Hello, after reading the docs, especially NIST and Samsung, I realized that encryption follows the same standard described so it should be seen the same way other phone are seen. I tried again to decrypt the phone and it works!
I'll look at the few apps I installed before the crash to identify if one of them causes the crash. Thank you again for the docs links, - Fil Lupin. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, August 4th, 2021 at 9:52 PM, Fil Lupin via Replicant <[email protected]> wrote: > On Tuesday, August 3rd, 2021 at 1:16 AM, Denis 'GNUtoo' Carikli > [email protected] wrote: > > > On Mon, 02 Aug 2021 17:07:12 +0000 > > > > The issue as I understand is that these Android versions uses dm-crypt, > > > > and it's up to the vendor to use that interface in the way they want. > > > > So as I understand, because of that, there is some variations in the key > > > > derivation algorithm between devices and vendors. > > > > Here I hope that we are in some generic case. > > > > In Replicant 6.0, the key derivation algorithm cannot use > > > > knox/TrustZone because Wolfgang disabled the mobicore driver (for > > > > obvious freedom, privacy and security reasons), so even if some drivers > > > > still (have to) use TrustZone, userspace can't. > > > > So even if mobicore is enabled in the Replicant 4.2 kernel, the > > > > probability of it being used for key derivation is low. > > Indeed, I didn't see the remark page 21 of Thomas Cannon : "Samsung has their > own key management module" > > Using android-encryption, I got the following output : > ------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > Decrypted Data : > 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 > > 000000000000000000000000000000000000000000000 > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > In > https://github.com/viaforensics/android-encryption/blob/master/screenshots/6_decrypted-compare.png > first bytes seems to be non-zero and are followed by zeros. > > My output is only composed by zero... > > > > I also tried http://github.com/sogeti-esec-lab/android-fde which > > > > > > allows to launch `./decrypt.py USERDATA.img metadata output/DATA` to > > > > > > put decrypted_data in `output/DATA`. Then I do not succeed to mount > > > > > > it. Do you have any idea how to do this? > > > > If that created a file, you could try to see if you can see things > > > > inside the file, or about the file, for instance with photorec, strings, > > > > or file. > > I can't find any readable string with Photorec or reading first bytes of file. > > > Normally the following should work for partitions: > > > > > $ mkdir mnt > > > > > > $ sudo mount -o loop file.img ./mnt > > > > So if that doesn't work, maybe something else is wrong. > > Sadly, I got an error: "mount: XXX: wrong fs type, bad option, bad superblock > on /dev/loop1, missing codepage or helper program, or other error" > > I'll try to see how the key can be managed by Samsung. > > - Fil Lupin. > > Replicant mailing list > > [email protected] > > https://lists.osuosl.org/mailman/listinfo/replicant _______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
