Related
So, I've been following this thread recently and I need to ask a very basic question about some bootloader basics.
Someone referenced a post that explained the difference between locked and encrypted bootloaders but I cannot seem to find it.
From what I understand, in the simplest of terms, locked is good news and encrypted is bad news. In other words, a locked bootloader will enable us to eventually install custom ROMs from a different kernel not currently supported by the latest OTA update. Whereas with an encrypted bootloader, it is pretty much impossible to install ROMs from a different kernel and are limited to installing from the same kernel.
I'm not sure if some (if any) of the above is right.
So, I go back to check on that thread today and I notice the OP has been updated to say that the bootloader is signed is the same as either locked or encrypted? Or is it a completely different term?
I really home it's the same as a locked bootloader, but I have no idea.
If anyone has a good link describing this, or feels like explaining it themselves, it would be appreciated.
Thanks!
First of all, thanks for asking this question in General, instead of the Development section.
Encrypted means that the data payload is encrypted and cannot be decrypted without a valid private key. These days private keys are virtually impossible to decrypt in any reasonable amount of time, even with thousands of machines helping out. So there are generally two other attack vectors for this scenario:
1) someone leaks the private key, or
2) There is a weakness or flaw in the encryption algorithm that allows us to bypass the need for the private key.
Signed produces a digital signature that is computed from the contents of the payload. If one modifies the payload, the generated digital signature would no longer match and verification would fail. It's very similar to when you see md5/sha checksums for a file download.
This is a very layman's explanation of what's going on and subject to pedantic corrections . For further discussion, check out the following links:
http://en.wikipedia.org/wiki/Public-key_cryptography (Especially the section: http://en.wikipedia.org/wiki/Public-key_cryptography#Description)
http://en.wikipedia.org/wiki/Digital_signature
Hope that helps
perdurabo2 said:
First of all, thanks for asking this question in General, instead of the Development section.
Encrypted means that the data payload is encrypted and cannot be decrypted without a valid private key. These days private keys are virtually impossible to decrypt in any reasonable amount of time, even with thousands of machines helping out. So there are generally two other attack vectors for this scenario:
1) someone leaks the private key, or
2) There is a weakness or flaw in the encryption algorithm that allows us to bypass the need for the private key.
Signed produces a digital signature that is computed from the contents of the payload. If one modifies the payload, the generated digital signature would no longer match and verification would fail. It's very similar to when you see md5/sha checksums for a file download.
This is a very layman's explanation of what's going on and subject to pedantic corrections . For further discussion, check out the following links:
http://en.wikipedia.org/wiki/Public-key_cryptography (Especially the section: http://en.wikipedia.org/wiki/Public-key_cryptography#Description)
http://en.wikipedia.org/wiki/Digital_signature
Hope that helps
Click to expand...
Click to collapse
Thanks for the reply!
So, is signed better news than encrypted? Sorry for my confusion but I'm not the best with understanding this kind of stuff.
But in the mean time, I'll be checking those wikipedia articles.
qcom100 said:
Thanks for the reply!
So, is signed better news than encrypted? Sorry for my confusion but I'm not the best with understanding this kind of stuff.
But in the mean time, I'll be checking those wikipedia articles.
Click to expand...
Click to collapse
For the most part, it's better news because the payload can be examined for exploits.
PKI (public/private key crypto) is a good thing to have an understanding of because it's use is so widespread in the computing world.
perdurabo2 said:
First of all, thanks for asking this question in General, instead of the Development section.
Encrypted means that the data payload is encrypted and cannot be decrypted without a valid private key. These days private keys are virtually impossible to decrypt in any reasonable amount of time, even with thousands of machines helping out. So there are generally two other attack vectors for this scenario:
1) someone leaks the private key, or
2) There is a weakness or flaw in the encryption algorithm that allows us to bypass the need for the private key.
Signed produces a digital signature that is computed from the contents of the payload. If one modifies the payload, the generated digital signature would no longer match and verification would fail. It's very similar to when you see md5/sha checksums for a file download.
This is a very layman's explanation of what's going on and subject to pedantic corrections . For further discussion, check out the following links:
http://en.wikipedia.org/wiki/Public-key_cryptography (Especially the section: http://en.wikipedia.org/wiki/Public-key_cryptography#Description)
http://en.wikipedia.org/wiki/Digital_signature
Hope that helps
Click to expand...
Click to collapse
OK, thanks!
Afternoon,
I'm using Exchange AcitveSync Policies (EAS) to encrypt our new WP8 devices for work. I wanted to know where the Bitlocker encryption is stored once encrypted?
And what is the process of decrypting an encrypted WP8 phone?
thanks
Without the key the phone would not be able to decrypt it's data - so I guess: yes, the key is stored on the device (presumably encrypted itself, using the users password/pin to start decryption).
As for decryption that is an interesting question. Someone will have to try it out. As far as I know there is no switch in the system to do this. One could try to remove the Exchange account from the device although I have no idea on how to even check wether it's decrypting/decrypted.
Settings -> Phone Storage
It's just an idea but if we can access on the entire hard disk, I think it's possible to recover DRM.
It exists softwares to recover datas deleted. Maybe a way to explore.
Everybody knows datas are never totally erased.
Have discuss
Ps : sorry for my bad eng
Sent from my D5803 using XDA Free mobile app
This is flash memory. If they delete it and afterwards send the command to trim or gc then it's gone for good.
The unlocking process is too fast, I do not think they are rewriting the partition. I think they only remove the DRM then dalvik cache / cache and reboot the phone.
But I could be wrong.
I tried different software, they are effective on my SD card.
But my problem is that I do not see the internal hard disk of the phone, so I can not try it.
My phone is boot unlocked. No root / No recovery
If it was possible this would have been done already.
Skickat från min LG-V500 via Tapatalk
I don't talk about "if we can, if it's possible", i talk about doing this, to trying this.
for now, no one has tried.
Being negative without trying, is the best way of failing
dahod said:
It's just an idea but if we can access on the entire hard disk, I think it's possible to recover DRM.
It exists softwares to recover datas deleted. Maybe a way to explore.
Everybody knows datas are never totally erased.
Have discuss
Click to expand...
Click to collapse
The tools that are used to recover deleted files from a file system operate on the premise that deletions are performed by marking the sectors allocated to the file as 'free' in the allocation table without actually erasing the file data contained on the disk. Recovery tools can scan the entire disk to discover file chains and then rewrite the recovered data to some other device.
These tools will not work on the Trim Area (TA) because it is not a file system, but a raw partition that is accessed by directly reading/writing data at known addresses. There is no allocation table or file chains to recover.
The DRM keys are deleted when the bootloader is unlocked by overwriting the key data with 0x00 or 0xFF. This can be verified by dumping the TA partition of an unlocked device and examining the raw partition.
cschmitt said:
The tools that are used to recover deleted files from a file system operate on the premise that deletions are performed by marking the sectors allocated to the file as 'free' in the allocation table without actually erasing the file data contained on the disk. Recovery tools can scan the entire disk to discover file chains and then rewrite the recovered data to some other device.
These tools will not work on the Trim Area (TA) because it is not a file system, but a raw partition that is accessed by directly reading/writing data at known addresses. There is no allocation table or file chains to recover.
The DRM keys are deleted when the bootloader is unlocked by overwriting the key data with 0x00 or 0xFF. This can be verified by dumping the TA partition of an unlocked device and examining the raw partition.
Click to expand...
Click to collapse
That makes perfect sense. Taking things one step back, why shouldn't we consider rewriting the DRM keys to the TA though? They're consistent among Z3C devices after all...Is there a bootloader validator that will just overwrite the keys again? Or preventing the overwrite in the first place, rather than worrying about an impossible recovery of the deleted key data?
If neither is possible, could you explain why please?
matapo said:
That makes perfect sense. Taking things one step back, why shouldn't we consider rewriting the DRM keys to the TA though? They're consistent among Z3C devices after all...Is there a bootloader validator that will just overwrite the keys again? Or preventing the overwrite in the first place, rather than worrying about an impossible recovery of the deleted key data?
If neither is possible, could you explain why please?
Click to expand...
Click to collapse
We don't have the keys because w/o root we cannot dump the TA partition. If bootloader is unlocked to gain root, keys are wiped.
The assumption that the keys are common among all devices may not be correct. In previous Z series devices restoring the TA partition from a different device would brick it. This indicates the TA contains some device specific signature, etc. The keys could be protected with device-dependent public/private key encryption tied to IMEI and some private key. If Sony went to the trouble of protecting their IP with DRM, they are going to protect the DRM keys as well.
i thought with towelroot you can root without bootloader unlock ? if not, we just need a possibility to root without bootloader unlock and than we can backup the keys ?
yelp, only that needing JUST a way to root without unlock sounds so easy while it's not.
dahod said:
The unlocking process is too fast
Click to expand...
Click to collapse
TA.img is exatcly 2MB, writing 2MB of zeros to flash memory only takes fractions of a second.
cschmitt said:
We don't have the keys because w/o root we cannot dump the TA partition. If bootloader is unlocked to gain root, keys are wiped.
The assumption that the keys are common among all devices may not be correct. In previous Z series devices restoring the TA partition from a different device would brick it. This indicates the TA contains some device specific signature, etc. The keys could be protected with device-dependent public/private key encryption tied to IMEI and some private key. If Sony went to the trouble of protecting their IP with DRM, they are going to protect the DRM keys as well.
Click to expand...
Click to collapse
Thanks for the explanation - much appreciated! Hopefully, someone will attempt the 'almost impossible' and find an exploit or two like towelroot, allowing for root access without compromising the bootloader then. Seems like our only option. Sony hasn't made this easy...I can understand why our fellow users are upset.
Just so people don't get confused: that doesn't mean that the DRM keys can be recovered when the phone was already unlocked, but they can be restored if a backup is made before.
PS: and restoring the keys automatically relocks the bootloader which means they can only be used by stock roms iirc. At least that was the case with RomAur I've been using, restoring the keys resulted in a bootloop.
Thank you all for your explanations, I hope that a great mind will find the solution for those who have already unlocked.
Sent from my D5803 using XDA Free mobile app
For the root exploit on the older Z devices, did the exploit work only on certain firmware versions, or could it work on most or all of the versions?
I'm asking this because I've for the notification for a system update, but I've been holding back on installing the update, thinking that perhaps any exploit might be patch in newer versions.
Thanks.
Only specific versions. But it was possible to downgrade, root and then upgrade while keeping root. Towelroot then worked with various versions that used an affected kernel version.
My brain wouldn't let me sleep last night over this (probably stupid) idea:
If /system can be written to by certain tools (correct me if I'm wrong, but afaik you can flash .ftfs with flashtool with a locked bootloader), would it not be easier to find an exploit there (in the .ftfs)?
Much easier said than done, yes, but sounds much easier than finding an exploit in Android, imo.
I guess tampering with an FTF changes its checksum so it cannot be used anymore.
Iruwen said:
I guess tampering with an FTF changes its checksum so it cannot be used anymore.
Click to expand...
Click to collapse
Well yes, you cannot alter an ftf, but what if we somehow made a small img of system and tricked flashtool into tricking it's actually just the system part of an ftf?
Flashtool then flashes the rooted system image and viola, root achieved!
You know, just how Nexus devices have a recovery (factory) image for each partition? Why not make this work?
Ofc just a (probably wayy off) theory, but it seems plausible.
dahod said:
Thank you all for your explanations, I hope that a great mind will find the solution for those who have already unlocked.
Sent from my D5803 using XDA Free mobile app
Click to expand...
Click to collapse
I wouldn't bet on it. The 'issue' has been there since the Xperia Z, the only solution has been to backup the partition before unlocking, else it's gone for good.
Hey,
I searched but didnt find anything on this issue.
I am on German FW 51.1.3.0_user_513011820, since it was delivered with 51.1.3.0 and I had to run update to start the FireTV the first time.
So now I blocked amzdigitaldownloads.edgesuite.net in my router to avoid future updates in the hope of getting root with my FW later on.
Issue is: When I block the URL the whole FireTV says there is no connection and stops working! So either I have to unblock amzdigitaldownloads.edgesuite.net and risk new updates or I keep waiting until there will probably be root for my FW without being able to use the FireTV until then.
Or is it possible to block the URLs somehow without blocking the whole FireTV? Or am I just blocking the wrong URL?
Any hint on this would be highly appreciated.
Cheers,
T
t.kuschan said:
Hey,
I searched but didnt find anything on this issue.
I am on German FW 51.1.3.0_user_513011820, since it was delivered with 51.1.3.0 and I had to run update to start the FireTV the first time.
So now I blocked amzdigitaldownloads.edgesuite.net in my router to avoid future updates in the hope of getting root with my FW later on.
Issue is: When I block the URL the whole FireTV says there is no connection and stops working! So either I have to unblock amzdigitaldownloads.edgesuite.net and risk new updates or I keep waiting until there will probably be root for my FW without being able to use the FireTV until then.
Or is it possible to block the URLs somehow without blocking the whole FireTV? Or am I just blocking the wrong URL?
Any hint on this would be highly appreciated.
Cheers,
T
Click to expand...
Click to collapse
I have softwareupdates.amazon.com & amzdigitaldownloads.edgesuite.net blocked, but don't have any problems like you explained. I'm running a rooted USA version though.
Isn't your SW version un-rootable? If so, what is the point of blocking updates?
Anyway I have the update apps blocked using AFTV Utility App but you may need to be rooted to do that as it "freezes" the apps. There are three with "DCP" in the names. AFTV UA here:
http://forum.xda-developers.com/showthread.php?p=56005271#post56005271
As for the router, I read to block this, "firs-ta-g7g.amazon.com" rather than what you mentioned. Read here:
http://forum.xbmc.org/showthread.php?tid=197454
t.kuschan said:
Hey,
Issue is: When I block the URL the whole FireTV says there is no connection and stops working! So either I have to unblock amzdigitaldownloads.edgesuite.net and risk new updates or I keep waiting until there will probably be root for my FW without being able to use the FireTV until then.
T
Click to expand...
Click to collapse
Same for me. I am on the same Firmware on a german FireTV. So I can confirm that.
yep. Same problem here.
As soon as I try to set a certain profile for the fireTV in my Fritbox, it stops working even though I haven't blocked anything at this point.
The Fire TV checks a web page in order to determine if it has an internet connection. If it can't reach that one web page, it thinks it has no connection. Last I checked, the web page it checks is: http://spectrum.s3.amazonaws.com/kindle-wifi/wifistub.html
It's possible this has changed with 51.1.3.0. When I get a chance I'll run Wireshark on a 51.1.3.0 unit to see if things have changed, but I may not have time to do it until Monday.
In the mean time, if your router has the ability to block via a string instead of just a domain, you can block "signed.bin" as all of the updates have ended in that. You can test to see if your block works by trying to download one of the stock software files listed at AFTVnews.com/software
schneid said:
Isn't your SW version un-rootable? If so, what is the point of blocking updates?
Anyway I have the update apps blocked using AFTV Utility App but you may need to be rooted to do that as it "freezes" the apps. There are three with "DCP" in the names. AFTV UA here:
http://forum.xda-developers.com/showthread.php?p=56005271#post56005271
As for the router, I read to block this, "firs-ta-g7g.amazon.com" rather than what you mentioned. Read here:
http://forum.xbmc.org/showthread.php?tid=197454
Click to expand...
Click to collapse
Thanks all. The URL "firs-ta-g7g.amazon.com" doesn't seem to block the whole device anymore, but I hope it would still block any upcoming updates...
Waiting for rooting methods desperately... :crying:
In Settings > Security & Location > Encryption & Credentials it says, "Phone not encrypted".
I want to encrypt my phone to protect the data in case I lose the phone, but is it working? Any important things I should know?
My key concerns:
1. Will I still be able to do OTA updates of LineageOS microG after encrypting?
2. Will I be able to backup phone using TWRP?
3. Will I be able to restore backups with TWRP?
4. Can I decrypt backups using TWRP to get my data?
I found a bunch of old threads from 2014 and it sounded unstable to encrypt. I don't see newer threads though.
Thank you for any guidance you may be able to provide as I am a LineageOS noob (less than 1 month experience!) .
Before this official TWRP update it was not working.
I encrypted my phone before one month ago. when i downloaded and installed the OTA update, the decryption pattern did not recognized. I was damn sure about the correct pattern to unlock but it didn't worked. I need to reset my phone to make it working.
I am not sure if its working now after updates from both TWRP and Lineage os.
please reply if any one know about current situation.
[NOTE]: If you are noob and trying to encrypt your phone, then keep backup of your internal storage and all apps, Sms and Contacts etc. because, after encryption, you can not access files and appdata from internal storage.
[email protected] said:
I encrypted my phone before one month ago. when i downloaded and installed the OTA update, the decryption pattern did not recognized. I was damn sure about the correct pattern to unlock but it didn't worked. I need to reset my phone to make it working.
Click to expand...
Click to collapse
Thank you for this! Possibly saved me. I don't care about accessing my encrypted data through TWRP, but I do want to be able to do OTA. I also want my data protected if I lose my phone.
In the latest release of TWRP 3.4.0-0 there seem to have done lots of work on encryption
Encryption
ext4Crypt Wrapped Key Update - Peter Cai
Fix upgrading encryption key if export fails - Peter Cai
Fix wrapped key support for devices without metadata partition - mauronofrio
Don't skip decryption when using block map file in order to write to /data in ORS - CaptainThrowback
FDE - Decrypt master key first - AndroidableDroid
vold_decrypt - set Android version and patch level automatically - CaptainThrowback
Set wrapped decrypt support by twrp flag - Peter Cai
Don't try wrapped support unless needed - mauronofrio
restore ext4 policy on /data/cache - Bigbiff
multiuser decryption - Noah Jacobson
FDE retry - AndroidableDroid
Click to expand...
Click to collapse
So, tell me about encryption. posted on Reddit --> This thread from 2 years ago on reddit has some phones working with encryption and some not working.
So who else is running full disk encryption on their LineageOS install? I guess I have to try it and pray next week.