On Tuesday, August 3rd, 2021 at 1:16 AM, Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org> wrote:
> On Mon, 02 Aug 2021 17:07:12 +0000 > > The issue as I understand is that these Android versions uses dm-crypt, > > and it's up to the vendor to use that interface in the way they want. > > So as I understand, because of that, there is some variations in the key > > derivation algorithm between devices and vendors. > > Here I hope that we are in some generic case. > > In Replicant 6.0, the key derivation algorithm cannot use > > knox/TrustZone because Wolfgang disabled the mobicore driver (for > > obvious freedom, privacy and security reasons), so even if some drivers > > still (have to) use TrustZone, userspace can't. > > So even if mobicore is enabled in the Replicant 4.2 kernel, the > > probability of it being used for key derivation is low. Indeed, I didn't see the remark page 21 of Thomas Cannon : "Samsung has their own key management module" Using android-encryption, I got the following output : --- Decrypted Data : 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000 --- In https://github.com/viaforensics/android-encryption/blob/master/screenshots/6_decrypted-compare.png first bytes seems to be non-zero and are followed by zeros. My output is only composed by zero... > > I also tried http://github.com/sogeti-esec-lab/android-fde which > > > > allows to launch `./decrypt.py USERDATA.img metadata output/DATA` to > > > > put decrypted_data in `output/DATA`. Then I do not succeed to mount > > > > it. Do you have any idea how to do this? > > If that created a file, you could try to see if you can see things > > inside the file, or about the file, for instance with photorec, strings, > > or file. I can't find any readable string with Photorec or reading first bytes of file. > Normally the following should work for partitions: > > > $ mkdir mnt > > > > $ sudo mount -o loop file.img ./mnt > > So if that doesn't work, maybe something else is wrong. Sadly, I got an error: "mount: XXX: wrong fs type, bad option, bad superblock on /dev/loop1, missing codepage or helper program, or other error" I'll try to see how the key can be managed by Samsung. - Fil Lupin. _______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant