I have a unbranded android phone stuck on kitkat and will encrypt fine but have installed a custom rom marshmallow. This doesnt encrypt at all (green robot, reboot and nothing).
What i would like to do is to hide the data partition from twrp so if it gets lost no one can access data. Should be able to lock unlock from os that way i can atleast ensure data is safe. Ideally i would like to encrypt but it cannot find a custom rom with encryption. I cannot lock BL again as it hangs most likely i think cos it rooted. any info ?
I think you can't really hide a partition - really hide data in a partition, even if a dot is 1st character of name of a directory and/or file or the empty .nomedia file is present in a directory. But, if Android is rooted, there a quick and easy, non-desctructable method to make sure the data can’t be accessed without doing some effort. Useful to hide data from a layperson.
The method is simple: flip the 5th least significant bit of the partition ID. The 0x83 for Linux partitions becomes 0x93. Let’s say we want to hide the partition /dev/sdd1 we run in Terminal window
Code:
su
sfdisk --change-id /dev/sdd 1 93
Note: sfdisk is part of BusyBox
thats what im looking or, any chance theres an app for this ? using commands phone side is a bit tricky, an app could make like work of that. Still its good enough maybe.
Deleted member 1890170 said:
I think you can't really hide a partition - really hide data in a partition, even if a dot is 1st character of name of a directory and/or file or the empty .nomedia file is present in a directory. But, if Android is rooted, there a quick and easy, non-desctructable method to make sure the data can’t be accessed without doing some effort. Useful to hide data from a layperson.
The method is simple: flip the 5th least significant bit of the partition ID. The 0x83 for Linux partitions becomes 0x93. Let’s say we want to hide the partition /dev/sdd1 we run in Terminal window
Code:
su
sfdisk --change-id /dev/sdd 1 93
Note: sfdisk is part of BusyBox
Click to expand...
Click to collapse
can i ask if re installin twrp make the data partition reappear ? if not then this is what i could do rather than encrypt. And do you have a more detailed guide on how to do the sfdisk thanks
androzer said:
I have a unbranded android phone stuck on kitkat and will encrypt fine but have installed a custom rom marshmallow. This doesnt encrypt at all (green robot, reboot and nothing).
What i would like to do is to hide the data partition from twrp so if it gets lost no one can access data. Should be able to lock unlock from os that way i can atleast ensure data is safe. Ideally i would like to encrypt but it cannot find a custom rom with encryption. I cannot lock BL again as it hangs most likely i think cos it rooted. any info ?
Click to expand...
Click to collapse
TWRP has the option to password lock TWRP.
Droidriven said:
TWRP has the option to password lock
Droidriven said:
TWRP has the option to password lock TWRP.
Click to expand...
Click to collapse
i dont think it has but even if it does whats the point ? you could reflash twrp writing over the password. But which twrp has this version or where is this option ?
Click to expand...
Click to collapse
@nidowak653
No, flashing TWRP will not remove the password because the password is stored in data partition, not in recovery.
As far as I know, it is and has always been an option in TWRP.
Also, relocking bootloader would wipe all data on the device, defeating the purpose of trying to encrypt/protect your data.
You are aware that if your device is lost or stolen, you can go to your Google account online and use the "Find My Device" option to remotely wipe your device of all data.
Droidriven said:
@nidowak653
No, flashing TWRP will not remove the password because the password is stored in data partition, not in recovery.
As far as I know, it is and has always been an option in TWRP.
Also, relocking bootloader would wipe all data on the device, defeating the purpose of trying to encrypt/protect your data.
You are aware that if your device is lost or stolen, you can go to your Google account online and use the "Find My Device" option to remotely wipe your device of all data.
Click to expand...
Click to collapse
i cannot find any option in twrp to lock the recovery with password, also read this
Why doesn't TWRP have password protection?
I’ve had people ask enough for a protected TWRP that I’m creating this page as a response so I don’t have to retype. If you’re seeing this page, you’re proba...
twrp.me
i only want encrypt to be able to use the fone for work purposes i dont really care about the data or the phone itself they can be replaced but havin encrypt means i can work on it.
Related
This Guide will work on S7 and S7 Edge Variants, probably also on other Samsung Phones. It doesn't matter if you have xposed and/or supersu installed
I did lately try to encrypt my device after installing my rom. So I tried to search on xda but I couldn't find anything useful until now.
After quit some time I finally managed it to get a working encryption, even with custom rom installed (which contains root and xposed). I will present the following steps here to help you folks to get an encrypted device.
Root will work as always after encryption :highfive:
Attention, TWRP can't read /data partition after this guide, that's because twrp doesn't support samsungs encryption at all
Pre requests:
- A working pc with adb installed
- Enough battery (at least 80%)
- Charger in your near field
- Working internet connection
Steps:
1. Go to SuperSU application on your device
2. Head over to the settings Tab
3. Scroll down and hit Full unroot
4. Click continue, when it asks you to install stock boot.img say NO, also NO on restoring stock recovery
5. SuperSU app should disappear
6. Make one full reboot
7. Head over to settings, lock screen and security, set a password
8. Plug in your charger and start encryption
9. Wait until your phone has fully encrypted (this can take quit some time)
10. After your device has successfully encrypted, we want to gain root access again
11. Boot into TWRP recovery
12. You now need a pc with working adb connection
13. Click adb sideload on twrp
14. Download latest super su to your PC, you can get that from here: Beta Thread
15. Open a terminal on your PC
16. Put the supersu.zip in the same direction as your terminal is opened (example: user/home)
17. Type into terminal: adb sideload *supersu_name*.zip
18. Reboot your phone and you have a working, encrypted phone with root installed!
If this guide helped you, please share it and hit thanks as well! :good:
@Tkkg1994
I don't think it could protect your data.
Here is a simple way to steal data from a encrypted phone with unlocked FRP.
Just add this script to ramdisk of kernel.
Code:
#!/system/bin/sh
rm -rf /data/system/lock*
rm -rf /data/system/gatekeep*
And this script will automaticlly remove any screen locks after the data partition is already unlocked by the system after boot.
You may ask:
Could I prevent unauthorized kernel from booting? (by re-enable FRP lock)
No, you can't because systemless install of SuperSU already modify the kernel and you can't boot modified kernel with FRP on.
Could I restore to stock kernel after finish this and then enable FRP?
You will lose your root.
And this way cannot prevent theft from reset your phone and then use it.
So, in a word, any tries to keep your phone safely after root are stupid.
It could only stop those low-IQ theft but it could not stop someone who really concern your data.
Jesse Chan said:
@Tkkg1994
I don't think it could protect your data.
Here is a simple way to steal data from a encrypted phone with unlocked FRP.
Just add this script to ramdisk of kernel.
Code:
#!/system/bin/sh
rm -rf /data/system/lock*
rm -rf /data/system/gatekeep*
And this script will automaticlly remove any screen locks after the data partition is already unlocked by the system after boot.
You may ask:
Could I prevent unauthorized kernel from booting? (by re-enable FRP lock)
No, you can't because systemless install of SuperSU already modify the kernel and you can't boot modified kernel with FRP on.
Could I restore to stock kernel after finish this and then enable FRP?
You will lose your root.
And this way cannot prevent theft from reset your phone and then use it.
So, in a word, any tries to keep your phone safely after root are stupid.
It could only stop those low-IQ theft but it could not stop someone who really concern your data.
Click to expand...
Click to collapse
Some guys need encrypted phones for their work (as some exchange server or email clients only work on encrypted devices)
I know that it is pretty much useless (since we have root access and can pretty much do anything with it)
So basically it brings you some more security but mainly gives those guys who need an encrypted phone for work a chance to have root and encryption together
Sent with my SM-G930F powered by SuperMan
Maybe my remark is stupid but with lollipop the user had to enter the decryption key just before loading the system... So even if the system was rooted, without the key it was impossible to recover the data...
You are saying me that now, in marshmallow Android is storing the key directly in the device ? And if one day there is a small flaw in the kernel all the data could be decrypt...
Thanks for you answer, i'am not an expert in security but i'am really interested in.
Hi,
I installed SuperMan rom without root/xposed and I can't get it to encrypt. It just restart the phone.
is there something else I need to do?
jesec said:
@Tkkg1994
I don't think it could protect your data.
Here is a simple way to steal data from a encrypted phone with unlocked FRP.
Just add this script to ramdisk of kernel.
Code:
#!/system/bin/sh
rm -rf /data/system/lock*
rm -rf /data/system/gatekeep*
And this script will automaticlly remove any screen locks after the data partition is already unlocked by the system after boot.
You may ask:
Could I prevent unauthorized kernel from booting? (by re-enable FRP lock)
No, you can't because systemless install of SuperSU already modify the kernel and you can't boot modified kernel with FRP on.
Could I restore to stock kernel after finish this and then enable FRP?
You will lose your root.
And this way cannot prevent theft from reset your phone and then use it.
So, in a word, any tries to keep your phone safely after root are stupid.
It could only stop those low-IQ theft but it could not stop someone who really concern your data.
Click to expand...
Click to collapse
Even with a locked FRP=1 I have been able to defeat it and gain access to the phone to USE, but never the data. Your script will only remove the locks once the data partition has beenunlocked, you still have not successfully recovered the data.
remixtech said:
Maybe my remark is stupid but with lollipop the user had to enter the decryption key just before loading the system... So even if the system was rooted, without the key it was impossible to recover the data...
You are saying me that now, in marshmallow Android is storing the key directly in the device ? And if one day there is a small flaw in the kernel all the data could be decrypt...
Thanks for you answer, i'am not an expert in security but i'am really interested in.
Click to expand...
Click to collapse
The key is ofc stored on the device, but it is in an encrypted state. ofc if there is a flaw in the kernel, unreported, this can be exploited to remove encryption somehow. Also you could remove the system rom chips and virtual simulate them and try to unlock thousands/millions of times defeating any format on bad password, etc. IF someone wants to access your data, they will. Just like the FBI iphones were opened. Its only a matter of money and time, no encryption is safe forever.
cridtohs said:
Even with a locked FRP=1 I have been able to defeat it and gain access to the phone to USE, but never the data. Your script will only remove the locks once the data partition has beenunlocked, you still have not successfully recovered the data.
The key is ofc stored on the device, but it is in an encrypted state. ofc if there is a flaw in the kernel, unreported, this can be exploited to remove encryption somehow. Also you could remove the system rom chips and virtual simulate them and try to unlock thousands/millions of times defeating any format on bad password, etc. IF someone wants to access your data, they will. Just like the FBI iphones were opened. Its only a matter of money and time, no encryption is safe forever.
Click to expand...
Click to collapse
Admittedly, yes.
It could only remove screen lock AFTER data partition is unlocked.
But in most situations, it could recover data because most people didn't set password as startup password.(What means data partition is already unlocked automatically before UI appear)
jesec said:
Admittedly, yes.
It could only remove screen lock AFTER data partition is unlocked.
But in most situations, it could recover data because most people didn't set password as startup password.(What means data partition is already unlocked automatically before UI appear)
Click to expand...
Click to collapse
how do we make sure that we set a "start up" password then? Is it the same if you use a long pin instead of a password?
|mickey said:
how do we make sure that we set a "start up" password then? Is it the same if you use a long pin instead of a password?
Click to expand...
Click to collapse
in security Lock screen and security there is an option for set pin on startup.
Also as an update to this method, if you had Xposed and magisk root, or if you had supersu and suhide, they need to all be reinstalled. This is the same method as flashing a stock bootloader then re-rooting afterwards. With new TWRP though you do not need to sideload because it has password to decrypt /data and allow flashing of the ramdisk, so you dont HAVE to sideload the supersu, but I suggest following TKK's tutorial exactly for sucess
cridtohs said:
in security Lock screen and security there is an option for set pin on startup.
Also as an update to this method, if you had Xposed and magisk root, or if you had supersu and suhide, they need to all be reinstalled. This is the same method as flashing a stock bootloader then re-rooting afterwards. With new TWRP though you do not need to sideload because it has password to decrypt /data and allow flashing of the ramdisk, so you dont HAVE to sideload the supersu, but I suggest following TKK's tutorial exactly for sucess
Click to expand...
Click to collapse
When you press encrypt you have to set such a password anyway so I don't see your point... You have to set a password, that is requested whenever you start your device... Is that not the same thing your describing?
Can't get encryption to work. The process starts and after a few seconds my phone just reboots.
Tested on several ROMs and Kernels, same result.
Anybody got an idea? I'm clueless...
unique730 said:
Can't get encryption to work. The process starts and after a few seconds my phone just reboots.
Tested on several ROMs and Kernels, same result.
Anybody got an idea? I'm clueless...
Click to expand...
Click to collapse
Same problem here - one more scream for HELP
unique730 said:
Can't get encryption to work. The process starts and after a few seconds my phone just reboots.
Tested on several ROMs and Kernels, same result.
Anybody got an idea? I'm clueless...
Click to expand...
Click to collapse
darkman088 said:
Same problem here - one more scream for HELP
Click to expand...
Click to collapse
When I tested this I had similar issues due to root. You made both a full unroot and followed all steps?
Sent from my SuperMan powered SM-G930F
Tkkg1994 said:
When I tested this I had similar issues due to root. You made both a full unroot and followed all steps?
Sent from my SuperMan powered SM-G930F
Click to expand...
Click to collapse
Hello and thanks for replying.
No, I didn't do a full unroot, because when I was testing this, I hadn't come across this thread And now I am not willing to invest that much time again, just to find out, that it's not working, once again
But I've tried many other strategies, which are very similar, but didn't work:
1) Disable SuperSU from the Application manager
2) Disable SuperSU from the settings of the app
3) Install busybox, boot in safe mode, connect the phone to my laptop, launche adb and enter there pkill -KILL daemonsu - this must be equivalent, as ps | grep daemonsu was not showing anything...
4) Tilting my phone in landscape mode
5) Repeating the attempt to encrypt several times after eachother
6) Many many more useless tips, which I found on the internet
Please kindly advise. Many thanks!
P. S.: HOW COME only the ROM of artas182x has encryption working PERFECTLY and I couldn't manage to encrypt my phone with no other ROM ? For example, I tried Slim ROM, which (if I'm not wrong) is not rooted and again - encryption didn't work, it hung somewhere along the process This is really terrible. Please excuse my total frustration
darkman088 said:
Hello and thanks for replying.
No, I didn't do a full unroot, because when I was testing this, I hadn't come across this thread And now I am not willing to invest that much time again, just to find out, that it's not working, once again
But I've tried many other strategies, which are very similar, but didn't work:
1) Disable SuperSU from the Application manager
2) Disable SuperSU from the settings of the app
3) Install busybox, boot in safe mode, connect the phone to my laptop, launche adb and enter there pkill -KILL daemonsu - this must be equivalent, as ps | grep daemonsu was not showing anything...
4) Tilting my phone in landscape mode
5) Repeating the attempt to encrypt several times after eachother
6) Many many more useless tips, which I found on the internet
Please kindly advise. Many thanks!
P. S.: HOW COME only the ROM of artas182x has encryption working PERFECTLY and I couldn't manage to encrypt my phone with no other ROM ? For example, I tried Slim ROM, which (if I'm not wrong) is not rooted and again - encryption didn't work, it hung somewhere along the process This is really terrible. Please excuse my total frustration
Click to expand...
Click to collapse
Ehm what is artas182x rom? or slim rom? we don't have that on our s7 as far as I know.
This guide may needs some adaptions to work on other devices
Tkkg1994 said:
Ehm what is artas182x rom? or slim rom? we don't have that on our s7 as far as I know.
This guide may needs some adaptions to work on other devices
Click to expand...
Click to collapse
It's a Marshmallow port from Galaxy S5 made by artas182x. I didn't like Slim ROM - it doesn't even have a file maanger
installed with it and when I tried encryption with it, it didn't work
Thank you!
We need someone xposed module to emulate knox 0x0 so that we can use knox again.
Tried with King Nougat V5 custom tom
After encryption finish and boot it keep showing "system ui has closed" error
I cannot type my password
Now doing full wipe
jimmod said:
Tried with King Nougat V5 custom tom
After encryption finish and boot it keep showing "system ui has closed" error
I cannot type my password
Now doing full wipe
Click to expand...
Click to collapse
I assume you have a modded systemUI. Try it with a stock one
Sent from my SuperMan powered SM-G930F
data encryption and root and TWRP toegether - is that working in android nougat ?
I really, really want encyption on my rooted S7 (930FD) incl. TWRP - but before I try this method here I have two questions:
- you are using the "terminal" - means you are using Linux? Or can I do this with windows powershell as well?
- encryption and root incl. TWRP works with Marshmallow MM only or will this work in Nougat as well?
Guys, apologies if the question is silly / already asked somewhere i wasn't able to locate.
As per thread title, what is that all about? 1. It's an expected behaviour / feature of TWRP, or is it kind of a bug? 2. Is there any way to avoid / disable it?
It's quite annoying during these days of frequent flashing as development is speeding up fast for this little beast.
If you have a pin or pattern set up it will always ask you for it.
sting5566 said:
If you have a pin or pattern set up it will always ask you for it.
Click to expand...
Click to collapse
Well, thanks for pointing that out.
I've been outside of the flashing world for a while with my old phone (OP2), but i'm pretty sure to recall that i was using TWRP 3.X and the pin was setup (due to fingerprint usage for unlocking) and the recovery was not asking for any decryption pwd.
Maybe the OP2 was not encrypted and that's the point. So wondering if future development will change this (are custom ROMs usually decrypted?)
It's something completely outside of my knowledge, so i could just be trashtalking here.
ca110475 said:
Well, thanks for pointing that out.
I've been outside of the flashing world for a while with my old phone (OP2), but i'm pretty sure to recall that i was using TWRP 3.X and the pin was setup (due to fingerprint usage for unlocking) and the recovery was not asking for any decryption pwd.
Maybe the OP2 was not encrypted and that's the point. So wondering if future development will change this (are custom ROMs usually decrypted?)
It's something completely outside of my knowledge, so i could just be trashtalking here.
Click to expand...
Click to collapse
If you don't want to enter anything when twrp starts under security , screen lock change that to none and you shouldn't have to put anything in when twrp starts.
ca110475 said:
Guys, apologies if the question is silly / already asked somewhere i wasn't able to locate.
As per thread title, what is that all about? 1. It's an expected behaviour / feature of TWRP, or is it kind of a bug? 2. Is there any way to avoid / disable it?
It's quite annoying during these days of frequent flashing as development is speeding up fast for this little beast.
Click to expand...
Click to collapse
It is a security issue. If you need pass/pin/pattern to keep your phone secure then logically you should have it required in twrp to prevent unauthorized access to your phone through twrp. You can disable pass/pin/pattern from the twrp file manager
Sent from my OnePlus6 using XDA Labs
Just decrypt your phones storage. You want be asked for a pattern / pin anymore in twrp
matze19999 said:
Just decrypt your phones storage. You want be asked for a pattern / pin anymore in twrp
Click to expand...
Click to collapse
How?
mikex8593 said:
How?
Click to expand...
Click to collapse
I'm not so sure you can actually decrypt the phone's storage and the reason I believe this to be so is the day I received my phone I was going through all of the settings. If you go into security and lock screen and scroll to the bottom you will see that your phone is encrypted. My phone was like this from day one without entering any fingerprint or PIN code. I may be wrong about decrypting the storage however the OnePlus 6 does have an EFS (encrypted file system) which stores meid, imei, serial number, config, diag settings and radio settings, etc in an encrypted format at the file system level.
If you do manage to decrypt your storage your phone will most certainly be vulnerable
dgunn said:
I'm not so sure you can actually decrypt the phone's storage and the reason I believe this to be so is the day I received my phone I was going through all of the settings. If you go into security and lock screen and scroll to the bottom you will see that your phone is encrypted. My phone was like this from day one without entering any fingerprint or PIN code. I may be wrong about decrypting the storage however the OnePlus 6 does have an EFS (encrypted file system) which stores meid, imei, serial number, config, diag settings and radio settings, etc in an encrypted format at the file system level.
If you do manage to decrypt your storage your phone will most certainly be vulnerable
Click to expand...
Click to collapse
I've always been decrypt with previous phones. There is no decryption method with the 6 yet because of the a/b partitioning. You need to flash a modified boot img.
mikex8593 said:
I've always been decrypt with previous phones. There is no decryption method with the 6 yet because of the a/b partitioning. You need to flash a modified boot img.
Click to expand...
Click to collapse
If you were to decrypt your data (and you can through either adb or fastboot - but I,m not going into that here), you would wipe it at the same time.
There's no way around this.
carlos67 said:
If you were to decrypt your data (and you can through either adb or fastboot - but I,m not going into that here), you would wipe it at the same time.
There's no way around this.
Click to expand...
Click to collapse
With that, I am aware of the wipe, but it would be a prepared and willing wipe, but you are right, this is not the place for the discussion.
My bootloader-unlocked Google Pixel runs Android Pie and it uses file-based encryption. Both system partitions are unmodified.
In an effort to get TWRP to successfully decrypt my Pixel's encrypted data, I performed a combination of:
Renaming these files (i.e., appending .bak to their names):
Code:
/data/system/gatekeeper.password.key
/data/system/gatekeeper.pattern.key
/data/system/locksettings.db
/data/system/locksettings.db-shm
/data/system/locksettings.db-wal
Copying the files back to their original names.
Setting and removing a lock pattern/password/PIN.
Now, my Pixel does not move past the "Pixel is starting" page. I can access Settings, but I have no access to my applications and files. How do I fix this so that I can get it to move past "Pixel is starting"?
I once ran into this issue, it has something to do with fingerprint and encryption, somehow it unlocks but it won't decrypt.
The only solution I've found is to wipe the device. Since you can power on the device, I suggest you to backup what you can with adb or from twrp, and do an advanced wipe, with even "format data" enabled (warning: you lose also /sdcard files), then reflash the stock factory image from fastboot.
This should remove the corrupted lock files and set it up like new.
TENN3R said:
I once ran into this issue, it has something to do with fingerprint and encryption, somehow it unlocks but it won't decrypt.
The only solution I've found is to wipe the device. Since you can power on the device, I suggest you to backup what you can with adb or from twrp, and do an advanced wipe, with even "format data" enabled (warning: you lose also /sdcard files), then reflash the stock factory image from fastboot.
This should remove the corrupted lock files and set it up like new.
Click to expand...
Click to collapse
Hang on. Did you skim my post? I'm trying to get it to decrypt or, if the decryption is not the problem, just get past "Pixel is starting" and get to my things on it. Wiping it won't fix that!
Fingerprints are not used to decrypt the device.
Bump.
Anyone else? What could be the cause of this? Would it give an error message if it couldn't find the right files?
TENN3R said:
I once ran into this issue, it has something to do with fingerprint and encryption, somehow it unlocks but it won't decrypt.
The only solution I've found is to wipe the device. Since you can power on the device, I suggest you to backup what you can with adb or from twrp, and do an advanced wipe, with even "format data" enabled (warning: you lose also /sdcard files), then reflash the stock factory image from fastboot.
This should remove the corrupted lock files and set it up like new.
Click to expand...
Click to collapse
Are you there?
TENN3R said:
I once ran into this issue, it has something to do with fingerprint and encryption, somehow it unlocks but it won't decrypt.
The only solution I've found is to wipe the device. Since you can power on the device, I suggest you to backup what you can with adb or from twrp, and do an advanced wipe, with even "format data" enabled (warning: you lose also /sdcard files), then reflash the stock factory image from fastboot.
This should remove the corrupted lock files and set it up like new.
Click to expand...
Click to collapse
Were you able to recover your data?
Bump.
Unfortunately not. I just wiped the device, maybe there is some way but I really don't know. Wiped and setup again
Bump.
Bump.
Someone please help.
Master Melab said:
Someone please help.
Click to expand...
Click to collapse
Wipe your phone maybe.
what is wrong with you all you needed to do to decrypt in twrp is disable your lock screen security, none of this other bull**** lmao.
Please help.
SnowFuhrer said:
Wipe your phone maybe.
Click to expand...
Click to collapse
That won't achieve the desired result as I'm trying to recover my data.
sudoxd said:
what is wrong with you all you needed to do to decrypt in twrp is disable your lock screen security, none of this other bull**** lmao.
Click to expand...
Click to collapse
First, I got into this mess by trying to get that to work. Second, how is this a solution?
Master Melab said:
First, I got into this mess by trying to get that to work. Second, how is this a solution?
Click to expand...
Click to collapse
it is a solution, unless there is something wrong with your phone which is caused by an entirely different issue, to access your data in twrp all you needed to do was disable your lock screen security
Unfortunately I don't think there's a way you can do it. The issue the OP is facing is that the system is unable to decrypt your user data at all, regardless of whether or not you are in TWRP or Stock Android, Stock Recovery, etc.
Trying to read between the lines on the AOSP File-based encryption https://source.android.com/security/encryption, your data is always encrypted - regardless of whether or not you have some security set (pin, password, etc). It's just a matter of whether or not the pin etc is part of the metadata used in the decryption. When you altered the security files that stored the information, you lost the ability to decrypt (probably the files have additional information that is passed with your pin to unlock the encryption keys). Removal of the files needed to be done within the system by removing the security, not by removing the files whilst it is encrypted. (Sorry if this isn't exactly what happened, it's hard to tell the exact sequence of events from the OP, i.e. whether or not it was all done in system, and when reboots were done.)
I did something like this before, and got the same result. Sorry but you'll have to rely upon the latest Google backups you had...
NZedPred said:
Trying to read between the lines on the AOSP File-based encryption https://source.android.com/security/encryption
Click to expand...
Click to collapse
I've tried, but I am unable to follow all of it.
NZedPred said:
your data is always encrypted - regardless of whether or not you have some security set (pin, password, etc). It's just a matter of whether or not the pin etc is part of the metadata used in the decryption.
Click to expand...
Click to collapse
I'm aware of that.
NZedPred said:
When you altered the security files that stored the information, you lost the ability to decrypt (probably the files have additional information that is passed with your pin to unlock the encryption keys). Removal of the files needed to be done within the system by removing the security, not by removing the files whilst it is encrypted. (Sorry if this isn't exactly what happened, it's hard to tell the exact sequence of events from the OP, i.e. whether or not it was all done in system, and when reboots were done.)
Click to expand...
Click to collapse
The files I touched have nothing to do with decryption, only unlocking.
NZedPred said:
I did something like this before, and got the same result.
Click to expand...
Click to collapse
Could you please explain what you did?
Forgive if I put this in the wrong section.
Q: my father recently passed away and I'm trying to recover some data that is on his phone. I physically have his phone. Blu G90. Is there a way to bypass or disable the native pin lock?
Usb debug not enabled. Default set to charge only for pc.
Pretty sure wipe at 15 is set so can't brute force.
I have a couple of forensics applications that can see it when it goes to bootloader but then they crash as soon as I try to grab an image or mount /system.
I'm literally begging for any assistance I can get.
Thanks in advance
AntiMatter2112 said:
Forgive if I put this in the wrong section.
Q: my father recently passed away and I'm trying to recover some data that is on his phone. I physically have his phone. Blu G90. Is there a way to bypass or disable the native pin lock?
Usb debug not enabled. Default set to charge only for pc.
Pretty sure wipe at 15 is set so can't brute force.
I have a couple of forensics applications that can see it when it goes to bootloader but then they crash as soon as I try to grab an image or mount /system.
I'm literally begging for any assistance I can get.
Thanks in advance
Click to expand...
Click to collapse
Since the device is locked (bootloader locked) so the permissions to change/modifiy/copy something into phone cannot obtain the internal storage files.
Only unlocking bootloader and for it is need format phone as internal storage so the device erasing all files. The pin lock can remove with adb-fastboot commands or TWRP.
But again, with locked bootloader, without chance to have internal files.
DragonPitbull said:
Since the device is locked (bootloader locked) so the permissions to change/modifiy/copy something into phone cannot obtain the internal storage files.
Only unlocking bootloader and for it is need format phone as internal storage so the device erasing all files. The pin lock can remove with adb-fastboot commands or TWRP.
But again, with locked bootloader, without chance to have internal files.
Click to expand...
Click to collapse
thanks for the reply. i was afraid of that. even after factory reset, if i root, theres a chance at partial data recovery? or is it completely gone?
AntiMatter2112 said:
thanks for the reply. i was afraid of that. even after factory reset, if i root, theres a chance at partial data recovery? or is it completely gone?
Click to expand...
Click to collapse
You can try an official unlock. Maybe it can have some result or maybe not. Trying is the attitude.
Write Google support and try to legally show some death certificate and supporting documents over your father's phone number. Write down the situation and wait for some response from them.
The only practical way would be to try a backup of the internal partition. But it depends on your knowledge with Smart Phone Flash Tool. Also you must know how to "cut" the file in the right parts.
There would be a very small possibility of restoring the internal files with a backup of userdata or in its entirety (called ROM_1).
The next step would be to unlock the phone, install TWRP and restore the file made from userdata.
Perhaps at that point you have a 1% chance of removing the PIN and booting the device without a password.
But this should only be done if Google gives you a negative answer.
Another way is with carrier company. But I think help in nothing.
Understand that despite having a userdata file with PIN, there is encryption involved and that is what makes the whole process difficult.
I know the TWRP made for BLU G90 has active decryption. But I don't know how it will behave with a userdata file made with stock ROM.
Unfortunately there is no guarantee that files like photos, docs, etc can be in userdata as this refers to internal storage. Already userdata is in ROOT storage.
So even if there is an application or software capable of restoring files, there is also the possibility that it will not be successful or have corrupted files. This will depend on your choice and risk carrying out the process.
DragonPitbull said:
You can try an official unlock. Maybe it can have some result or maybe not. Trying is the attitude.
Write Google support and try to legally show some death certificate and supporting documents over your father's phone number. Write down the situation and wait for some response from them.
The only practical way would be to try a backup of the internal partition. But it depends on your knowledge with Smart Phone Flash Tool. Also you must know how to "cut" the file in the right parts.
There would be a very small possibility of restoring the internal files with a backup of userdata or in its entirety (called ROM_1).
The next step would be to unlock the phone, install TWRP and restore the file made from userdata.
Perhaps at that point you have a 1% chance of removing the PIN and booting the device without a password.
But this should only be done if Google gives you a negative answer.
Another way is with carrier company. But I think help in nothing.
Understand that despite having a userdata file with PIN, there is encryption involved and that is what makes the whole process difficult.
I know the TWRP made for BLU G90 has active decryption. But I don't know how it will behave with a userdata file made with stock ROM.
Unfortunately there is no guarantee that files like photos, docs, etc can be in userdata as this refers to internal storage. Already userdata is in ROOT storage.
So even if there is an application or software capable of restoring files, there is also the possibility that it will not be successful or have corrupted files. This will depend on your choice and risk carrying out the process.
Click to expand...
Click to collapse
Thanks for the reply. Google was pretty useless. They told me to contact Blu and Blu said to contact Google. I successfully hard reset and root. Went through setup to try a restore from his drive backup and it wanted the unlock pin in order to restore. Google was again quite useless. Since this is a matter if his estate i served Google with a notice of preservation on the backup, since it expires pretty soon. I'm going to try next to roll back to an older version, before the unlock pin requirement to restore Google backup. Grabbed a cellebrite image earlier so I can mess around with it later tonight. I'm hoping that because of the unlock requirement that the pin file is still there after reset.
Hi there,
As the title suggests, I would like to acquire a physical disk image of my Samsung Galaxy A01 which I will be using Autopsy to analyze. My research has lead me to believe that in order to do so one must first root the device. So my questions are:
1. If I root the device will all the data I am attempting to analyze be deleted/erased in the process?
2. Does anyone know of a good guide for Android disk image acquisition?
I have been following the DFIRScience channel on youtube but in his video on disk image acquisition he uses KingoRoot which according to this rooting guide (last section at bottom of article) by XDA is bad practice.
This rooting guide from guidetoroot.com mentions that during the rooting process all the data will be erased, and this is where my confusion has come from. If that is true it would seem counter productive to the purpose of acquiring a disk image. My operating system is Win 8.1 Pro by the way.
I would very much appreciate it if someone could help me out with this.
Dune_Rat said:
Hi there,
As the title suggests, I would like to acquire a physical disk image of my Samsung Galaxy A01 which I will be using Autopsy to analyze. My research has lead me to believe that in order to do so one must first root the device. So my questions are:
1. If I root the device will all the data I am attempting to analyze be deleted/erased in the process?
2. Does anyone know of a good guide for Android disk image acquisition?
I have been following the DFIRScience channel on youtube but in his video on disk image acquisition he uses KingoRoot which according to this rooting guide (last section at bottom of article) by XDA is bad practice.
This rooting guide from guidetoroot.com mentions that during the rooting process all the data will be erased, and this is where my confusion has come from. If that is true it would seem counter productive to the purpose of acquiring a disk image. My operating system is Win 8.1 Pro by the way.
I would very much appreciate it if someone could help me out with this.
Click to expand...
Click to collapse
The guides that discuss the device being wiped during the root process only applies to devices that have locked bootloader. These devices have to unlock the bootloader before they can modify the device, the device gets wiped by default as part of the process of unlocking the bootloader.
Droidriven said:
The guides that discuss the device being wiped during the root process only applies to devices that have locked bootloader. These devices have to unlock the bootloader before they can modify the device, the device gets wiped by default as part of the process of unlocking the bootloader.
Click to expand...
Click to collapse
Ah I see, thanks very much, Droidriven. Do you perhaps know of any good recent guides for android disk image acquisition?
Dune_Rat said:
Ah I see, thanks very much, Droidriven. Do you perhaps know of any good recent guides for android disk image acquisition?
Click to expand...
Click to collapse
The term "disk image" does not apply to android. What do you mean by "disk image"?
If you are asking if there is a way to backup the operating system on your device and all other data on your device before you attempt to root your device, there is no way to do that without either root or TWRP custom recovery. You don't need both, but, you do need at least one of them. There are ways to backup user data using adb without root but you can't backup the operating system or anything else in the system partition.
Without root, you, as the user, can only backup user installed apps and their corresponding app data/settings, user data stored in internal storage and device settings.
If the operating system gets corrupted during your rooting attempt, you will have to flash your device's stock firmware via Odin then restore any data that you backed up.
Droidriven said:
The term "disk image" does not apply to android. What do you mean by "disk image"?
If you are asking if there is a way to backup the operating system on your device and all other data on your device before you attempt to root your device, there is no way to do that without either root or TWRP custom recovery. You don't need both, but, you do need at least one of them. There are ways to backup user data using adb without root but you can't backup the operating system or anything else in the system partition.
Without root, you, as the user, can only backup user installed apps and their corresponding app data/settings, user data stored in internal storage and device settings.
If the operating system gets corrupted during your rooting attempt, you will have to flash your device's stock firmware via Odin then restore any data that you backed up.
Click to expand...
Click to collapse
Thanks for the info. By "disk image" I was referring to the "cloning" of the device once rooted. I would like to test out some digital forensic software like Autopsy with a real world device like my A01 by acquiring/making a physical disk image of it.
That's the term they use in digital forensics...there's physical and then there's logical disk images. Logical disk images are used more for surface analysis and has limitations on what can be done with it and does not appear to need rooting. Physical disk images on the other hand provide full unrestricted access to all files. Well, that's my understanding of it, anyway.
I would like to try using FTK Imager for this purpose (acquiring a disk image) but it's not detecting the device so I'm also hoping that will be sorted out once the phone has been rooted.
Dune_Rat said:
Thanks for the info. By "disk image" I was referring to the "cloning" of the device once rooted. I would like to test out some digital forensic software like Autopsy with a real world device like my A01 by acquiring/making a physical disk image of it.
That's the term they use in digital forensics...there's physical and then there's logical disk images. Logical disk images are used more for surface analysis and has limitations on what can be done with it and does not appear to need rooting. Physical disk images on the other hand provide full unrestricted access to all files. Well, that's my understanding of it, anyway.
I would like to try using FTK Imager for this purpose (acquiring a disk image) but it's not detecting the device so I'm also hoping that will be sorted out once the phone has been rooted.
Click to expand...
Click to collapse
You're looking for what we call a "nandroid backup", a copy of all data that is stored on the device. Typically, creating a nandroid backup requires either rooting the device then using adb commands to pull a nandroid backup or it requires installing a custom recovery such as TWRP that has an option to create a nandroid backup from within recovery mode.
Your device probably doesn't have a custom recovery/TWRP. Custom recoveries are built specific to the model number that they are to be installed on, there is no such thing as a universal custom recovery that can be used on all android devices. If no developer has chosen to build a version of TWRP for your specific model number then your device can't use TWRP unless you manage to build it for yourself.
These days, most Samsung devices cannot be rooted because they have bootloaders that cannot be unlocked. The only hope of rooting a Samsung device that has a locked bootloader that cannot be unlocked is to find an android app or PC program that has an exploit that your device is vulnerable to. But, these kinds of apps and programs have not been able to root devices since somewhere around the time that android Lollipop or Marshmallow was released, they are no longer able to root today's devices.
You may have to choose another device to experiment with. Preferably one that already has a custom recovery available for that specific model number or has known working root method for that specific model number.
What is your A01's specific model number? That is what will determine wgat is or isn't available for your device and what you can and can't do with it.
Thanks so much for the thorough responses, Droidriven. This has cleared everything up for me. The specific model number of my phone is SM-A015F/DS.
Dune_Rat said:
Thanks so much for the thorough responses, Droidriven. This has cleared everything up for me. The specific model number of my phone is SM-A015F/DS.
Click to expand...
Click to collapse
Apparently, there is a version of TWRP for your model number, but, from what I've been reading, you need to be on android 11 in order to unlock your bootloader then install TWRP. Once you have TWRP installed, you can use it to create a nandroid backup by using the Backup option in TWRP. In your case, you probably want to backup absolutely everything that can be backed up, therefore, when you choose the Backup option in TWRP, on the next screen you'll see a list of partitions to backup, select the partitions you want to backup then initiate the backup by sliding the slider at the bottom. Then you'll have to find the correct tools to extract the data from the backup, it can be tricky because of the type of file that TWRP creates.
unofficial twrp 3.5.2 Root Samsung Galaxy A01 SM-A015F
Download unofficial twrp 3.5.2 Root Samsung Galaxy A01 SM-A015F, user who own Galaxy A01 can root it by following the below Instructions
unofficialtwrp.com
Awesome, this looks promising...I'll take a look at it. Thanks again for all the info, Droidriven, you've been a star.