Hey Folks,
I have a Motorola Droid X. I was running Encryption on it via the built in Android encryption option. I assume the key was derived from the pattern lock? I did not specify anything when I encrypted my phone, so I assume the Android device used eCryptFS to encrypt the files on my phone using a key derived from my pattern lock? Anyone have any information on how Android encrypts it's files and how it derives it's key when using the built in encryption options?
I read through this article \h\t\t\p\:\/\/\source.android.com/tech/encryption/android_crypto_implementation.\h\t\m\l (sorry about the fake tags, forums didn't want me spamming the place up) and can glean SOME information off of it.
The reason I ask these questions, and what my situation is, is as follows,
I had encrypted my device sometime ago. SD card and NAND. I wanted to reset my phone for freshness back to factory default (no root, etc etc). So I plugged 'er in and copied off my dcim folder directory. I noticed that the image/video files from the date of encryption were not accessible etc etc. (due to the encryption i'm sure.) So I turned off the encryption on the device, it rebooted itself and did it's thing. Great. I figured my files were decrypted at this point. I copy off the DCIM folder and reset the phone, wipe everything, etc etc. Well whatdya know? In my brilliance I forgot to check the DCIM folder I copied off the second time to make sure I could check out my images. Still couldn't, still encrypted? I assume as such.
I copy the DCIM folder to the formatted SD card, hoping that if I use the same pattern lock and enable encryption, my phone could then access those files. No go.
So as it stands, I have a bunch of encrypted files. I carved the MSD card sometime ago using test disk, just for grins, and it pulled a bunch of eCryptFS files out of it. That's why I assume eCryptFS.
At this point I am thinking, perhaps if I could figure out how Android derives the encryption key, and it's method of encryption. I could work some trickery decrypt those files. However through reading that link, I feel as if I have diminished hope. It would stand to reason that FS encryption would... encrypt the entire file system
Obviously I could still see the directory structure so the fat tables and all that good stuff was still clear text, so I wonder if the files were individually encrypted file system wide?
I need to pull some more info, I did some light googling and searched over these forums and didn't see much that was of any value.
Any input is great! Thanks
I have a Motorola Droid X. I was running Encryption on it via the built in Android encryption option. I assume the key was derived from the pattern lock? I did not specify anything when I encrypted my phone, so I assume the Android device used eCryptFS to encrypt the files on my phone using a key derived from my pattern lock? Anyone have any information on how Android encrypts it's files and how it derives it's key when using the built in encryption options?
I read through this article \h\t\t\p\:\/\/\source.android.com/tech/encryption/android_crypto_implementation.\h\t\m\l (sorry about the fake tags, forums didn't want me spamming the place up) and can glean SOME information off of it.
The reason I ask these questions, and what my situation is, is as follows,
I had encrypted my device sometime ago. SD card and NAND. I wanted to reset my phone for freshness back to factory default (no root, etc etc). So I plugged 'er in and copied off my dcim folder directory. I noticed that the image/video files from the date of encryption were not accessible etc etc. (due to the encryption i'm sure.) So I turned off the encryption on the device, it rebooted itself and did it's thing. Great. I figured my files were decrypted at this point. I copy off the DCIM folder and reset the phone, wipe everything, etc etc. Well whatdya know? In my brilliance I forgot to check the DCIM folder I copied off the second time to make sure I could check out my images. Still couldn't, still encrypted? I assume as such.
I copy the DCIM folder to the formatted SD card, hoping that if I use the same pattern lock and enable encryption, my phone could then access those files. No go.
So as it stands, I have a bunch of encrypted files. I carved the MSD card sometime ago using test disk, just for grins, and it pulled a bunch of eCryptFS files out of it. That's why I assume eCryptFS.
At this point I am thinking, perhaps if I could figure out how Android derives the encryption key, and it's method of encryption. I could work some trickery decrypt those files. However through reading that link, I feel as if I have diminished hope. It would stand to reason that FS encryption would... encrypt the entire file system
Obviously I could still see the directory structure so the fat tables and all that good stuff was still clear text, so I wonder if the files were individually encrypted file system wide?I need to pull some more info, I did some light googling and searched over these forums and didn't see much that was of any value.
Any input is great! Thanks
