i'm trying to recover data (mostly folders in my internal storage such as screenshots, screecaptures, etc.) but the programs i am using need my phone to be rooted. My phone runs on android 9 and needs it's bootloder to be unlocked but i need to know if there is a way to d this without factory resetting which may overwrite the lost data which i cannot recover when doing so.
A Factoy Reset only wipes files what means it deletes their entries in Android's inode-table , it doesn't overwrite them. The diskspace previously allocated by the now wiped files becomes orphaned, thus can get reused.
Use ADB pull to extract user-data files where a rooted Android isn't needed.
See also here:
How to Download Files to the Computer with ADB Pull - KrispiTech
You can actually copy and download files from your Android smartphone to the PC using some simple ADB Pull commands as long as you enabled USB Debugging.
krispitech.com
so i can still recover files i deleted prior to a factory reset needed to unlock my oem?
please reply
To recover deleted files Android must be rooted and a special commercial forensic software must be used. GIYF ...
xXx yYy said:
To recover deleted files Android must be rooted and a special commercial forensic software must be used. GIYF ...
Click to expand...
Click to collapse
do you know any that i should use?
Your device is encrypted with FDE. the same answer applies. One can't recover data after factory reset. encryption key is gone forever, and so is your data.
edit: if you haven't done factory reset yet, device might still encrypted with same crypto-footer. this leads you to hypothetical option to obtain temporary root shell and pull decrypted block partition /dev/block/dm-0 (or whatever)
assuming you found vulnerability/exploit and managed to get raw dump, still your chances to recover deleted files are low, because of the way android flash translation controller handles eMMC flash storage.
aIecxs said:
Your device is encrypted with FDE. the same answer applies. One can't recover data after factory reset. encryption key is gone forever, and so is your data.
edit: if you haven't done factory reset yet, device might still encrypted with same crypto-footer. this leads you to hypothetical option to obtain temporary root shell and pull decrypted block partition /dev/block/dm-0 (or whatever)
assuming you found vulnerability/exploit and managed to get raw dump, still your chances to recover deleted files are low, because of the way android handles eMMC flash storage.
Click to expand...
Click to collapse
if only i have discovered these posts sooner...
so those recovery apps are useless?
most of the data recovery tools / one-click-rooting apps aren't working anymore since marshmallow. there are however some companies like cellebrite claiming they can still hack. maybe they got somehow access to Samsungs OEM signing keys idk
Don't know if I got you right, you haven't factory reset your device, yet?
This app might help you to find existing files and thumbnails of deleted files. To my understanding it won't undelete anything but some users claim different. It will search for hidden trash can in gallery, maybe you are lucky...
FindMyPhoto – Recover Photos o - Apps on Google Play
A truely free app to recover deleted photos on Android devices.
play.google.com
aIecxs said:
Don't know if I got you right, you haven't factory reset your device, yet?
This app might help you to find existing files and thumbnails of deleted files. To my understanding it won't undelete anything but some users claim different. It will search for hidden trash can in gallery, maybe you are lucky...
FindMyPhoto – Recover Photos o - Apps on Google Play
A truely free app to recover deleted photos on Android devices.
play.google.com
Click to expand...
Click to collapse
i did factory reset...
i should probably give up and move on, shouldn't i?
the app looks really promising, but it has alot of one star reviews
just another useless app..
better root your device, factory reset again and disable encryption. this way you are prepared next time
aIecxs said:
just another useless app..
better root your device, factory reset again and disable encryption. this way you are prepared next time
Click to expand...
Click to collapse
have you actually used the app, seen the reviews, or both?
Best Cellebrite Alternatives & Competitors
Compare the best Cellebrite alternatives in 2023. Explore user reviews, ratings, and pricing of alternatives and competitors to Cellebrite.
sourceforge.net
Besides Cellebrite is there an alternative
Besides Cellebrite is there an alternative to capturing data from a cell phone on the physical side (ie deleted items)? In addition to bypassing the ...
www.forensicfocus.com
https://www.reddit.com/r/computerforensics/comments/a1j43j
These links have cellebrite alternatives and one person said that they use odin + twrp. I hope some of them are freeware/ have free trials. Can someone help me verify if these are legit?
moutsu said:
have you actually used the app, seen the reviews, or both?
Click to expand...
Click to collapse
another user suggested this app. but only helpful to find existing pictures in trash can. read full discussion here
https://android.stackexchange.com/q/231132
moutsu said:
These links have cellebrite alternatives and one person said that they use odin + twrp. I hope some of them are freeware/ have free trials. Can someone help me verify if these are legit?
Click to expand...
Click to collapse
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
aIecxs said:
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
Click to expand...
Click to collapse
aww
to let anyone know about how i ended up into this rabbit hole of recovery apps and finding out about xda, heres a backstory: some, if not all, of the folders were deleted in the storage/emulated/0 file directory after possibly me deleting them after they have popped up in an app that accessed your files. this is why i've been asking questions and doing research on how to recover them. i had to root my device according to the answers, but i didnt want to unlock the bootloader but i had to unlock it eventually. i really regret doing that. if this happens to someone in the future, i would ask anyone if it is possible to recover the files in storage/emulated/0 after they were deleted.
aIecxs said:
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
Click to expand...
Click to collapse
so there IS a way? if it's not impossible then it is possible!
x=1
Kds ld fhud xnt dwzlokd.
Related
Hi,
tl;dr:
Is there a theoretic way to recover data from the phone after:
1. deleting /storage folder
2. and then rooting (which means factory reset?)
If there is a theoretic way to recover it from the bits, is there a way to take a snapshot of the current state of the bit, so I can (in theory) recover the media in the future?
Long version:
First of all I know I'm very stupid..
Yesterday I've deleted my /storage folder since in first glance it looked empty.
Then I figured out what did I do, so I tried to recover the information.
I've searched the web for an application that does that and I found one that required rooting the phone, so I rooted the phone which means I made factory reset.
Then I tried to recover but it didn't manage to recover the photos and videos.. (it did recover whatsapp photos and some other things but not from the dcim folder).
I tried then several different applications that may not ask for rooting the phone so maybe I made a mistake by doing that (not sure that they wouldn't request for rooting either) but no success with that...
I'm willing to pay money to save that data but do you think it's not recoverable anymore?
I also called the 3 biggest recovery companies in my country, 2 of them told me that they don't think it's possible and one agreed to take it to their labs for a small price and then give me an offer.
If there is a theoretic way to recover it from the bits, is there a way to take a snapshot of the current state of the bit, so I can (in theory) recover the media in the future?
I'm very desperate and would be very thankful for your help
PeroPy said:
Hi,
tl;dr:
Is there a theoretic way to recover data from the phone after:
1. deleting /storage folder
2. and then rooting (which means factory reset?)
If there is a theoretic way to recover it from the bits, is there a way to take a snapshot of the current state of the bit, so I can (in theory) recover the media in the future?
Long version:
First of all I know I'm very stupid..
Yesterday I've deleted my /storage folder since in first glance it looked empty.
Then I figured out what did I do, so I tried to recover the information.
I've searched the web for an application that does that and I found one that required rooting the phone, so I rooted the phone which means I made factory reset.
Then I tried to recover but it didn't manage to recover the photos and videos.. (it did recover whatsapp photos and some other things but not from the dcim folder).
I tried then several different applications that may not ask for rooting the phone so maybe I made a mistake by doing that (not sure that they wouldn't request for rooting either) but no success with that...
I'm willing to pay money to save that data but do you think it's not recoverable anymore?
I also called the 3 biggest recovery companies in my country, 2 of them told me that they don't think it's possible and one agreed to take it to their labs for a small price and then give me an offer.
If there is a theoretic way to recover it from the bits, is there a way to take a snapshot of the current state of the bit, so I can (in theory) recover the media in the future?
I'm very desperate and would be very thankful for your help
Click to expand...
Click to collapse
try Undeleter from play store..worked for me on N4..never tried on OPO
atulclassic said:
try Undeleter from play store..worked for me on N4..never tried on OPO
Click to expand...
Click to collapse
Didn't work :crying:
You might give DiskDigger a shot. I never tried it though.
PeroPy said:
Didn't work :crying:
Click to expand...
Click to collapse
are you rooted since undeleter requires root
atulclassic said:
are you rooted since undeleter requires root
Click to expand...
Click to collapse
I'm...
After few weeks of working on that, I didn't make it to recover any of my photos/videos/whatsapp chat history (the things that were most important to me)
I tried several stuff, apperently all of the recovery programs that using the adb to directly connect to the phone through the PC doesn't work well enough, as well as the programs that works from the device...
I tried this article:
http://www.dflund.se/~jokke/androidfilerecovery/
but it didn't work for some reason...
Then I tried that one :
http://forum.xda-developers.com/gal...de-internal-memory-data-recovery-yes-t1994705
I used a centos VM to get a image of the device partiotns the way they suggested (I couldn't make the busybox work).
I mapped that file as hard disk
I tried to use 'Recuva' it seems like it managed to restore files but something apperantly went wrong and the files wasn't helpful...
I tried to use 'easeus data recovery' it worked better, it found around 20k files.. There were alot of directories and I didn't look up at it so much but it recoverd alot of photos which I think were from the whatsapp media.
Incase someone who made the same mistake by deleting the 'storage' folder, get to this post, I recommend to turn off the phone immidietly and find a way to do that without rooting the device.. (although it might be impossible since as far as I know all of the methods I used were depends on a rooted device, but I didn't look up on this since the first thing I done is to root my device - which might be the mistake)...
Hi,
i had root my O+7 pro and didn't seen the warning that it's wip datas ...
is there any way to recover theme?
Thanks a lot in advance
You can try disk recovery from the play store and give it root permissions, but I can't say if it will recover anything. But to be fair, there were warnings given when unlocking the bootloader, etc about the wiping of data. So possibly a hard lesson learned
Always backup... Backup... Backup... Even if just doing an update. Since you are rooted now I would get titanium backup and do a backup before any update or flashing that u r not comfortable with and back up to Google drive or push to an OTG also back up ur sdcard files by manually moving to an OTG or use twrp to backup data to an OTG... Preferably before u set a pass code or pin securities. Hope u can recover bud.
i'll try the first solution.
in all the case i'll use a good backup solution after that. and i know, i usualy alaways backup but idn, this way my brain had decided it was useless *facepalml*
hallo dare said:
You can try disk recovery from the play store and give it root permissions, but I can't say if it will recover anything. But to be fair, there were warnings given when unlocking the bootloader, etc about the wiping of data. So possibly a hard lesson learned
Click to expand...
Click to collapse
can't find the app, sorry but do you have the link of the app you have in mind?
thanks a lot for your help in all the cases :good: :highfive:
Zeirman said:
can't find the app, sorry but do you have the link of the app you have in mind?
thanks a lot for your help in all the cases :good: :highfive:
Click to expand...
Click to collapse
https://play.google.com/store/apps/details?id=com.defianttech.diskdigger
hallo dare said:
https://play.google.com/store/apps/details?id=com.defianttech.diskdigger
Click to expand...
Click to collapse
Already tried DiskDigger pro (root allowed), and only finded some icone in JPG and PNG, a blank TIF, 16 .zip, and thousands of SQLITE files (don't know what it is)... i had guess it hadn't work
Any other idea? (and thanks a lot again for your help!)
Zeirman said:
Already tried DiskDigger pro (root allowed), and only finded some icone in JPG and PNG, a blank TIF, 16 .zip, and thousands of SQLITE files (don't know what it is)... i had guess it hadn't work
Any other idea? (and thanks a lot again for your help!)
Click to expand...
Click to collapse
Think you're out of luck.
hallo dare said:
Think you're out of luck.
Click to expand...
Click to collapse
No other idea? even through adb or a soft, even not free solution? :/
i don't understand why nothing work
i had almost writte no data since i had root, and my phone has 256Go
even by writte a little with the root process and install 3 app, i couldn't writte 256Go so... why nothing work? why realy no data is found? that's not strange? :/
Maybe you can dumb and pull your userdata partition to an .img file via adb to your pc and then use softwares like recuva to recover data on windows, i don't guaranty it will work , but it's Worth the shot, i tried it one time when i had the OPO (i changed to f2fs partition without backing up and lost everything) annnnnnnndddddd...... no i found nothing lol, but maybe you can find since it's a different type of format i guess" but worth a try
Chinaroad said:
Maybe you can dumb and pull your userdata partition to an .img file via adb to your pc and then use softwares like recuva to recover data on windows, i don't guaranty it will work , but it's Worth the shot, i tried it one time when i had the OPO (i changed to f2fs partition without backing up and lost everything) annnnnnnndddddd...... no i found nothing lol, but maybe you can find since it's a different type of format i guess" but worth a try
Click to expand...
Click to collapse
i had try this tutorial: https://howtorecover.me/data-recovery-internal-storage-android-phone-guide
but the list_of_partitions.txt file is blank, no matter if i do it from the phone or computer
Zeirman said:
i don't understand why nothing work
i had almost writte no data since i had root, and my phone has 256Go
even by writte a little with the root process and install 3 app, i couldn't writte 256Go so... why nothing work? why realy no data is found? that's not strange? :/
Click to expand...
Click to collapse
There is no data found because it is encrypted.
All phones that ship with Android 6 or higher have user data encrypted by default from first boot, without the user enabling encryption.
This is intentionally designed to protect against data recovery by an attacker.
Even if you don't use a PIN or password, Android creates a random encryption key to secure the data. When the phone is wiped the keys are deleted making it difficult to recover data without said keys.
KemikalElite said:
There is no data found because it is encrypted.
All phones that ship with Android 6 or higher have user data encrypted by default from first boot, without the user enabling encryption.
This is intentionally designed to protect against data recovery by an attacker.
Even if you don't use a PIN or password, Android creates a random encryption key to secure the data. When the phone is wiped the keys are deleted making it difficult to recover data without said keys.
Click to expand...
Click to collapse
I understand better now!
that's a good news that people can't recover datas from a second hand phone
but... does it mean it's impossible for me? 0% chances? or is there a maybe complicated but possible way?
Zeirman said:
I understand better now!
that's a good news that people can't recover datas from a second hand phone
but... does it mean it's impossible for me? 0% chances? or is there a maybe complicated but possible way?
Click to expand...
Click to collapse
Not possible. The encryption keys are protected by what is called hardware-backed encryption. The Snapdragon chip binds the keys to a specific device so the data can't just be copied to a computer and recovered. It would take a major security flaw (that hasn't already been patched) to get through this system.
It is designed to be very secure. It is also used to protect fingerprint data and Netflix DRM.
KemikalElite said:
Not possible. The encryption keys are protected by what is called hardware-backed encryption. The Snapdragon chip binds the keys to a specific device so the data can't just be copied to a computer and recovered. It would take a major security flaw (that hasn't already been patched) to get through this system.
It is designed to be very secure. It is also used to protect fingerprint data and Netflix DRM.
Click to expand...
Click to collapse
You don't give me good news but at least i know why i can't recover theme
Thanks a lot for your help!
Hello,
I hope that this is the right side of the forum to describe my problem. I desperately need help. It's a long story:
I had on my Samsung phone the app of "Chrome", which I always use to surf the internet. Using the google browser IN THAT APP, I have downloaded lots of things (I'm a scholar, so I like to read and I use to download everything that I found interesting). I have updated the app and I was frustrated, because I couldn't take anymore screenshots while surfing in "incognito mode". So, I decided to delete the update: i went into "settings", then "apps", and then I have brought back the app of "Chrome" as it was when i bought my phone. Sadly, I then noticed that I had lost every file in my download folder; I had lost every file downloaded with that app.
I had not synchronized my Google account, I can do no backup. I'm so angry and sad because I've always thought that the files downloaded would have stayed in my phone until I and only I would have decide to delete them.
I have done a lot of research on the internet and I have found out that there are some apps that can recover a very large part of lost files. But, in order to do this, I have to root my phone.
My phone is a Samsung Galaxy J2 SM-J250Y/DS, and the Android version is 7.1.1. I have seen that rooting a phone could be very dangerous; also, to me is very complicated. But there is a program called Kingoroot, which, once installed on my computer, could (it's a possibility, I know!) rooting my phone easily.
What should I do? Should I try the rooting method? It seems to me the only way...
I ask you any suggestions... Please help me. I am a depressed student that, in this life, can only enjoy reading and books...
(I am Italian, and I hope my English is understandable. If I did any mistake, please forgive me.)
Sorry can't help you get what you lost back... I feel your pain.
After losing thousands of bookmarks over the decades I started using Colornotes to save my important bookmarks.
You can save the hyperlink with a title, color, and whatever text you want to add. If you punch the hyperlink it opens in the default browser.
The app allows you to save it's data to your sd card which you can backup on your PC.
Use ApkExport to make a loadable copy of the app to future proof it.
ColorNote Notepad Notes - Apps on Google Play
ColorNote® - Easy to use notepad for notes, shopping list, to-do list, calendar
play.google.com
Thank you very much for your reply.
But... If I root my phone, and if the rooting is done without any damage, is there a possibility to get most of my files back? Or, even if I root my device, I will never be able to recover them?
It sounds like it deleted the data when you rolled the apk back (to factory load?).
If so it's going to be very sketchy at best to recover them.
I guess history's been deleted as well?
There are many coders here that have far greater knowledge than myself with Chrome.
My understanding of rooting is very basic as with Chrome which I rarely use.
If no one else replies in a day or two, bump it back to the top. Hope you find a work around solution.
AlexiusFrigerius said:
But... If I root my phone, and if the rooting is done without any damage, is there a possibility to get most of my files back? Or, even if I root my device, I will never be able to recover them?
Click to expand...
Click to collapse
Rooting Android by means of TWRP and/or Magisk ( keyword: SuperSU ) affects its /data partition where phone's data typically are housed. Therefore it cannot be excluded that data stored there is overwritten and can therefore no longer be restored.
jwoegerbauer said:
Rooting Android by means of TWRP and/or Magisk ( keyword: SuperSU ) affects its /data partition where phone's data typically are housed. Therefore it cannot be excluded that data stored there is overwritten and can therefore no longer be restored.
Click to expand...
Click to collapse
Is there the possibility if deleted that it's still on the system cache and is there a way to recover it if so on a none rooted phone?
Maybe using ABD?
Don't some on the "one touch" root solutions claim to preserve the data?
Android doesn't have a recycle bin thus nothing gets cached. Deleting a file means nothing else than marking the space it occupies - whereever this disk space is located - as usable so that it can be overwritten by the system.
Have never used a "One-Click-Root" utility ...
blackhawk said:
It sounds like it deleted the data when you rolled the apk back (to factory load?).
If so it's going to be very sketchy at best to recover them.
I guess history's been deleted as well?
There are many coders here that have far greater knowledge than myself with Chrome.
My understanding of rooting is very basic as with Chrome which I rarely use.
If no one else replies in a day or two, bump it back to the top. Hope you find a work around solution.
Click to expand...
Click to collapse
Yes, it's just like I told. And yes, even history has been deleted.
Thank you for your help! I will wait until someone may give me a solution, or a possibility for a solution.
jwoegerbauer said:
Rooting Android by means of TWRP and/or Magisk ( keyword: SuperSU ) affects its /data partition where phone's data typically are housed. Therefore it cannot be excluded that data stored there is overwritten and can therefore no longer be restored.
Click to expand...
Click to collapse
Ok, I understand...
jwoegerbauer said:
Android doesn't have a recycle bin thus nothing gets cached. Deleting a file means nothing else than marking the space it occupies - whereever this disk space is located - as usable so that it can be overwritten by the system.
Have never used a "One-Click-Root" utility ...
Click to expand...
Click to collapse
Thank you for your explanation.
jwoegerbauer said:
Android doesn't have a recycle bin thus nothing gets cached. Deleting a file means nothing else than marking the space it occupies - whereever this disk space is located - as usable so that it can be overwritten by the system.
Have never used a "One-Click-Root" utility ...
Click to expand...
Click to collapse
Yeah I was aware of the overwrite issue but on an unrooted device I don't think you can access the system cache. Even if you could the data could be so juxtaposed from lose of file structure as to be unusable.
One-Click-Root worked on older versions of Kitkat allegedly.
So... I understand. But I want to try. I want to root my phone. But I have to know how and I must prevent my phone from all the risks.
blackhawk: you said that the "One-Click-Root" method worked only for Kitkat Android. But I have read here that with Kingoroot i could have a chance:
How to Root Android Nougat (7.0/7.1) | KingoRoot Apk
Root any Android Nougat 7.0 7.1 device with KingoRoot.
www.kingoapp.com
(It's important: I AM NOT SPAMMING Kingoroot, I just want to understand If I can trust what it's written in their site. Also, in the link, at the end of the page, there is written that I can root my phone with my PC, which, to me, seems a safer way. It's the main idea I had when I decided to write in this forum, because I wanted to know the opinions of people that are very able to use these methods and these kind of programs.)
AlexiusFrigerius said:
So... I understand. But I want to try. I want to root my phone. But I have to know how and I must prevent my phone from all the risks.
blackhawk: you said that the "One-Click-Root" method worked only for Kitkat Android. But I have read here that with Kingoroot i could have a chance:
How to Root Android Nougat (7.0/7.1) | KingoRoot Apk
Root any Android Nougat 7.0 7.1 device with KingoRoot.
www.kingoapp.com
(It's important: I AM NOT SPAMMING Kingoroot, I just want to understand If I can trust what it's written in their site. Also, in the link, at the end of the page, there is written that I can root my phone with my PC, which, to me, seems a safer way. It's the main idea I had when I decided to write in this forum, because I wanted to know the opinions of people that are very able to use these methods and these kind of programs.)
Click to expand...
Click to collapse
You can try it; it will either work or nothing will happen. Even if it works it's likely those files are gone. Maybe better to chalk it up to another lesson from the University of Hard Knocks.
You could try contacting Google tech support to see if they have any ideas.
The last AT&T firmware update was specifically to block easy rooting by Kingroot; the rats learn quick.
blackhawk said:
You can try it; it will either work or nothing will happen. Even if it works it's likely those files are gone. Maybe better to chalk it up to another lesson from the University of Hard Knocks.
You could try contacting Google tech support to see if they have any ideas.
The last AT&T firmware update was specifically to block easy rooting by Kingroot; the rats learn quick.
Click to expand...
Click to collapse
Thank you very much for your help. I understand: I must give up. But the most important thing is to learn something about anything we do. Anything could help for future situations.
"It's a shame to stumble twice on the same stone" (Polybius, 31,11, 5).
Thank you again. Goodbye!
AlexiusFrigerius said:
Hello,
I hope that this is the right side of the forum to describe my problem. I desperately need help. It's a long story:
I had on my Samsung phone the app of "Chrome", which I always use to surf the internet. Using the google browser IN THAT APP, I have downloaded lots of things (I'm a scholar, so I like to read and I use to download everything that I found interesting). I have updated the app and I was frustrated, because I couldn't take anymore screenshots while surfing in "incognito mode". So, I decided to delete the update: i went into "settings", then "apps", and then I have brought back the app of "Chrome" as it was when i bought my phone. Sadly, I then noticed that I had lost every file in my download folder; I had lost every file downloaded with that app.
I had not synchronized my Google account, I can do no backup. I'm so angry and sad because I've always thought that the files downloaded would have stayed in my phone until I and only I would have decide to delete them.
I have done a lot of research on the internet and I have found out that there are some apps that can recover a very large part of lost files. But, in order to do this, I have to root my phone.
My phone is a Samsung Galaxy J2 SM-J250Y/DS, and the Android version is 7.1.1. I have seen that rooting a phone could be very dangerous; also, to me is very complicated. But there is a program called Kingoroot, which, once installed on my computer, could (it's a possibility, I know!) rooting my phone easily.
What should I do? Should I try the rooting method? It seems to me the only way...
I ask you any suggestions... Please help me. I am a depressed student that, in this life, can only enjoy reading and books...
(I am Italian, and I hope my English is understandable. If I did any mistake, please forgive me.)
Click to expand...
Click to collapse
Hi, I would suggest you can try free tool for Android Phone such as Stellar Data Recovery for Android which easily recover deleted files like, photos, audio files, videos files from your Android phone internal memory storage.
Source: https://www.stellarinfo.com/media-tools/android-data-recovery.php
{Mod edit: Quoted post has been deleted}
That drfone again. Scamware.
Do Not Use.
Drfone if used will encrypt "recovered" data and ask you to pay for it. After which the original data is gone leaving only the encrypted copy.
It is not free... not to be trusted!
Ran into this scam many years ago.
Many thanks for reading my post. I really apriciate your time .
I think I recently installed an app that used a rootkit to temporarily give itself root acces. The bootloader of my device is still locked (Huawei Ale-L21, I know the phone is old ).
After I found out, I deleted the app and factory recet the phone. I checked with root checker and my phone doesn't have root acces anymore.
Is it possible that the app has injected code into the system partion of my phone that will remain after a factory recet. I haven't found any traces on the data partion of my device and haven't noticed any suspicious activity after the factory reset. The app also didn't convert itself to a system app. And to reitterate, the bootloader of the phone still seems locked.
My main concern would be that malicious code could get acces to for example my camera without me knowing. Is this a realistic threat to worry about.
My second question would be: does malicious code manifest itself as a system app persé or could it affect my device in another way without me noticing.
Agin thanks to everyone who took the time to read and (hopefully) answer my questions.
HumboBumbo said:
Many thanks for reading my post. I really apriciate your time .
I think I recently installed an app that used a rootkit to temporarily give itself root acces. The bootloader of my device is still locked (Huawei Ale-L21, I know the phone is old ).
After I found out, I deleted the app and factory recet the phone. I checked with root checker and my phone doesn't have root acces anymore.
Is it possible that the app has injected code into the system partion of my phone that will remain after a factory recet. I haven't found any traces on the data partion of my device and haven't noticed any suspicious activity after the factory reset. The app also didn't convert itself to a system app. And to reitterate, the bootloader of the phone still seems locked.
My main concern would be that malicious code could get acces to for example my camera without me knowing. Is this a realistic threat to worry about.
My second question would be: does malicious code manifest itself as a system app persé or could it affect my device in another way without me noticing.
Agin thanks to everyone who took the time to read and (hopefully) answer my questions.
Click to expand...
Click to collapse
You will probably need to flash your stock firmware
Rootkits, the worst of the trojans... go full nuke with the reflash option.
Note that a factory reset leaves the phone's system partition (the "ROM") untouched. If there were made any changes to the system partition (such as rooting), those will remain.
Only re-flashing phone's Stock ROM helps to get rid off of changes made to the system partition.
jwoegerbauer said:
Note that a factory reset leaves the phone's system partition (the "ROM") untouched. If there were made any changes to the system partition (such as rooting), those will remain.
Only re-flashing phone's Stock ROM helps to get rid off of changes made to the system partition.
Click to expand...
Click to collapse
Here's one of those:
xHelper malware: What it is, how it works and how to prevent it | Malware spotlight | Infosec Resources
Research shows malware spreading and directed specifically at mobile users. Check Point’s 2019 Mid-Year Trends Report shows that cyberattacks targeting
resources.infosecinstitute.com
The newer OS's aren't vulnerable to this one but it shows how insidious these rootkits can be.
@blackhawk
Because you tagged me:
I have never had the embarrassment of a phone I had or still have got infected with malicious software ( rootkits ).
I know how to protect myself from this.
And I never have bricked a phone because I know how to proceed correctly when it comes to rooting Android.
jwoegerbauer said:
Note that a factory reset leaves the phone's system partition (the "ROM") untouched. If there were made any changes to the system partition (such as rooting), those will remain.
Only re-flashing phone's Stock ROM helps to get rid off of changes made to the system partition.
Click to expand...
Click to collapse
I recently read up about bootloaders but would a locked bootloader not check the signature of the rom, so that if changes were made to the system partion the phone wouldn't boot or something allong those lines. Apologies if that is not how it works, I'm only just recently starting to learn about it.
blackhawk said:
Rootkits, the worst of the trojans... go full nuke with the reflash option.
Click to expand...
Click to collapse
Could you mabey rephrase that? I don't fully understand what you mean.
blackhawk said:
Here's one of those:
xHelper malware: What it is, how it works and how to prevent it | Malware spotlight | Infosec Resources
Research shows malware spreading and directed specifically at mobile users. Check Point’s 2019 Mid-Year Trends Report shows that cyberattacks targeting
resources.infosecinstitute.com
The newer OS's aren't vulnerable to this one but it shows how insidious these rootkits can be.
Click to expand...
Click to collapse
Would a virus like this show up in the apps section in your settings or do you think it wouldn't be noticable in any way?
Forgive if I put this in the wrong section.
Q: my father recently passed away and I'm trying to recover some data that is on his phone. I physically have his phone. Blu G90. Is there a way to bypass or disable the native pin lock?
Usb debug not enabled. Default set to charge only for pc.
Pretty sure wipe at 15 is set so can't brute force.
I have a couple of forensics applications that can see it when it goes to bootloader but then they crash as soon as I try to grab an image or mount /system.
I'm literally begging for any assistance I can get.
Thanks in advance
AntiMatter2112 said:
Forgive if I put this in the wrong section.
Q: my father recently passed away and I'm trying to recover some data that is on his phone. I physically have his phone. Blu G90. Is there a way to bypass or disable the native pin lock?
Usb debug not enabled. Default set to charge only for pc.
Pretty sure wipe at 15 is set so can't brute force.
I have a couple of forensics applications that can see it when it goes to bootloader but then they crash as soon as I try to grab an image or mount /system.
I'm literally begging for any assistance I can get.
Thanks in advance
Click to expand...
Click to collapse
Since the device is locked (bootloader locked) so the permissions to change/modifiy/copy something into phone cannot obtain the internal storage files.
Only unlocking bootloader and for it is need format phone as internal storage so the device erasing all files. The pin lock can remove with adb-fastboot commands or TWRP.
But again, with locked bootloader, without chance to have internal files.
DragonPitbull said:
Since the device is locked (bootloader locked) so the permissions to change/modifiy/copy something into phone cannot obtain the internal storage files.
Only unlocking bootloader and for it is need format phone as internal storage so the device erasing all files. The pin lock can remove with adb-fastboot commands or TWRP.
But again, with locked bootloader, without chance to have internal files.
Click to expand...
Click to collapse
thanks for the reply. i was afraid of that. even after factory reset, if i root, theres a chance at partial data recovery? or is it completely gone?
AntiMatter2112 said:
thanks for the reply. i was afraid of that. even after factory reset, if i root, theres a chance at partial data recovery? or is it completely gone?
Click to expand...
Click to collapse
You can try an official unlock. Maybe it can have some result or maybe not. Trying is the attitude.
Write Google support and try to legally show some death certificate and supporting documents over your father's phone number. Write down the situation and wait for some response from them.
The only practical way would be to try a backup of the internal partition. But it depends on your knowledge with Smart Phone Flash Tool. Also you must know how to "cut" the file in the right parts.
There would be a very small possibility of restoring the internal files with a backup of userdata or in its entirety (called ROM_1).
The next step would be to unlock the phone, install TWRP and restore the file made from userdata.
Perhaps at that point you have a 1% chance of removing the PIN and booting the device without a password.
But this should only be done if Google gives you a negative answer.
Another way is with carrier company. But I think help in nothing.
Understand that despite having a userdata file with PIN, there is encryption involved and that is what makes the whole process difficult.
I know the TWRP made for BLU G90 has active decryption. But I don't know how it will behave with a userdata file made with stock ROM.
Unfortunately there is no guarantee that files like photos, docs, etc can be in userdata as this refers to internal storage. Already userdata is in ROOT storage.
So even if there is an application or software capable of restoring files, there is also the possibility that it will not be successful or have corrupted files. This will depend on your choice and risk carrying out the process.
DragonPitbull said:
You can try an official unlock. Maybe it can have some result or maybe not. Trying is the attitude.
Write Google support and try to legally show some death certificate and supporting documents over your father's phone number. Write down the situation and wait for some response from them.
The only practical way would be to try a backup of the internal partition. But it depends on your knowledge with Smart Phone Flash Tool. Also you must know how to "cut" the file in the right parts.
There would be a very small possibility of restoring the internal files with a backup of userdata or in its entirety (called ROM_1).
The next step would be to unlock the phone, install TWRP and restore the file made from userdata.
Perhaps at that point you have a 1% chance of removing the PIN and booting the device without a password.
But this should only be done if Google gives you a negative answer.
Another way is with carrier company. But I think help in nothing.
Understand that despite having a userdata file with PIN, there is encryption involved and that is what makes the whole process difficult.
I know the TWRP made for BLU G90 has active decryption. But I don't know how it will behave with a userdata file made with stock ROM.
Unfortunately there is no guarantee that files like photos, docs, etc can be in userdata as this refers to internal storage. Already userdata is in ROOT storage.
So even if there is an application or software capable of restoring files, there is also the possibility that it will not be successful or have corrupted files. This will depend on your choice and risk carrying out the process.
Click to expand...
Click to collapse
Thanks for the reply. Google was pretty useless. They told me to contact Blu and Blu said to contact Google. I successfully hard reset and root. Went through setup to try a restore from his drive backup and it wanted the unlock pin in order to restore. Google was again quite useless. Since this is a matter if his estate i served Google with a notice of preservation on the backup, since it expires pretty soon. I'm going to try next to roll back to an older version, before the unlock pin requirement to restore Google backup. Grabbed a cellebrite image earlier so I can mess around with it later tonight. I'm hoping that because of the unlock requirement that the pin file is still there after reset.