[Replicant] stuck on startup

Fil Lupin fillupin at protonmail.com
Wed Aug 4 21:52:41 UTC 2021 

On Tuesday, August 3rd, 2021 at 1:16 AM, Denis 'GNUtoo' Carikli <GNUtoo at cyberdimension.org> wrote:

> On Mon, 02 Aug 2021 17:07:12 +0000
>
> The issue as I understand is that these Android versions uses dm-crypt,
>
> and it's up to the vendor to use that interface in the way they want.
>
> So as I understand, because of that, there is some variations in the key
>
> derivation algorithm between devices and vendors.
>
> Here I hope that we are in some generic case.
>
> In Replicant 6.0, the key derivation algorithm cannot use
>
> knox/TrustZone because Wolfgang disabled the mobicore driver (for
>
> obvious freedom, privacy and security reasons), so even if some drivers
>
> still (have to) use TrustZone, userspace can't.
>
> So even if mobicore is enabled in the Replicant 4.2 kernel, the
>
> probability of it being used for key derivation is low.

Indeed, I didn't see the remark page 21 of Thomas Cannon : "Samsung has their own key management module"

Using android-encryption, I got the following output :
---
Decrypted Data : 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
---
In https://github.com/viaforensics/android-encryption/blob/master/screenshots/6_decrypted-compare.png first bytes seems to be non-zero and are followed by zeros.
My output is only composed by zero...


> > I also tried http://github.com/sogeti-esec-lab/android-fde which
> >
> > allows to launch `./decrypt.py USERDATA.img metadata output/DATA` to
> >
> > put decrypted_data in `output/DATA`. Then I do not succeed to mount
> >
> > it. Do you have any idea how to do this?
>
> If that created a file, you could try to see if you can see things
>
> inside the file, or about the file, for instance with photorec, strings,
>
> or file.

I can't find any readable string with Photorec or reading first bytes of file.

> Normally the following should work for partitions:
>
> > $ mkdir mnt
> >
> > $ sudo mount -o loop file.img ./mnt
>
> So if that doesn't work, maybe something else is wrong.

Sadly, I got an error: "mount: XXX: wrong fs type, bad option, bad superblock on /dev/loop1, missing codepage or helper program, or other error"

I'll try to see how the key can be managed by Samsung.

- Fil Lupin.

More information about the Replicant mailing list