[Replicant] stuck on startup

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Tue Aug 3 01:17:19 UTC 2021


On Mon, 02 Aug 2021 17:07:12 +0000
Fil Lupin via Replicant <replicant at osuosl.org> wrote:

> Hi,
> I tried https://github.com/viaforensics/android-encryption/
> You need to get /efs/metadata in recovery mode, and then define
> header_file to this file, and encrypted_partition to the image done
> as suggested in
> https://redmine.replicant.us/projects/replicant/wiki/BackupTheDataPartition#Backing-up-the-data-partition
> However, the second soft seems more complete.
The issue as I understand is that these Android versions uses dm-crypt,
and it's up to the vendor to use that interface in the way they want.

So as I understand, because of that, there is some variations in the key
derivation algorithm between devices and vendors.

Here I hope that we are in some generic case.

In Replicant 6.0, the key derivation algorithm cannot use
knox/TrustZone because Wolfgang disabled the mobicore driver (for
obvious freedom, privacy and security reasons), so even if some drivers
still (have to) use TrustZone, userspace can't.

So even if mobicore is enabled in the Replicant 4.2 kernel, the
probability of it being used for key derivation is low.

> I also tried http://github.com/sogeti-esec-lab/android-fde which
> allows to launch `./decrypt.py USERDATA.img metadata output/DATA` to
> put decrypted_data in `output/DATA`. Then I do not succeed to mount
> it. Do you have any idea how to do this?
If that created a file, you could try to see if you can see things
inside the file, or about the file, for instance with photorec, strings,
or file.

Normally the following should work for partitions:
> $ mkdir mnt
> $ sudo mount -o loop file.img ./mnt

So if that doesn't work, maybe something else is wrong.

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20210803/ee6be60e/attachment.asc>


More information about the Replicant mailing list