On Mon, 02 Aug 2021 17:07:12 +0000 Fil Lupin via Replicant <replicant@osuosl.org> wrote:
> Hi, > I tried https://github.com/viaforensics/android-encryption/ > You need to get /efs/metadata in recovery mode, and then define > header_file to this file, and encrypted_partition to the image done > as suggested in > https://redmine.replicant.us/projects/replicant/wiki/BackupTheDataPartition#Backing-up-the-data-partition > However, the second soft seems more complete. The issue as I understand is that these Android versions uses dm-crypt, and it's up to the vendor to use that interface in the way they want. So as I understand, because of that, there is some variations in the key derivation algorithm between devices and vendors. Here I hope that we are in some generic case. In Replicant 6.0, the key derivation algorithm cannot use knox/TrustZone because Wolfgang disabled the mobicore driver (for obvious freedom, privacy and security reasons), so even if some drivers still (have to) use TrustZone, userspace can't. So even if mobicore is enabled in the Replicant 4.2 kernel, the probability of it being used for key derivation is low. > I also tried http://github.com/sogeti-esec-lab/android-fde which > allows to launch `./decrypt.py USERDATA.img metadata output/DATA` to > put decrypted_data in `output/DATA`. Then I do not succeed to mount > it. Do you have any idea how to do this? If that created a file, you could try to see if you can see things inside the file, or about the file, for instance with photorec, strings, or file. Normally the following should work for partitions: > $ mkdir mnt > $ sudo mount -o loop file.img ./mnt So if that doesn't work, maybe something else is wrong. Denis.
pgpZOH0fJ8VPr.pgp
Description: OpenPGP digital signature
_______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant