Hi all,
My problem is the following: my phone's screen is dead, the phone has full disk encryption turned on, I know the password, I need to retrieve data on it and I have an encrypted back up.
The phone is a Samsung Galaxy S7. I cannot access files by plugging the phone into my computer as I can't unlock the phone without the help of the screen. USB debugging is not enabled.
I have a recent backup of the files made with Samsung's Smart Switch. However, all apk files as well as most files are saved as "enc." files and not readable decrypted files.
I have tried using gpg and openssl tools to decrypt those files individually with the FDE password of the phone without any success.
What are my options to A) either access my phone's content without the use of the screen B) or decrypt those encrypted backed up files I have given that I know the phone's password?
Thanks
Related
Hi,
I'm trying to create a desktop (java based) application that extracts SMS from an android device and prints the SMS onto a relational database. I just have a few questions......
/*Answer Found*/
After research I found out that the SMS are stored in a database. I've been pointed in various directions, but the most common is directory is com.android.provider.telephony.SMS although I can't actually find it on my phone. My phone is rooted and I'm looking for the file using a "File manager" app from the Play store.
So my first question would be "Where is the SMS database stored"? I'm assuming it's the same place for all phones as long as it's android based. Please correct me if I'm wrong......
I'm aware the database will be encrypted. Does anyone know what type of encryption is on the database, and if so - is it easy to crack?
Thanks in advance,
Wazza
Update: OK - So it turns out the file explorer I was using was a bit......naff. I've downloaded another and am now able to see the relevant DB.
My idea was to run the developers USB debugging mode onto the computer and extract the DB like that - However, the folders / files being shown when it's plugged into the PC are those on the SDCARD. (I believe this is the level above root?).
Update 2: Seems as if I jumped the gun posting this topic. A few more hours research and I've got to where I need to be.
For those who don't know - this is how I did it.
Plugging your phone into the PC and selecting USB Debugging mode temporarily disables the "SDCARD" on your phone so you can't tamper with it whilst uploading files via the PC.
I downloaded a file manager that allows the user to view root access files / folders. I then found the mmssms.db, copied it and pasted it into a folder on the "SDCARD". I was then able to plug the phone into USB Debugging mode and transfer the database file from the phone onto my desktop.
My next challenge is viewing the database. As started in the OP, I'm aware the database is most likely encrypted. How would I go about breaking this encryption and viewing it on a database.
:good:
If you want to make backup of SMS, just use SMS Backup & Restore. It will export your database to xml file.
przemcio510 said:
If you want to make backup of SMS, just use SMS Backup & Restore. It will export your database to xml file.
Click to expand...
Click to collapse
Thanks przemcio but I'm doing it as a project. I don't want the easy way around
Hey there,
Recently my Galaxy S3 fell to the floor and the display broke. Now I'm desperatly trying to recover all of my data from the internal phone memory. The memory has 16gb in total, but when i copied it to my hard disk drive i could only copy 2gb. It seems that the camera folder (DCIM) is the only folder taht has been completely restored. Is it possible that all other folders are pin locked? Or is it more likely that the storage is broken? Anyway, what i really need to recover is the phone calendar, since not all entries had been synced with google calendar. I can't find ANY calendar file on the internal storage, and i've searched most common places (data/data/android.provider.calendar etc.). My research showed taht the only way to access the phone with recovery apps is when the debug mode has been activated. Since the display is broken there's no way for me to activate it.
In short, my questions:
- Why can I see only some of the internal storage? (2/16GB) -> broken or locked?
- do you have any idea how i can restore the phone calendar since there doesn't seem to be any calendar file?
- is there a way to activate the Debug mode with a broken screen?
I consider buying a new display just to be able to access the files. But since i don't want to waste any money i need to be 100% sure that this works. But the fact that i've only been able to copy 2GB from the internal storage and that i dont seem to find the calendar files makes me doubt that this will help at all.
additional info: I'm accessing the phone via USB cable without a sim card.
Thanks for any help.
Edit:
I also tried connecting the phone to Kies (i never used Kies before) by activating the "download mode" on the phone by pressing some buttons at the same time when turning the phone on. Kies seems to recognize something but it just keeps on saying "connecting to phone..." for hours. I take this as another indication that the phone might be broken beyond the display.
Edit2:
I found this:
inaccessible folders: folders you won't see due to lacking permissions, e.g. those in /data. To protect your apps' data, those folders belong to the corresponding application, and are only accessible by the app (in the context of file-permissions; please see the tag's wiki for closer information on those). To make those visible, you need root access on your device, and a file explorer supporting that (e.g. ES File Explorer)
Click to expand...
Click to collapse
Is there any way i can get root access to the phone with a broken display?
I've seen some threads about accessing the WhatsApp messages backup database files on iPhone, Android and older Windows Phone versions (7.x). However, none of the methods seem to be compatible with the WhatsApp messages backup database file found on Windows Phone 8.1. I am looking for a way to either extract/decrypt or restore an older messages backup database. Tried so far:
- Place messages.db file on SD card and reinstall WhatsApp. WhatsApp does NOT find the backup on installation. It only restores the most recent chats (not the ones from the backup file)
- Tried available tools for iPhone/Android (Python scripts with crypto 5/7/8). Database format is incompatible
- Tried opening the database file directly in Microsoft Access, SQLite Browser. Unrecognized file format
- Tried the Zune/WP Device Manager approach. Seems to work only with Windows Phone 7.x, Windows Phone 8 is not seen by the tool
- Tried Windows Phone Power Tools to access Isolated Storage for the WhatsApp app, but access to an apps isolated storage is not possible in Windows Phone 8 anymore.
- Tried the WhatsApp Xtractor, but it contains the same iPhone/Android python scripts that don't work with the Windows Phone version
- Even tried asking WhatsApp support directly, but they have not given any response yet
Can any WhatsApp / encryption wizard please help me out. I am more than willing to reward/tip you for it if the solution works!
i have the same problem ,pls pls pls tell me about the solution thx
Given that you already enabled full FS access on your phone or have control over an app wich has the ID_CAP_OEMPUBLICDIRECTORY capability, you can extract the unencrypted sqlite database from C:\Data\SharedData\OEM\Public\WhatsApp.
The structure of the database is quite complex (I suppose it grew over the years), but not too hard to understand.
However, I have no experience in using this mechanism as a backup/restore solution.
Source: blackhat . com/docs/ldn-15/materials/london-15-DeFulgentis-Witchcraft-For-Windows-Phone-Breakers.pdf page 68f
Sorry for broken link, I'm a new member.
I realize this is a pity, I want the Microsoft support seriously and updating applications
If you do not want to unlock / flash your phone in order to enable the full FS unlock, you can try the hack as shown in the Blackhat slides posted above.
It works by replacing an apps' core files with your own, but keeping the capability restrictions of the original app. (Use http://forum.xda-developers.com/win...p-customwpsystem-patch-xaps-wpsystem-t2975419 for example)
So just target an app with ID_CAP_OEMPUBLICDIRECTORY, deploy your custom payload and use it to copy the WhatsApp files somewhere.
Given the full FS access, is there any way to access the Whatsapp key file like on Android. That's what you would need to access the backup files instead of the unencrypted current message database, which is easily opened as SQLite database?
Hello ... I'm new here ... just wondering if there is any answer to this question ... I know it's not a recent discussion, but I really need some help from you guys. I have a wp where whatsapp is installed, but it's asking for verification and I dont have no more the sim card related to that account ... I saw chats, but then I made a huge mistake (opened whatsapp while I was online) and now I cannot access to those anymore ... I have messages.db but I'm unable to retrieve the key to decrypt that ... there are tons of posts about similar issue on android or IOS, but I need the same for WP ... is it something someone can drive me through? Thanks a lot in advance
If your phone has the Full-FS-Unlock enabled you can get the unencrypted databases at C:\Data\Users\DefApps\APPDATA\Local\Packages\5319275A.WhatsApp_cv1g1gvanyjgm\LocalState (or similar package name).
Or you can get unencrypted backups from C:\Data\SharedData\OEM\Public\WhatsApp
Or you can use a interop-unlocked File Manager App
jumpz said:
If your phone has the Full-FS-Unlock enabled you can get the unencrypted databases at C:\Data\Users\DefApps\APPDATA\Local\Packages\5319275A.WhatsApp_cv1g1gvanyjgm\LocalState (or similar package name).
Or you can get unencrypted backups from C:\Data\SharedData\OEM\Public\WhatsApp
Or you can use a interop-unlocked File Manager App
Click to expand...
Click to collapse
The files in C:\Data\SharedData\OEM\Public\WhatsApp seem to be encrypted as well … Or can you just not open them with a standard SQLite viewer?
weaselmc said:
The files in C:\Data\SharedData\OEM\Public\WhatsApp seem to be encrypted as well … Or can you just not open them with a standard SQLite viewer?
Click to expand...
Click to collapse
No, these files are indeed encrypted.
The winwazzapmigrator software did a good job migrating my database to a new android phone.
Tool to access file system on Windows 8.1 mobile
jumpz said:
If your phone has the Full-FS-Unlock enabled you can get the unencrypted databases at C:\Data\Users\DefApps\APPDATA\Local\Packages\5319275A.WhatsApp_cv1g1gvanyjgm\LocalState (or similar package name).
Or you can get unencrypted backups from C:\Data\SharedData\OEM\Public\WhatsApp
Or you can use a interop-unlocked File Manager App
Click to expand...
Click to collapse
Can anyone help me with a tool to access the file system where app files are stored on a windows 8.1 mobile?
me too
PritiM said:
Can anyone help me with a tool to access the file system where app files are stored on a windows 8.1 mobile?
Click to expand...
Click to collapse
I do have the same request...
Interested in pulling all the data off of a Pixel XL that has a broken screen. It lights up in some places, but doesn't respond to touch. The fingerprint on the back responds but since the phone has been restarted, it requires a keypin. I have all google cloud/backup services disabled.
Is there a way I can manipulate the screen with a dev kit or other software while it's connected to my PC? I know the pin, obviously, but I can't enter it to enable file transfer for USB.
Thanks
@garrisonxci
If ADB ( read: USB debugging ) is enabled on phone, then several PC tools are available to bypass and/or even remove FRP lock via ADB, e.g TenorShare 4ukey.
jwoegerbauer said:
@garrisonxci
If ADB ( read: USB debugging ) is enabled on phone, then several PC tools are available to bypass and/or even remove FRP lock via ADB, e.g TenorShare 4ukey.
Click to expand...
Click to collapse
4ukey deletes all data from the device, that doesn't help at all but I appreciate your reply.
garrisonxci said:
Interested in pulling all the data off of a Pixel XL that has a broken screen. It lights up in some places, but doesn't respond to touch. The fingerprint on the back responds but since the phone has been restarted, it requires a keypin. I have all google cloud/backup services disabled.
Is there a way I can manipulate the screen with a dev kit or other software while it's connected to my PC? I know the pin, obviously, but I can't enter it to enable file transfer for USB.
Thanks
Click to expand...
Click to collapse
I've heard of the apps called "Broken Android Data Extraction"
I think it made for recover the data of the broken android phone. Hope this one will help!
Techguy455 said:
I've heard of the apps called "Broken Android Data Extraction"
I think it made for recover the data of the broken android phone. Hope this one will help!
Click to expand...
Click to collapse
This is for Samsung phones only and it costs money. This doesn't help either, but thanks for your reply
b u m p
Actually you would need to disassemble the device and to a JTAG to the eMMC. It does cost money to get everything and some skill is required as it's no easy task. Any other method may be troublesome trying to retrieve data
Recently, I don't know why but a message popped up asking me to enter an alphabetic password even though I didn't set any. To unlock the phone I had: fingerprint, face and 4 digit PIN.
I was hoping that after a reboot it would not require an alphabetic password just the 4-digit PIN (only the numeric keypad was displayed) as always, unfortunately there is a message: "Password Must Be Entered After Device Restarts".
OnePlus service said that if I send the phone to them they will still clear it of data.
After connecting to the computer, the commands:
adb devices
fastboot devices
Click to expand...
Click to collapse
don't detect the phone, whether in normal mode or recovery mode.
Is there any way to recover at least some of the data before I do the format? Or is there any tool that will bypass entering the password ?
A data recovery specialist might be able to.
Always back up critical data redundantly, regularly to multiple hdds that are physically and electronically isolated from each other and the PC. At the very least use a OTG flashstick. If you had an encrypted SD card used as a data drive you probably still have access. SD card slots are far for obsolete but Android is becoming less usable by the year. Thanks Gookill.
I just send it in...