• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Any Way to Recover 2FA Data From Dead Phone?

persistentone

Well-Known Member
I have a dead Android phone that I may not be able to repair. Is there a way to get data off the phone, and specifically is there a way to transfer my two factor authentication data off the phone so that I can use the same codes on a new phone?
 
It depends on how dead it is. It it can't power up then there is no way of talking to it. The data are stored on an encrypted storage chip that is fixed to the motherboard, and will be decrypted when you boot the phone and log in - which means that if you can't boot it and log in you are stuck.

If you already have a custom recovery installed and can boot into recovery mode there might be other options. But a stock recovery module is no use here, and you won't be able to install a custom recovery (if one exists for this phone) if the bootloader isn't already unlocked, since unlocking the bootloader will erase your data anyway.

I'm afraid this comes back to the old rule: if something is important, you need to keep backups.
 
It depends on how dead it is. It it can't power up then there is no way of talking to it. The data are stored on an encrypted storage chip that is fixed to the motherboard, and will be decrypted when you boot the phone and log in - which means that if you can't boot it and log in you are stuck.

What you say makes sense, yet it is interesting that there are dozens of articles online claiming you can use software on a PC to connect to and extract data from a dead phone. For example:
https://android.imyfone.com/undelete-android/recover-data-from-dead-android-phone/

All of these software applications they reference look suspect, so is all of this just a cynical spyware industry?

I am finding that many websites have no recovery procedure once you enable 2FA. It's a nightmare.

It is worth mentioning that my dead phone is an older Samsung Galaxy S4. So possibly the encryption is not done as strictly?
 
With an S4 it's possible the storage isn't encrypted at all - it was only phones that were originally released with android 5 would have it on by default.

But it brings us back to "what do you mean by dead?". You cannot get information from a phone with just a USB lead and some PC software if it won't boot up: if there's no operating system running then there's nothing for the PC to talk to. You might be able to do it with a JTAG rig, but I think that will require opening the phone up and using a specialised connector - I don't believe you can do it over USB. Perhaps these utilities rely on the phone not really being as dead as the user thinks? I mean, as long as they don't charge upfront and don't contain malware there's not much to lose in trying, but I am sceptical (though an older phone, less secure in several respects, might have more chance).
 
What you say makes sense, yet it is interesting that there are dozens of articles online claiming you can use software on a PC to connect to and extract data from a dead phone. For example:
https://android.imyfone.com/undelete-android/recover-data-from-dead-android-phone/

All of these software applications they reference look suspect, so is all of this just a cynical spyware industry?

I am finding that many websites have no recovery procedure once you enable 2FA. It's a nightmare.

It is worth mentioning that my dead phone is an older Samsung Galaxy S4. So possibly the encryption is not done as strictly?

Depending on the whatever it is 2FA app you're using, some of them do have a way of backup and/or alternative way of logging back in.

I use the Google Authenticator 2FA app on quite a few sites, including Android Forums, and Google does provide a backup for that. Like sending 2FA codes to the registered email address, or via SMS to the registered phone number. Check if you've got anything like that for your particular 2FA.
 
Last edited:
But it brings us back to "what do you mean by dead?". You cannot get information from a phone with just a USB lead and some PC software if it won't boot up: if there's no operating system running then there's nothing for the PC to talk to. You might be able to do it with a JTAG rig, but I think that will require opening the phone up and using a specialized connector - I don't believe you can do it over USB. Perhaps these utilities rely on the phone not really being as dead as the user thinks? I mean, as long as they don't charge upfront and don't contain malware there's not much to lose in trying, but I am skeptical (though an older phone, less secure in several respects, might have more chance).

What I mean by "dead" is the phone cannot be powered on, because the power switch is broken.

I do understand your point that connecting to a phone from an external USB and application probably requires the phone to be powered on. But the article I referenced - and many others like it - describes phones that cannot be powered on and imply that somehow the phone's internal storage can be accessed from a PC running their software. All of those articles look a bit sleazy to me, and it is probably virus ware trying to exploit the misery of people. Let's see if anyone else can clarify.
 
What I mean by "dead" is the phone cannot be powered on, because the power switch is broken.

I do understand your point that connecting to a phone from an external USB and application probably requires the phone to be powered on. But the article I referenced - and many others like it - describes phones that cannot be powered on and imply that somehow the phone's internal storage can be accessed from a PC running their software. All of those articles look a bit sleazy to me, and it is probably virus ware trying to exploit the misery of people. Let's see if anyone else can clarify.

Yes, those websites are very sleazy and are complete BS.
 
Back
Top Bottom