So I have encrypted a phone, Lineage OS 14.1 UNOFFICIAL. DIDNT WORK. i couldnt boot to os
I went into twrp made backup of everything except EFS partition,, transfered to my PC. Formatted data then even tried new OS install it does work. So i just went and tried restoring the data partition only and it restored it succesfully, when I try booting, It takes some time and encryption starts, automatically.
Is there a way to not start encryption process? Are there some files in data partition that are causing encryption process to start on boot which I can remove? Help
NOTE: TWRP did ask for my password when I was making my backup, so I entered correctly and It worked. I made a backup of that partition. My guess is that something is initiating the encryption process on boot
Encrypting is default behavior: since Android 4 it was FDE ( full-disk encryption ) , since Android 9 it's FBE ( file-based encryption ). Since Android 10 FBE is mandatory.
Encryption takes place when device gets booted if in Android's FSTAB file this flag is set.
jwoegerbauer said:
Encrypting is default behavior: since Android 4 it was FDE ( full-disk encryption ) , since Android 9 it's FBE ( file-based encryption ). Since Android 10 FBE is mandatory.
Encryption takes place when device gets booted if in Android's FSTAB file this flag is set.
Click to expand...
Click to collapse
First of all, thank you for your reply. Can I open and change that flag inside the fstab file?
android?boy said:
First of all, thank you for your reply. Can I open and change that flag inside the fstab file?
Click to expand...
Click to collapse
jwoegerbauer said:
Encrypting is default behavior: since Android 4 it was FDE ( full-disk encryption ) , since Android 9 it's FBE ( file-based encryption ). Since Android 10 FBE is mandatory.
Encryption takes place when device gets booted if in Android's FSTAB file this flag is set.
Click to expand...
Click to collapse
Also, Where is the fstab file located. I saw it in /etc/fstab, but I didnt change that partition when I restored only Data, so it must be there. Am I wrong?
To answer your question "Can I open and change that flag inside the fstab file?":
Even if fstab file is present - it's present in several locations, you cannot simply edit it and be done. You'd have to rebuild the boot image instead – a task that goes beyond the scope of this thread ( which is end-user orientated, and creating/rebuilding a boot image rather is in the domain of developers ).
first, determine encryption type.
Code:
adb shell getprop ro.crypto.type
adb shell getprop ro.crypto.state
next find the fstab. for older devices it is in boot ramdisk (needs un-/repacking boot.img with AIK)
https://forum.xda-developers.com/t/...-kernel-ramdisk-win-android-linux-mac.2073775
for (SAR) system-as-root devices it is in /vendor/etc.
assuming dm-verity is disabled and in TWRP system/vendor is mountable rw, for (FDE) full disk encryption you can replace the forceencrypt= flag with encryptable=
https://forum.xda-developers.com/t/4061571/post-82849947
for (FBE) file based encryption it is not possible to disable the first boot behaviour. either keep encryption as is (recommended) or destroy encryption completely by removing the fileencryption= flag and formatting /data.
there exist flashable zips for this
https://forum.xda-developers.com/t/...encrypt-disk-quota-disabler-11-2-2020.3817389
Related
Hi,
Although I passed my 40 I just bought my first smartphone a few week ago. It’s a Doogee S96Pro. As somebody who like to understand how it works, I already learn a few thing on the Android ecosystem.
I’ve been able to activate the developer mode and to use adb to uninstall some apps. I also managed to boot in fastboot mode to unlock the phone.
My first attempt at flashing was a fail, the phone was rebooting in a loop, indicating "Red state". I guess I should have never "fastboot flash boot/recovery foo.img" if "fastboot boot foo.img" didn’t work? What’s your opinion on this?
The Doogee support sent me a link to the files for my phone. In fact someone on this forum has had already posted it. The two archives are named :
S9S88A7.DGE.DOOGEE.EEA.HB.HJ.AYYDVFAZ.1130.V3.02.zip
S9S88A7.DGE.DOOGEE.HB.HJ.AYYDVFAZ.1203.V3.04.zip
To make the phone boot again I flashed the boot partition with the boot.img file I found in the second archive. If I understood what I read, the file with "EEA" in it’s name is the "European version" while the other one is the "Global version".
Although I flashed with the boot.img that was in S9S88A7.DGE.DOOGEE.HB.HJ.AYYDVFAZ.1203.V3.04.zip, if I go to the update info (About the phone > Update), I can see the string S9S88A7.DGE.DOOGEE.EEA.HB.HJ.AYYDVFAZ.0128.V3.03_20210128-1612. I don’t understand why this difference (v3.03 vs. v3.04).
Then I used the Magisk Manager to patch this boot.img file and flash it again. I now have root access on the phone which is nice.
Now the questions!
When booting the phone says: “Orange state, your phone’s unlocked”, then it boots normally. What’s the implication of this? I’m not sure but I think I tried to lock it again (fastboot flashing lock) but the message remains. Does it sound possible to you? I should check again this point…
In the Magisk Manager I also tried the "SafetyNet" check, which is refused. Is it OK? What does it imply? Why would I need to pass this SafetyNet test for?
I’m not sure I understood how the recovery thing works… I understand it’s another partition than "boot", and I know I can boot on it using the boot menu (pressing volume up when turning on the phone). What I don’t know is if it starts a recovering of the system automatically when booting on this partition (then erasing all data on the phone), or not.
Let’s say I flash the boot.img on the recovery partition (fastboot flash recovery boot.img). If I do a normal boot it should boot as usual, but if I boot on recovery it would boot on a virgin system. Am I right? Let says I configure nothing and reboot again, a normal boot this time. I then should get back to my usual, already configured system, as the "boot" partition hasn’t been modified. Is this also right?
Before doing anymore tests I would like to be able to backup an image with the phone already configured, with data and root access and applications. One (or maybe two or three?) file I can keep on my computer, and in case I break the boot on the phone, I could just fastboot flash boot my_custom_image.img to recover my phone configured. Oy maybe also flashing a "userdata" partition? Would I need some other partition? Is it more complicated than that?
It seems I have to identify the right partition(s) and carefully use dd to dump the partition to an image file… Before trying to do so I’d like to have some advice, hence this post!
Also. I read about a software called TWPR. Should I use it, and why ? I understand it’s a system aimed to be flashed on the recovery partition, is it right? What’s its use?
Finally I read about LineageOS which is the ultimate customization for the phone, it’s a “pure” Android, which is totally opensource (but it has to uses a lot of proprietary blob for devices AFAIK). I don’t think I’ll get there anyway. If I’m not mistaken it’s hard to do, especially with new phones nobody has ran LineageOS on, and there is something like no probability all the devices would work anyway.
Have a nice day.
there's no implication when you see "Orange state, your phone’s unlocked” unless you didn't the one who did it that means your device is tampered ..
also on SafetyNet is broad topic you can learn what it is here https://www.didgeridoohan.com/magisk/MagiskHideSafetyNet also
"Why would I need to pass this SafetyNet test for?" there are multiple reason such as you can't install banking apps,netflix, ...etc nor download them via playstore
moving on it is not recommend to backup userdata partition since it just contain all contains evidence of user activity. It contains call and SMS records, contacts, user-installed apps, app data, settings, and so-on-and-so-forth. In most newer phones, it also is likely to contain photos and videos and other user-generated files unless an external SD card is present. Also it would be impossible to restore userdata partition since android is encrypting it with unique key every time you set up your device https://source.android.com/security/encryption/full-disk
this prevent rooted application crawling on other application data such as paypal just stealing your login info and money
TWRP is like recovery mode but more feature packed (you can backup partition with it not available on stock recovery)
also experience is the best teacher you must experience failure to improve
ineedroot69 said:
Also it would be impossible to restore userdata partition since android is encrypting it with unique key every time you set up your device https://source.android.com/security/encryption/full-disk
this prevent rooted application crawling on other application data such as paypal just stealing your login info and money
Click to expand...
Click to collapse
With a simple ADB command you can decrypt Android partitions:
Code:
adb shell "recovery --set_encrypted_filesystem=on|off" <- enables / diasables encrypted fs
Hi,
Many thx for your answers.
also experience is the best teacher you must experience failure to improve
Click to expand...
Click to collapse
I can confirm that. I accidentally uninstalled the stock launcher with ADB. I’ve been able to install another launcher (I think I’ll keep on Nova Launcher). I tested a few (Launcher<3 and KISS Launcher), although they work fine none of them support switching between running apps. It’s a little bit annoying but I have another way to stop running apps (with App Manager). I guess the only way to get this functionality back is to flash again the boot partition with the Magisk patched image I already used, and to re-configure all the phone again (this is good to learn and luckily I don’t have important data in the phone yet).
Also it would be impossible to restore userdata partition since android is encrypting it with unique key every time you set up your device https://source.android.com/security/encryption/full-disk
Click to expand...
Click to collapse
Couldn’t be possible to dump both boot and userdata partitions and then flash them back both “at once”. The key for encrypting/decrypting the user data being contains in the boot (system ?) partition?
I realize Android has a bunch of security configuration you rarely find on a Linux server. Also the hardware is full of devices which require close-source firmware to operate. This is definitively not a good platform for hacking, like most PC are or a Rasberry Pi is . And I bet Windows and Apple phones are evermore closed…
About encrypting, I have a file called "googlekey/kb_0000000000.bin", which is the same in two archives the support sent me
$ md5sum S9S88A7.DGE.DOOGEE.*/googlekey/kb*
ead8a1d0f11e5f12bdda0f7a22935c2b S9S88A7.DGE.DOOGEE.EEA.HB.HJ.AYYDVFAZ.1130.V3.02/googlekey/kb_0000000000.bin
ead8a1d0f11e5f12bdda0f7a22935c2b S9S88A7.DGE.DOOGEE.HB.HJ.AYYDVFAZ.1203.V3.04/googlekey/kb_0000000000.bin
Click to expand...
Click to collapse
This file is not “per device” knowing every S96Pro users get the same archives. What’s its purpose?
I wonder the same for many files in this archive but I won’t bother you, I’ll make some search.
The one thing I’d like to understand is why the archive is labelled "1203.V3.04" and the system on my phone (after I flashed the boot partition with (a Magisk patched made from) the boot.img in this archive says : "0128.V3.03_20210128". Could it be related to the Magisk patching? (I didn’t check what I had with the stock boot.img). Or I have been downgraded by Google during install?
With a simple ADB command you can decrypt Android partitions:
Click to expand...
Click to collapse
Thx for this. What does it imply to do so? Will the Android system run with this unencrypted data partition? Is there a way to encrypt it again? (With ADB or directly in the phone?)
I’ve seen there are dozens of partitions on a running Android. So far this is what I understood (is this correct?) : There are three important partitions : boot, recovery and userdata. "boot" et "recovery" are the only ones the device can boot on (except booting from an image in fastboot mode using "fastboot boot boot.img"?). Are they some other important partitions this is important to be aware of?
Having a bootable "boot" and a bootable "recovery" partitions, it should be possible to install two different Android OS? I guess this is not possible and the "recovery" partition is dedicated to recovering (ie: reinstall the system) but I don’t understand how and why exactly. The encrypting thing maybe? The system must have a userdata partition and this one can’t be shared between to system…
I think I should buy an older Android smartphone to make all that kind of test, especially knowing I don’t have any other phone I can use for everyday use… Do you have some advice on brands and models which are more friendly with customization of the system?
Apart of ADB and fastboot, what are the other important tools to know about?
For Android development (I mean development of apps for Android), does everyone use an emulator? What’s the best option for such an emulator on Linux?
Have a nice day.
Marotte said:
For Android development (I mean development of apps for Android), does everyone use an emulator? What’s the best option for such an emulator on Linux?
Click to expand...
Click to collapse
My recommendation is GenyMotion for Linux. This emulator requires VirtualBox for Linux gets installed before.
Install GenyMotion
How To Install GenyMotion (Android Emulator) On Linux | 2DayGeek
2daygeek.com Linux Tips, Tricks & News today :- How to Install GenyMotion (Android Emulator) on Ubuntu, Debian, Linux Mint, openSUSE, Arch Linux, Fedora, CentOS, RHEL, Mageia, Manjaro
www.2daygeek.com
DL VirtualBox
Linux_Downloads – Oracle VM VirtualBox
www.virtualbox.org
Marotte said:
Having a bootable "boot" and a bootable "recovery" partitions, it should be possible to install two different Android OS? I guess this is not possible and the "recovery" partition is dedicated to recovering (ie: reinstall the system) but I don’t understand how and why exactly. The encrypting thing maybe?
Click to expand...
Click to collapse
Partitions /boot & /recovery explained:
/boot
This is the partition that enables the phone to boot, as the name suggests. It includes the kernel and the ramdisk. Without this partition, the device will simply not be able to boot.
/recovery
The recovery partition can be considered as an alternative boot partition that lets you boot the device into a recovery console for performing advanced recovery and maintenance operations on it.
That's what you can do from within the recovery console:
Reboot system now
Install ZIP from SD-card
Install ZIP from Sideload
Wipe data / factory reset
Wipe cache partition
Backup and restore
Hi,
Many thx for your answers.
also experience is the best teacher you must experience failure to improve
Click to expand...
Click to collapse
I can confirm that. I accidentally uninstalled the stock launcher with ADB. I’ve been able to install another launcher (I think I’ll keep on Nova Launcher). I tested a few (Launcher<3 and KISS Launcher), although they work fine none of them support switching between running apps. It’s a little bit annoying but I have another way to stop running apps (with App Manager). I guess the only way to get this functionality back is to flash again the boot partition with the Magisk patched image I already used, and to re-configure all the phone again (this is good to learn and luckily I don’t have important data in the phone yet).
Also it would be impossible to restore userdata partition since android is encrypting it with unique key every time you set up your device https://source.android.com/security/encryption/full-disk
Click to expand...
Click to collapse
Couldn’t be possible to dump both boot and userdata partitions and then flash them back both “at once”. The key for encrypting/decrypting the user data being contains in the boot (system ?) partition?
I realize Android has a bunch of security configuration you rarely find on a Linux server. Also the hardware is full of devices which require close-source firmware to operate. This is definitively not a good platform for hacking, like most PC are or a Rasberry Pi is . And I bet Windows and Apple phones are evermore closed…
About encrypting, I have a file called "googlekey/kb_0000000000.bin", which is the same in two archives the support sent me
$ md5sum S9S88A7.DGE.DOOGEE.*/googlekey/kb*
ead8a1d0f11e5f12bdda0f7a22935c2b S9S88A7.DGE.DOOGEE.EEA.HB.HJ.AYYDVFAZ.1130.V3.02/googlekey/kb_0000000000.bin
ead8a1d0f11e5f12bdda0f7a22935c2b S9S88A7.DGE.DOOGEE.HB.HJ.AYYDVFAZ.1203.V3.04/googlekey/kb_0000000000.bin
Click to expand...
Click to collapse
This file is not “per device” knowing every S96Pro users get the same archives. What’s its purpose?
I wonder the same for many files in this archive but I won’t bother you, I’ll make some search.
The one thing I’d like to understand is why the archive is labelled "1203.V3.04" and the system on my phone (after I flashed the boot partition with (a Magisk patched made from) the boot.img in this archive says : "0128.V3.03_20210128". Could it be related to the Magisk patching? (I didn’t check what I had with the stock boot.img). Or I have been downgraded by Google during install?
With a simple ADB command you can decrypt Android partitions:
Click to expand...
Click to collapse
Thx for this. What does it imply to do so? Will the Android system run with this unencrypted data partition? Is there a way to encrypt it again? (With ADB or directly in the phone?)
I’ve seen there are dozens of partitions on a running Android. So far this is what I understood (is this correct?) : There are three important partitions : boot, recovery and userdata. "boot" et "recovery" are the only ones the device can boot on (except booting from an image in fastboot mode using "fastboot boot boot.img"?). Are they some other important partitions this is important to be aware of?
Having a bootable "boot" and a bootable "recovery" partitions, it should be possible to install two different Android OS? I guess this is not possible and the "recovery" partition is dedicated to recovering (ie: reinstall the system) but I don’t understand how and why exactly. The encrypting thing maybe? The system must have a userdata partition and this one can’t be shared between to system…
I think I should buy an older Android smartphone to make all that kind of test, especially knowing I don’t have any other phone I can use for everyday use… Do you have some advice on brands and models which are more friendly with customization of the system?
Apart of ADB and fastboot, what are the other important tools to know about?
For Android development (I mean development of apps for Android), does everyone use an emulator? What’s the best option for such an emulator on Linux?
Have a nice day.
Have a nice day.
jwoegerbauer said:
My recommendation is GenyMotion for Linux. This emulator requires VirtualBox for Linux gets installed before.
Install GenyMotion
How To Install GenyMotion (Android Emulator) On Linux | 2DayGeek
2daygeek.com Linux Tips, Tricks & News today :- How to Install GenyMotion (Android Emulator) on Ubuntu, Debian, Linux Mint, openSUSE, Arch Linux, Fedora, CentOS, RHEL, Mageia, Manjaro
www.2daygeek.com
DL VirtualBox
Linux_Downloads – Oracle VM VirtualBox
www.virtualbox.org
Click to expand...
Click to collapse
I went for the official Android Studio from Google. I guess it’s the best for a complete newbie like me. I’ve been able to start a virtual phone with it.
Hi.
I need some help on decryption. I'm developing a TWRP recovery for the Atom XL and am stuck at the moment. I was able to set up the stock trustkernel (teed) and keymaster. The recovery boots fine and "/data/system" gets decrypted and is readable BUT everything else is still encrypted.
In the log I get the message "Unable to locate gatekeeper password file '/data/system/gatekeeper.pattern.key'" but checking after booting into the OS there is no such file anywhere on "/data". I did a little bit of research in the source code and as far as I understand the function "Get_Password_Type" in "Decrypt.cpp" the check for "/data/system/gatekeeper.pattern.key" is just a fallback if "/data/system_de/0/spblob/" cannot be read.
And I have in fact that folder but it's still encrypted in TWRP while it is fully readable in the OS. Now my guess is that "/data/system_de" doesn't get decrypted properly. DE means Device Encryption and that should be done the same way as the decryption of "/data/system" or am I wrong? So what am I missing?
I checked with many other TWRP device trees who claimed to be able to decrypt but I can't find any (significant) differences.
wkr ADT
EDIT: It's an Android 10 (LineageOS 17.1) device with FBE. TWRP is 3.5.1_10.0
So I was finally able to figure everything out.
Here is my story for those who are struggling like me:
Decryption is not (completely) working · Issue #3 · ADeadTrousers/twrp_device_Unihertz_Atom_LXL
After booting into the recovery and browsing the filesystem, everything looks a little bit "garbled". Especially the /sdcard doesn't seem to be alright. Here you can only see folders with "GUID"-li...
github.com
It's for a mediatek helios p60 (mt6771) device using "trustkernel" (teed / app/t6) as it's security framework.
Hi !
Is "Secure start-up" encryption for bootloader strong enough to keep all my data safe from the thief? Basically , all the data stored in the Emmc memory is encrypted , so , even if they swap (hot swap) the Emmc chip out of the phone's PCB into a Emmc programmer/reader , they can't read the data without the magic encryption key . It's strong enough this feature to keep the sensitive data , as an example (credit card credentials) , safe against any intruder ? So , there isn't an exploit for that , and the encryption level should be AES128 if I'm not wrong ? It's 100% safe ?
Boot encryption has NOTHING to do with Android's data ( disk-based / file-based ) encryption: Secure boot is a process that validates firmware images on devices before they are allowed to execute, secure boot helps to ensure that only authorized code can execute before the operating system loads.
Means: Secure boot cryptographically validates the digital signature of all boot components and finally the main OS and all components that run in it ( such as drivers and system apps ).
jwoegerbauer said:
Boot encryption has NOTHING to do with Android's data ( disk-based / file-based ) encryption: Secure boot is a process that validates firmware images on devices before they are allowed to execute, secure boot helps to ensure that only authorized code can execute before the operating system loads.
Means: Secure boot cryptographically validates the digital signature of all boot components and finally the main OS and all components that run in it ( such as drivers and system apps ).
Click to expand...
Click to collapse
but Android encryption? Can I leave there my data ? You didn't answer to it ...
I referred to this thread's title.
Android's symmetric disk-based encryption ( Android 5 up to Android 9 ) and/or file-based encrpytion ( Android 10 and higher ) works as follows: 1st step is Android creates an AES-128 key what is called Masterkey - stored in Android's system. 2nd step is Android creates from user PIN / Password an additional AES-128 key what is used to encrypt the Masterkey - also stored in Android's system.
Knowing this I personally don't think you can crack the doubly encrypted key. But who knows ...
I am loosing my marbles and I only have a hand full left.
I'm using an Infinix S4 x626b with stock XOS Pie, TWRP and Magisk.
what I want to do: disable force encryption on the userdata partition or share the decryption key with TWRP so I can keep my TWRP setings and install / flash whatever I need without formating the data partition and having to reset my phone every time
Ignoring all the problems I faced up untill trying to remove force encryption (and trust me, there were many) I am at a loss for what to do.
What I have tried; wiping the patition, formating the partition, wiping and formating, nuking the LUKS header, nuking the LUKS footer, nuking both, nuking the whole partition, messing with
Code:
recovery --wipe --force-encryption=off
editing the fstab, flashing empty vbmeta, flashing a plaintext copy of the data partition and a mixture of any two or more options at once.
I am tired. I am exhausted. I would research where / how the keys are generated / stored, but I can't and I won't
I will check back tomorrow.
God Speed.
-Qwerty
I will bump this thread in hopes for a reply form someone who knows
Sharing keys as I envisioned is not posible.
The TEE handles keys and is REALY secure and proprietary, I'm not reverse engineering that.
TWRP is broken, so many broken implementations, it won't properly decrypt the partition even with the right password, I'd fix it if I knew how...
do you people know anything about Full Disk Enryption and how it's implemented in AOSP 9.0 Pie?
Hello,
the proper section for my question was a bit tricky for me, so I will put it in General Q&A:
I use a device that comes with File based Encryption - namely Samsung Knox.
(But its not a Samsung Knox specific question)
For that I use some AOSP based ROM - namely LineageOS
(Im not too sure if thats some LOS specific question ... )
Now: File based Encryption comes as default.
But I want some Full Disk Encryption for personal preference.
The GUI of my ROM does not allow me to change the encryption method.
Neither can I deactivate FBE in my ROM, nor can I manually put a second layer with FDE ontop.
So: How to enforce FDE?
I guess with building my own ROM it could be achieved - but obviously I look for some easier way, like shell commands to get rid of FBE first and later use regular ROM capabilities to just use the AOSP internal FDE feature.
Anyone with any experience in this field?
Thanks
IMO you had better asked for help here:
Android Q&A, Help & Troubleshooting
This forum is for all of your questions about Android Development and Hacking. If you need help troubleshooting a problem, please be as specific as possible by describing your software configuration, including the ROM, kernel, and any modifications you've done.
forum.xda-developers.com
It's simply not a choice, you have to live with whatever the ROM provides. Of course you can disable encryption and format userdata at wish unencrypted.
May I ask what's the benefit of FDE compared to FBE?
(btw Samsung encryption is unrelated to Samsung Knox)
aIecxs said:
May I ask what's the benefit of FDE compared to FBE?
Click to expand...
Click to collapse
File Based Encryption (FBE)
Note: That's became default with the release of Android 10 in 2019.
Cold Device – contains a stock background image, user data is locked, and needs bruteforce to access.
Hot Device – background image is visible, the camera is accessible, so data collection can be performed on the phone with the proper tools without knowing the passcode.
Full Disc Encryption with Secure Start-Up (FDE)
Note: That's default encryption since Android 6.
Cold Device (Samsung) – must enter the user’s password before the device will even start
Cold Device (LG) – the operating system is not fully booted without the password
Understanding how to differentiate between cold and hot devices while collecting data will help ensure you use the proper tools.
BTW:
If on device USB-Debugging is enabled - most users do so to have an emergency entrance - a hacker can use ADB to easily intrude in device's Android and deduct data even if they are FBE encrypted, whereas on a FDE encrypted device a hacker stands in front of a closed door, IMO, although ADB may be fully functional.
If you use a screen lock on your Android smartphone, full-disk encryption is enabled by default.
jwoegerbauer said:
If on device USB-Debugging is enabled - most users do so to have an emergency entrance - a hacker can use ADB to easily intrude in device's Android and deduct data even if they are FBE encrypted, whereas on a FDE encrypted device a hacker stands in front of a closed door, IMO.
Click to expand...
Click to collapse
Thx but I asked OP.
adbd is running only after userdata is decrypted, as adb_keys is located /data/misc/adb. therefore that would make no difference (btw hacker would need adbkey.pub of victims PC) despites most user don't have enabled usb debugging at all.
There is no difference between FBE and FDE on "Hot Device" after first unlock (decrypt), except that FBE is more secure before first unlock, as the moment android lock screen appears, FDE whole disk is already decrypted, while FBE is splitted in (ce) credential encrypted + (de) device encrypted storage.
the so called secure start-up is optional. most stock FDE encrypted devices are simply encrypted with default_password and are easier to break (I have done many times). In such case it's even possible to bypass screen lock by simply deleting locksettings.db, while the same would for sure destroy FBE and make files unrecoverable.
But even on secure start-up it's easier to bruteforce passphrase online, as the (encrypted) DEK is saved in userspace (crypto-footer) only, which (in theory) allows attacker to backup & restore status quo to cheat gatekeeper timeout and it's even possible to reset failed decrypts counter, while on FBE encryption key is stored in TEE only which makes it impossible to backup (and therefore harder to cheat gatekeeper).
Furthermore, once decrypted, on FDE it's (hard but) possible to recover deleted files, while on FBE it's impossible to recover deleted files per design.
I see no reason to believe FBE is less secure than FDE and don't see the benefit.
btw Samsung devices provide (FBE) "Strong protection" which is successor to (FDE) Secure startup:
-> Settings -> Biometrics and security -> Other security settings -> Strong protection
jwoegerbauer said:
If you use a screen lock on your Android smartphone, full-disk encryption is enabled by default.
Click to expand...
Click to collapse
Completely unrelated to each other. Two cases:
1) I personally prefer unlocked bootloader and use no encryption at all (I have disabled forcefully), but still I am using pin as screen lock. (there is no private data on phone, that's my decision)
2) stock devices are encrypted on first boot, even before user reaches initial setup. user can decide to just swipe with no pin at all, still device itself is encrypted, despites it has no screen lock.
This applies to both FDE and FBE.
aIecxs said:
Thx but I asked OP.
adbd is running only after userdata is decrypted, as adb_keys located /data/misc/adb. therefore that would make no difference (btw hacker would need adbkey.pub of victims PC) despites most user don't have enabled usb debugging at all.
Click to expand...
Click to collapse
Only allowed me to do you often do.
If you could boot a device into recovery mode - what method used ever - then ADB is accessible and fully functional, AFAIK.
jwoegerbauer said:
If you could boot a device into recovery mode - what method used ever - then ADB is accessible and fully functional, AFAIK.
Click to expand...
Click to collapse
Right, if you can boot into custom recovery, which avb/dm-verity prevents on locked bootloader, at least it should
Still it makes no difference to bruteforce FDE or FBE then, assuming TWRP magically bypasses gatekeeper timeout.
btw Cellebrite, isn't that the company that got hacked by signal founder after false claim they could crack signal?
https://arstechnica.com/information...turns-the-tables-on-forensics-firm-cellebrite