• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help J5 decrypt eMMC

B

BuggyDroid

Lurker
Hey

a friend of mine accidentally deleted a few files on her 2016 J5. I told her I can try to recover them. First thing I did was trying to root the phone, which resulted in a error message. On the next bootup a message appeared, saying that there is a security issue and in order to continue, the userdata has to be formated. Obviously I didnt click ok, instead I removed the battery, and eventually desoldered the eMMC chip in order to backup the data there. I got all the partitions backed up, including the userdata.img. Nevertheless the userdata image is the only one I am not able to extract nor mount. So I suppose it is encrypted.

Myy friend used a key pattern lock, I do know the combination. Is there a way to decrypt the userdata using adb maybe?
 
BuggyDroid said:
Hey

a friend of mine accidentally deleted a few files on her 2016 J5. I told her I can try to recover them. First thing I did was trying to root the phone, which resulted in a error message. On the next bootup a message appeared, saying that there is a security issue and in order to continue, the userdata has to be formated. Obviously I didnt click ok, instead I removed the battery, and eventually desoldered the eMMC chip in order to backup the data there. I got all the partitions backed up, including the userdata.img. Nevertheless the userdata image is the only one I am not able to extract nor mount. So I suppose it is encrypted.

Myy friend used a key pattern lock, I do know the combination. Is there a way to decrypt the userdata using adb maybe?
Click to expand...

Yeh, it's AES256 encrypted and the key was in the phone.
FYI:
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
At present, there is no known practical attack that would allow someone without knowledge of the key to read data encrypted by AES when correctly implemented.

You might be SOL I think, not unless you got a supercomputer and something like 100,000 years to spare, to brute-force attack it.
 
mikedt said:
Yeh, it's AES256 encrypted and the key was in the phone.

I have a second phone here, same model, which I bought for testing. I did not configure any security such as PIN or pattern lock on that phone. I did a backup of the eMMC, but in that backup I can access the userdata image and read all files like photos without problem.

thats why I came to the conclusion that the encryption only depends on the pattern lock which was set on the other phone...

anyway, I can solder the eMMC back to the original phone, I guess then the userdata partition might get formated. The question is: do I have a way to extract the key for decrypting the userdata backup, once the phone is running again?
Click to expand...
 
You must log in or register to reply here.
Back
Top Bottom