July 25th, 2018, 9:26
July 25th, 2018, 12:23
omi786 wrote:Hello folks,
Is there any way to decrypt the contents of an ""encrypted Android SD card". The encryption is done through the android internal encryption process.
The phone is broken. Anyone managed to solve any similar case?
Any help or leads on this will be appreciated. Thanks
Regards,
Omi
July 25th, 2018, 15:09
July 25th, 2018, 16:06
einstein9 wrote:omi786 wrote:... and the most important question, Forensic case or just silly customer looking for some photos/contacts (budget?)
July 25th, 2018, 17:26
einstein9 wrote:omi786 wrote:Hello folks,
Is there any way to decrypt the contents of an ""encrypted Android SD card". The encryption is done through the android internal encryption process.
The phone is broken. Anyone managed to solve any similar case?
Any help or leads on this will be appreciated. Thanks
Regards,
Omi
Your Question is not fully clear here... or can say not providing enough info.
Phone Model?
Android ver.? (if you know)
Formatted phone?
Phone can be repaired or totally toasted?
and the most important question, Forensic case or just silly customer looking for some photos/contacts (budget?)
I know few close friends experts from some part of the world who enjoy doing such cases but you will need to pay (well i mean)
but if you Think someone will answer this question for FREE then am telling you you will never find him (and if you do please let me know)
good luck
July 25th, 2018, 17:42
July 26th, 2018, 2:48
rogfanther wrote:the reason for the questions about the phone is because fixing the phone may be the easiest/cheapest solution to the problem.
Otherwise, a good amount of $$ will need to change hands.
July 26th, 2018, 5:40
omi786 wrote:rogfanther wrote:the reason for the questions about the phone is because fixing the phone may be the easiest/cheapest solution to the problem.
Otherwise, a good amount of $$ will need to change hands.
Yes i got what you are pointing at. But lets "assume" the mobile pcb board is fried/or the phone has been factory reset. Is there any possibility for decryption?
As far as i know the user password encrypts ----> the master password which -----> encrypts the user data on the SD card. Now the question is, is there any way around to get it, apart from the Bruteforce (maybe)? and what if we DUMP the Mobile phone's EMMC contents? would we be able to get the master key in some partition?
Regards
July 31st, 2018, 2:41
August 4th, 2018, 11:07
einstein9 wrote:omi786 wrote:rogfanther wrote:the reason for the questions about the phone is because fixing the phone may be the easiest/cheapest solution to the problem.
Otherwise, a good amount of $$ will need to change hands.
Yes i got what you are pointing at. But lets "assume" the mobile pcb board is fried/or the phone has been factory reset. Is there any possibility for decryption?
As far as i know the user password encrypts ----> the master password which -----> encrypts the user data on the SD card. Now the question is, is there any way around to get it, apart from the Bruteforce (maybe)? and what if we DUMP the Mobile phone's EMMC contents? would we be able to get the master key in some partition?
Regards
I think that Most Pro. in any field MUST diagnose it again and re-evaluate, for some people (experts) it might be beyond repair, but for others ITS NOT and CAN BE FIXED
honestly, i saw and met real experts i mean repair experts doing the impossible and it all depends on $$$ (budget) and how important is the data
Back to the main subject, to answer your question If you Encrypt the MicroSD via android and by some how you factory reset the phone then it means the Enc. Key is gone/changed
i got to know that some experts claim to recover it back if the phone is not touched after (its possible in theory and few talks about it,, join the club).
Conclusion:
If you or your client are not going to pay then i wish you good luck with this case
its not going to be easy,, but again not impossible.
good luck
August 4th, 2018, 11:08
datahaze wrote:Older versions of android used LUKS encryption, most any Linux distro can unlock it and then you can make an image with dd/ddrescue. Newer versions have a different scheme but there's tools for reading that as well, though I can't think of any off the top of my head.
Powered by phpBB © phpBB Group.