Is there anyway to backup FBE encryption master key without root - General Questions and Answers

Just found that my new Samsung S20 FE running Android 11 turned on FBE encryption by default and there is no way to disable it (unless factory reset + wipe all data + root). Once the device is physically damaged, there is no way to recover the data. I think it should offer some methods to non-root phone owner to backup the master key or create recovery key but google doesn't give any solution. I don't plan to root it since I use Samsung pay, rooting it will trip KNOX and disable Samsung pay permanently (Damn you!). May I know if it is possible?
You may argue that we should do backup but mobile data is not free, wifi is not available everywhere and you backup is never in real-time. You will always lose some data even you do daily backup. Comparatively I also use BitLocker on Windows (I know it is FDE that work different from FBE), I have created a recovery USB drive and store it in a safe. I wonder if similar can be done on my phone so I still get chance to do chip-off data recovery even it is physically damaged.

I have a similar question, but as far as I can tell; we're S out of L

Related

[Q] Broke the glass on my screen, now I have to give my phone to a technician...

Don't worry, it's a security question alright.
I live in Eastern Europe, which is on the far side of the Samsung support network and I have samsung galaxy s3 phone (GT-9300 i guess). My repair options look a little bit bleak. I must either ship it back to France, from where it is bought, or I must seek help of non-licensed technicians. Thank God, there are quite a lot around here and for problems like this they do wonders.
I am worried though that the technicians may try to meddle with the software of my phone and do something nasty with it while the phone is in their possession. I use the phone quite a lot to access various servers trough ssh and the servers contain semi-sensitive information about customers, phones, the equivalents of social security numbers in my country and etc. Of course I will delete my present information, but how about the future. If someone has hacked versions of the firmware, it will be a child game to get the passwords for my servers.
So I need to secure the software of my phone somehow and I'm not sure of my options, so I'm asking for advice which is better. I have experience with Linux, but about Android I'm a quite noob. I had my Amazon FireHD Tablet rooted and installed with CyanogenMOD, so I know a little bit about ROM images. The phone itself is unrooted with original software and is not locked to a carrier.
Should I:
1. Try to back up my entire ROM image?
There are various questions here. It looks that I cannot download standalone original ROM image directly from Samsung so I must back up mine. But in the bootloader (which opens with volume up/down + home + power) it seems that there are no options for backing up rom image, only for restoring trough ADB of SD card. Should I try to root, install alternative bootloader and then back up everything.
There is one very important sub-question here: Will the phone signal me somehow If someone replaces the original bootloader with say, non-signed one? What If someone changes the bootloader as well as the system image?
2. Should I try to ecrypt my phone.
I cannot get easily information about what exactly is encrypted. Pretty sure that the bootloader itself cannot be encrypted anyway. How about the system image. Is it encrypted ?
I'll be thanful for any help about these two ideas as well as any others?
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
84598432951
fadedout said:
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
Click to expand...
Click to collapse
Thank You for the informative answer!
I had to do this once and what I did was:
- Root phone (which I always wanted to do)
- Perform a full backup to SD card
- Remove SD card and perform a factory reset of the phone
Then off to repairs.
Once back, I did again a factory reset (just in case) and then restore the lot
Seems a lot to do, but I have some sensitive data on it and didn't want to risk it too much. Besides during the restore I took the opportunity to upgrade to 4.3 (at the time)
glass
why dnt you buy a chinese glass and change it yourself its so easy and cheap, around 10 euros or so? i did the same for my old phone

Best way to securly wipe s10+ to sell?

I googled this and from what i read, so long as i log out of all services and set my lock screen to none, I then make sure that strong encryption is enabled then do a reset and this way it secure wipes?
Is this correct or am i best doing something else?
James
As I know, the best way to securly wipe s10+ to sell is using Samsung data eraser software. Such software can help us wipe all personal info on your S10+ phone without recovery. Then you can sell it without data leaked. Hope this will be your help.
The main way that data is stolen from wiped phones is because people fail to actually wipe them - as long as Strong Encryption on your S10 overwrites your entire storage then your data (Probably) no longer exists on that phone. Unless they can find the encryption key, but that would (should) be wiped on factory reset.
When you delete data, it isn't actually deleted, it's memory region is just marked as free real estate for new data to be written. Once it's replaced it's gone, otherwise its recoverable. Encryption should do the trick, as the data in memory marked as open will be scrambled without the key.
If you're feeling particularly paranoid however, you can also load dummy data onto your phone for an extra layer of protection, there are several tools for doing this, some of which are on the play store, before wiping it a second time.
Good luck with the sale!
(EDIT: Nazhais suggestion popped up as I was writing, but yes, data erasing software is probably the way to go.)

Screenlock samsung

Hi bros
Is there a way to bypass screenlock or pattern on samsung phones without loose data ?
Example g930f U8 frp on oem on
But i can't loose data
Any factory reset will cause complete user data lose.
I know
I don't want make factory reset
Then you need to remember the code or use your Samsung or Google account to regain access.
That's it as far as I know. A data recovery specialist -might- be able too but it's not easy or cheap.
I never set a lock screen, bios password etc and redundantly backup critical data to multiple hdds because of this. I never encrypt backup data drives. If you don't plan ahead properly it's only a matter of time until you lose critical data.

Possibility of recovering data from Android phone that fell into sea water?

Background:
A person I know, dropped his phone (Android Oreo or above) into the water while at a beach. He tried keeping the phone in a bag of rice etc., but he can't get it to work. It won't even start. Samsung support said he'd need to replace the motherboard. He does not want the phone working again, but he wants the vacation photos from the phone. In Bangalore, there are some data recovery services that say they can recover the data for him (one of them mentioned some Spider technology).
Primary question:
Is the data recovery team's claim that they can recover the photos, actually legitimate? Can the photos be recovered from the phone in such a situation? How would they do it? Since the data on the phone would be encrypted (a password was needed to unlock the phone), would the data recovery team use a motherboard from a similar phone, connect it to the data storage and ask him to type his password to be able to access the data? If instead they removed the NAND storage and connected it to another board, wouldn't it be impossible to access the data without typing the phone's unlock password to decrypt it?
Concerns:
They might be bluffing, and this could just be a way to get paid for the "effort" that they put in to try recovering the data even if they can't eventually do it.
The data recovery team could clone the data and use brute-force techniques to gain access to any other data.
They could misuse any payment information stored on the phone.
They may view WhatsApp chats or other WhatsApp data stored (he says his WhatsApp is protected by fingerprint recognition).
if privacy is the main concern here, do it through samsung, through the official means. whats more important, the price of a motherboard or their privacy ?

IS UNLOCKED BOOTLOADER LESS SECURE/HOW TO MAKE SECURE?

In what ways does having an unlocked bootloader make it easier for governments and (other) criminals to get into your device or data? Lots of people say "naaaaa it's not less secure, unlock your bootloader man... the data is ENCRYPTED" I know back in the day someone could just flash TWRP and delete the lockscreen! But now devices are encrypted and that can't be done anymore. I also experience that some security apps require root for their full features (Android Lost). But I'd think it'd be easier to inject some sort script or flash something to help them with trying to get into your device (like removing the unlock attempt limit like is done with iPhone). Luckily Oneplus can relock with custom ROM but most can't ) : .
If you wanna talk about specific devices, maybe talk about Xperia Z5 II and/or LG G8 Thinq. And whether it IS or ISN'T less secure, what can be done to BEST secure a device? Whether official or not.
A device with a locked bootloader will only boot the operating system currently on it. You can’t install a custom operating system – the bootloader will refuse to load it. If your Android phone has a standard locked bootloader when a thief gets his hands on it, he won’t be able to access the device’s data without knowing its PIN or password. (Of course, a very determined thief could crack open the phone and remove the storage to read it in another device.)
If you’re unlocking the bootloader of your device and want to protect against this, you could choose to enable Android’s encryption feature what dependes on Android version - either FBE ( default since Android 10 ) or FDE ( default since Android 6 ). This would ensure your data is stored in an encrypted form ( AES 256 ), so people wouldn’t be able to access your data without your encryption passphrase. However, even encryption can’t protect your data perfectly.
Conclusion:
Of course, you probably don’t need to worry about this too much. If you’re an Android geek installing custom ROMs and rooting your device for your own use, you probably aren’t going to be the target of a determined and skilled thief who wants to access the data on your device. If your device is stolen, it’s probably by someone who just wants to wipe the device and sell it. And this wiping can easily be done by connecting the Android phone via USB--cable with PC and from there launching a specific command.

Categories

Resources