Reading directly from onboard flash - General Topics

I was not sure where else to put this thread so I apologize if this forum is not appropriate. I am planning to desolder the flash chip from my old Samsung S6 and use either the ZX3 Easy-JTAG or the NuProg-E2 to read the contents of the chip. I just realized that the contents of the chips is probably encrypted, probably using the PIN to do so. Does anyone know if this is true? If so, what mechanism is used to encrypt it? I have no issue writing some software to decrypt it given the PIN if I knew how it was encrypted to begin with.

you don't need the pin it's just encrypted with default_password. But it's impossible to decrypt offline. either get mainboard back to life and boot into android, or just smash it with hammer and throw it into garbage.

aIecxs said:
you don't need the pin it's just encrypted with default_password. But it's impossible to decrypt offline. either get mainboard back to life and boot into android, or just smash it with hammer and throw it into garbage.
Click to expand...
Click to collapse
Thank you for your response, I do have a follow up question though. I read somewhere that since Android 10 the storage is encrypted. Doesnt that mean that it is encrypted via software, presumably from the Android software itself? Since Android is open source, wouldnt it be possible to decrypt it in the same manner as Android does when it loads it? I am hoping my reasoning is correct but I admit that there could always be something unbeknownst to me that makes this impossible, some as some firmware or onboard circuit in between the cpu and the storage. If it is possible, I am more open to buying those expensive flash chip readers I mentioned to recover the data.

android offers encryption since Android 5.0 Lollipop. you would have noticed that if you followed the link.

aIecxs said:
android offers encryption since Android 5.0 Lollipop. you would have noticed that if you followed the link.
Click to expand...
Click to collapse
Yea thats true but its not mandatory since Android 10.0, from what I read.

aIecxs said:
android offers encryption since Android 5.0 Lollipop. you would have noticed that if you followed the link.
Click to expand...
Click to collapse
Also, the link made it seem possible? Or am I missing something?
I also found this: https://source.android.com/docs/security/features/encryption/full-disk
```
Upon first boot, the device creates a randomly generated 128-bit master key and then hashes it with a default password and stored salt. The default password is: "default_password" However, the resultant hash is also signed through a TEE (such as TrustZone), which uses a hash of the signature to encrypt the master key.
```
I dont know what a TEE actually is, but I am guessing this is what makes it impossible? Unless the master key is stored somewhere other than the internal flash it seems that everything you need to decrypt is available to you, assuming you know the PIN.

(FDE) full-disk encryption is mandatory since Android 6.0.1 Marshmallow.
(FBE) file-based encryption is mandatory for devices shipped with Android 10.0 Quince Tart.
encryption keys are hardware-backed in TrustZone TEE yet another proprietary operating system not accessable from eMMC storage.
if the mainboard doesn't show any sign of life on lsusb just forget about it.

aIecxs said:
(FDE) full-disk encryption is mandatory since Android 6.0.1 Marshmallow.
(FBE) file-based encryption is mandatory for devices shipped with Android 10.0 Quince Tart.
encryption keys are hardware-backed in TrustZone TEE yet another proprietary operating system not accessable from eMMC storage.
if the mainboard doesn't show any sign of life on lsusb just forget about it.
Click to expand...
Click to collapse
Ok, thanks for clarifying. I originally based this project on this video:
Since I have an S6 myself I was hoping it would work for me but I have no idea if the storage was encrypted. I am hesitant to gamble a thousand dollars on a solution that may not work for me.
Also, theoretically, couldnt you get the encryption keys from the processor itself if you could somehow power it on in debug mode? Sorry if debug mode is not the correct term.
Thank you again for all your help.

theoretically... but SM-G920F is Exynos SoC
http://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html

Related

[Q] Can you please explain what is the ROM?

Hey, I have really basic information about computers and OSs so I really need some explanations for the case of android smartphone (qualcomm mainly). So let me tell you first what I know (I hope that this is true): For a computer they use EEPROM and it's a type of ROM which is erasable. The bios is stored there and it's the first thing loaded when starting the computer. (It's is easily updatable as I have already updated my bios). For the case of android smartphones I think that they use NVRAM, but I don't know what is NVRAM physically? is it a build-in memory separated from storage devices like on computers?! or is just a partition of internal storage? (internal storage I mean /dev/block/mmcblk0). I found that NVRAM can only be erased using JTAG on some websites but I found that device cloning is done copying mmcblk0 from one phone to another, so that means that NVRAM is located in mmcblk0. And if NVRAM is just a part of mmcblk0 so why is it a read only memory? we can easily write to other partitions, so why not NVRAM?! I'm really confused...
Please share your knowledge, I really need years of studying electronics and computer science to know all this by myself... Thank you all!!
AmineBY said:
Hey, I have really basic information about computers and OSs so I really need some explanations for the case of android smartphone (qualcomm mainly). So let me tell you first what I know (I hope that this is true): For a computer they use EEPROM and it's a type of ROM which is erasable. The bios is stored there and it's the first thing loaded when starting the computer. (It's is easily updatable as I have already updated my bios). For the case of android smartphones I think that they use NVRAM, but I don't know what is NVRAM physically? is it a build-in memory separated from storage devices like on computers?! or is just a partition of internal storage? (internal storage I mean /dev/block/mmcblk0). I found that NVRAM can only be erased using JTAG on some websites but I found that device cloning is done copying mmcblk0 from one phone to another, so that means that NVRAM is located in mmcblk0. And if NVRAM is just a part of mmcblk0 so why is it a read only memory? we can easily write to other partitions, so why not NVRAM?! I'm really confused...
Please share your knowledge, I really need years of studying electronics and computer science to know all this by myself... Thank you all!!
Click to expand...
Click to collapse
Well, I didn't understand a damn thing you just just said, but I can tell you this:
ROM, in the Android world, means the OS or firmware the device runs on. Like Windows or Linux. You can have the stock ROM, which is what the device ships with. Or, if the device allows it, you can install a custom ROM, such as Cyanogenmod.
"ROM" can mean other things in different contexts. You can find these out for yourself by using this thing called "google". But in the Android world, it simply means the operating system.
Planterz said:
Well, I didn't understand a damn thing you just just said, but I can tell you this:
ROM, in the Android world, means the OS or firmware the device runs on. Like Windows or Linux. You can have the stock ROM, which is what the device ships with. Or, if the device allows it, you can install a custom ROM, such as Cyanogenmod.
"ROM" can mean other things in different contexts. You can find these out for yourself by using this thing called "google". But in the Android world, it simply means the operating system.
Click to expand...
Click to collapse
Thanks for the quick reply! but I'm not talking about ROM files. I'm asking about this http://en.wikipedia.org/wiki/Read-only_memory
Of course I already tried googling it but it's just general information, I'm searching for information about android hardware (qualcomm mainly).
Any idea about android devices ROM (Read Only Memory) please?!
I'm not sure about low-level stuff (like the actual bootloader, which probably is isolated on different ROM chips on various devices), but most of what we normally consider the "ROM" -- i.e. the Android system software discussed above -- and even a sort of miniature OS for performing updates called the recovery -- is stored on a flash memory chip (sometimes eMMC) within the phone. Definitely not NVRAM/EEPROM, though the bootloader could be on one of those.
maclynb said:
I'm not sure about low-level stuff (like the actual bootloader, which probably is isolated on different ROM chips on various devices), but most of what we normally consider the "ROM" -- i.e. the Android system software discussed above -- and even a sort of miniature OS for performing updates called the recovery -- is stored on a flash memory chip (sometimes eMMC) within the phone. Definitely not NVRAM/EEPROM, though the bootloader could be on one of those.
Click to expand...
Click to collapse
Thanks! I think some information should be on NVRAM, if not why do people use JTAG to unlock devices?! Flash memory can be edited easily using usb cable only...
AmineBY said:
Thanks! I think some information should be on NVRAM, if not why do people use JTAG to unlock devices?! Flash memory can be edited easily using usb cable only...
Click to expand...
Click to collapse
I don't think it's possible to edit flash memory with USB cables alone on most devices; that's actually rather tough and requires a phone that's had its bootloader unlocked (even then, official bootloader unlocks -- like HTC's -- don't always let you write over certain bits of it). Not quite sure about the JTAG stuff -- that reaches the limits of my knowledge.

Question regarding solder resistance of android

Hi,
when i have a Android 6 initial produced phone (moto z) running on 7.1.1 with full disc encryption enabled where the pin is unknown... can you extract the internal memory chip and read out the decrypted data?
or am i correct in my understanding the the tee stores a part of the key which is of course missing when someone extract the memory chip?
what is the tee is also extracted? is this possible?
thanks!
Thesnable said:
Hi,
when i have a Android 6 initial produced phone (moto z) running on 7.1.1 with full disc encryption enabled where the pin is unknown... can you extract the internal memory chip and read out the decrypted data?
or am i correct in my understanding the the tee stores a part of the key which is of course missing when someone extract the memory chip?
what is the tee is also extracted? is this possible?
thanks!
Click to expand...
Click to collapse
Im quite sure that as you have encryption, you dont have root
and nope,you cannot extract the data
try to get a "reset " pin (in some phones) it will ask u 2 sign in your google account and thats it.
or maybe (idk this is untested) lock your phone remotely with android device manager (google) and then insert the new lock key
thanks!

[TWRP] Regarding the decryption pin/pwd request

Guys, apologies if the question is silly / already asked somewhere i wasn't able to locate.
As per thread title, what is that all about? 1. It's an expected behaviour / feature of TWRP, or is it kind of a bug? 2. Is there any way to avoid / disable it?
It's quite annoying during these days of frequent flashing as development is speeding up fast for this little beast.
If you have a pin or pattern set up it will always ask you for it.
sting5566 said:
If you have a pin or pattern set up it will always ask you for it.
Click to expand...
Click to collapse
Well, thanks for pointing that out.
I've been outside of the flashing world for a while with my old phone (OP2), but i'm pretty sure to recall that i was using TWRP 3.X and the pin was setup (due to fingerprint usage for unlocking) and the recovery was not asking for any decryption pwd.
Maybe the OP2 was not encrypted and that's the point. So wondering if future development will change this (are custom ROMs usually decrypted?)
It's something completely outside of my knowledge, so i could just be trashtalking here.
ca110475 said:
Well, thanks for pointing that out.
I've been outside of the flashing world for a while with my old phone (OP2), but i'm pretty sure to recall that i was using TWRP 3.X and the pin was setup (due to fingerprint usage for unlocking) and the recovery was not asking for any decryption pwd.
Maybe the OP2 was not encrypted and that's the point. So wondering if future development will change this (are custom ROMs usually decrypted?)
It's something completely outside of my knowledge, so i could just be trashtalking here.
Click to expand...
Click to collapse
If you don't want to enter anything when twrp starts under security , screen lock change that to none and you shouldn't have to put anything in when twrp starts.
ca110475 said:
Guys, apologies if the question is silly / already asked somewhere i wasn't able to locate.
As per thread title, what is that all about? 1. It's an expected behaviour / feature of TWRP, or is it kind of a bug? 2. Is there any way to avoid / disable it?
It's quite annoying during these days of frequent flashing as development is speeding up fast for this little beast.
Click to expand...
Click to collapse
It is a security issue. If you need pass/pin/pattern to keep your phone secure then logically you should have it required in twrp to prevent unauthorized access to your phone through twrp. You can disable pass/pin/pattern from the twrp file manager
Sent from my OnePlus6 using XDA Labs
Just decrypt your phones storage. You want be asked for a pattern / pin anymore in twrp
matze19999 said:
Just decrypt your phones storage. You want be asked for a pattern / pin anymore in twrp
Click to expand...
Click to collapse
How?
mikex8593 said:
How?
Click to expand...
Click to collapse
I'm not so sure you can actually decrypt the phone's storage and the reason I believe this to be so is the day I received my phone I was going through all of the settings. If you go into security and lock screen and scroll to the bottom you will see that your phone is encrypted. My phone was like this from day one without entering any fingerprint or PIN code. I may be wrong about decrypting the storage however the OnePlus 6 does have an EFS (encrypted file system) which stores meid, imei, serial number, config, diag settings and radio settings, etc in an encrypted format at the file system level.
If you do manage to decrypt your storage your phone will most certainly be vulnerable
dgunn said:
I'm not so sure you can actually decrypt the phone's storage and the reason I believe this to be so is the day I received my phone I was going through all of the settings. If you go into security and lock screen and scroll to the bottom you will see that your phone is encrypted. My phone was like this from day one without entering any fingerprint or PIN code. I may be wrong about decrypting the storage however the OnePlus 6 does have an EFS (encrypted file system) which stores meid, imei, serial number, config, diag settings and radio settings, etc in an encrypted format at the file system level.
If you do manage to decrypt your storage your phone will most certainly be vulnerable
Click to expand...
Click to collapse
I've always been decrypt with previous phones. There is no decryption method with the 6 yet because of the a/b partitioning. You need to flash a modified boot img.
mikex8593 said:
I've always been decrypt with previous phones. There is no decryption method with the 6 yet because of the a/b partitioning. You need to flash a modified boot img.
Click to expand...
Click to collapse
If you were to decrypt your data (and you can through either adb or fastboot - but I,m not going into that here), you would wipe it at the same time.
There's no way around this.
carlos67 said:
If you were to decrypt your data (and you can through either adb or fastboot - but I,m not going into that here), you would wipe it at the same time.
There's no way around this.
Click to expand...
Click to collapse
With that, I am aware of the wipe, but it would be a prepared and willing wipe, but you are right, this is not the place for the discussion.

is it possible to us majisk without factory resetting?

i'm trying to recover data (mostly folders in my internal storage such as screenshots, screecaptures, etc.) but the programs i am using need my phone to be rooted. My phone runs on android 9 and needs it's bootloder to be unlocked but i need to know if there is a way to d this without factory resetting which may overwrite the lost data which i cannot recover when doing so.
A Factoy Reset only wipes files what means it deletes their entries in Android's inode-table , it doesn't overwrite them. The diskspace previously allocated by the now wiped files becomes orphaned, thus can get reused.
Use ADB pull to extract user-data files where a rooted Android isn't needed.
See also here:
How to Download Files to the Computer with ADB Pull - KrispiTech
You can actually copy and download files from your Android smartphone to the PC using some simple ADB Pull commands as long as you enabled USB Debugging.
krispitech.com
so i can still recover files i deleted prior to a factory reset needed to unlock my oem?
please reply
To recover deleted files Android must be rooted and a special commercial forensic software must be used. GIYF ...
xXx yYy said:
To recover deleted files Android must be rooted and a special commercial forensic software must be used. GIYF ...
Click to expand...
Click to collapse
do you know any that i should use?
Your device is encrypted with FDE. the same answer applies. One can't recover data after factory reset. encryption key is gone forever, and so is your data.
edit: if you haven't done factory reset yet, device might still encrypted with same crypto-footer. this leads you to hypothetical option to obtain temporary root shell and pull decrypted block partition /dev/block/dm-0 (or whatever)
assuming you found vulnerability/exploit and managed to get raw dump, still your chances to recover deleted files are low, because of the way android flash translation controller handles eMMC flash storage.
aIecxs said:
Your device is encrypted with FDE. the same answer applies. One can't recover data after factory reset. encryption key is gone forever, and so is your data.
edit: if you haven't done factory reset yet, device might still encrypted with same crypto-footer. this leads you to hypothetical option to obtain temporary root shell and pull decrypted block partition /dev/block/dm-0 (or whatever)
assuming you found vulnerability/exploit and managed to get raw dump, still your chances to recover deleted files are low, because of the way android handles eMMC flash storage.
Click to expand...
Click to collapse
if only i have discovered these posts sooner...
so those recovery apps are useless?
most of the data recovery tools / one-click-rooting apps aren't working anymore since marshmallow. there are however some companies like cellebrite claiming they can still hack. maybe they got somehow access to Samsungs OEM signing keys idk
Don't know if I got you right, you haven't factory reset your device, yet?
This app might help you to find existing files and thumbnails of deleted files. To my understanding it won't undelete anything but some users claim different. It will search for hidden trash can in gallery, maybe you are lucky...
FindMyPhoto – Recover Photos o - Apps on Google Play
A truely free app to recover deleted photos on Android devices.
play.google.com
aIecxs said:
Don't know if I got you right, you haven't factory reset your device, yet?
This app might help you to find existing files and thumbnails of deleted files. To my understanding it won't undelete anything but some users claim different. It will search for hidden trash can in gallery, maybe you are lucky...
FindMyPhoto – Recover Photos o - Apps on Google Play
A truely free app to recover deleted photos on Android devices.
play.google.com
Click to expand...
Click to collapse
i did factory reset...
i should probably give up and move on, shouldn't i?
the app looks really promising, but it has alot of one star reviews
just another useless app..
better root your device, factory reset again and disable encryption. this way you are prepared next time
aIecxs said:
just another useless app..
better root your device, factory reset again and disable encryption. this way you are prepared next time
Click to expand...
Click to collapse
have you actually used the app, seen the reviews, or both?
Best Cellebrite Alternatives & Competitors
Compare the best Cellebrite alternatives in 2023. Explore user reviews, ratings, and pricing of alternatives and competitors to Cellebrite.
sourceforge.net
Besides Cellebrite is there an alternative
Besides Cellebrite is there an alternative to capturing data from a cell phone on the physical side (ie deleted items)? In addition to bypassing the ...
www.forensicfocus.com
https://www.reddit.com/r/computerforensics/comments/a1j43j
These links have cellebrite alternatives and one person said that they use odin + twrp. I hope some of them are freeware/ have free trials. Can someone help me verify if these are legit?
moutsu said:
have you actually used the app, seen the reviews, or both?
Click to expand...
Click to collapse
another user suggested this app. but only helpful to find existing pictures in trash can. read full discussion here
https://android.stackexchange.com/q/231132
moutsu said:
These links have cellebrite alternatives and one person said that they use odin + twrp. I hope some of them are freeware/ have free trials. Can someone help me verify if these are legit?
Click to expand...
Click to collapse
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
aIecxs said:
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
Click to expand...
Click to collapse
aww
to let anyone know about how i ended up into this rabbit hole of recovery apps and finding out about xda, heres a backstory: some, if not all, of the folders were deleted in the storage/emulated/0 file directory after possibly me deleting them after they have popped up in an app that accessed your files. this is why i've been asking questions and doing research on how to recover them. i had to root my device according to the answers, but i didnt want to unlock the bootloader but i had to unlock it eventually. i really regret doing that. if this happens to someone in the future, i would ask anyone if it is possible to recover the files in storage/emulated/0 after they were deleted.
aIecxs said:
once you factory reset device NOTHING can help you - it's gone. well, technically spoken that's not true, but next to impossible. forensic lab might partially recover old crypto-footer from the lower emmc firmware, and spend some years bruteforcing missing bytes.
TWRP is completely useless for samsung encryption, samsung encryption not supported, yet (although it's possible just a matter of time)
consider: all these tools might still work on quite a few older devices, from the days where exploiting was possible or encryption wasn't hardware-backed. They mainly offer breaking into lock screen and maybe can recover deleted files. They can by-pass locked bootloader, let android do it's work and pull (decrypted) partition image from root shell (for further analysis). They can break into TEE and extract encryption master key for chip-off bruteforce. But none of these tools ever claimed to recover data after factory reset. except for scams (like wondershare Dr. Fone) I don't know anything about iPhone I am talking about Android only.
conclusion:
- if a company offers you JTAG or chip-off they are trying to scam you.
- recovery of deleted files is not the same as recovery after factory reset. encryption is the showstopper here.
Demystifying Android Physical Acquisition
Numerous vendors advertise many types of solutions for extracting evidence from Android devices. The companies claim to support tens of thousands of models, creating the impression that most (if not all) Android devices can be successfully acquired using one method or another. On the other side o
blog.elcomsoft.com
Click to expand...
Click to collapse
so there IS a way? if it's not impossible then it is possible!
x=1
Kds ld fhud xnt dwzlokd.

[Xiaomi] How to unlock phone after forgetting the password.

Hello,
today it happened that I forgot a password to my phone. I've tried to restore it by logging in into my xiaomi account and my google account. Unfortunately it only offers to wipe my data, which I want to avoid at all costs.
I have Poco F2 Pro on MIUI 13
Is there known a bug which could in any way make me unable to log into my phone?
Please help me. I am really desperate. I beg you. If you need any information about this case and it's sensible to share it there, please ask.
people report similar on updates, but I don't think it's official known bug. however, there is gatekeeper in background which will deny correct password after too many attempts, timeout increases up to 1 trial per day. if something corrupted it might happen this deny is silent without notifying you.
so best what you can do for now is nothing, just wait for 24 hours and keep on charging.
perwell said:
Hello,
today it happened that I forgot a password to my phone. I've tried to restore it by logging in into my xiaomi account and my google account. Unfortunately it only offers to wipe my data, which I want to avoid at all costs.
I have Poco F2 Pro on MIUI 13
Is there known a bug which could in any way make me unable to log into my phone?
Please help me. I am really desperate. I beg you. If you need any information about this case and it's sensible to share it there, please ask.
Click to expand...
Click to collapse
if you're decrypted you can delete your lockscreen in twrp if you're encrypted you'll need to remember your password otherwise it's wipe data
@jons99 if OP would have the availability to access lockdettings it would be also possible to backup data, right?
aIecxs said:
people report similar on updates, but I don't think it's official known bug. however, there is gatekeeper in background which will deny correct password after too many attempts, timeout increases up to 1 trial per day. if something corrupted it might happen this deny is silent without notifying you.
so best what you can do for now is nothing, just wait for 24 hours and keep on charging.
Click to expand...
Click to collapse
It would be strange to ask again for password every 2 minutes and silently block out for the whole day. Actually it would rather bad for the actual users rather than unauthorized break in.
I've tried many times and I'm quite sure that I've typed the correct password at least once. Are there any options like blocking it through Xiaomi cloud and maybe it would ask to log into the account. I've tried changing the password but it still does not work (maybe it was made after too many attempts).
Does the password to phone change when it is changed to the Xiaomi account?
as stated above, it doesn't matter you typed the correct password
aIecxs said:
@jons99 if OP would have the availability to access lockdettings it would be also possible to backup data, right?
Click to expand...
Click to collapse
any one with working twrp can access the lockscreen file but if your device is encrypted you'll be locked out if you delete it
Poco F2 Pro on MIUI 13 /data/system/lockdettings.db is unencrypted despites /data partition is encrypted?
aIecxs said:
Poco F2 Pro on MIUI 13 /data/system/lockdettings.db is unencrypted despites /data partition is encrypted?
Click to expand...
Click to collapse
if his data partition is encrypted then it doesn't matter deleting locksettings won't help
except for most Xiaomi devices encrypted with default_password where lockdettings.db can be deleted safely (if you would have access to decrypted /data partition, which would also allow you to backup /data)
aIecxs said:
except for most Xiaomi devices encrypted with default_password where lockdettings.db can be deleted safely (if you would have access to decrypted /data partition, which would also allow you to backup /data)
Click to expand...
Click to collapse
To access files I need to enable file transfers. Besides I also wouldn't want to risk bricking the phone.
as your bootloader is locked there is nothing you can do anyway... this was just side note question to @jons99
it's true that file-based encryption is tied to lock screen credentials, but MIUI 13 is insecure and implemented metadata encryption in a wrong way so that TWRP is able to decrypt without password, like it was common on full-disk encryption.
full-disk encryption requires decrypted partition first in order to access files on it, so the suggestion to delete locksettings.db is pointless as goal (access /data) would already achieved before. but I am curious about file-based encryption and metadata encryption leaves /data/system unencrypted. while it for sure would break file-based encryption, I am not quite sure this applies to MIUI weak metadata encryption too, if we delete locksettings.db
aIecxs said:
as your bootloader is locked there is nothing you can do anyway... this was just side note question to @jons99
it's true that file-based encryption is tied to lock screen credentials, but MIUI 13 is insecure and implemented metadata encryption in a wrong way so that TWRP is able to decrypt without password, like it was common on full-disk encryption.
full-disk encryption requires decrypted partition first in order to access files on it, so the suggestion to delete locksettings.db is pointless as goal (access /data) would already achieved before. but I am curious about file-based encryption and metadata encryption leaves /data/system unencrypted. while it for sure would break file-based encryption, I am not quite sure this applies to MIUI weak metadata encryption too, if we delete locksettings.db
Click to expand...
Click to collapse
I'm pretty sure xiaomi is using file based encryption and without the locksettings you won't be able to decrypt your data I mean the system will load but you won't be able to use it as it will show phone is starting message forever cause it won't be able to decrypt your data on the other hand I don't know much about xiaomi so I guess anything is possible
nope, actually it's metadata encryption (but I have never seen personally as I don't got such device in hands)
Code:
/dev/block/bootdevice/by-name/userdata /data f2fs noatime,nosuid,nodev,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,inlinecrypt,checkpoint_merge latemount,wait,formattable,fileencryption=ice,wrappedkey,keydirectory=/metadata/vold/metadata_encryption,quota,reservedsize=128M,sysfs_path=/sys/devices/platform/soc/1d84000.ufshc,checkpoint=fs
perwell said:
Hello,
today it happened that I forgot a password to my phone. I've tried to restore it by logging in into my xiaomi account and my google account. Unfortunately it only offers to wipe my data, which I want to avoid at all costs.
I have Poco F2 Pro on MIUI 13
Is there known a bug which could in any way make me unable to log into my phone?
Please help me. I am really desperate. I beg you. If you need any information about this case and it's sensible to share it there, please ask.
Click to expand...
Click to collapse
Hi my friend
Were you able to unlock your cell phone?
It just happened to me with a xiaomi redmi note 8 and every time I try, the device makes me wait 64 minutes.
SBUnlock said:
Hi my friend
Were you able to unlock your cell phone?
It just happened to me with a xiaomi redmi note 8 and every time I try, the device makes me wait 64 minutes.
Click to expand...
Click to collapse
Did you previously unlocked bootloader with Miflash Unlock Tool?
aIecxs said:
Did you previously unlocked bootloader with Miflash Unlock Tool?
Click to expand...
Click to collapse
Not yet
The truth is that I am new to this, when I investigated about Miflash Unlock Tool, I see that it is used to unlock bootloader, not to unlock cell phone security pattern.
I am right?
I need to unlock the security pattern of my cell phone
you can't unlock bootloader, it's too late. you are screwed. either give it back to the child for playing (hopefully one day it get unlocked) or factory reset phone. you can't break screen lock on locked bootloader no matter what encryption type used.
aIecxs said:
you can't unlock bootloader, it's too late. you are screwed. either give it back to the child for playing (hopefully one day it get unlocked) or factory reset phone. you can't break screen lock on locked bootloader no matter what encryption type used.
Click to expand...
Click to collapse
THANK YOU SO MUCH FRIEND,
Is there an android security option that after many failed attempts, blocks the correct pattern?
until now, theres still no solution to this bug

Categories

Resources