Score:0

How can I go about decrypting some files that were most likely encrypted using android's file-based encryption?

kr flag

I am looking to try and decrypt some files from a phone that I no longer have. I've tried to provide some background information here for context purposes.

The files in question were backed up from an Android phone running Android One (technically they are from an SD card (which I still have, but formatted) which was used as internal storage) before it was sent for repair (and was subsequently stolen - another story, although it had already been factory-reset by that point). Fool that I was, I didn't check if the files I'd copied off of it were readable before resetting the phone, and have come to realise that they appear to be encrypted.

I do have unencrypted versions of quite a few of these files (music, videos and some documents), however there are some other files on the phone that are not replaceable which I wish to try and decrypt.

From some cursory reading online, using unencrypted versions of things to reveal the encryption details of the encrypted version is apparently known as a plain-text attack, and it looks like modern encryption algorithms are designed to not be vulnerable to this, however I am hoping that the unencrypted files, in combination with the other information I have, may be of use.

I also have the unlock code of the phone which (from reading online) I believe would have been used to derive the encryption key.

TLDR What I have:

  • SD Card Disk image (created with TestDisk when the SD card was not in the phone, ie it wasn't browseable) of the encrypted SD card (no files accessible, presumably full disk encryption). (I suspect this won't be helpful, but list it in case it is).
  • Files and folders (with unencrypted file names but encrypted contents) that I manually copied off of the SD card.
  • Unencrypted versions of quite a few of the files that were on the phone.
  • The unlock code that was used for the phone at the time.

Additional information

I believe the file encryption situation came about as a result of some sort of quirk when updating to Android 11, which I have read about online (eg here) - the phone updated to Android 11 only a day or so before I copied the files off. It was apparently possible to resolve this issue by where telling the phone to re-encrypt the SD Card, however that obviously isn't an option here (I wasn't aware of the problem until it was too late).

The question

What can I do to try and decrypt these files? I'm aware that such processes can take time, and I am prepared to try and do the necessary work to accomplish this (research, coding, etc), if this task is at all possible.

As the phone was running Android One, the source code for what it used to encrypt stuff should (I think) all be publicly available (from here), which may help. I work as a software developer, but have no experience working with Android or cryptography (beyond comfortable .NET abstractions), so lack the knowledge to know what and where I need to search for, or even where to start.

Why I posted here

I was unsure which StackExchange site to post to (Android, Security or Cryptography). I went for the Cryptography one in the end because I believe that I felt this question seemed primarily cryptography related, especially in terms of the knowledge I feel I lack the most here. If however my question does not appear a good fit for this site, please let me know and I'll delete this question and post it to whichever other site is recommended.

Maarten Bodewes avatar
in flag
Encryption cannot be decrypted without a key if performed reasonably well. However, how the keys are shared between Android devices across multiple versions is **very** Android specific and has likely little to do with algorithms. Hence I would recommend that you post in the [android.se] instead.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.