Related
Good day all,
With all the hubub about airport security screening your phone I'm interested in an 'airport app'. Namely, as opposed to full encryption (meh good if needed, but I don't really want to trade battery life for security) or the hassle of backing up an image, flashing a virgin phone image for travel, and then restoring the image after travel..
Why not create a 'sandbox' app of sorts. Start it, it simulates virgin or near virgin status, have an advanced unlock sequence to close it. The only issue, I see, would be if the phone was restarted while in 'airport mode' could it be triggered to restart in said mode.
After typing out my whole idea, I'm thinking the backup and flash of virgin rom might be a lot simpler. But I'm interested if any other world travelers, or US travelers would be interested in something like this.
So I guess the question is, anyone else thought about this, anyone know of something similar out already? Anyone want to develop something like this?
~HattZ
Screening in X-rays? What does it have to do with anything?
Or some other screening (don't believe it's technically possible - too many phones)? Can you point to your info source?
I don't understand the point of this, it is not like they take your phone and play with it when you go through security. In fact, mine has never been removed from my carry on when passing through security.
Maybe you have some evidence to support your theory that our phones data is at risk when passing through security checkpoints... but I doubt it.
Are you in the US? 'cause 1) that never happened, and 2) that would be illegal (to search the content of your phone), unless they had reasonable suspicion that your phone contained data that showed evidence of criminal activity.
They might 'touch' some phones to make sure they are real (as in really work vs being a bomb or something), but they wouldn't search the content of your phone.
pconwell said:
Are you in the US? 'cause 1) that never happened, and 2) that would be illegal (to search the content of your phone), unless they had reasonable suspicion that your phone contained data that showed evidence of criminal activity.
They might 'touch' some phones to make sure they are real (as in really work vs being a bomb or something), but they wouldn't search the content of your phone.
Click to expand...
Click to collapse
Sorry, wrong answer, it is the US, most national travel is not submitted to this type of search. All international (incoming) travel can be.
Lots of interesting talk on it: http://yro.slashdot.org/story/10/11...r-Moxie-Marlinspikes-Laptop-Cellphones-Seized
Legal explanation: http://caselaw.lp.findlaw.com/data/constitution/amendment04/04.html
pertinent excerpt: "Border Searches .--''That searches made at the border, pursuant to the longstanding right of the sovereign to protect itself by stopping and examining persons and property crossing into this country, are reasonable simply by virtue of the fact that they occur at the border, should, by now, require no extended demonstration.'' 87 Authorized by the First Congress, 88 the customs search in these circumstances requires no warrant, no probable cause, not even the showing of some degree of suspicion that accompanies even investigatory stops."
A google search for "international travel us border checking laptops and phones" give about a million other examples, I'll throw a few below.
from Feb 12, 2008 (this isn't a new phenomenon, just getting more press)
http://www.pcworld.com/article/142429/five_things_to_know_about_us_border_laptop_searches.html
from 21 September 2009
http://www.mondaq.com/unitedstates/article.asp?articleid=86010
Don't like it? neither do I.
http://www.aclunc.org/issues/technology/blog/checking_your_privacy_at_the_border.shtml
ACLU excerpt (it's liberal, and slanted but a valid presentation of the worst case scenario): "Originally announced in July 2008, the current policy permits border agents to search electronic devices “absent individualized suspicion.” Agents may hold on to devices “for a reasonable period of time” to “review and analyze information.” In other words, border agents are legally able to take travelers’ information whenever they want at security checkpoints at airports or along the border, and hold on to it for as they long as they want. Agents may also copy information and send it off-site to be analyzed. The policy applies to all electronic devices, including computers, disks, hard drives, cell phones and cameras. Travelers have to be concerned about more than the possibility of security agents rifling through their belongings. Their private data might be compromised, erased, or kept indefinitely, and they don’t know how that data might be used."
Best I can say is nandroid + ext backup to your home computer, wipe phone before coming back into country, then recovery nandroid once you're back at home.
MaximReapage said:
Best I can say is nandroid + ext backup to your home computer, wipe phone before coming back into country, then recovery nandroid once you're back at home.
Click to expand...
Click to collapse
Yeah, sorta realized that or something similar would be the most efficient. I'm thinking even a step lazier, nandroid backup to SD, restore a stock rom / clear sim card, remove SD, maybe even backup to laptop (truecrypt FDE - custom error message at boot saying master boot record is corrupt)
walk out of security, pop in SD, start nandroid restore...
sigh.. a sandbox app would be sorta fun though.
If they have a right to detain your laptop, clone your HD and you have to submit all your passwords - it's kinda useless to try and protect the data somewhere on the computer, and it's better just to back it up on microSD hidden in the suitcase - no way it'll be detained.
Definitely keep a copy of it on your computer at home, though.
airplanemode anyone?
Or turn of your phone.
I know what will make it a quick transition through airport security when flying international..
Put some heavy encryption on my phone, obfuscate my data, and then pass it off with a flimsy cover program to make it look like there is nothing there. That way if they do find it, it's GITMO TIME.
Jack_R1 said:
If they have a right to detain your laptop, clone your HD and you have to submit all your passwords - it's kinda useless to try and protect the data somewhere on the computer, and it's better just to back it up on microSD hidden in the suitcase - no way it'll be detained.
Click to expand...
Click to collapse
meh, at the lower tier of airport security a custom boot message from a full disk encrypted truecrypt volume. "please insert windows disk" "cannot find master boot record" or similar.. and a sob story about how your laptop stopped working on vacation and when you get home you have a friend that you hope can fix it..
gets by most, it's not NSA at every checkpoint. it's just over min wage, uneducated, folks..
so backing it up to laptop, and tossing micro SD card in the bottom of a bag or in a jacket pocket.. will work just fine.
What Decryption does? I know that It boosts the performance, but what else it does?
digitLIX said:
What Decryption does? I know that It boosts the performance, but what else it does?
Click to expand...
Click to collapse
Although you will see a lower overhead in read/write operations of the device, I don't think you'd notice it all that much and there are fixes if rooted, to increase that.
The other thing it does, is to not encrypt your data. The reason I decrypt is I do not like my data encrypted. I backup all my data regularly and although any operation moving data off the device should decrypt it, I never truly trust this. What I dont want to do is end up with a pile of backed up data that didn't unencrypt properly. For most people this won't be an issue but working in IT support, I have had many run ins with encryption so I prefer not to use it... Also I do not want to have to enter any passcode at boot, because I run automated procedures that involve rebooting the phone over night. Sure, I could set not to have a passcode, but that makes all data accessible via android or recovery, which makes encryption pointless.
It's just personal preference really. There's no genuine need for you to decrypt
rootSU said:
Although you will see a lower overhead in read/write operations of the device, I don't think you'd notice it all that much and there are fixes if rooted, to increase that.
The other thing it does, is to not encrypt your data. The reason I decrypt is I do not like my data encrypted. I backup all my data regularly and although any operation moving data off the device should decrypt it, I never truly trust this. What I dont want to do is end up with a pile of backed up data that didn't unencrypt properly. For most people this won't be an issue but working in IT support, I have had many run ins with encryption so I prefer not to use it... Also I do not want to have to enter any passcode at boot, because I run automated procedures that involve rebooting the phone over night. Sure, I could set not to have a passcode, but that makes all data accessible via android or recovery, which makes encryption pointless.
It's just personal preference really. There's no genuine need for you to decrypt
Click to expand...
Click to collapse
Thanks, I also heard decryption boosts the boot time? My nexus 6's boot time takes like 30-60 seconds Is It normal?
digitLIX said:
Thanks, I also heard decryption boosts the boot time? My nexus 6's boot time takes like 30-60 seconds Is It normal?
Click to expand...
Click to collapse
Yes it will boost boot because read / write operations occur during boot and the OS has to "decrypt" whilst doing so... It's not technically decrypting them, but thats the simplest way of explaining it.
http://lmgtfy.com/?q=What+are+the+Differences+between+Decrypted+and+Encrypted?
rootSU said:
Yes it will boost boot because read / write operations occur during boot and the OS has to "decrypt" whilst doing so... It's not technically decrypting them, but thats the simplest way of explaining it.
Click to expand...
Click to collapse
Last question, once I decrypt is it gonna be for hackers easy to hack into my data? or I shouldn't be worrying about decrypting
Most custom kernels already include patches to speed up I/O reads on encryption to the point where having your device encrypted or decrypted would not be that significant in terms of noticeability.
Last question, once I decrypt is it gonna be for hackers easy to hack into my data? or I shouldn't be worrying about decrypting
Click to expand...
Click to collapse
I don't think that you have a clear understanding what encryption is or what it actually does, no offense. Encryption has nothing to do with "hackers" having a easier time hacking your data, it's about hackers obtaining your information and then being able to see all the file contents; whereas, if your device is encrypted even though the hackers obtained your data, they have to go through a decryption process in order to make the "stolen data" useful to them as the files will appear to be jibberish to them. The decryption process requires high level math computations in order to obtain private, public keys (depending on the encryption method being used) that can takes large amounts of computing time in order to obtain the values to decrypt the files.
No one is going to hack your data, Android and iOS made encryption enabled by default for mainly NSA purposes.
My suggestions to you OP is to just remain encrypted and use a custom kernel with encryption patches (Lean Kernel, Franco Kernel are one of the many that include these patches already) just to make your life easier.
digitLIX said:
Last question, once I decrypt is it gonna be for hackers easy to hack into my data? or I shouldn't be worrying about decrypting
Click to expand...
Click to collapse
Encryption won't protect you against remote hackers. If Android is running, it is already seeing your data as you gave it your encryption password.
zephiK said:
Most custom kernels already include patches to speed up I/O reads on encryption to the point where having your device encrypted or decrypted would not be that significant in terms of noticeability.
I don't think that you have a clear understanding what encryption is or what it actually does, no offense. Encryption has nothing to do with "hackers" having a easier time hacking your data, it's about hackers obtaining your information and then being able to see all the file contents; whereas, if your device is encrypted even though the hackers obtained your data, they have to go through a decryption process in order to make the "stolen data" useful to them as the files will appear to be jibberish to them. The decryption process requires high level math computations in order to obtain private, public keys (depending on the encryption method being used) that can takes large amounts of computing time in order to obtain the values to decrypt the files.
No one is going to hack your data, Android and iOS made encryption enabled by default for mainly NSA purposes.
My suggestions to you OP is to just remain encrypted and use a custom kernel with encryption patches (Lean Kernel, Franco Kernel are one of the many that include these patches already) just to make your life easier.
Click to expand...
Click to collapse
Not offended, I'm sorry for being stupid I totally have no clue about this kind of stuff.
This answered my question, Thank you for the help.
rootSU said:
Encryption won't protect you against remote hackers. If Android is running, it is already seeing your data as you gave it your encryption password.
Click to expand...
Click to collapse
Thanks.
digitLIX said:
Not offended, I'm sorry for being stupid I totally have no clue about this kind of stuff.
This answered my question, Thank you for the help.
Thanks.
Click to expand...
Click to collapse
You're not being stupid. Don't be rude to yourself.
Encryption was something that was considered very secretive back in the days. You can read about that in the history of encryption.
Sent from my Nexus 6 using Tapatalk
Faux Kernel also has patches to speed things up. Thanks for asking this stuff. its good to have all the info in one spot.
Just to add, encrypted data only really protects the data if someone has physical access to the device who doesn't have the password. If they cannot unlock the phone, you'd expect they could boot into recovery or whatever and get your data that way, but like @zephiK said if it is encrypted - that data is useless.
However to clear, it doesn't protect you against remote theft of the data. When you enter your password into the device, you're giving the OS permission to do what it nerds with the data. If you unlock the phone and start copying data elsewhere, as it leaves the device, it becomes decrypted. If some remote "hacker" had got you to install an application on your phone and your phone allows data to be copied off the device, the encryption is useless because as its moving off the device, its being decrypted.
But yeah, no one will be trying to get the data anyway.
Did anybody try to encrypt the z3compact? Is the performance hit noticeable or negligible?
I'm very fought about encrypting my phone. Would I lose the smartlock feature?
Thanks in advance
I encrypted it, including SD card. There is no visible impact I would say. I think PIN and password is the only unlock option after encryption, the biggest drawback for me is that you can't manage it with Sony Companion after encryption (as Sony did not manage to implement support it seems).
PIN and password are the only options available after encryption and you'll probably lose smartlock.
In KK at least performance was about the same. Though it did reduce my battery life...
i9300usr said:
I was curious to know if this was true with Sony Bridge too (Mac app), and I found this thread on the Sony forums. The Sony mods there insist that this is a choice by Sony to maintain security. Apparently none of them have heard of encrypted backups (à la iPhones). So, possible this will never be implemented.
Click to expand...
Click to collapse
It's not that important, ADB backups work and are more complete, only drawback is the time they take
i9300usr said:
I was curious to know if this was true with Sony Bridge too (Mac app), and I found this thread on the Sony forums. The Sony mods there insist that this is a choice by Sony to maintain security. Apparently none of them have heard of encrypted backups (à la iPhones). So, possible this will never be implemented.
Click to expand...
Click to collapse
i9300usr said:
So, just to make sure I understand you correctly: ADB allows users to make backups of encrypted Sony Xperia phones? Are the backups encrypted or unencrypted? And is the restore process straightforward?
Click to expand...
Click to collapse
Yes ADB allows you to make a full encrypted backup of your phone (including apps installation files). The restore process is straightforward as well but it's not as complete as say an iPhone backup. ADB might not be able to access some files, especially ADB might restore all your apps but not your launcher settings, folders, etc...
Even though the backup is encrypted, keep in mind that if you use a four digits code it can be bruteforced in less than 10s so encryption does not mean much in this regard.
difto said:
...Even though the backup is encrypted, keep in mind that if you use a four digits code it can be bruteforced in less than 10s so encryption does not mean much in this regard.
Click to expand...
Click to collapse
This is interesting. Are you referring to a code ADB requires or the code used on the phone? I use a pattern on the phone.
scottjb said:
This is interesting. Are you referring to a code ADB requires or the code used on the phone? I use a pattern on the phone.
Click to expand...
Click to collapse
If you encrypt your phone you cannot use the pattern anymore. The ADB password is the same as your phone password so either 4 digits or a real password.
difto said:
If you encrypt your phone you cannot use the pattern anymore. The ADB password is the same as your phone password so either 4 digits or a real password.
Click to expand...
Click to collapse
I have my phone encrypted and use a pattern. I was not required to change it to a PIN when I encrypted it.
That's why I asked, I wonder how ABD would handle the pattern.
You can transfert files when the phone is mounted as mass storage and unlocked, that's why Sony isn't consistent. You can also transfert files using a third party ftp server like es file browser.
I encrypted my phone last week. Not really noticed any difference in terms of general performance and battery life. One thing I hate is that if you fail to enter the correct password 10 times your phone gets wiped. I hate this because it just makes it easy for people to troll you and makes a thief's job easier because your essentially getting your phone ready to be sold on and also locking yourself out so it can't be tracked.
Another negative is startup takes forever but, you don't really reboot phones much anyway
i9300usr said:
Sounds like something I might actually use. Thanks for the feedback.
So, this is by default and can't be disabled by the user? Hmm, Apple's iOS at least makes the wipe optional.
So much this. Makes backing up your phone every day a necessity just in case. But then:
a) how many people are actually aware the wipe is mandatory for encrypted phones,
b) how many would be mean-spirited enough to actually do this,
and
c) how can people tell if your phone's encrypted?
I think the likelihood is low, but I guess that depends on the company you keep. But if it's that kind of company, you're probably wise enough to keep the phone in your possession all the time anyway.
Unless you're running 5.1, and have enabled "Device Protection" - if Google have actually implemented it? Did the promised "kill switch" actually make it to our phones?
How useful is the tracking anyway? Do the Police even care? I've read articles where the owners themselves had to retrieve their phones, and that can be a very tricky prospect.
Yup, very infrequently these days.
Well, this is all better than the non-existent encryption on my S3.
Click to expand...
Click to collapse
Sadly, no you can't disable the wipe after 10 failed attempts. Well I'm uni student and you know what some people are like when it comes to trolling! I don't think z3 compact has the device protection. Not mine anyway. The police should track it. Well I've heard they help here in the UK
I think it's better to go without encryption, root with locked bootloader and install Cerberus to system partition, and use a strong lock pattern or password.
No worries of 10 try wipes, more secure lockscreen options, and can still track the phone even after a factory reset (unless they reflash the entire system.)
cschmitt said:
I think it's better to go without encryption, root with locked bootloader and install Cerberus to system partition, and use a strong lock pattern or password.
No worries of 10 try wipes, more secure lockscreen options, and can still track the phone even after a factory reset (unless they reflash the entire system.)
Click to expand...
Click to collapse
I think there's a tendency to speak too lightly of rooting. It invalidates warranty, which is a big deal for a US$400–600 phone such as this. Even after the warranty expires, I think it places far too much responsibility on the user to solve any problems that may arise, which can be onerous if the phone actually serves a purpose (as opposed to being merely a prestige item, which I'm sure it frequently is).
Rooting is a nice concept, but it presents real-world problems that can entirely negate any benefits gained; it's not the panacea it purports to be.
Hello,
I'm a bit of desperate and I come here to XDA with the hope to find some useful advide. :crying:
I know you probably have read many posts like these, but if you will read mine I hope you will find it different because there are some technical things to be explained (interesting at least for me).
I've lost 99% of my photos and videos taken in July on my phone (64 GB Memory model).
I know I know I should have implemented some sort of backups whatsoever in the cloud or with a home NAS, but unfortunately for me I'm not that kind of guy. The Android built-in backup is also disabled.
What has really happened here I think that probably somehow my daughter has grabbed my phone and has played with it and has deleted about hundreds of photos and videos taken in July. Of her mainly! Never underestimate the damage capabilities of a toddler.
In the meanwhile I've taken lots of photos in August and used a phone a lot and also got the OTA update to Oxygen 4.1.7 / Android 7.1.1
Now I have found that most of July media files are missing!!!!
At the moment there are 25 GB used out of the whole 54 in the Internal Archive Memory as it seen on the Phone Setup.
I have bought DiskDigger Pro for Android but somehow it cannot find the right files all it finds are Whatsapp Images and other files. Does not really find the missing files which I suspect have been somehow deleted.
I think it needs root privileged to dig deeper but I don't understand why, in theory the files should be recoverable on the same partition as the DCIM folder. To my understanding the files should be marked as "deleted" in the same partition as where the DCIM folder is. But there is also this TRIM mechanism on the newer phones flash memories that confuses me.
Q1) Can you please clarify why this and all other media files recovery programs which seem to be a bit serious need root to recover missing media files?
So given as assumption that I need to root, I've read here and there and it seems that sometime ago for OP One that was the possibility to root without unlocking the boot loader. But if I unlock somehow all the data will be wiped. And I fear this will make any further software base recovery method like diskdigger or photorec hopeless even with elevated root privileges.
Q2) Can you confirm that I cannot root without unlocking the bootloader and therefore without wiping the device?
For your information I have also bought tonight a 100 USD root + files recovery package one oneclickroot but the agent promised to refund me after I told her the model of my phone (scary!).
Q3) I know a couple of things in Linux, do you think is it possible without root to create a raw image of the internal phone memory or the proper partitions with a tool such as "dd" ? Then I would process those raw images on a Windows or linux PC with file recovery software.
Q4) Do you think that the wiping caused by the bootloader unlocking will render any possible further diskdigger like solution without hope? Or should I go that way because the wiping is not so deep after all?
I don't know what to think, the fact that the phone is also encrypted makes me fear the worst. Maybe after the wiping it will get re-encrypted over.
Q5) Any advice in general before contacting kroll on track and pay thousands of dollar with the hope to recover?
Thanks a lot for any useful reply! I hope this topic will bring a definitive guide on how to recover files on unrooted oneplus 3t!
I can't answer all your questions here, however I can say with 100% confidence that you cannot root without unlocking bootloader. Some people claim of other methods, but keep away from them.
And there is nothing to be scared of when rooting OnePlus 3T if you follow the correct steps.
Are you sure that your daughter deleted those photos? How can she specifically delete photos taken in July? Do you have Google photos installed?
Aneejian said:
I can't answer all your questions here, however I can say with 100% confidence that you cannot root without unlocking bootloader. Some people claim of other methods, but keep away from them.
And there is nothing to be scared of when rooting OnePlus 3T if you follow the correct steps.
Are you sure that your daughter deleted those photos? How can she specifically delete photos taken in July? Do you have Google photos installed?
Click to expand...
Click to collapse
Thanks for your answer.
I'm not scared of rooting, as I have rooted other phones in the past. I'm ready to spend 1000USD and maybe even more to recover these media files and therefore I'm not really scared of rooting or bricking the device. What really scares me is that by
unlocking bootloader -> wiping -> rooting -> (new encryption of the filesystem ?)
I will render the deleted missing files completely unrecoverable.
I don't have google photos and I'm not 100% sure that my daughter has deleted the files. Maybe I've done a cut & paste which has not worked correctly on the phone as I've only 1 or 2 days of the beginning of July in my external hard drive. But it's more likely that my daughter has played with the gallery application on the phone.
I don't have a lock gesture or pin and my screen can be unlocked just by sliding, however it seems my phone is encrypted.
This encryption I don't know how it works and how it relates with the bootloader unlocking, if someone have more information I would be glad to hear.
And also I've done some more research and it seems impossible to perform a "dd" command of the partitions without first being superuser / root. ;-(
Regards,
Claudio
Did you try connecting your phone to the pc and use the programm recuva?
I managed to restore my files with it once
I can feel your pain of loosing those valuable moments of your daughter. I feel sorry that I can help you much with this.
In future, I suggest you to use Google photos which can automatically backup all your photos for free.
StarShoot97 said:
Did you try connecting your phone to the pc and use the programm recuva?
I managed to restore my files with it once
Click to expand...
Click to collapse
I don't think that recuva can do anything here. I am not allowed to past links here but as explained here
ht*ps://forums.androidcentral.com/ambassador-guides-tips-how-tos/500142-guide-recovering-deleted-files.html
and here
ht*ps://forum.xda-developers.com/galaxy-nexus/general/guide-internal-memory-data-recovery-yes-t1994705
Recuva can't do anything for internal memory.
But thanks for the hint!
Aneejian said:
I can feel your pain of loosing those valuable moments of your daughter. I feel sorry that I can help you much with this.
In future, I suggest you to use Google photos which can automatically backup all your photos for free.
Click to expand...
Click to collapse
One of the most affordable options I'm considering is this:
1) get another oneplus 3t
2) take some pictures and videos on it
3) delete those pictures and videos
4) root it
5) Install diskdigger to check if he can find anything after the wipe
I feel huge pain, my wife is also kindly pushing me. ^^
The problem ought to be that since this phone is force encrypted per default, unlocking the bootloader will destroy the encryption key for the previous installation won't it? Isn't that they point as to avoid anyone accessing your data by simply doing a factory restore and still keep the data in the internal storage. At least that's what I though, else where's the security of someone steals your phone.
Without that, any recovery software will just see rubbish when trying to recovery anything since it's encrypted.
pitrus- said:
The problem ought to be that since this phone is force encrypted per default, unlocking the bootloader will destroy the encryption key for the previous installation won't it? Isn't that they point as to avoid anyone accessing your data by simply doing a factory restore and still keep the data in the internal storage. At least that's what I though, else where's the security of someone steals your phone.
Without that, any recovery software will just see rubbish when trying to recovery anything since it's encrypted.
Click to expand...
Click to collapse
Thanks a lot, eventually some technical info on xda
If I lose my phone someone can use it and read everything because there is no lock, no pin, no gesture nothing. I would try a remote wipe via google android devices or something like that. Life is too short to unlock your phone every time you look at it even if it is via finger print!
This being said I've read year
ht*ps://source.android.com/security/encryption/full-disk
this paragraph among the others is not clear to me
Upon first boot, the device creates a randomly generated 128-bit master key and then hashes it with a default password and stored salt. The default password is: "default_password" However, the resultant hash is also signed through a TEE (such as TrustZone), which uses a hash of the signature to encrypt the master key.
You can find the default password defined in the Android Open Source Project cryptfs.c file.
When the user sets the PIN/pass or password on the device, only the 128-bit key is re-encrypted and stored. (ie. user PIN/pass/pattern changes do NOT cause re-encryption of userdata.) Note that managed device may be subject to PIN, pattern, or password restrictions.
Does this paragraph give me hope or not?
Thanks a lot for your interest! Sleepless nights go on here.
lallissimo said:
I know I know I should have implemented some sort of backups whatsoever in the cloud or with a home NAS, but unfortunately for me I'm not that kind of guy.
Click to expand...
Click to collapse
This is a really weak excuse. If the photos were that valuable to you, you should have been backing them up. There really is no excuse. Backup options are available that are effective, free, and require hardly any action on your part (aside form the initial setup - you've done more by disabling the default backup options).
Recovering deleted data is always a hit-or-miss proposition, at best. The longer you have the phone on, the higher the chance those memory sectors will be over-written. May have already happened.
---------- Post added at 10:53 AM ---------- Previous post was at 10:46 AM ----------
lallissimo said:
I'm not really scared of rooting or bricking the device. What really scares me is that by
unlocking bootloader -> wiping -> rooting -> (new encryption of the filesystem ?)
I will render the deleted missing files completely unrecoverable.
I don't have a lock gesture or pin and my screen can be unlocked just by sliding, however it seems my phone is encrypted.
This encryption I don't know how it works and how it relates with the bootloader unlocking, if someone have more information I would be glad to hear.
Click to expand...
Click to collapse
It doesn't matter. Unlocking the bootloader wipes all data on the phone by definition, regardless of whether it is encrypted or not. At least that is how it worked on previous Android devices I've owned, that did not have encryption by default. So I'd be willing to bet the same is try on the 3T.
lallissimo said:
I'm not 100% sure that my daughter has deleted the files. Maybe I've done a cut & paste which has not worked correctly on the phone as I've only 1 or 2 days of the beginning of July in my external hard drive. But it's more likely that my daughter has played with the gallery application on the phone.
Click to expand...
Click to collapse
I find it a little unlikely your daughter deleted all the photos. I don't see an easy way she could have done that to hundreds of photos, without an improbable number of screen taps. I'd use a good file explorer, and just keep digging. They might just be moved somewhere odd.
redpoint73 said:
This is a really weak excuse. If the photos were that valuable to you, you should have been backing them up. There really is no excuse. Backup options are available that are effective, free, and require hardly any action on your part (aside form the initial setup - you've done more by disabling the default backup options).
Recovering deleted data is always a hit-or-miss proposition, at best. The longer you have the phone on, the higher the chance those memory sectors will be over-written. May have already happened.
Click to expand...
Click to collapse
Thank you for the interest in my thread I really appreciate it.
I know a things or two about backups and I see your point. There is an ancient Chinese proverb saying something like this: Backup is that thing that should have done before.
However, being on xda I'd like to keep the discussion on a technical level if possible.
If you have any information or links on the way the internal memory is managed at physical level I'd like to discuss about it. As far as I know in order to extend the duration of this solid state memories the system makes his best to write on the blocks the least possible. I don't think I have already overwritten all the blocks of the internal memory. We'll see.
It doesn't matter. Unlocking the bootloader wipes all data on the phone by definition, regardless of whether it is encrypted or not. At least that is how it worked on previous Android devices I've owned, that did not have encryption by default. So I'd be willing to bet the same is try on the 3T.
Click to expand...
Click to collapse
I'm almost sure that the wiping does not scrape the memory with all 0 and 1. That would take really a lot of time and also that would reduce the duration of the memory.
Take a look here for example
h*tps://www.krollontrack.co.uk/blog//top-tips/what-you-need-to-know-about-androids-factory-reset-function/
so my real enemy here is encryption.
I find it a little unlikely your daughter deleted all the photos. I don't see an easy way she could have done that to hundreds of photos, without an improbable number of screen taps. I'd use a good file explorer, and just keep digging. They might just be moved somewhere odd.
Click to expand...
Click to collapse
You could be right, still I need to be root to dig deeper.
lallissimo said:
I'm almost sure that the wiping does not scrape the memory with all 0 and 1. That would take really a lot of time and also that would reduce the duration of the memory.
Take a look here for example
h*tps://www.krollontrack.co.uk/blog//top-tips/what-you-need-to-know-about-androids-factory-reset-function/
so my real enemy here is encryption.
Click to expand...
Click to collapse
This is just wishful thinking. That article sounds really paranoid to me. Whatever method the system is using to "scramble" the data is going to put it out of the realm of the cheap, consumer data retrieval tools (as you've pretty much already experienced). The article states:
A recovery is possible by looking at the data structures from a low-level and using specialist tools to recreate the data into a useable format
We aren't talking about free or $5 Android apps here. We're probably talking about specialist software that costs thousands of dollars. Yes, technically data is almost always retrievable. Law enforcement has tools that can retrieve "ghost" data images even after being overwritten multiple times. But such tools are feasible for consumers from a cost/benefit standpoint.
redpoint73 said:
This is a really weak excuse. If the photos were that valuable to you, you should have been backing them up. There really is no excuse. Backup options are available that are effective, free, and require hardly any action on your part (aside form the initial setup - you've done more by disabling the default backup options).
Recovering deleted data is always a hit-or-miss proposition, at best. The longer you have the phone on, the higher the chance those memory sectors will be over-written. May have already happened.
---------- Post added at 10:53 AM ---------- Previous post was at 10:46 AM ----------
It doesn't matter. Unlocking the bootloader wipes all data on the phone by definition, regardless of whether it is encrypted or not. At least that is how it worked on previous Android devices I've owned, that did not have encryption by default. So I'd be willing to bet the same is try on the 3T.
I find it a little unlikely your daughter deleted all the photos. I don't see an easy way she could have done that to hundreds of photos, without an improbable number of screen taps. I'd use a good file explorer, and just keep digging. They might just be moved somewhere odd.
Click to expand...
Click to collapse
redpoint73 said:
This is just wishful thinking. That article sounds really paranoid to me. Whatever method the system is using to "scramble" the data is going to put it out of the realm of the cheap, consumer data retrieval tools (as you've pretty much already experienced). The article states:
A recovery is possible by looking at the data structures from a low-level and using specialist tools to recreate the data into a useable format
We aren't talking about free or $5 Android apps here. We're probably talking about specialist software that costs thousands of dollars. Yes, technically data is almost always retrievable. Law enforcement has tools that can retrieve "ghost" data images even after being overwritten multiple times. But such tools are feasible for consumers from a cost/benefit standpoint.
Click to expand...
Click to collapse
If someone has more technical information about the encryption part I'll gladly look at it.
As far as wiping is concerned I have given a quick look at the source code, so for example here:
https://www.pentestpartners.com/sec...ta-from-wiped-android-devices-a-how-to-guide/
and if this is still what's inside my android phone I'm sure that mkfs.ext4 is nothing to fear when you need to recover data.
Problem for me is encryption, but yest I'm considering expensive solutions too. Just for the sake of the technical satisfaction, of course.
So need a little help. I have an identified attacker on my phone who has injected spyware which is actively listening to all conversations, reading messages in real time, has access to all apps and full access to the phone. Essentially its an illegal wire tap thats able to view and listen to what i am doing. My question is this, can i clone my phone with all the data on to a thumb drive? Reason i have to turn over the phone to the local police for forensic examination and id rather just give a copy then my personal phone. 2. Is there a way to isolate the program to stop the massive leak without totally wiping my phone? Thanks for your help, I know this is an odd question and a little off the norm any help is deeply appreciated.
Nuke it now.
Change Google and all account passwords after reloaded.
In the future be careful what you install and download or you'll be doing this again!
blackhawk said:
Nuke it now.
Change Google and all account passwords after reloaded.
In the future be careful what you install and download or you'll be doing this again!
Click to expand...
Click to collapse
cant i have to give the information to the police here, long story but the person who did the attack is involved in criminal activities im witness to and my phones going to be evidence. so i need all of the data on my phone to be transfered either to another device or to a thumb drive , after that i can nuke the phone
Kjharahuc said:
cant i have to give the information to the police here, long story but the person who did the attack is involved in criminal activities im witness to and my phones going to be evidence. so i need all of the data on my phone to be transfered either to another device or to a thumb drive , after that i can nuke the phone
Click to expand...
Click to collapse
Well take it offline and backup the data. It should already be backed up though.
That data may have been tainted too.
Your biggest issue is you don't know how or by what it was infected.
Keep the phone completely disconnected from the carrier/internet until it's reloaded.
At this point it is a 100% liability.
blackhawk said:
Well take it offline and backup the data. It should already be backed up though.
That data may have been tainted too.
Your biggest issue is you don't know how or by what it was infected.
Keep the phone completely disconnected from the carrier/internet until it's reloaded.
At this point it is a 100% liability.
Click to expand...
Click to collapse
absolutly 100% agree, i cannot use the twrp backup since the phone has another user on it. I get an error due to the inability to decrypt the data. So im hoping imiging the phone over to a SSD that i can then turn into the police will be effective enough. I was able to identify several folders that are not mine or have anything to do with the apps on my phone so they should be able to do the same. To bad there isnt a way to tunnel back through and gain access on the other side of the leak.
The only things I be concerned with be securing the data, accounts and getting it operational.
I be done with it in under a day.
blackhawk said:
The only things I be concerned with be securing the data, accounts and getting it operational.
I be done with it in under a day.
Click to expand...
Click to collapse
Im just waiting for the SSD to arrive to transfer all the data the accounts have already been secured on another device
Don't transfer to another Android platform...
Verify the data is readable and all there.
I've wiped the os a total of 6 times and putting the phone into hard brick once it still is leaking and I can't stop it