Tuesday, October 27, 2015

6.0 marshmallow - How to get Adoptable storage encryption key without root access after I "forget it"


My micro SD card (set as adoptable storage) was corrupted while I was using my phone (Wiko Tommy with Android 6.0) during a trip. Probably because of a writing error on the filesystem, I guess.


I tried to unplug the SD card and to plug it again several times, but it didn't change nothing.


I should have stopped there, and wait in order to repair the SD card filesystem a few days later. But my phone wouldn't let me take pictures with the SD card unplugged ("storage is full", even if the internal storage wasn't full). So I unplugged the SD card, and told my phone to forget it. That way, I could use the internal storage again and take pictures.


Back with a computer available and with a SD card reader, I made an image of my SD card using the dd command. I tried to analyse filesystem problems with Testdisk, recover files with Photorec... But I realized that the SD card is encrypted and that this is probably my major concern.


I found this method that would enable me to get the encryption key and to read the SD card. Unfortunately it requires root access to read the /data/misc/vold folder, and my phone is not rooted. I would happily do it but I couldn't find any path toward it (it's a Wiko Tommy).



So I'm stuck there. Do you think of a way to get the files on the SD card back?



  • Find a way to root my phone?

  • Reverse the "forget" action so that the phone would read again the SD card (when the corrupted filesystem is fixed)?

  • Find a way to get the encryption key without root access, and then read from the image I have on the computer?

  • Use another SD card as adoptable storage, replace its contents by the old one (when the corrupted filesystem is fixed)?


Thank you



Answer



Find a way to root my phone? Not relevant... see below



Reverse the "forget" action so that the phone would read again the SD card (when the corrupted filesystem is fixed)? No, the forget action deletes the decryption token. It cannot be recovered by normal means.


Find a way to get the encryption key without root access, and then read from the image I have on the computer? No, the decryption token is in a directory that can only be read with root access, but it doesn't matter because the decryption token does not exist anymore.


Use another SD card as adoptable storage, replace its contents by the old one (when the corrupted filesystem is fixed)? There is a fix like this, it can be used in some situations like this or when moving to a larger card, the problem is that even if the corruption of the card is corrected, the data cannot be decrypted because the decryption token was erased when you "forgot" the card.


I am sorry to say, but your data on the card is now just random 0's and 1's, there is no way to decrypt the data without the decryption token (I call it a "token", it is the passphase/key or whatever you want to call it), the data will never be recoverable by any currently known method.


The root access is no longer relevant, if you didn't have it already... the reason is because to root the device requires the bootloader to be unlocked (in most cases) and doing so wipes all data on the phone, including the decryption token, which is why it is stated if you have root prior to this occurring there is a chance you can retrieve the token and decrypt the SD card.


The real problem is the token is gone because you did a "forget", if a new token is generated (by adopting a new card) it will be different than the old one. If you reinstall a "fixed" SD card with the same data, your phone will not know how to decrypt it and cannot read the data, it will most likely recommend that you format the card as either portable or adopted storage so it is usable.


No comments:

Post a Comment

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...