Windows not Ubuntu so some (many) of the commands do not apply.
2) The device is not responding to adb, although it was prior to the "upgrade". Fastboot is working.
3) TWRP was not on the device, in fact I never could get to the recovery after trying to install the stock recovery when I converted to GPE 5.01 many months ago
I have a fresh nandroid backup, so I am just trying to get the device running. Being without the phone is causing me great pain....
I upgraded the firmware to 4.16 and did the factory reset from the stock 4.16 recovery. The phone boots back to the "Decryption Unsuccessful" message.
I am not sure, but I think the next step for me to try is to install the GPE ROM from graffixnyc from the microSD card (need to find/buy that little SD adaptor)
Any help would be greatly appreciated!!
========================
Update;
Recovery does not see the SD card , so I won't be able to install from there.
I'll try flashing TWRP recover to see if that will show the contents of the external card
========================
Update 2:
TWRP does see the external card, but the install failed as it is unable to mount /data and /storage.
I'm out of ideas....HELP!!
========================
Update 3
I noticed the "factory reset" in HBOOT and thought I'd try that instead of the "Wipe" in TWRP, but only made things worse.
Now the phone comes up to the "Decryption Unsuccessful" where I can then take the reset to get it into TWRP recover
TWRP comes up directly into a screen where it's "Running OpenRecovery Script" and then reboots.
I'm going to quit now, as I am only making matters worse.....
========================
Update 4
I got TWRP to quit whatever it was doing.
Now, In TWRP > Wipe > Advanced Wipe, I cannot wipe or repair the Data partition. I see a message "Could not mount /data unable to find crypto footer". Trying to wipe the Davlik Cache fails, "Unable to mount /data, " Unable to mount storage".
========================
version-bootloader: 3.19.0.0000
version-baseband: 1.25.214500021.06G
version-main: 4.16.401.10
modelid: 0P6B12000
cidnum: 11111111
========================
I've bricked the phone and it looks permanent.
I found another thread where everyone was solving this issue running this command "mke2fs -T ext4 /dev/block/mmcblk0p8" in TWRP. I failed to notice that it was not an M8 device thread. The phone won't boot at all, and windows sees it as a usb drive.
Haste makes waste
Do you still have fastboot?
Check out the RUU collection here and grab what apllies to your device:
http://forum.xda-developers.com/ver...zw-m8-master-ruu-firmware-collection-t2946473
Make sure you use the HTC fastboot.exe from post 3
highplains914drifter said:
I was trying to apply the OTA update for 5.1 on my M8 converted to GPE 5.01, but had to update to the stock recovery, and found myself in the same situation with the "Decryption Unsuccessful" message.
Following Klayderpus' steps to recover, but I'm running into a few issues:
1) Windows not Ubuntu so some (many) of the commands do not apply.
2) The device is not responding to adb, although it was prior to the "upgrade". Fastboot is working.
3) TWRP was not on the device, in fact I never could get to the recovery after trying to install the stock recovery when I converted to GPE 5.01 many months ago
I have a fresh nandroid backup, so I am just trying to get the device running. Being without the phone is causing me great pain....
I upgraded the firmware to 4.16 and did the factory reset from the stock 4.16 recovery. The phone boots back to the "Decryption Unsuccessful" message.
I am not sure, but I think the next step for me to try is to install the GPE ROM from graffixnyc from the microSD card (need to find/buy that little SD adaptor)
Any help would be greatly appreciated!!
========================
Update;
Recovery does not see the SD card , so I won't be able to install from there.
I'll try flashing TWRP recover to see if that will show the contents of the external card
========================
Update 2:
TWRP does see the external card, but the install failed as it is unable to mount /data and /storage.
I'm out of ideas....HELP!!
========================
Update 3
I noticed the "factory reset" in HBOOT and thought I'd try that instead of the "Wipe" in TWRP, but only made things worse.
Now the phone comes up to the "Decryption Unsuccessful" where I can then take the reset to get it into TWRP recover
TWRP comes up directly into a screen where it's "Running OpenRecovery Script" and then reboots.
I'm going to quit now, as I am only making matters worse.....
========================
Update 4
I got TWRP to quit whatever it was doing.
Now, In TWRP > Wipe > Advanced Wipe, I cannot wipe or repair the Data partition. I see a message "Could not mount /data unable to find crypto footer". Trying to wipe the Davlik Cache fails, "Unable to mount /data, " Unable to mount storage".
========================
version-bootloader: 3.19.0.0000
version-baseband: 1.25.214500021.06G
version-main: 4.16.401.10
modelid: 0P6B12000
cidnum: 11111111
========================
I've bricked the phone and it looks permanent.
I found another thread where everyone was solving this issue running this command "mke2fs -T ext4 /dev/block/mmcblk0p8" in TWRP. I failed to notice that it was not an M8 device thread. The phone won't boot at all, and windows sees it as a usb drive.
Haste makes waste
Click to expand...
Click to collapse
If you have fastboot do the following commands
Fastboot oem task 28
Fastboot oem task 29
Then try to flash your rom or ruu.
dottat said:
If you have fastboot do the following commands
Fastboot oem task 28
Fastboot oem task 29
Then try to flash your rom or ruu.
Click to expand...
Click to collapse
No Fastboot, nothing. Device was charged, but now acts as if the battery is dead. the Power button does nothing even after a long press.
Bad day...
Klayderpus said:
I previously ran LolliGPE but was long overdue for an update. I downloaded the latest version and copied the image to my phone and flashed the ROM. I decided to go try a dirty install first to see if I could keep everything I had, since I had already been running a previous version and after reviewing the changelog did not see anything recommending to wipe clean. After installing successfully, Android asked me to enter my password to decrypt my data (I don't recall ever encrypting my data?), and so I did. It then told me that my password was right, but the data was corrupt, and presented me a button to reset my phone. The button redirected me to recovery and automatically attempted to wipe /data and then re-mount it, but the wipe failed. I rebooted again with the same issue, same failed attempt to wipe. I went to install the zip again, and this time do a full wipe, but it was unable to mount my phone's storage nor my SD card. I am not able to mount either at all now.
What's the best course of action? I'd like to retain as much as I can and avoid wiping all of the internal storage clean. Is there a simpler fix to this or am I doomed?
HBOOT: 3.19.0.0000
RADIO: 1.09.20.0926
OS: 3.28.605.4
EDIT: For anyone else having a problem like this that at least wants to get their data back, here's what you should do (I assume you know how to work with Linux!):
Make sure you have the latest version of TWRP and ADB.
Boot the phone into recovery mode and connect the phone to your computer via USB
Run "ls -al /dev/block/platform/msm_sdcc.1/by-name" and check the output. Make a note of the partition marked "userdata" - for me, it was /dev/block/mmcblk0p48.
Either: simply use adb pull to copy this file to your computer (this will require about 26 gigs of space), or attempt to mount the file. To use adb pull, execute "adb pull /dev/block/<ID> ./data" (ID being what you marked down). Your data partition will be copied to /data. To mount, use "mount -t ext4 /dev/block/<ID> /userdata". Whatever's left of your data will be on your phone's new /userdata folder.
Use ADB to pull what files you want from /userdata. If you pulled the partition, skip this step.
If you copied the files you wanted over, you're done. If you pulled the entire partition, you're going to want to try and mount it. On Windows, there are various tools to mount Linux partitions, a quick Google will find some good ones. However, if the data is corrupt, it will not work. I recommend attempting to repair the partition on linux, with the command "e2fsck -f -y /path/to/data", replacing the path to your data file as necessary. Once done, run "mount -t ext4 /path/to/data /mnt/data", replacing the paths as necessary.
Once mounted, you can access your data wherever it was mounted. If e2fsck appeared to fix many errors, chances are most of your data will be in the lost+found folder, and you'll need to sort through this yourself. If you're lucky, then your data will be intact and readily usable. Internal SD card data is located at ./media/0.
To fix the partitions and get Android back up and running, you need to install the latest firmware, format your data in TWRP, factory reset, and then flash a ROM again. Here's what I did to do that, without an SD card. If you have an SD card, simply copy your ROM zip to the SD card and skip the final steps:
Make sure you have the latest version of TWRP and ADB, and download the latest copy of the firmware (check the development forum here).
Boot the phone (doesn't matter to what) and run adb reboot bootloader. When your phone reboots, double-check by running fastboot reboot-bootloader.
Put your phone in RUU mode with fastboot oem rebootRUU. The phone will restart and the HTC logo will come up.
Wait a couple seconds, then run fastboot flash zip firmware.zip, where firmware.zip is the firmware you want to flash.
The first time you do this, it will fail saying something like "FAILED (remote: 90 hboot pre-update! please flush image again immediately)". Ignore this, run the last command again: fastboot flash zip firmware.zip
The progress bar will appear and begin filling. Wait until fastboot is finished flashig it (the progress bar may not fill completely), wait an extra 5 seconds or so, and then do fastboot reboot.
The phone will reboot. Android will still be messed up, but you can verify the partitions are in working order by checking adb shell cat /proc/emmc.
Once you know the partitions are working, get back into TWRP/recovery: adb reboot recovery
Format /data and wipe /cache, /data, dalvik/art cache, etc (factory reset). You will lose the contents of your internal storage and everything else.
If you don't have the ROM zip on an sd card, make sure the zip is in the same directory as adb and run adb push rom.zip /sdcard/rom.zip, where rom.zip is the ROM. You can also copy it to the external sd by swapping /sdcard/rom.zip with /external_storage/rom.zip.
Once copied, reboot into recovery and flash the zip. Back to normal!
Click to expand...
Click to collapse
Hey
I have a HTC one m7 verizon & same problem storage decryption failed. See my case here in below post. And please tell me if anything possible. Please......
http://forum.xda-developers.com/verizon-htc-one/help/storage-encryped-htc-one-m7-vzw-s-t3279869

How to decrypt /sdcard from ADB?

Long story short, I screwed up, and now I have an encrypted storage (with my files that I want back) but TWRP and the OS thinks it is not.
It goes like this:
The Magisk v22.0 update screwed up my phone, which stuck in a bootloop.
After countless tries with Magisk (updating, uninstalling. installing, removing mods, adding mods) in TWRP, I read somewhere to dirty flash the ROM.
Due to an HDD failure in my PC, I did not have any storage to back up my internal storage from the phone.
Because I wanted to update the ROM anyways (from MIUI 11 to 12) I decided to flash the newer one. That was the first mistake.
This made the bootloop worse, and now it stuck in fastboot mode, no recovery. After many sleepless nights I found out that not every USB-C cable is equal, and I couldn't reach my phone via fastboot because of the cable itself. Tried it with the original cable, it sure showed up as a fastboot device.
So now I was able to flash an original fastboot ROM which still gave me bootloop, so I went wiping (not formatting, so the /sdcard fs doesn't gets erased) Data and Cache in TWRP.
Then reflashed the fastboot ROM, and somehow it worked. When It booted up, I had to type in my screen lock pin again, and after setup all my files were available.
Now that the phone worked again, I wanted to finish what I started, to update to latest EU (recovery) ROM. This was the second mistake. It did not work (because it required formatting data, which I did not wanted to, and just wiped it), and came bootloop again.
So I went back to the fastboot ROM again, which fixed the phone again.
But this time, it thought the internal storage was not encrypted, so it encrypted it again.
Now I can't access the internal storage. Even the camera app says that first I need an SD Card to take photos.
Its clearly still encrypted because when I browse it in TWRP, the structure and files are there, but the names are like "74t7Z1,dnvgIIexr1QAfhD".
The problem being neither the OS, nor TWRP knows the storage is encrypted double, so it doesn't even tries to decrypt it, and there are no options to do it.
Tried to set encryption in the running OS, but it gave me the same results: even tho TWRP asks for decryption key, and says it successfully decrypted, the storage is still a mess like its in encrypted state.
Is there any way to manually force some flag, so I can access my files again? I have the encryption key, I just need some way to decrypt the storage. I think of something like an ADB command to flag the partition as encrypted, so TWRP and OS would try to decrypt it.
Thanks in advance!
insetta said:
Long story short, I screwed up, and now I have an encrypted storage (with my files that I want back) but TWRP and the OS thinks it is not.
It goes like this:
The Magisk v22.0 update screwed up my phone, which stuck in a bootloop.
After countless tries with Magisk (updating, uninstalling. installing, removing mods, adding mods) in TWRP, I read somewhere to dirty flash the ROM.
Due to an HDD failure in my PC, I did not have any storage to back up my internal storage from the phone.
Because I wanted to update the ROM anyways (from MIUI 11 to 12) I decided to flash the newer one. That was the first mistake. This made the bootloop worse, and now it stuck in fastboot mode, no recovery. After many sleepless nights I found out that not every USB-C cable is equal, and I couldn't reach my phone via fastboot because of the cable itself.
Due to an HDD failure in my PC, I did not have any storage to back up my internal storage from the phone.
So now I was able to flash an original fastboot ROM which still gave me bootloop, but after wiping (not formatting, so the /sdcard fs doesn't gets erased) Data and Cache in TWRP.
Then reflashed the fastboot ROM, and somehow it worked. When It booted up, I had to type in my screenlock pin again, and after setup all my files were available.
Now that the phone worked again, I wanted to finish what I started, to update to latest EU (recovery) ROM. This was the second mistake. It did not work (because it required formatting data, which I did not wanted to, and just wiped it), and came bootloop again.
So I went back to the fastboot ROM again, which fixed the phone again.
But this time, it thinks the internal storage is not encrypted.
Now I can't access the internal storage. Even the camera app says that first I need an SD Card to take photos.
Its clearly still encrypted because when I browse it in TWRP, the structure and files are there, but the names are like "74t7Z1,dnvgIIexr1QAfhD".
The problem being neither the OS, nor TWRP knows the storage is encrypted, so it doesn't even tries to decrypt it, and there are no options to do it.
Tried to set encryption in the running OS, but it gave me the same results: even tho TWRP asks for decryption key, and says it successfully decrypted, the storage is still a mess like its in encrypted state.
Is there any way to manually force some flag, so I can access my files again? I have the encryption key, I just need some way to decrypt the storage. I think of something like an ADB command to flag the partition as encrypted, so TWRP and OS would try to decrypt it.
Thanks in advance!
Click to expand...
Click to collapse
Is twrp permanently installed
Austinredstoner said:
Is twrp permanently installed
Click to expand...
Click to collapse
No, its not.
Also, seems like the option to decrypt is not there because its being encrypted double. One with my original pin, and now with "default_password" since the encryption is forced in this ROM.
Trying to create any backup in TWRP now gives the "required key not available" error.
insetta said:
No, its not.
Also, seems like the option to decrypt is not there because its being encrypted double. One with my original pin, and now with "default_password" since the encryption is forced in this ROM.
Trying to create any backup in TWRP now gives the "required key not available" error.
Click to expand...
Click to collapse
Decryption only works when twrp permanently installed
Austinredstoner said:
Decryption only works when twrp permanently installed
Click to expand...
Click to collapse
Okay, I flashed TWRP.
Now I found that from shell, TWRP has a "decrypt" function, which I called, but no success
tucana:/ # twrp
TWRP openrecoveryscript command line tool, TWRP version 3.5.2_9-0
Allows command line usage of TWRP via openrecoveryscript commands.
Some common commands include:
install /path/to/update.zip
backup <SDCRBAEM> [backupname]
restore <SDCRBAEM> [backupname]
wipe <partition name>
format data
sideload
set <variable> [value]
decrypt <password> [USER ID]
remountrw
fixperms
mount <path>
unmount <path>
print <value>
mkdir <directory>
reboot [recovery|poweroff|bootloader|download|edl]
tucana:/ # twrp decrypt **********
Attempting to decrypt data partition or user data via command line.
Failed to decrypt data.
insetta said:
Okay, I flashed TWRP.
Now I found that from shell, TWRP has a "decrypt" function, which I called, but no success
tucana:/ # twrp
TWRP openrecoveryscript command line tool, TWRP version 3.5.2_9-0
Allows command line usage of TWRP via openrecoveryscript commands.
Some common commands include:
install /path/to/update.zip
backup <SDCRBAEM> [backupname]
restore <SDCRBAEM> [backupname]
wipe <partition name>
format data
sideload
set <variable> [value]
decrypt <password> [USER ID]
remountrw
fixperms
mount <path>
unmount <path>
print <value>
mkdir <directory>
reboot [recovery|poweroff|bootloader|download|edl]
tucana:/ # twrp decrypt **********
Attempting to decrypt data partition or user data via command line.
Failed to decrypt data.
Click to expand...
Click to collapse
Can u partition sd card if not can u install recovery ramdisk
Austinredstoner said:
Can u partition sd card if not can u install recovery ramdisk
Click to expand...
Click to collapse
What would be the purpose of partitioning the fs? Not to mention it would like cause data loss
insetta said:
What would be the purpose of partitioning the fs? Not to mention it would like cause data loss
Click to expand...
Click to collapse
That maybe true I can't think of anything else the only thing I can still think of is dm verify or vbmeta
Austinredstoner said:
That maybe true I can't think of anything else the only thing I can still think of is dm verify or vbmeta
Click to expand...
Click to collapse
"dm verify or vbmeta"
Sound familiar, please elaborate
insetta said:
"dm verify or vbmeta"
Sound familiar, please elaborate
Click to expand...
Click to collapse
How to enable and disable dm verity on android user build
How to enable and disable dm verity on android user build. adb root, adb disable-verity, adb enable-verity. remount failed: permission denied
5gnotes.com
Austinredstoner said:
How to enable and disable dm verity on android user build
How to enable and disable dm verity on android user build. adb root, adb disable-verity, adb enable-verity. remount failed: permission denied
5gnotes.com
Click to expand...
Click to collapse
Encryption / decryption of /sdcard partition relies on PIN/password set and stored in file /data/system/locksetting.db.
Neither AVB 1.0 ( AKA DM-Verity ) nor AVB 2.0 (read: Android Verified Boot - available only on project Treble devices) have anything to do with encryption / decryption of Android partitions: their purpose is the verification of the Android OS through the bootloader when phone gets started.
insetta said:
tucana:/ # twrp decrypt **********
Attempting to decrypt data partition or user data via command line.
Failed to decrypt data.
Click to expand...
Click to collapse
Look into Android's file /cache/recovery/log to get the reason why TWRP's decrypt fails.
Why not pull content of /sdcard to PC ( e.g. TAR-archived ) and then do a factory reset to get rid of the encryption?
jwoegerbauer said:
Look into Android's file /cache/recovery/log to get the reason why TWRP's decrypt fails.
Why not pull content of /sdcard to PC ( e.g. TAR-archived ) and then do a factory reset to get rid of the encryption?
Click to expand...
Click to collapse
Because pulling encrypted /storage is pointless. First I need to be able to decrypt them.
Because pulling encrypted /storage is pointless. First I need to be able to decrypt them.
Looked into the TWRP log, and seems like it uses the native android Keymaster HAL 4 to decrypt the storage, but it ran into some issues:
This is on TWRP boot:
Bash:
I:Setting up '/data' as data/media emulated storage.
I:mount -o bind '/data/media' '/sdcard' process ended with RC=0
I:mount -o bind '/data/media/0' '/sdcard' process ended with RC=0
I:File Based Encryption is present
e4crypt_initialize_global_de
Determining wrapped-key support for /data
fbe.data.wrappedkey = true
Wrapped key supported on /data
calling retrieveAndInstallKey
Key exists, using: /data/unencrypted/key
Using Keymaster HAL: 4 from QTI for encryption. Security level: TRUSTED_ENVIRONMENT, HAL: [email protected]::IKeymasterDevice/default
begin failed, code -62
Upgrading key in memory only: /data/unencrypted/key
upgrade_key failed, code -38
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de
Determining wrapped-key support for /data
fbe.data.wrappedkey = true
Wrapped key supported on /data
calling retrieveAndInstallKey
Key exists, using: /data/unencrypted/key
Using Keymaster HAL: 4 from QTI for encryption. Security level: TRUSTED_ENVIRONMENT, HAL: [email protected]::IKeymasterDevice/default
begin failed, code -62
Upgrading key in memory only: /data/unencrypted/key
upgrade_key failed, code -38
e4crypt_initialize_global_de returned fail
And this is after I wanted to decrypt it:
Bash:
I:Command 'decrypt *************' received
I:Set page: 'singleaction_page'
I:operation_start: 'TWRP CLI Command'
Attempting to decrypt data partition or user data via command line.
E:Unexpected value for crypto key location
E:Error getting crypt footer and key
E:Could not get footer
Failed to decrypt data.
I:Done reading ORS command from command line
I:operation_end - status=0
I also would like to decrypt my phone. I have access to adb shell, fastboot and twrp. Is there any news on how to do it?

Decrypt any Android device with CMD / Power Shell command !

How to Decrypt Xiaomi REDMI 6 with CMD / Power Shell Commands ???
Just remove your screen lock then it'll be decrypted.
I tried but it's not getting decrypted.
Have you tried using no flash verity encrypt zip file?
I have tried everything! Eg- DM- Verity, Changing the file system to Ext4, Formatting data. When I format data the Internal storage gets decrypted but when I Boot the device and then again Boot in TWRP the device again gets encrypted.

Recover soft brick w/o data loss - After failed dirty flash?

Hi All,
I'd urgently need confirmation and/or tipp from seasoned "brick recovery artists" ;-)
Key questions:
(a) In the scenario presented below, can I recovery from soft brick without loosing data (incl. encrypted external sdcard)?
(b) If no - is there a way to recover directly from a TWRP backup (to pre-encryption status)?
Thanks a million!
-----the issue------
To dirty flash to my S9+ rooted and encrypted device, I tried to perform a dirty flash. See CustomROM thread here.
How the issue unfolded:
1. downloaded the latest v7.4
2. moved v7.4 install file to external sd
3. booted into twrp and performed system partition backup (system image, system, recovery, boot)
4. initiated via twrp a dirty flash
4.1 received error messager after 1 second: damaged zip file
5. rebooted into sysem - WORKED
5.1 realized my SDcard was not mounted and the system tried to "encrypting sdcard 10%/11%/..."
5.2 shut down system immediately
6. repeated step 5 with same results
7. booted into twrp and tried to restore from backup (system image, system, recovery, boot)
7.1 received error message "extracttarfork() process ended with error=255"
8. rebooted into system and rebooted into twrp
9. performed full restore only "system image"
10. booted into system - same as before, in step 5; immediately shut down
11. tried to boot into twrp without success; bootloader 1 error message: "could not do normal boot. INVALID KERNEL LENGTH"
I am a bit screwed here, i think?
the funny thing is that
(a) a OS boot still required me to enter my encryption pin
(b) the OS itself had no sdcard access/mounting issues apparently, same for TWRP partially. HOWEVER, the TWRP system backup was stored on my external SD card - How was TWRP even able to perform a restore from it, if it could not read /data and the sdcard in the first place?
solved. Please close

Block image of USERDATA partition is missing media folder (Internal storage folder), but I can see the files in the phone

Hello,
Every now and then I like to boot into recovery, unmount all partitions and make a image of the main block devices (SYSTEM and USERDATA) through adb as a backup. The USERDATA device should include a folder (media) containing the internal storage of the device where things like the Downloads folder is located.
However, I just noticed that if I mount the image in my Linux computer and navigate there, the folder is empty, even though the image has a reasonable size (27GB in a 32GB phone) and contains application data where it's supposed to.
By the sizes alone, there are no other block devices that could be hiding the missing files.
If I boot the phone back up and navigate to `/data/media/0` in termux, the files are there.
Am I missing something?
Additional Information:
Model: Samsung Galaxy S7
OS: LineageOS 18.1 (based on Android 11)
Recovery: TWRP
Command used for backup: adb pull /dev/block/platform/155a0000.ufs/by-name/USERDATA ~/Documents/emmc-backup-USERDATA.img
Thanks for any help.

Categories

Resources