[Replicant] stuck on startup

Fil Lupin fillupin at protonmail.com
Wed Sep 1 11:31:47 UTC 2021 

Hello,
after reading the docs, especially NIST and Samsung, I realized that encryption follows the same standard described so it should be seen the same way other phone are seen.
I tried again to decrypt the phone and it works!

I'll look at the few apps I installed before the crash to identify if one of them causes the crash.

Thank you again for the docs links,

- Fil Lupin.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Wednesday, August 4th, 2021 at 9:52 PM, Fil Lupin via Replicant <replicant at osuosl.org> wrote:

> On Tuesday, August 3rd, 2021 at 1:16 AM, Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org wrote:
>
> > On Mon, 02 Aug 2021 17:07:12 +0000
> >
> > The issue as I understand is that these Android versions uses dm-crypt,
> >
> > and it's up to the vendor to use that interface in the way they want.
> >
> > So as I understand, because of that, there is some variations in the key
> >
> > derivation algorithm between devices and vendors.
> >
> > Here I hope that we are in some generic case.
> >
> > In Replicant 6.0, the key derivation algorithm cannot use
> >
> > knox/TrustZone because Wolfgang disabled the mobicore driver (for
> >
> > obvious freedom, privacy and security reasons), so even if some drivers
> >
> > still (have to) use TrustZone, userspace can't.
> >
> > So even if mobicore is enabled in the Replicant 4.2 kernel, the
> >
> > probability of it being used for key derivation is low.
>
> Indeed, I didn't see the remark page 21 of Thomas Cannon : "Samsung has their own key management module"
>
> Using android-encryption, I got the following output :
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Decrypted Data : 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
>
> 000000000000000000000000000000000000000000000
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> In https://github.com/viaforensics/android-encryption/blob/master/screenshots/6_decrypted-compare.png first bytes seems to be non-zero and are followed by zeros.
>
> My output is only composed by zero...
>
> > > I also tried http://github.com/sogeti-esec-lab/android-fde which
> > >
> > > allows to launch `./decrypt.py USERDATA.img metadata output/DATA` to
> > >
> > > put decrypted_data in `output/DATA`. Then I do not succeed to mount
> > >
> > > it. Do you have any idea how to do this?
> >
> > If that created a file, you could try to see if you can see things
> >
> > inside the file, or about the file, for instance with photorec, strings,
> >
> > or file.
>
> I can't find any readable string with Photorec or reading first bytes of file.
>
> > Normally the following should work for partitions:
> >
> > > $ mkdir mnt
> > >
> > > $ sudo mount -o loop file.img ./mnt
> >
> > So if that doesn't work, maybe something else is wrong.
>
> Sadly, I got an error: "mount: XXX: wrong fs type, bad option, bad superblock on /dev/loop1, missing codepage or helper program, or other error"
>
> I'll try to see how the key can be managed by Samsung.
>
> -   Fil Lupin.
>
> Replicant mailing list
>
> Replicant at osuosl.org
>
> https://lists.osuosl.org/mailman/listinfo/replicant

More information about the Replicant mailing list