Related
I'm no expert when it comes to the topics of rooting and getting access to the emmc and all of that good stuff. I more specialize in ROMs and themes and stuff, the less complexed stuff lol
Someone has posted an idea in the general forums in relation to permanent root, I'm not sure if he posted it here or not. So here's what he wrote....and is it possible? Or does it have to be done manually first before this idea can happen?
Originally Posted by deliberate187
In order to unlock the phone, we have to figure out what the protected sectors are first and all related flags. If an Android app could be made to have direct read access to the eMMC filesystems (including write protect flags) and save a log to the SD card detailing these items, this would be ideal.
Then all that would remain is a program to undo the write protection (and re-do it if necessary to unvoid warranty)
If anyone is willing to create these programs, I would be more than happy to test them out on my own G2.
However, I think the keys to the mystery may lie in the recovery image, and/or in the bootloader itself. Has anyone disassembled these yet?
Click to expand...
Click to collapse
Sorry to have to tell you but this is all old information stuff we already know just are unable to do anything about it. Its harder then just coming up with an idea of something. Now if we knew a person that programed the g2 in htc factory then all would be good but as of now we just dont have the information we need to do anything
thanks
Thanks for the idea. Some people will be mad you didn't post in the root thread though.
File under "I'm no expert but..."
Here is one observation I have noted in my exploration. The root filesystem and system partition are mounted with the flags "-o ro,relatime" but in addition the /system partition has ",errors=continue" leading me to believe that this change is in fact written to the release configuration rather than to the eMMC itself. Can anyone try to get a permanent write to the fstab and see if this can net us permanent root? Possibly take a temp root session and remount the system and / filesystems read/write to see if writes stick... just an idea.
The errors=continue flag allows the ext3 filesystem to continue working even if there was a read/write error.
I've been able to get the system to change to r/w a couple times while wandering through root explorer. I have made subtle changes to certain folders such as moving txt files but nothing has ever been permanent. I can't really tell you how I did it either seeing as I can't replicate it on demand...I'm assuming it still gets written to cache despite being in the /system
Sent from my T-Mobile G2 using XDA App
heyy, I'm not punchie, I've got what the doctor calls a relaxed brain
I am thinking there should be a set of adb commands to unlock the nand. I am definitely thinking a nand dump and full disassembly of the bootloader and recovery image could be absolutely crucial in discovering what needs to be done. Just a thought, has anyone done a nandroid backup of the G2 yet? I'm pretty sure TMob doesn't have HTC encrypt its bootloaders...
deliberate187 said:
I am thinking there should be a set of adb commands to unlock the nand. I am definitely thinking a nand dump and full disassembly of the bootloader and recovery image could be absolutely crucial in discovering what needs to be done. Just a thought, has anyone done a nandroid backup of the G2 yet? I'm pretty sure TMob doesn't have HTC encrypt its bootloaders...
Click to expand...
Click to collapse
if you can figure it out, go for it and i wish you luck
deliberate187 said:
Here is one observation I have noted in my exploration. The root filesystem and system partition are mounted with the flags "-o ro,relatime" but in addition the /system partition has ",errors=continue" leading me to believe that this change is in fact written to the release configuration rather than to the eMMC itself. Can anyone try to get a permanent write to the fstab and see if this can net us permanent root? Possibly take a temp root session and remount the system and / filesystems read/write to see if writes stick... just an idea.
The errors=continue flag allows the ext3 filesystem to continue working even if there was a read/write error.
Click to expand...
Click to collapse
If it were only this easy.
Re-mounting /system as r/w is part of the rooting process. This does not result in changes written to eMMC. In fact, the controller "lies" to Linux that the change has been synced. From then on, Linux holds the changes in its cache which, when dropped or rebooted, reverts changed files to their original state (because they were never written in the first place.)
The ext3 continue on errors thing is merely a way to skip fsck in the event that the read-only system has issues in the journal (very unlikely to happen, since nothing can write to it.) Presumably, this only covers an oversight in OTA updates (where the journal of the image provided by the OEM is dirty for some odd reason.) Again, since nothing can write to /system, it's all but an impossible scenario (nothing can write to the journal either...)
As for marking "sectors" as write-protected or not, that's also easier said than done. Entire partitions are locked, and half of the space is mysteriously "missing." It's difficult to see what's really going on from userland, as the device is deceptive as to what is and is not being written, or what is even stored on the eMMC in the first place.
The real solution is to exploit either the boot-loader or eMMC (re)/initialization somehow to allow a) unsigned firmware to be loaded and/or b) allow booting without write protection, allowing us to c) flash rooted rom to the phone and/or d) disable said protection. The unlock procedure will likely be similar to Unrevoked, as that is essentially the same situation (aside from the controller issue.)
All of this is covered in the wiki and various threads - check those out, if you find a way around it everyone would be glad to hear it.
HamNCheese said:
If it were only this easy.
Re-mounting /system as r/w is part of the rooting process. This does not result in changes written to eMMC. In fact, the controller "lies" to Linux that the change has been synced. From then on, Linux holds the changes in its cache which, when dropped or rebooted, reverts changed files to their original state (because they were never written in the first place.)
The ext3 continue on errors thing is merely a way to skip fsck in the event that the read-only system has issues in the journal (very unlikely to happen, since nothing can write to it.) Presumably, this only covers an oversight in OTA updates (where the journal of the image provided by the OEM is dirty for some odd reason.) Again, since nothing can write to /system, it's all but an impossible scenario (nothing can write to the journal either...)
As for marking "sectors" as write-protected or not, that's also easier said than done. Entire partitions are locked, and half of the space is mysteriously "missing." It's difficult to see what's really going on from userland, as the device is deceptive as to what is and is not being written, or what is even stored on the eMMC in the first place.
The real solution is to exploit either the boot-loader or eMMC (re)/initialization somehow to allow a) unsigned firmware to be loaded and/or b) allow booting without write protection, allowing us to c) flash rooted rom to the phone and/or d) disable said protection. The unlock procedure will likely be similar to Unrevoked, as that is essentially the same situation (aside from the controller issue.)
All of this is covered in the wiki and various threads - check those out, if you find a way around it everyone would be glad to hear it.
Click to expand...
Click to collapse
Listen to this dude. Absolutely correct.
If you ever used CWM, CWMT or other non factory recoveries to wipe your data, you probably noticed that you lost the ability to encrypt your phone. Or maybe you did not even realize this is why encryption does not work.
For the Android phone encryption to work, it needs the /data (usrdata) partition to have a little bit of unused space between the end of the filesystem and the end of the partition. And as soon as you use CWM to wipe, it actually reformats using all space, and encryption does not work anymore.
User lolo250612 brought this to my attention, and together we created a update.zip that shrinks the /data filesystem by 1MB
In fact, we created 2 patches: One to shrink, and one to first repair the filesystem. The first will refuse to shrink if the file system is not clean and healthy. They will automatically find the correct usrdata partition device and its size. The shrink will then resize to 1MB less then the partition size (which means it could also be used to grow if you somehow had a filesystem a lot smaller, for example because you restored an smaller image from somewhere).
Both patches are created with statically linked e2fsprogs binaries and its own static copy of busybox shell interpreter. So they should work on all Android devices that use ext file system (probably all V2.3.1 Gingerbread and higher androids), and you should not lose any data because of this. But it is always good to make a backup.
We tested this on 2 phones, both ICS phones, and with both CWM and TWRP type recoveries, and are fairly certain it is safe to use. But to repeat, you should always take a backup of your phone.
Both patches can be found on my shared drive:
ICS_usrdata_fix-fs.zip
ICS_usrdata_shrink.zip
Procedure:
- Make backup of your phone
- Place files on SD card
- Boot into recovery
- Apply the shrink update
- If it tells you the filesystem is damaged apply the fix-fs update first
The patch only shrinks the filesystem, nothing is actually installed or removed on the phone. But if you use encryption, you could leave this patch on your SD card so that every time you wipe data, you can run the shrink patch again afterward to enable encryption again.
If you do use this, please report back in this thread, possibly mentioning your phone model and ROM you are using.
Quick encryption guide (and more)
I won't go deep into useless details as everything has already been described about Android phone protection somewhere on the internet. I will just give some meaningful links and tips by illustrating how I have protected my phone. Really nothing new or innovative, just a compilation of a few hints that I have put in practice to protect the numerous pieces of information that are on my phone.
Step 0: awareness
----------------------------
Why bother with phone security?
In short, I am clearly paranoid. Well, in fact, I don’t really feel at ease when I know all the information, both personal and professional I have on my phone. Over the month, my Androphone has become a real digital Swiss-knife and personal secretary. This includes:
Personal and professional contacts
Personal and professional agendas
Personal and professional digital exchanges (SMS and email)
Personal and professional photos
Banking account information
Trails where I run
Etc… etc…
Don't want someone looks at them. Not you?
Fist step: on-line protection
----------------------------------------
The first step in protecting your data consists in making hard to access indirectly the data that lay on your phone memory. This access consists in using the system when the phone is on, either via the GUI and the phone controls, or remotely (essentially by network connections, or phone basic functionalities like sms). So, basically, you need to lock efficiently your phone from preventing someone else to unlock the user interface that allows interactions with the system, and protect all communication channels.
To lock efficiently your phone, you must use a pin code of at least 4 digits (6 is better) or a pass-phrase. The latter is much less practical without improving online security that much. Above all, you must avoid those silly locking solutions like face recognition unlocking, or pattern lock. Those are toys for naive young boys. Not for those concerned seriously by security.
For protecting remote access to your phone, I would suggest:
1) Double check that USB debugging is disabled. This a major security hole.
2) Turn on data connections (bluetooth, wifi and 2/G/3G/4G) only when required (email checking, web-surfing session, data synchronising), and off rest of the time.
3) Avoid install cracked unofficial apks, or applications that asks for permission far beyond their obvious and principal utility
4) Install a software security app, if possible, open source and recognised by xda members. Once an adept of Droiwall, I have switched to Avast mobile security because of its extra features. But it is not opensource and it is a question of taste. But do this carefully, see that for instance before making a choice: http://download.cnet.com/8301-2007_4-57391170-12/dont-get-faked-by-android-antivirus-apps/ and http://www.av-test.org/fileadmin/pdf/avtest_2012-02_android_anti-malware_report_english.pdf.
But, you must be rooted (which is in itself a security hole if not mastered) and one must have a kernel with netfilter functionalities activated. This is the case with the stock kernel of the phone I use at the present time (Lenovo A789). But was not the case of 2 Samsung phones I used before. You have to either install a custom kernel adapted to your phone, or make your own if you have access to its sources (see tutorials as: http://forum.xda-developers.com/showpost.php?p=22941057&postcount=1)
5) Personally, I would feel more at ease if I could find an easy to use firewall solution that could close, and better, make stealth all the local ports of my phone, especially when I am not behind a wifi router. But I haven’t found one yet. Droidwall, nor Avast, addresses this functionality, whereas it would be fairly easy to implement it with the netfilter system layer underneath.
Second step: offline protection
-------------------------------------------
Here we are. Now your phone is protected when it is on. But, what if you switch it off, or remove its sdcard? The data lay on the internal memory, unprotected (at best obfuscated). Really easy to find a custom recovery for almost all phones, write a script to dump /data on a sdcard and then make whatever you want with the copy.
Don’t like that? The only solution to prevent /data from being read by someone else is to encrypt the /data partition. To do that, your phone or tablet internal storage partitions must be seen by your system as block devices. This is the case with eMMC but not with Yaffs. So beware, if you want encryption you need to buy a device that answers this requirement. This is not always true and almost never documented. Notes on the implementation of Android encryption are there: http://source.android.com/tech/encryption/android_crypto_implementation.html
Now, as me, if you are reading these lines, you are certainly looking for extra information about your Android device and probably extra functionalities.
Certainly, the most frequent way to install extra functionalities and custom ROMs to your phone is to use an update zip file. With stock recovery, this zip file needs to be signed, otherwise it is rejected. For maximum flexibility and ease of use, alternative boot recovery have been developed, of which CWRP is certainly the most famous.
Usually, for 99% of users and operations, CWRP operates great. Sometimes, as nothing is perfect, a bug may occur. This is the case for built in ICS encryption process. As Cybermaus indicates in the first post, to be able to perform this encryption the /data filesystem must be slightly smaller than the underlying partition. But CWRP, at least up to the version 5.5, formats all the corresponding partition leaving no place for Android to store the required information to be able to start the encryption process. This is clearly described in the following links: http://forum.xda-developers.com/showthread.php?t=1792101 and http://rootzwiki.com/topic/25652-fixing-galaxy-tab-2-encryption/
I have discovered that by using aLogcat to track down the origin of the failure. The interesting part revealed to be: E/Cryptfs ( 87): Orig filesystem overlaps crypto footer region. Cannot encrypt in place.
To circumvent this problem, you will find in Cybermaus first post, two CWM update zip files that will do the trick in a simple and secure way. After flashing your ROM and wiping data with CWM, apply them, go to system encryption as described here:http://support.google.com/android/bin/answer.py?hl=en&answer=1663755, and after waiting one or two minutes (not more), the system should restart automagically to encrypt your /data partition.
Third step: making your phone even more secure and practical at the same time
-------------------------------------------------------------------------------------------------------------------
Android built-in encryption is in fact more or less Linux LUKS (http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup). Plus, it is open-source so that everyone with the required skills can make an audit of the code to see if no security hole is present in the Android implementation. The underlying mechanism is strong and secure, as long as you use a strong password. I mean by strong, at least 12 characters that includes at the same time lower-case letters, upper-case letters, numbers and symbols. And it must be something impossible to guess for others while easy to remember for yourself. You will find a lot of resources on the internet on how to create such a password. For instance: https://help.ubuntu.com/community/StrongPasswords .
The problem with Android, in its attempt to keep the system not too complicated to use, is that the GUI (I insist: only the GUI, not the system) does not distinguish between the PIN or passphrase that you use to lock your phone when it is on, and the password used to encrypt the data that lay physically on your phone storage. So the casual user is in front of a paradigm: either he chooses a strong password for its data, but this will rapidly become tedious to type at least 12 characters to unlock his device several times a day; or he decides to use a PIN code, which is more practical to unlock the phone, and consequently uses a really weak password to encrypt its data which contains only digits, and thus may be cracked in a breath by any PC.
Fortunately, this paradigm is addressed and solved by small tools like EncPassChanger or Cryptfs Password (both requiring that your phone be rooted, which is by the way, paradoxically, a security hole if not used with caution ). See: http://nelenkov.blogspot.fr/2012/08/changing-androids-disk-encryption.html for complete notes about that. So for me, the only way, both secure and practical, to secure your phone is by using a PIN code of at least 4 numbers (6 is better). Then use a handy tool like EncPassChanger to have a true complex password for decryption at boot time.
Fourth step: increase security, without sacrifying practicability
-----------------------------------------------------------------------------------------
As I am paranoid, but at the same time don’t want my phone to become a source of annoyances, the previous “basic” steps were not enough for me.
So I decided to improve security in two ways:
1) By following the following tip, which I find great and is itself self-explaining: http://forum.xda-developers.com/showpost.php?p=26730989&postcount=2
2) By encrypting the photos I take with my phone, because these are linked with my private life and I won’t like that somebody gain access to them.
3) By encrypting documents I scan with CamScanner, for home and work, which may be sensitive.
4) By automating the action that disables USB debugging in case I forget to put it off after using it .
For point 2 and 3, documents lay on your sd card uncrypted. Android built-in encryption does not deal with both internal and external sdcard (just to be clear, by sdcards I mean partitions mounted as /mnt/scard or /mnt/scard2). To encrypt them you have to use once again an external tool. As I am an opensource fanatic for all that deal with security, I would recommend to use LUKS Manager (https://play.google.com/store/apps/details?id=com.nemesis2.luksmanager&feature=search_result and http://forum.xda-developers.com/showthread.php?t=1141467) which is based on dm-crypt module (yes, the same that Android uses for its build-in encryption), or Cryptonite (https://play.google.com/store/apps/details?id=csh.cryptonite&feature=search_result) which is completely open-source and implements the rock-solid Linux encfs on Android.
The latter is my personal choice. I do not use Crytonite in itself, except for creating the initial .encfs6.xml file. For everyday use, I use directly the Android port of the binary file encfs that comes with Cryptonite, and embed it into shell scripts. Up to now, no flaw, no problem. The password to open my encfs encrypted volumes is stored in a text file located on the /data partition. It is thus encrypted by Android and made accessible on boot when you decrypt this partition. So nothing more to remember.
To make things usable and practical, I use Tasker to automate the following things:
- Mount encfs volumes on start-up, by reading directly the password in the file located on /data
- Umount encfs volumes when usb is plugged
- Copy photos on a regular basis from the unencrypted /mnt/sdcard/DCIM to the safe place I created with encfs, delete AND wipe the original ones
Fifth step: be coherent about security
-----------------------------------------------------
Some people, torn apart by the paradigm described in Third step, by negligence or by lack of knowledge, strongly secure one part of the system, but make other parts big security holes.
Concretely, I am thinking about two examples: mixing encryption with pattern lock (or, even worse, with face unlock), or mixing encryption with usb debugging. Face recognition is just a jock. It is not reliable and fails very often. Moreover it is really easy to crack, with a photo for example. One of my colleague even achieved to unlock my phone with its own face, just because we are morphologically close enough. Pattern lock is not much better. (See: http://forum.xda-developers.com/showpost.php?p=37649447&postcount=6 and https://www.google.fr/search?q=smudge+attack).
So always ponder over (two times rather than one) each action you take that may touch system security.
Thanks lolo
I'm trying to use this on my VZW Galaxy S3 16Gb and this is what I'm seeing in TWRP v2.2.0:
Mounting System
Extracting system fixes
Update script starting...
Update script started
Disk /dev/block/mmcblk0p15: 13.1GB, 13140754432
4 heads, 10 sectors/track, 401024 cylinders
Units = cylinders of 64 * 512 = 32768 bytes
ERROR: unlikely size of KB
aborting operation!
Update script ended
Unmounting system...
Update Complete
Click to expand...
Click to collapse
edit: The same thing happens with both scripts.
I need to enable device encryption because my employer requires it for email and other Google Apps for Business apps. Thank you for your help!
Anyone know why full disk encryption isn't available on some (if not most roms)? Is it something that needs to be added with intent aside in the building process, or dependent on how the stock rom was set-up to work with?
I was hoping this would help get encryption working on an EVO ics rom which has encryption available, but when you click "encrypt phone" it just hangs on an android screen and doesn't actually do anything.
i was really happy to find your solution to enable encryption on my HTC desire S (ICS, rooted), but unfotunately it doesn't work. the same thing happen to me as it happened to mushu13, only different numbers in lines 5 and 6. same result whichever script i choose. please help, i really need system encryption.
thanky you very much!
First thing you should know, I am not an Android Guru. And unfortunately, if your phone is not an A789, I won't be able to help you deep in technical details. Cybermaus is the most skilled of the two of us, technically speaking, and he may lack time to answer correctly every request he is regurlarly faced with.
Okay, I do not know your phones and don't own them. So, distant debugging is much harder in these conditions. But the first things you should check, before applying Cybermaus' patches, are :
1) if encryption works with stock rom
2) follow thoroughly all steps I described in "Second step: offline protection" of the second post of this thread :
- your phone or tablet internal storage partitions must be seen by your system as block devices. This is the case with eMMC but not with Yaffs. If you don't have this information from the manufacturer, install Terminal Emulator from the Play Store and type 'mount' in it. You should see lines beginning with /[email protected] and /[email protected] If this is not the case, I fear encryption won't be able to work on your device.
- use aLogcat to track down the origin of the failure (see resources on the internet to learn how to use it, and links I have put in the second post)
3) Be sure that required modules are built into the kernel you use, especially dm-crypt
4) Post your results and cross your fingers that either this is a problem I have already encountered (in this case I may help you further), or Cybermaus see your posts.
While this script did allow me to encrypt my phone, it also shrunk my /data partition to roughly 1.1 GB.
Any ideas on how to expand it back to a reasonable size? I supposedly have 4 GB of ROM, and I assume more than 1 GB ought to be available for data.
Sent from my HTC Sensation using xda app-developers app
Thank you for your nice guide.
Only one thing is missing: baseband security.
Attacks on the baseband system requires very skilled people. Such as government agencies. It is believed they use baseband attacks to break into almost every mobile device. And there is only little you can do. Some vendors like Cryptophone have mobile devices with a hardened Android system. All others have no way to protect their device against baseband attacks.
Is this patch and reasoning still valid for newer android releases.
I am running a custom kitkat rom and twrp on a note 3 and can't encrypt so im looking for a fix.
I have been looking around for fixes but different posts blame different things.
Sometimes its the fact its a custom recovery, sometimes its that root is on the device and then there is this reasoning
Is there a way to find out the cause and fix for kitkat?
Virus
Hi, i tried to download your files
ICS_usrdata_fix-fs.zip
ICS_usrdata_shrink.zip
But the file are exe files with viruses.
Any ideas?
u2funker said:
Hi, i tried to download your files
ICS_usrdata_fix-fs.zip
ICS_usrdata_shrink.zip
But the file are exe files with viruses.
Any ideas?
Click to expand...
Click to collapse
Maybe false alarm.
Lossyx said:
Maybe false alarm.
Click to expand...
Click to collapse
no, but if you search for these file, you will find some which work and which are without viruses. Check the link..it is not an zip file..it is an exe file
@cybermaus: just tried flashing the two *.zips on my Galaxy S 4 Mini running CM 12 (Android Lollipop) because my logcat tells me I'm getting the described cryptfs error. It seems my /data partition doesn't have that 1 MB of unused space needed for encryption. Now I would love to encrypt my phone using CM's integrated function without having to completely format the internal storage (because that's the other workaround I found: flash stock rom, wipe data (factory reset), flash Custom Recovery, flash CM again)
Do you have the time and device to update your script so it works with Android Lollipop as well? I see a lot of people come across this issue recently so there would be definetly use for such a nice script like yours!
Thanks for sharing this with us!
-Teutone
no available for download any mirror ?
Or write the script on the thread.
Thanks
Can you post the scripts? links are dead!
---------- Post added at 16:33 ---------- Previous post was at 16:32 ----------
cybermaus said:
If you ever used CWM, CWMT or other non factory recoveries to wipe your data, you probably noticed that you lost the ability to encrypt your phone. Or maybe you did not even realize this is why encryption does not work.
For the Android phone encryption to work, it needs the /data (usrdata) partition to have a little bit of unused space between the end of the filesystem and the end of the partition. And as soon as you use CWM to wipe, it actually reformats using all space, and encryption does not work anymore.
User lolo250612 brought this to my attention, and together we created a update.zip that shrinks the /data filesystem by 1MB
In fact, we created 2 patches: One to shrink, and one to first repair the filesystem. The first will refuse to shrink if the file system is not clean and healthy. They will automatically find the correct usrdata partition device and its size. The shrink will then resize to 1MB less then the partition size (which means it could also be used to grow if you somehow had a filesystem a lot smaller, for example because you restored an smaller image from somewhere).
Both patches are created with statically linked e2fsprogs binaries and its own static copy of busybox shell interpreter. So they should work on all Android devices that use ext file system (probably all V2.3.1 Gingerbread and higher androids), and you should not lose any data because of this. But it is always good to make a backup.
We tested this on 2 phones, both ICS phones, and with both CWM and TWRP type recoveries, and are fairly certain it is safe to use. But to repeat, you should always take a backup of your phone.
Both patches can be found on my shared drive:
ICS_usrdata_fix-fs.zip
ICS_usrdata_shrink.zip
Procedure:
- Make backup of your phone
- Place files on SD card
- Boot into recovery
- Apply the shrink update
- If it tells you the filesystem is damaged apply the fix-fs update first
The patch only shrinks the filesystem, nothing is actually installed or removed on the phone. But if you use encryption, you could leave this patch on your SD card so that every time you wipe data, you can run the shrink patch again afterward to enable encryption again.
If you do use this, please report back in this thread, possibly mentioning your phone model and ROM you are using.
Click to expand...
Click to collapse
links are dead. Can you post the scripts?
In short, i deleted my photos by accident, and deeply desire to recover them.
Data Recovery programs wont work on my Google Nexus 4, for a combination of reasons. Namely, because it is not a usb mass storage device, it is internal memory, and because the phone has not ever been rooted. If it is possible to recover the photos without rooting the phone, this would be favorable. But i doubt this is possible.
Is there a way to root my phone without causing a "factory wipe/reset"? Perhaps by avoiding unlocking the bootloader?I am not even 100% sure if this can be achieved on 4.4.2. as of now. I am continuing to investigate, but if anyone has the know-how, please let me know.
this forum here, suggests something that might work, but at the end of the forum, it suggests that 4.4.2 is still impossible to root without wiping.
-There are methods of scanning the phone after it has been rooted, but i can't find the right kind of rooting i need.
-There are methods of copying the phone's hard drive -bit-by-bit- to my PC in .RAW format, and then converting this into something that can be mounted like a real drive, which could be scanned and from which photos could be recovered., but this method requires a rooted phone as well
-there is a possibility of trying to mount the phone on a linux OS, and then scan it possibly. but i don't know if this is impossible.
i am reading the basics in the meantime.
LG Google Nexus 4, 4.4.2
Build:KOT49H
kernel:
3.4.0-perf-g2cae413
[email protected] #1
wed Nov20 14:54:28 PST 2013
Desktop PC: Windows 7 Professional 64bit, service pack 1.
Laptop: mac...
you can read more about things i have tried and my other concerns, in greater detail below.
LOTS OF METHODS, LITTLE CLARITY
I just came back from visiting some dear friends in china and purchased an upgraded version of dropbox. Before I uploaded my photos, I accidentally deleted my entire album.
What is the safest and surest attempt for recovery?
1. i need to avoid installing anything on my phone as much as possible - (lest it overwrite the empty areas where the "deleted" photos reside.)
2. i need to keep my phone off as much as humanly possible (lest it overwrite the empty areas where the "deleted" photos reside.)
3. almost without saying - id like to avoid bricking my phone, (lest it destroy my "deleted" photos)
SOFTWARE RECOVERY SECTION
All known software recovery programs won't find any data on my phone because either they are made for scanning mountable drives, USB mass storage devices, or some simply cannot scan the device unless i root my phone (although I am not sure if rooting is directly correlated with successful scanning, or if rooting the phone simply allows me to carry on with other necessary steps prior to "successful scanning"- like allowing me to installing apps that allow me to mount the internal memory as a scannable drive). Enabling USB Debugging, or enabling/disabling MTP is not the same as enabling USB mass storage mode. Seeing the Nexus 4 as "portable Device" under my computer does not mean it is a mounted drive that i can scan with a recover program. No matter what, nothing seems to work with the Google Nexus 4 as it is now.
***I first tried installing the driver's through the ANDROID SDK, by unzipping the contents from the downloaded zip file and by double clicking the .exe file. Double-clicking the .exe file resulted in a cmd dos-style window popping up and immediately disappearing. Perhaps i needed to put the extracted folder on "C:\"?
REGARDLES....later, I have used WugFresh Nexus Root Toolkit v1.8.2 for ensuring proper driver installation for my phone. I have only used this software to install drivers. It walks you through bad-driver uninstallation/clean up, it retrieves the latest drivers, installs them, and then tests their workability for you and lets you know if the drivers were successfully installed.
I have not used Wug's toolkit to root or hack my phone... yet....
Below is a list of software I have used on my Windows machine and my mac. These simply will not work with the phone as it is right now.
Remo
TenorShare
Bycloud android data recovery
Android Data Recovery
Dr. Fone
Recuva
- i havent tried disk digger. but it requires a rooted phone.
SO simple methods will simply not work? Please correct me if I am wrong.
BIT BY BIT CLONE METHOD
This seems to be the most tedious (but thorough) method for actually preparing something that can be truly scanned for photo-recovery. This method seems to create a bit-by-bit copy of the phone to my computer, which can be converted and mounted and then scanned.
However, it requires rooting. Not to mention, it recommends non-destructive rooting. Which leads me to the next section ...
ROOTING section (and its problems)
In the fruitless sections listed above, it always seems to lead towards rooting as a requirement. Most people say you should root your phone when you first get it, because, i suppose rooting is "synonymous" with a wipe/reset. I believe this reset happens as a result of the bootloader being unlocked. According to MY limited understanding, this unlocking process essentially causes a "factory reset" which wipes the phone, and then catastrophically overwrites the precious space where the deleted photos currently reside. this is unacceptable. I imagine, this "reset" is for security reasons.
Most people seem to suggest that you make a back up before you root. This isn't helpful for my situation because we are talking about retrieving deleted data. I cannot make a back-up of deleted data.
Is it really possible to root without wiping the Google Nexus 4?
Is it even profitable to consider rooting a viable option? I don't imagine myself enjoying a rooted phone as much as others on this forum. I would hate to be creating a black hole for malicious software to breed. i am only concerned with data retrieval for this one time in my life. Is rooting the only viable option? If i root, won't that make the previously mentioned software-scanning section (e.g., Dr. fone), more viable than the BIT-BY-BIT section tedious and pointless by comparison?
All in all, I think it most likely that i will need to root my phone and do the bit by bit copy. If a rooting-first-step is the final conclusion, then I am looking for clear and careful advice for my specific phone on how to root it without jeopardizing the deleted photos (e.g., avoiding a "factory reset" from unlocking the bootloader, or perhaps avoiding unlocking the bootloader altogether) and how to hopefully carry on from there. I don't even know if avoiding "unlocking the bootloader" will virtually guarantee a non-destructive root method
Rooting gets crazy because it leads to necessary installations of SuperUser, busybox, kernels, roms, etc... There are so many unfamiliar vague terms for a beginner like me and it is taking tons of time to break through. I am uninterested in keeping my phone rooted, or maintaining a lifestyle with a rooted phone. if we can move expeditiously from point A to B and then back, (get in, get the photos, and get out,) that would be the most awesome plan.
LINUX METHOD?
is there another way to get to the deleted photos?.
I do not know if 'mounting' the phone is akin to 'mounting' a scannable drive. http://www.youtube.com/watch?v=fw2MKGIgyF4
maybe this is another wild goose chase?
IN SUMMARY
1. It would be helpful if there was a root-free photo-recovery software solution that actually works (this is unlikely to be in existence) with an unrooted nexus 4
2. It would be helpful if it is possible to root without destroying my chances of recovering my deleted photos, with the goal of allowing recovery software access (deeper access) to my phone, i.e. disk digger or if necessary... a bit-by-bit copy to my PC.
3. it would be interesting if the nexus 4 can be magically mounted and scanned on the linux operating system
4. It would be MOST HELPFUL if there was a clear consensus on what direction to take, because there is a lot of misinformation out there. One wrong step and i could end up shooting myself in the foot twice (if i inadvertently reset my phone), or three times (if i brick my phone).
5. can the phone be put back to normal (i.e. unroot) after rooting? or does this require that i make a full backup of the phone in its current state? ( i tried using WUGS toolkit to backup my media, but it wont do it unless i unlock the bootloader... back to that problem again )
I'm sorry for sounding like an idiot. I have been at this for a more than a few hours. I sincerely appreciate any help and consideration towards this specific situation in advance, and the hope that this forum has already offered me.
Impossible to root 4.4.2 without unlocking the boot loader and wiping the device.
DrFredPhD said:
Impossible to root 4.4.2 without unlocking the boot loader and wiping the device.
Click to expand...
Click to collapse
Same problem.... There isn't a solution yet? :crying:
fabrollo said:
Same problem.... There isn't a solution yet? :crying:
Click to expand...
Click to collapse
Nope, you have to unlock the bootloader and that wipes the device
Sent from my SAMSUNG-SGH-I727 using XDA Free mobile app
jd1639 said:
Nope, you have to unlock the bootloader and that wipes the device
Sent from my SAMSUNG-SGH-I727 using XDA Free mobile app
Click to expand...
Click to collapse
And after i should try to recover all the wiped files with diskdigger for example? Maybe the datas that we was searching will be found?
Thanks... if i must try this way to solve my problem i will bite the bullet...
fabrollo said:
And after i should try to recover all the wiped files with diskdigger for example? Maybe the datas that we was searching will be found?
Thanks... if i must try this way to solve my problem i will bite the bullet...
Click to expand...
Click to collapse
The chances of recovering anything is very small
Sent from my Nexus 5 using XDA Free mobile app
I am wondering if there's a working temp root (or even perm root without bricking Android 6.0 OS) for this Verizon exclusive ASUS Zenpad z10, as I am now looking for a way to unlock the bootloader as most of unlock commands are intact in the bootloader itself - only "Allow OEM unlock" tab is missing, so I will have to extract the bootloader partition and system configuration partitions - the problem is root.
That way I can get started on putting TWRP after unlocking the bootloader.
Already tried temp root the manual way; running su in /data/local/tmp after giving it the correct permission. All I got was "1" in shell, basically along the line, "f*** you, I am not letting you run as root." Why temp root? I have to do it so I don't accidentally brick the tablet - all I want to do right now is to extract the vital partitions and examine every single of them to see if I can indeed get "Allow OEM Unlock" or some bootloader unlock approval commands so I can get ASUS ZenPad z10 unlocked. And there's absolutely NO ASUS update RAW file extractor tool to date.
Apparently it looks like ASUS and several other OEMs don't bother going the extra miles getting the bootloader locked down as tightly as Evil Moto, or worse, Samsung. They just simply remove "Allow OEM Unlock" tab and call it a day. (Beware, though, Qualcomm second stage bootloader varies so much among OEMs which is why I have to take a peek into the partition image and see what I can find.)
Although I'm of no help to you, I will be following this. I just picked up one of these today. There's simply not a lot of information out there.
Sent from my SM-N920V using XDA-Developers mobile app
Apparently, due to the way Android Marshmallow security system works, all I can do is wait (and probably trawl the forums, although I doubt it will happen unless I pull the kernel from the eMMC SSD which is technically a catch-22 situation, as I have to root before I can touch the kernel or even "Allow OEM Unlock" configuration file in some partition - a bit like chicken and egg paradox).
UNLESS there is a temporary root that works by abusing the Dirty Cow exploits, and allows me to pull the eMMC SSD partitions so I can look through the files contained within the pulled partitions.
Discovered that this tablet do have root detection system - it basically tattle to Verizon. Those bastards. Nevertheless, I would need to find a way to allow OEM unlocking (which I had gut feeling that it's there somewhere) without it getting all antsy.
The more I dig into it, the more I just want the bootloader itself to be unlocked. It never cease to amaze me how far Verizon will do anything to be so nosy.
Slightly off topic, but since you seem to be the only other person here who has this tablet... Have you attempted to figure out a simultaneous charge and data option? I've tried several different cables and adapters so far without much luck.
Sent from my SM-N920V using XDA-Developers mobile app
Good question, however I don't really have a computer with USB-C port, if you meant that (been considering doing a new computer build at some point which then I get better idea how this tablet function on USB-C doing general stuff via USB - it may be by the time this tablet is running CM 14.x, once we figure out how to unlock the bootloader, so it may be hard to say how it will function with stock ROM). On the other hand, regular USB is usually limited to 500 milliamps (1/4 that of bundled charger), so may not charge because of the current requirements that may have to be met within the power management firmware (meaning about 1 Amp - which many DIY PC motherboards now meet the minimum specifications).
However, the screen backlight consume the most juice so you may try turning off the screen after you have mounted the MTP drive (due to MTP security in Android - it will stay mounted after you plug it into computer and turn off the screen however), which then you may be able to charge it. It will take a while as there's a huge battery inside (7.8 Amp hour rating). You would have better luck with a computer that conforms to USB Power Delivery specifications (USB 3.x already support that - USB 3.x ports are usually blue, BTW, so it's kind of hard to miss).
Finally extracted the files from ASUS' Verizon ROM image - ZArchiver Pro apparently can read ASUS' RAW image file, much to my delight. Now, I will have to figure out how to treat the Qualcomm second-stage bootloader (aboot.img) and few other partition images as a disk drive so I can figure out how to enable OEM unlock so I can get this thing unlocked (and I will disassemble the Linux kernel - boot.img - and recovery toolkit - recovery.img - so I can get ball rolling).
Tried to unpack the boot.img and recovery.img - the boot unpacker failed with "Android boot magic not found". Oh well, I will try to keep at it.
Alright, I think it's because the kernel is compiled in ARM64 assembly codes (thus not really standard as far as most Linux kernel boot.img unpackers are concerned), so now I will try one that can and will touch 64-bit kernel image. Then keep on probing the entire recovery and boot images for potential clues to the OEM unlock configuration (and as well as system.img - one problem is, Linux refuse to touch the system.img even though it is evidently the EXT4 FS SSD image).
Anyone who know of decent multi-faceted disk image extractor (the ones that can touch the non-standard disk image, including boot.img and recovery.img which doesn't have the standard "ANDROID!" magic), let me know. I have been googling anywhere, and it's difficult to pull the vital files which I can look for important files. System image, however, may have to be analyzed for type of fuse file system (if it's not sparse file system, then it's definitely an odd SSD image).
Another ZenPad owner checking in. I had to go to asus's site to say this thing even is. The model number P00l is absolutely worthless.
Anyways I've ordered a laptop with native USB 3.0 so will poke around where I don't belong soon.
I absolutely hate this UI, who is to blame? Asus? Verizon?
Verizon. They usually make the call in firmware development (Can you say who locked the bootloader?) and yeah, they're famous for horrible stock firmware. Hence, I am figuring out how to unlock the bootloader just so we can get rid of garbage on the tablet. ZenUI is on ASUS though.
Nice hardware, bad software. That's kind of a shame. It will hurt even less when we get CyanogenMod 14.x operating system on it.
EDITED: the model number is zt500kl, not superfluous "P00l" - I had to figure it out, and GSM Arena had the model number (and bootloader apparently confirmed that).
Did a bit researching in how the "Enable OEM Unlock" tab in other devices' Developer Option works; the toggle goes into persistent data block (hitting home in PersistentDataBlockService.java file), thus going into factory device configuration file in the syscfg partition (mmcblk0p28) - however, I will need to successfully extract the system.img in the ASUS Verizon OTA, or if we can successfully root this thing, I can go ahead and pull some apps and files and see how Allow OEM Unlock can be accomplished.
Correction: it's actually config (mmcblk0p13) as the build.prop said ro.frp.pst points to /dev/block/bootdevice/by-name/config - this is where it will get tricky; the config.img file is actually blank - it's on the physical soft efuse partition on the eMMC SSD itself, which there will be some legit data. Which is essentially untouchable until we get shell root of some kind to extract it. After I get to it, all I have to do is to find out the magic value to "blow" the last value sector in soft efuse partition to allow OEM unlock (note - soft efuse is just that, you can relock the bootloader when you write blank partition image to reset the efuse values contained herein, so beware the official OTA update image package).
Asus ZenPad ZT500KL
I just purchased this tablet yesterday. If you need me to test anything feel free to pm me.....
Thanks for working on this, if I can be of any help. do not hesitate to ask.
Dr. Mario said:
Did a bit researching in how the "Enable OEM Unlock" tab in other devices' Developer Option works; the toggle goes into persistent data block (hitting home in PersistentDataBlockService.java file), thus going into factory device configuration file in the syscfg partition (mmcblk0p28) - however, I will need to successfully extract the system.img in the ASUS Verizon OTA, or if we can successfully root this thing, I can go ahead and pull some apps and files and see how Allow OEM Unlock can be accomplished.
Correction: it's actually config (mmcblk0p13) as the build.prop said ro.frp.pst points to /dev/block/bootdevice/by-name/config - this is where it will get tricky; the config.img file is actually blank - it's on the physical soft efuse partition on the eMMC SSD itself, which there will be some legit data. Which is essentially untouchable until we get shell root of some kind to extract it. After I get to it, all I have to do is to find out the magic value to "blow" the last value sector in soft efuse partition to allow OEM unlock (note - soft efuse is just that, you can relock the bootloader when you write blank partition image to reset the efuse values contained herein, so beware the official OTA update image package).
Click to expand...
Click to collapse
Due to a potential brick risk due to entering the wrong magic value, I'd rather that we have temporary root or shell root first so we can pull the soft efuse partition and some setting files from ASUS settings.apk / systemui.apk to figure out the FRP values just so we don't accidentally lock ourselves out or worse.
Once we find out what it is, we can go ahead and test that (kind of wish I have extra money to get a sacrificial tablet to take a jab at the bootloader, as Verizon love to make it risky).
Oh, and BTW, this tablet also have several hardware disabled by Verizon, like the fingerprint scanner (home button). All the reasons to get CyanogenMod, crDroid and any of the favorite CyanogenMod derivatives on it.
Dr. Mario said:
Oh, and BTW, this tablet also have several hardware disabled by Verizon, like the fingerprint scanner (home button). All the reasons to get CyanogenMod, crDroid and any of the favorite CyanogenMod derivatives on it.
Click to expand...
Click to collapse
I'm within my 14 day return period ...., send me a pm
Sent from my iPhone using Tapatalk
Give me a bit time and I will figure out what to poke in config partition and we can go from thereon. Some one-click root (like KingRoot) are questionable so it's hard to know as of yet, due to secure boot which will prevent the tablet from booting all the way to password request lockscreen if it notice something (and there's a root detection app inside /system/priv-app directory - even though Verizon doesn't care about me, whether I hacked it or not, given my history of hacking several Qualcomm-based smartphones, especially RAZR M, even though it may probably be because I paid all my bills on time).
Dr. Mario said:
Give me a bit time and I will figure out what to poke in config partition and we can go from thereon. Some one-click root (like KingRoot) are questionable so it's hard to know as of yet, due to secure boot which will prevent the tablet from booting all the way to password request lockscreen if it notice something (and there's a root detection app inside /system/priv-app directory - even though Verizon doesn't care about me, whether I hacked it or not, given my history of hacking several Qualcomm-based smartphones, especially RAZR M, even though it may probably be because I paid all my bills on time).
Click to expand...
Click to collapse
Sounds good. Didn't even know the tablet had a fingerprint reader ( home button)
Sent from my iPhone using Tapatalk
I have a kinda complex problem with this device.
Someone called me last night scared because she (kinda) deleted an entire messages thread from the phone ( SMS ) and it was an accident.
Now, she really need those messages because of a juridic case. Is there any way to recover old messages that were deleted from that thread ?
I tried to recover with EaseUS mobile Data Recovery, which (for desktop version) i used in the past for other laptops and Desktops to recover deleted files or formatted disks, but with phones, it requires me Root. I recently Rooted my HTC device and this process "wipe" whole data from your phone. As i know, Windows Kernel and Linux Kernel (the one used in Android OS too) have the same file management system, so the point is, this "Wipe" what actually does with MBR ? It hard format the disk, or it just modify MRB's File Table by deleting it's references pointers to files ? A hard format (switching every single bit to 0 from where MBR ends, all the way to the end of the partition) takes a lot of time, especially in these smartphones, because they have a lot slower storage speeds, and on my HTC device, this process took like 1-2 seconds so i hardly can imagine that actually it deletes the data, so with the MBR's mechanism in mind, i really take this in consideration to root the phone and use that software to recover that thread.
My main concern is that, i don't really know what file shall i restore. If these SMSes are stored into a database, when a thread is deleted, the phone can simply "drop records"... i mean, it can simply delete records from the tables, and tables being stored in a database as a single file, ell, and they are gone... for good in this case scenario....
The only way i think i will act if someone confirm that this is the way to recover it, i will restore every single file of the phone that was deleted before accident happen and i will look for SMS database to be modified a day after the thread was deleted. Is this the good way, i'm about to do a pointless action by rooting this device?
I have to mention, the thread is now created again, have 3 new mesages with that person, but there were like 1k+ in that thread before... so, how to recover them?
Thank you in advance for any information.