Data recovery from encrypted Nokia 6.1 - General Questions and Answers

TL;DR - Phone will not accept correct encrypt password. Need to dump data partition to computer and decrypt from there, or something like that.
So I have a Nokia 6.1 from 2018 that I used for just about a year. I upgraded to a nicer phone during summer 2019, at which point I transferred all the data I thought I needed, turned the power off, put the phone on a shelf and forgot about it for many months. I remember when I last powered it down, the battery was fully charged. Quite some time later I realized I needed to retrieve some important data written down in an old OneNote account that was synced with that phone and nothing else. Upon logging in, I discovered Microsoft had wiped the account clean due to an extended period of inactivity, meaning the only copy of that data now exists on that phone and nowhere else.
When I dug out the phone and tried to power it up, the battery was completely flat. I plugged it in and it booted up okay, but it would not accept the passphrase to unlock. I can only assume this is due to some sort of bug in Android (I believe it is running 9 Pie, but I don't remember for certain), as I know for a fact the password is correct. I've been putting off trying to unlock this thing for over a year now, but it needs to be done. I've noticed over my several attempts to enter the password that the phone has been behaving somewhat erratically. For example, it doesn't always respond to the power button right away. I'll try to press it again, and the screen will blink on and off several times. Also, when I first tried to unlock the phone, I could enter the passphrase as many times as I wanted, but now when I try, it locks me out for 30 seconds after each attempt, and also notifies me of the total number of failed attempts. When I reboot the phone, the failed attempt counter resets to zero.
Do I have any recourse here? Since I know the passphrase, is it possible to dump the encrypted data partition to my computer and decrypt it from there? The phone is not rooted, nor does it have any custom ROMs or anything like that. I appreciate any help anyone can give.

Quick addendum, I attempted to sideload the final OTA update sourced from the Nokia OTA Repository on Telegram onto the phone via recovery mode. It is running Android 10 now but still no luck unlocking. Interestingly, however, the failed attempt counter now appears to be working correctly, indicating I have entered the incorrect passphrase 31 times now. I'm not sure how many more times I can do that before it wipes everything.

Related

[Q] Settings page after encrypting?

Those of you that have encrypted your tablet what does the encrypt settings page say after you've encrypted it? I tried encrypting mine and the page said it would take an hour or more, however after about a minute with a little android working screen the Xoom rebooted and then forced me to setup an unlock pin. I'm trying to track down a random rebooting problem that I think may have started about the time I encrypted. I went back in to the settings and the encrypt page still says the same thing. It doesn't give any indication that I tried encrypting. I also removed the unlock pin, but it didn't give me any warning about that making the encryption useless, or anything like that. If this behavior isn't normal or expected then I may just reflash it (it's Tiamat 3.2) and not try the encryption net time.
My understanding is that an encrypted tablet requires a lock. If you can remove the lock then it isn't encrypted. I'd try again. If it fails a second time you should track down your instability before having another go. Also, make a nandroid before you try again. A random reboot in the middle of the process may cripple the device.

Password/pin security issue!

I already posted here about an issue where both my wife's and my GS7E's had a login issue where our pin/password would not be accepted, but with new info thought this should stand alone. It happened again this morning. I awoke to a request for my password to "protect" my fingerprints. The password like the pin in the previous 2 incidents is not accepted. My phone is locked and it seems after contacting both Sprint and Samsung? The only option is a factory reset. I spoke to a rep at Sprint and she said this is a known bug and they are receiving many calls about it. Sometimes, after rejecting the password/pin repeatedly it will suddenly work, but I'm already at the 1hr between tries point. I even tried to use the google dashboard but it will not replace the password because the phone is already locked with a password. I have removed security from my wife's phone to prevent this. I will do the same with my phone when I gain access. After loving the phone, I'm now at a point where I'm considering returning both for either G5's or holding out for the HTC 10 which should be released within my 30 day window. I don't know if this is specifically fingerprint related or pin/password? If you don't want to face a factory reset? You may want to consider turning off login security till a fix is found. Waking up with a locked device and no way of fixing without completely wiping the same is not conducive to a good day.
Why not just use Fingerprint with pattern backup?
its the update APC thats warned about in this forum
it breaks all kinds of stuff
(I posted this in the other topic but will post it here as well to help further discussion)
Yeah, it's the strangest thing. This happened to me as well only it was a password and not a pin. I honestly thought it was a mistake on my part. About a day after initially getting the device and setting up the fingerprint and password, my phone died ( I was using Gear VR and it didn't alert me that battery was even low), and when I rebooted it said something like " enter password for storage encryption" or something of the sort. I assumed it was my unlock password but it wasn't working....
So I looked all over the internet and all I could find were recommendations to try your normal unlock password. I tried and tried until I got the dreaded "you have 9 attempts remaining before factory reset" popped up. That's when I thought back to when I first set up the password and how I wasn't used to the edge of the screen yet. So I kept accidentally hitting keys on the edge while I was typing (because normally you can rest your hand on the edge, but on this if you do that you're pressing the edge of the screen). So I tried my exact password with one of the characters as a common "typo" that I kept making for that letter. And voila! It worked! Now the weirdness continues.
At this point I'm happy I figured it out but found it SO odd that I typed that password so many times and input a typo.... I must had used that password at least 15 times over that day....the odds of me doing a typo every time..slim. So the whole thing felt extremely sketch so I immediately went to change the password (and just turn off security in general, don't need it, just was playing around with fingerprint and needed password) after it booted up. And, of course, even with the typo the pass no longer worked. I tried it until the wait time between each try was an hour, heh. I tried all sorts of typo variations of the password, but to no avail. But, at least the phone was now ON. So I was able to backup my SMS, Apps, Settings, Themes, etc and prepare for the factory reset. What a wild ride.
I have no idea why it even happened in the first place. I never turned on any encryption and I never turned on "require password on boot up." Those settings were even toggled off when I checked while the phone was still on. (couldn't see all settings without password though).
Even weirder, I have no idea why the password with the typo even worked that one time to get it to boot. That same password never worked again.
IDK how widespread this is, but be CAUTIOUS and back up the things that you need to. Also, sign up for a Find My Mobile type service to unlock your phone and give you remote access should happen to you. Or just disable the security altogether until they announce a bug fix for this issue. I thought I was the only one with this issue and chalked it up to a weird freak occurrence. So thanks for the topic as I now know it wasn't just me.
corey52 said:
(I posted this in the other topic but will post it here as well to help further discussion)
Yeah, it's the strangest thing. This happened to me as well only it was a password and not a pin. I honestly thought it was a mistake on my part. About a day after initially getting the device and setting up the fingerprint and password, my phone died ( I was using Gear VR and it didn't alert me that battery was even low), and when I rebooted it said something like " enter password for storage encryption" or something of the sort. I assumed it was my unlock password but it wasn't working....
So I looked all over the internet and all I could find were recommendations to try your normal unlock password. I tried and tried until I got the dreaded "you have 9 attempts remaining before factory reset" popped up. That's when I thought back to when I first set up the password and how I wasn't used to the edge of the screen yet. So I kept accidentally hitting keys on the edge while I was typing (because normally you can rest your hand on the edge, but on this if you do that you're pressing the edge of the screen). So I tried my exact password with one of the characters as a common "typo" that I kept making for that letter. And voila! It worked! Now the weirdness continues.
At this point I'm happy I figured it out but found it SO odd that I typed that password so many times and input a typo.... I must had used that password at least 15 times over that day....the odds of me doing a typo every time..slim. So the whole thing felt extremely sketch so I immediately went to change the password (and just turn off security in general, don't need it, just was playing around with fingerprint and needed password) after it booted up. And, of course, even with the typo the pass no longer worked. I tried it until the wait time between each try was an hour, heh. I tried all sorts of typo variations of the password, but to no avail. But, at least the phone was now ON. So I was able to backup my SMS, Apps, Settings, Themes, etc and prepare for the factory reset. What a wild ride.
I have no idea why it even happened in the first place. I never turned on any encryption and I never turned on "require password on boot up." Those settings were even toggled off when I checked while the phone was still on. (couldn't see all settings without password though).
Even weirder, I have no idea why the password with the typo even worked that one time to get it to boot. That same password never worked again.
IDK how widespread this is, but be CAUTIOUS and back up the things that you need to. Also, sign up for a Find My Mobile type service to unlock your phone and give you remote access should happen to you. Or just disable the security altogether until they announce a bug fix for this issue. I thought I was the only one with this issue and chalked it up to a weird freak occurrence. So thanks for the topic as I now know it wasn't just me.
Click to expand...
Click to collapse
FYI, find my mobile services will allow you to lock an unlocked device with a new password, but will not allow you to lock an already locked device. So far, it appears that using a pattern as the fingerprint backup is immune to the issue, pin and password are not. ALSO, the issue can go away and your pin/password is accepted, even after many tries. The worst case scenario is when this happens after a restart, when you must use your backup method (pin, password or pattern) instead of a fingerprint.

Mate 9 factory reset itself without any reason

Hi everyone,
My device hard reset itself without any reason. I was walking outside and listened to a podcast through headphones when suddenly sound stopped. When I pull the phone out of the pocket I saw recovery screen “Low-level factory reset” and after a while, everything I had had on the phone before was just gone. I don’t remember that any other piece of human engineering made me so upset.
So, I didn’t touch my phone and it was offline (data disabled and no wifi around). It had MHA-L29C567B167 firmware and was rooted by this guide and then TWRP was replaced by the standard recovery (which probably made this hard reset possible). I haven’t done anything system related with the phone during last several weeks.
Did anyone else have the same problem? Do you have any ideas why the phone did it?
I had the same reset, when backup password on lockscreen (normally fingerprint) was filled in wrongly about nine times in succession.
Rogue app running as root? *shrug*
So frustrating
I had the same issue sooooo many times... The only way I found to stop this is to remove the password... I do open apps and all whilst the phone in my pocket... But at least it doesn't factory reset!!!!
so it happens after you input incorrect passwords after x amount of times?
Yes. After nine or ten times a wrong password, it did the factory reset. It happened due to a connected Bluetooth keyboard that wasn't turned off with key pressed for a long time by accident.
To prevent this problem​ from happening again I left TWRP flashed to the recovery partition. Now if the system requests recovery to factory reset TWRP will just ignore it.
Also, I found out that having Microsoft Outlook installed makes the problem worse. It reduce the number of incorrect PIN enter attempts. E.g. despite the fact that it displays "You have 4 more attemps" the device tries to factory resset.
I have these hard reset on me 3 times over the last 7 months. And 2 of these times, were happened when I was oversea. All my data are gone after it reset, and what make it worst was that I was oversea, and the 1st restoration process asked for WIFI setup & connection. Common, you are a foreign land on roaming (even with data), they still insist you need a WIFI connection before the restoration can continue.... a very frustrated experience especially you are oversea, and it happened to me twice with the most recent case - 2 days ago.... So, how do I activate TWRP?

Locked out of Galaxy S7, can't afford to lose data on phone, need help now.

Hi,
Yesterday I set a fingerprint lock on my S7. It prompted me to enter a backup password and some other password, both with different requirements (one only had to be 4 letters, one was longer and had a number) and the longer one had to be confirmed whereas the shorter one did not. I set this up and tested it a few times, everything seemed to work great. Later I let my phone idle and it turned the screen off on its own for the first time, ever since then the phone has not been able to recognize my fingerprint. It doesn't even say "No match", it just acts like I'm not even putting a finger on it at all.
Tried over and over and eventually tried the backup password, which for some reason is the shorter one without a number. I put in what I am absolutely sure I put in, and it wouldn't take it. Tried a couple more times, even got so desperate as to emulate potential typing errors I might have made (since no confirmation for that password) and nothing worked.
Eventually I hit the timed lockout and I had to stop trying things then. So I went online and searched and discovered Google's Android Device Manager. I heard that if you lock the phone with it you can unlock it through the same manager and the phone will be unlocked. First thing that was odd was that ADM didn't give me an option to enter a password, just a contact message and phone number. I still put in a message and hit lock, and... nothing changed on ADM at all.
Now my phone shows the stupid message every time I wake it up and every few seconds on the lock screen (I can still attempt to unlock the phone with the password and use phone/camera though), but ADM doesn't even give an option to unlock, just change the locked message. I can't even get rid of the damn lock by changing it to blank. I heard Samsung offers a similar service but I never made a Samsung account and apparently one is required to use it.
Beyond that the only solution I've found is wiping the phone (which I can easily do, because there's an option in ADM for it which presumably works), which I really don't want to do since I have a lot of pictures and data on the phone that aren't backed up that I would absolutely hate to lose.
To make things worse it appears that this issue is specific to my phone/the S7/Samsung phones/something, as I have my old Nexus 4 listed in ADM as well and going through the options for it I see it has the ability to define a password, but no such thing for the S7. I really have no clue where to go from here, tons of googling hasn't found me any method I haven't already tried or can't do.
I'd be so grateful if someone here would at the very least find a way for me to recover data before wiping it to get rid of the lock.

Regarding security & bootloader...

There are many sites selling Mix 3's some Chinese, some Global, some with locked bootloaders, and some with unlocked bootloaders, this thread is to help people "protect" the devices they have bought (or will buy).
It's through my understanding that the most "secure" way of protecting your phone & data from thief's is to have your bootloader locked, with no custom recovery, encryption on & usb debugging disabled right?
This is because with a unlocked bootloader, the thief has the ability to boot into TWRP (for example) & simply wipe your pin/password/lock off the phone completely, then just boot it up, factory reset it & sell it.
I know there is methods such as putting the phone in cold temperatures so you can retrieve the encryption keys from the RAM, but assuming the thief is just basic & what's to make some quick money off your phone...So...
What's the best way & most recommended thing to do with Xiaomi devices specifically, locked/unlocked, encrypted/not-encrypted, does it matter?, If not, why not?
Any help is appreciated! The more in-depth the better.
Even with a locked bootloader a thief can hold VolUp while booting, wipe phone and sell it. Wiping is possible in any case and thats not even the issue a stolen Phone is gone.
The issue are your data which can be stolen too when you have a unlocked bootloader. Simply boot to twrp connect usb and copy everything. But you can prevent that with encryption and enable "requires pattern to start". That way if your phone gets stolen the thief can still Install/use Twrp but he needs to enter a pattern to decrypt the storage. If he doesnt, twrp wont be able to read the partition and your data is safe. He can still wipe the Phone and sell it but you cant prevent that. I don't know if the pattern generates the encryption keys or retrieves them from somewhere but i'd assume it generates them, probably together with some device specific values, else that would be a flaw in my book. If someone could enlighten me here that'd be nice.
If your bootloader is locked he also can't access your data. Since stock recovers doesn't allow/support Usb-filetransfer. So a lockpattern is all you need there. Encryption shouldnt really matter against the normal thief.
I am going this way: Unlocked bootloader to get rid of Miui, Twrp to have a proper recovery menu, and encryption+pattern to save my data. Disable USB-Developer Options to prevent adb shenanigans.
But on the hand if you wan't to get really panariod a locked bootloader would be better since you still can read the system image from the phone from twrp, this means, and this is a easy way to do it, you could read it copy it to the pc and simply brutefroce the lockpattern. If you have the partitions you can simply try 3 patterns either it works or the phone locks itself up because you did 3 wrong. If it locks up you simply write the partitions back and try again. If you can do 3 in 30 seconds you are done in 45 days since there are only 390.000 different patterns on a 3x3 grid (which is what most people use since some Roms don't even allow for 4x4 or 5x5) but if you emulate it and can do 3 in 15 seconds you are down to 23 days. If you run it in 20 emulators you are done in 1 day. (That would be an awesome weekend project.) In emulation you could really optimize this since you can cut everything out what isn't needed for the attempt to encrypt the partition. you dont even need the screen to load, simply send the decryption module whatever the last module in the Numbers-from-touches-chain would have sent, everything that is loaded before the attempt to decrypt must be unencrypted therefore can be messed with, probably it's even universal across phones since that's a stock android thing. If it tries to write used attempts, save whatever what gets overwritten beforehand, let it write its thing, kill the process, revert changes and try again with the next set. Maybe you get it down to 3s or 4s for 3 attempts and boom you are at 6 hours to encrypt any android phone, no matter which version, with an unlocked bootloader which uses a 3x3 pattern. But your data would be really valueable to someone if they did this. You can't do that with a locked bootloader since you can't read the partitions or you could just use the 5x5 pattern, which you cant do on MIUI (i just tried and havent found where you could change it). But probably i have a giant oversight in there so this probably woudn't work
________________________________________________
On the other hand if you want to recover your phone you should make it as easy as possible to get the thief into your phone since you dont want them to run it off and wipe it. I DONT RECOMMEND THIS. But you could make a 2nd user who has no lock pattern on it. Concider your Data public at this point but while they are busy looking at your selfies you could use a app like prey to track the phone. But since Data are more important than a phone i'd never do or recommend that.
Or you could just buy a tin foil hat.
~phoeny~ said:
Even with a locked bootloader a thief can hold VolUp while booting, wipe phone and sell it. Wiping is possible in any case and thats not even the issue a stolen Phone is gone.
The issue are your data which can be stolen too when you have a unlocked bootloader. Simply boot to twrp connect usb and copy everything. But you can prevent that with encryption and enable "requires pattern to start". That way if your phone gets stolen the thief can still Install/use Twrp but he needs to enter a pattern to decrypt the storage. If he doesnt, twrp wont be able to read the partition and your data is safe. He can still wipe the Phone and sell it but you cant prevent that. I don't know if the pattern generates the encryption keys or retrieves them from somewhere but i'd assume it generates them, probably together with some device specific values, else that would be a flaw in my book. If someone could enlighten me here that'd be nice.
If your bootloader is locked he also can't access your data. Since stock recovers doesn't allow/support Usb-filetransfer. So a lockpattern is all you need there. Encryption shouldnt really matter against the normal thief.
I am going this way: Unlocked bootloader to get rid of Miui, Twrp to have a proper recovery menu, and encryption+pattern to save my data. Disable USB-Developer Options to prevent adb shenanigans.
But on the hand if you wan't to get really panariod a locked bootloader would be better since you still can read the system image from the phone from twrp, this means, and this is a easy way to do it, you could read it copy it to the pc and simply brutefroce the lockpattern. If you have the partitions you can simply try 3 patterns either it works or the phone locks itself up because you did 3 wrong. If it locks up you simply write the partitions back and try again. If you can do 3 in 30 seconds you are done in 45 days since there are only 390.000 different patterns on a 3x3 grid (which is what most people use since some Roms don't even allow for 4x4 or 5x5) but if you emulate it and can do 3 in 15 seconds you are down to 23 days. If you run it in 20 emulators you are done in 1 day. (That would be an awesome weekend project.) In emulation you could really optimize this since you can cut everything out what isn't needed for the attempt to encrypt the partition. you dont even need the screen to load, simply send the decryption module whatever the last module in the Numbers-from-touches-chain would have sent, everything that is loaded before the attempt to decrypt must be unencrypted therefore can be messed with, probably it's even universal across phones since that's a stock android thing. If it tries to write used attempts, save whatever what gets overwritten beforehand, let it write its thing, kill the process, revert changes and try again with the next set. Maybe you get it down to 3s or 4s for 3 attempts and boom you are at 6 hours to encrypt any android phone, no matter which version, with an unlocked bootloader which uses a 3x3 pattern. But your data would be really valueable to someone if they did this. You can't do that with a locked bootloader since you can't read the partitions or you could just use the 5x5 pattern, which you cant do on MIUI (i just tried and havent found where you could change it). But probably i have a giant oversight in there so this probably woudn't work
________________________________________________
On the other hand if you want to recover your phone you should make it as easy as possible to get the thief into your phone since you dont want them to run it off and wipe it. I DONT RECOMMEND THIS. But you could make a 2nd user who has no lock pattern on it. Concider your Data public at this point but while they are busy looking at your selfies you could use a app like prey to track the phone. But since Data are more important than a phone i'd never do or recommend that.
Click to expand...
Click to collapse
Really appreciate the time you took to type out this post, thankyou.

Categories

Resources