Decrypt Android FDE /data partition with lost locksettings.db



  • So let's assume I am on Android 9 and have the encrypted FDE /data partition and the full /system partition - except for locksettings.db. I also know the pass code used to decrypt/unlock the device after rebooting. On a fresh installation it looks like the database only contains the identifier of the key but the key seems to be located in a file within the /system partition, which is intact.

    Now my question is: Is there any way to decrypt the partition or reconstruct the locksettings.db file? I would be very grateful for any help with the issue.

    Thank you!



  • There is no way to decrypt userdata partition offline. Android encryption is hardware-backed with RSA-2048 masterkey in TEE that is burned to chip. Furthermore encryption is bonded to

    VENDOR_PATCH_LEVEL
    BOOT_PATCH_LEVEL
    OS_PATCH_LEVEL
    OS_VERSION
    

    and
    bootloader state
    to ensure rollback protection and tamper protection.

    If your bootloader is already unlocked, crypto-footer is present in EFS/metadata and userdata is encrypted with "default_password" it is possible to decrypt from custom recovery TWRP without locksettings.db at all (except Samsung)


Log in to reply
 


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2