Tried restoring a nandroid backup of the data partition with twrp.
also copied the /data/media partition back from an external copy.
when booting up the phone immediately reboots back into twrp with an error message:
Android Rescue Party...
The reported problem is:
'--reason=set_policy_failed_:/data/vendor'
the vendor partition seems to be intact and i do have a backup of it taken at the same time as the data backup, restoring it doesn't yield results..
i'm wondering if FBE is throwing it off, as the backup was taken when the phone was decrypted (within twrp) however the data on the partitions is referencing some sort of encryption key?
you may also exhibit the following error upon bootup of a restored nandroid backup.
immediately after booting, the phone reboots back into recovery.
viewing the log in twrp will show:
Android Rescue Party...
The reported problem is:
'--reason=set_policy_failed_:/data/bootchart'
1. the solution to this is editing fstab.under twrp or other recoverymount /vendor from the mount icon.in twrp: Advanced > File Manager > /vendor/etc/fstab.qcomselect edit file under userdata, find where it says fileencryption=icerename fileencryption to encryptable.Original
Code:
/dev/block/bootdevice/by-name/userdata /data ext4 noatime,nosuid,nodev,barrier=1,noauto_da_alloc,discard wait,check,fileencryption=ice,quota,reservedsize=512M
Modified
Code:
/dev/block/bootdevice/by-name/userdata /data ext4 noatime,nosuid,nodev,barrier=1,noauto_da_alloc,discard wait,check,encryptable=ice,quota,reservedsize=512M
save file.
2. next delete the following directories:
/data/unencrypted
/data/misc/vold/user_keys
3. Lastly delete any of the existing files from /data/system/ :
locksettings.db
Gatekeeper.password.key
gatekeeper.pattern.key
locksettings.db-shm
locksettings.db-wal
recoverablekeystore.db
password.key
pattern.key
4. Reboot and re-encrypt
At this point rebooting from recovery will result in a running and successfully recovery backup.
one thing to note is the data and data/media partitions are at this point unencrypted
TRYING TO REINCRYPT NOW WILL FAIL to reencrypt got to settings > security > re set your pin or password for the phone
(optional) then select encryption and there will be an orange button to encrypt device.
the encryption process will take quite a while as it will reencrypt your entire phone.
The above doesn't work as it's trying to accomplish FDE, and the fstab line for encryptable=ice, isn't compatible with this.
i could not find an fstab string to follow the same option but for FBE.
Thanks for sharing, nice guide to disable forced FBE encryption! I think this applies to Android 12+ in general, not just OnePlus devices.
I ended up with the same problem on my Mi 10 Ultra with MIUI 13 after a /data partition restore and it was a real pain to solve ("set_policy_failed:..." rescue party error for different directories). It's strange though why it fails to set the fscrypt policy for existing directories with no policy, correct permissions and SELinux context...
(Btw: whether a fscrypt policy is applied to a directory ("is this directory encrypted?") can be checked with fscryptpolicyget in terminal.)
Unfortunately, this didn't directly solve my TWRP backup restore problem and I still had to do a manual restore, but now I can at least disable FBE and it's always nice to have actual control over the device you paid money for (you should really have control by default, but oh well...)
(Some of) the troubleshooting I did:
Like I mentioned, I first thought the issue might be with the SE linux context, so I tried running restorecon, but this didn't help - I eventually found that in init.rc, restorecon is usually already automatically run during each boot for directories under /data/... so running it manually makes no difference.
To edit /vendor/etc/fstab.qcom (or /system) on my device, I had to first disable the shared blocks EXT4 optional feature. I followed this nice guide to unpack/repack super.img. But this is missing the step for disabling shared blocks: when I tried to mount any of the unpacked images (e.g. vendor.img) as R/W, it failed with the useless generic error:
wrong fs type, bad option, bad superblock on ...
Click to expand...
Click to collapse
Then dmesg gave me another clue, but at the same time was still cryptic and not immediately helpful:
EXT4-fs (loop*): couldn't mount RDWR because of unsupported optional features (4000)`.
Click to expand...
Click to collapse
So I guess 4000 is the code for shared blocks and you can disable these with e2fsck -E unshare_blocks <your .img file or loop device> (and probably need a filesystem check with e2fsck -yf <file>). Again very annoying that these numerical feature codes are not mentioned anywhere in the e2fsck manual pages for example.
Anyway, I was finally able to either:
1. mount vendor.img on my PC (mount -o loop vendor.img /mnt/vendor) and edit the /mnt/vendor/etc/fstab.qcom right there before repacking the .img and flashing the new edited super.img to my device
or
2. just repacking the vendor.img with shared blocks disabled and size increased (resize2fs vendor.img <new size>) and flashing the new super.img without other modifications - this way /vendor can also be mounted as r/w in Android and changes made later (mount -o remount,rw /vendor).
The worst part is that in the end, even with decryption disabled and the keys deleted, the device still wouldn't boot after a /data restore from TWRP (and after multiple days spent on debugging )... I still had to manually extract the TWRP backup and move directories/files individually - thankfully no issues with app/ or data/ - I think the problem was with some files in either system/ or misc/, but idk for sure. I just manually went through and kept only what seemed important (saved wifi APs, BT devices, SMSs etc, but not saved accounts). And after this it finally booted with all my apps and (most of) my settings!
(Btw2: a TWRP/nandroid backup is apparently just a bunch of separate tar.gz files, not a split archive, so you can just extract them with for file in ../data.f2fs.win*; do echo "extracting $file..."; busybox tar -xzf $file; done)
Related
I have a complete setup for the Nexus 7, part of a product we are working on, that I need to easily clone on "virgin" tablets for production. The app requires a rooted OS.
I want to write an installation script using fastboot to unlock the bootloader, erase partitions, then flash them with .img files for each partition (kernel, system, cache, etc.).
How do I extract .img files from my "master" tablet? I have an understanding from some where that these are simple byte-for-byte dumps of the partition -- is this true? As such can I create a .img file by simple doing 'cat blkfile >file.img' where "blkfile" is the appropriate block device for the partition in question?
Or do I need to use 'dd'? Or something else?
I have searched and searched, and can't find an anwer. I've found other answers using some tools to create these files from a build on a PC, but nothing about creating them from an existing tablet.
Thanks in advance!
Use the dd command. You can use it both to dump and write a partition. It's how I install recovery programs like TWRP
Sent from my Nexus 7
You can use dd for the boot partition and recovery partition - they are raw binary blobs. (Don't use dd on other Android devices, esp. those that have MTD flash devices, though - it only works most of the time there)
If you want to use the same fastboot-based scenario that Google uses for factory image sets, then for the system & userdata image files you will need to find out about "sparse ext4 filesystem images"
If you took a raw block-device based dump of any of your tablet ext4 partitions, you could actually take those image files and mount them on any other linux machine (using a loopback mount procedure).
But you will find that if you attempt to do that with the Google factory ".img" files (for system & userdata partitions), they will not mount. It's not a simple matter of a offset superblock, either.
Since these are the formats that the stock recovery expects, I suppose you ought to use those formats if you want to do the "all at once all partitions" fastboot flashing if you plan on using the stock recovery.
Note that there is absolutely nothing that prevents you from unpacking whatever you want from whatever archive format you want - so long as the recovery's busybox supports the archive format correctly - you could use cpio or pax or tar archives for that matter. (The stock recovery's "toolbox" has very little functionality, so this comment applies to custom recoveries, which typically have more robust functionality in their busybox) You will be writing your own scripts to do those things though, typically either in one of two ways:
1.A mount target filesystem partition
1.B do a deep recursive remove at that mountpoint ( rm -rf * )
1.C unpack your archive into same mount point ( tar xf archive.tar, etc)
1.D unmount the mount point
OR
2.A unmount target partition and zero it out (dd if=/dev/zero, flash_erase, etc)
2.B recreate filesystem in partition (mke2fs -t ext4 etc)
2.C mount target filesystem
2.D unpack your archive into the same mount point (tar xf archive, pax, cpio, unyaffs2, etc)
2.E unmount that mountpoint
Even though this post is for the Samsung Galaxy S II, the same thing applies to the factory Nexus 7 images from Google:
http://forum.xda-developers.com/showthread.php?t=1081239
As that thread mentions, the simg2img and mkuserimg.sh programs are part of the Android project.
Here's a Nexus 7 thread where the contributor built the tools for both x86 linux and arm linux
Finally, I should note that because /system is typically mounted read-only, imaging /system from the live OS is no big deal. Trying to do the same thing with /data is an extremely dopey idea, however. Accurate backups are rarely made from live read-write filesystems.
cheers
Thank you so much for all the great information! I hit thanks for both of you.
The link to the nexus 7 thread is what I need... This is for my company, and I need a simple cloning solution that can be performed by a non-technical assembly person. The fastboot install procedure is about as simple as it gets.
Thanks again!
Background:
Trying out ROMs here and there, making backups along the way in TWRP. Turn out I had my favorite ROM from the start, so clean all the slates and performed a restore to Hybrid X Series 1.07. Everything is as it was...almost.
Apps are complaining about not being able to download to internal memory, there not being enough space, etc (there's plenty). Switching the download directory of these apps to the extSdCard is my current workaround.
What I've tried:
Fix Permissions from TWRP
Repair partition /data from TWRP using e2fsck
recursive busybox chown to 1001 on /data/media
restorecon on /data/media/0
This Fix Script Also found a similar flashable ZIP which did the same thing, but to no avail
None of these seem to have any effect. Also, trying to change permissions from Root Browser works on /sdcard, but not on any subfolders. Error returned is "Changing permissions was not successful. Please note that some file systems do not allow permission changes."
Any thoughts
funkeywoookey said:
Background:
Trying out ROMs here and there, making backups along the way in TWRP. Turn out I had my favorite ROM from the start, so clean all the slates and performed a restore to Hybrid X Series 1.07. Everything is as it was...almost.
Apps are complaining about not being able to download to internal memory, there not being enough space, etc (there's plenty). Switching the download directory of these apps to the extSdCard is my current workaround.
What I've tried:
Fix Permissions from TWRP
Repair partition /data from TWRP using e2fsck
recursive busybox chown to 1001 on /data/media
restorecon on /data/media/0
This Fix Script Also found a similar flashable ZIP which did the same thing, but to no avail
None of these seem to have any effect. Also, trying to change permissions from Root Browser works on /sdcard, but not on any subfolders. Error returned is "Changing permissions was not successful. Please note that some file systems do not allow permission changes."
Any thoughts
Click to expand...
Click to collapse
First off, this is an ownership issue, not a permissions issue
Second, chown 1001 gives ownership to Radio, not System. Chown to 1000 for System ownership
I never did find a solution to this problem. In my attempts to correct the problem, I ran chown on the entire /data partition by accident. The ROM booted, but everything crashed. After this, I just decided to salvage what little I might be able to save and move on with life.
The problem even persisted through wipe/reinstall of the ROM.
Finally, as a last resort, I had flash the stock version through Odin and start over from scratch.
Hiya XDA, So i'm trying to back up my phone (Running CM13) to my memory stick, and it worked before, but now it seems to have broken and I don't know what the issue is. My log (adb pull /tmp/recovery.log) is below
Heres what I've tried
Reflashing TWRP
Going to a slightly older version (3.0.2-1)
Enabling and disabling encryption
with and without compression
Skipping MD5 and leaving it on
[BACKUP STARTED]
* Backup Folder: /usb-otg/TWRP/BACKUPS/ENU7N15A10005575/2016-12-10--16-58-06_cm_angler-userdebug_6.0.1_MOB30Z_b4fbca03c0/
Backing up Boot...
I:Reading '/dev/block/mmcblk0p34', writing '/usb-otg/TWRP/BACKUPS/ENU7N15A10005575/2016-12-10--16-58-06_cm_angler-userdebug_6.0.1_MOB30Z_b4fbca03c0/boot.emmc.win'
Iartition Backup time: 4
Backing up System...
Error opening: '/system/addon.d' (Not a directory)
I:Error in Generate_TarList!
Error creating backup.
I:InfoManager saving '/usb-otg/TWRP/BACKUPS/ENU7N15A10005575/2016-12-10--16-58-06_cm_angler-userdebug_6.0.1_MOB30Z_b4fbca03c0/system.info'
createTarFork() process ended with ERROR: 255
Backup Failed. Cleaning Backup Folder.
I:Copying file /tmp/recovery.log to /usb-otg/TWRP/BACKUPS/ENU7N15A10005575/recovery.log
I:Set page: 'action_complete'
Iperation_end - status=1
E:error opening '/usb-otg/LOST.DIR' -- error: No such file or directory
E:error opening '/usb-otg/TWRP' -- error: No such file or directory
Looks as though your memory stick isn't formatted correctly. Try Fat32 or possibly EXT4
It is Fat32?
frap129 said:
Looks as though your memory stick isn't formatted correctly. Try Fat32 or possibly EXT4
Click to expand...
Click to collapse
I don't have access to a Linux machine, but I could format it in my phone?
I'll try that. and will post any updates.
UPDATE:
Formatted it in Android, still same error
UPDATE 2:
Tried a different USB stick, same error.
The USB sticks I am using are:
amazon.com/SanDisk-Cruzer-Orbit-Drive-SDCZ58-032G-B35/dp/B00BPHTH4C
and
amazon.com/SanDisk-Ultra-Flair-Performance-SDCZ73-064G-G46/dp/B015CH1NAQ/
Remove /system/addon-d in twrp ?
Will my phone work properly after doing that?
UPDATE:
Renamed it to addon-dee in my prefered Filemanager (ES) and it's backing up now.
(thank god I decided to use a USB3 stick this time)
UPDATE 2:
Phone backed up and now is working fine! thanks.
I was having the same error until I updated TWRP to the unofficial 3.0.2-3
I have this problem and l have 17g free space in my internal storage but receive error 255 and i don't find addon in my storage plz help me for fixing this error
Sent from my Le X820 using XDA-Developers mobile app
m890 said:
I have this problem and l have 17g free space in my internal storage but receive error 255 and i don't find addon in my storage plz help me for fixing this error
Sent from my Le X820 using XDA-Developers mobile app
Click to expand...
Click to collapse
Should be under /system/ . Are you rooted? I don't know if you can see that part of system if you're not rooted.
My device is rooted but this file isn't there.
Sent from my Le X820 using Tapatalk
m890 said:
I have this problem and l have 17g free space in my internal storage but receive error 255 and i don't find addon in my storage plz help me for fixing this error
Sent from my Le X820 using XDA-Developers mobile app
Click to expand...
Click to collapse
It's not always the same file. Look at your log to see which file/dir is problematic.
SOLVED createTarFork() process ended with ERROR=255
SOLUTION
This solution worked on my Zenfone 3, running lineage Android 7.1.2.
I tried many other things, like flashing different versions of TWRP, deleting the recovery directory, renaming files and all the like.
You may deselect compression, change the TWRP-date / time : nothing works !
You need an PC / Notebook with adb installed.
- start your phone in recovery-mode (TWRP)
- connect to PC and get the recovery.log with following adb command
adb pull /tmp/recovery.log
You will find a copy of the file recovery.log in the directory, from which you started the command
- open an editor or choose your favourite file viewer to open recover.log
- search for the last entry of the word "Error"
- in the line before that, the recovery.log states the name of the file that causes the problem
(in my case it was /system/addon.d)
- disconnect phone from PC.
- restart your phone in "normal" restart (do NOT boot to recovery mode)
- use a root file browser (I used ES-explorer with root enabled) and navigate to that directory/file
- delete the file (which I did not do - I tried some other steps)
- restart phone
This took 3-4 minutes, but I did not delete the file addon.d right away. Instead, I did this:
step 1
navigated to /system/addon.d and copied addon.d to SD-card
step 2
in /system/ , I renamed addon.d "addon_BU.d".
This was successful. In /system/ , the only file visible was now "addon_BU.d"
step 3
tried to create a directory named addon.d inside /system/ because my recovery.log said quote\ ... system/addon.d (not a directory) ... \unquote
FAILED. The directory could not be created by ES-explorer
step 4
copied my backup file addon.d from SD-card back into its original location /system/.
This, I though, would work just fine, because I had renamed the original addon.d to addon_BU.d.
So after restoring addon.d , the only thing left to do would be delte addon_BU.d.
ES-explorer reported no error, but - surprise - there was no file "addon.d" present in /system/
The only file still there was "addon_BU.d"
well, let's go to
step 5
rename addon_BU.d back to it's original name "addon.d" using ES-explorer
FAILED.
addon_BU.d could not be renamed - this file really was screwed up big time !!!
I ended up with no addon.d - so I could have deleted it right away istead of starting my trial with step 1 ...
step 6
Anyway. Shut dowm my phone.
Rebooted my phone normally (not to recovery mode !!!)
This took considerably longer than normal - my heart rate had began to increase slightly if not to say I began to feel like a squirrel on red bull...
After roughly 3 minutes, I had a successful reboot to my OS (lineage Android 7.1.2)
step 7
Reboot again, this time to recovery mode (=TWRP)
and: backups work again.
Don't ask me why this worked and if it will work for you, but hey, give it a triy and let me know...
TheLMGN said:
Hiya XDA, So i'm trying to back up my phone (Running CM13) to my memory stick, and it worked before, but now it seems to have broken and I don't know what the issue is. My log (adb pull /tmp/recovery.log) is below
Heres what I've tried
Reflashing TWRP
Going to a slightly older version (3.0.2-1)
Enabling and disabling encryption
with and without compression
Skipping MD5 and leaving it on
[BACKUP STARTED]
* Backup Folder: /usb-otg/TWRP/BACKUPS/ENU7N15A10005575/2016-12-10--16-58-06_cm_angler-userdebug_6.0.1_MOB30Z_b4fbca03c0/
Backing up Boot...
I:Reading '/dev/block/mmcblk0p34', writing '/usb-otg/TWRP/BACKUPS/ENU7N15A10005575/2016-12-10--16-58-06_cm_angler-userdebug_6.0.1_MOB30Z_b4fbca03c0/boot.emmc.win'
Iartition Backup time: 4
Backing up System...
Error opening: '/system/addon.d' (Not a directory)
I:Error in Generate_TarList!
Error creating backup.
I:InfoManager saving '/usb-otg/TWRP/BACKUPS/ENU7N15A10005575/2016-12-10--16-58-06_cm_angler-userdebug_6.0.1_MOB30Z_b4fbca03c0/system.info'
createTarFork() process ended with ERROR: 255
Backup Failed. Cleaning Backup Folder.
I:Copying file /tmp/recovery.log to /usb-otg/TWRP/BACKUPS/ENU7N15A10005575/recovery.log
I:Set page: 'action_complete'
Iperation_end - status=1
E:error opening '/usb-otg/LOST.DIR' -- error: No such file or directory
E:error opening '/usb-otg/TWRP' -- error: No such file or directory
Click to expand...
Click to collapse
1gnc said:
SOLUTION
This solution worked on my Zenfone 3, running lineage Android 7.1.2.
I tried many other things, like flashing different versions of TWRP, deleting the recovery directory, renaming files and all the like.
You may deselect compression, change the TWRP-date / time : nothing works !
You need an PC / Notebook with adb installed.
- start your phone in recovery-mode (TWRP)
- connect to PC and get the recovery.log with following adb command
adb pull /tmp/recovery.log
You will find a copy of the file recovery.log in the directory, from which you started the command
- open an editor or choose your favourite file viewer to open recover.log
- search for the last entry of the word "Error"
- in the line before that, the recovery.log states the name of the file that causes the problem
(in my case it was /system/addon.d)
- disconnect phone from PC.
- restart your phone in "normal" restart (do NOT boot to recovery mode)
- use a root file browser (I used ES-explorer with root enabled) and navigate to that directory/file
- delete the file (which I did not do - I tried some other steps)
- restart phone
This took 3-4 minutes, but I did not delete the file addon.d right away. Instead, I did this:
step 1
navigated to /system/addon.d and copied addon.d to SD-card
step 2
in /system/ , I renamed addon.d "addon_BU.d".
This was successful. In /system/ , the only file visible was now "addon_BU.d"
step 3
tried to create a directory named addon.d inside /system/ because my recovery.log said quote\ ... system/addon.d (not a directory) ... \unquote
FAILED. The directory could not be created by ES-explorer
step 4
copied my backup file addon.d from SD-card back into its original location /system/.
This, I though, would work just fine, because I had renamed the original addon.d to addon_BU.d.
So after restoring addon.d , the only thing left to do would be delte addon_BU.d.
ES-explorer reported no error, but - surprise - there was no file "addon.d" present in /system/
The only file still there was "addon_BU.d"
well, let's go to
step 5
rename addon_BU.d back to it's original name "addon.d" using ES-explorer
FAILED.
addon_BU.d could not be renamed - this file really was screwed up big time !!!
I ended up with no addon.d - so I could have deleted it right away istead of starting my trial with step 1 ...
step 6
Anyway. Shut dowm my phone.
Rebooted my phone normally (not to recovery mode !!!)
This took considerably longer than normal - my heart rate had began to increase slightly if not to say I began to feel like a squirrel on red bull...
After roughly 3 minutes, I had a successful reboot to my OS (lineage Android 7.1.2)
step 7
Reboot again, this time to recovery mode (=TWRP)
and: backups work again.
Don't ask me why this worked and if it will work for you, but hey, give it a triy and let me know...
Click to expand...
Click to collapse
Hi, thank you for a fix but this is an 10 month old thread. The issue was with TWRP 3.0.2-2. Along with an EFS issue that plagued TWRP 3.0.1-2, both issues have long since been resolved.
Sent from my Nexus 5X using Tapatalk
simple and working solution :
by @yannick818
"looks like it's an error with parallel apps oder multiple users. since i do not use something like that, i just removed this user with the android terminal emulator:
su
pm remove-user 999
everything was fine after that"
I could resolve my nandroid /data backup error on my EMUI 8.0 Mediapad M5 device with those following steps:
1 - Use a correct TWRP implementation
TWRP need to access the uncyphered partition /data.
There no possibility to backup it, if TWRP does not implement deciphering user data partition.
2 - Remove all users except user 0 (the administrator)
You can verify that there is no unwanted users, looking at directory /data/user : the only subdirectory should be "0".
To remove the others users :
Remove the PrivateSpace if you have one (Settings > Security & Privacy > PrivateSpace, and tap on the garbage can).
Remove all the secondary users (Settings > Users & accounts > users, and tap on each users to delete them). Keep just the main administrator user.
On EMUI, remove all twins applications (Settings > Apps & Notifications > App Twin, and disable all twin apps).
On OxygenOS, remove all parallel apps (Settings > Apps > Parallel Apps, and disable all parallel apps).
On MIUI, remove all dual apps (Settings > Dual Apps, and disable all dual apps)
On others devices ... you must find all parameters that create those unwanted users.
If you are not able to get the correct settings to suppress those users, in last resort you can try this command : "pm remove-user user-no. (For example "pm remove-user 999").
3 - Do not forget to protect your backups by a password
This would be stupid to cipher your /data partition and keep backups of this partition unprotected.
These steps fixed the nandroid backup problem for /data partition on my Huawei Mediapad M5 device.
I post on this forum because I hope that this will be helpful for others devices owners.
I have the Moto G7 International variation (INDIA/RETIN, it turns out; I'm in the US and thought I was buying the RETUS version, but I didn't pay enough attention to the store page). I have rooted the device easily, thanks to the assistance of these forums. I have also installed TWRP 3.3.1-2-river for the purpose of backups and restores, though there seems to be problem with it. However TWRP is not the focus of my question right now.
I have become quite annoyed with the boot animation on this phone and would like to change it. Putting new boot animations in the /system/media folder has not been working and it seems to be because this international model has a boot animation override (that trumps all other boot animation locations) in the /oem/retin/media folder. The /oem folder is initially read-only, but can be remounted with read-write without error (using root). Using MiXplorer or the adb shell, I can delete stuff from there without error as well. However, when I reboot, it all comes back. I suspect that the changes I make to the /oem folder are not actually persisted to whereever in the first place. When I look at the mounts on the phone, I see /oem is mounted from /dev/block/dm-1. /dev/block/dm-1 is listed in my partitions list when the phone is booted up normally. From what I can tell though (and I'm not that knowledgable on this topic), that is just a "wrapper" around some data elsewhere. How can I tell where this dm-1 partition's data is really coming from?
As additional information, the block list by-name lists the oem image as belonging to block mmcblk0p58. When I boot into TWRP and mount that block, I do see the usual /oem stuff in there. I deleted the boot animation from there and tested unmounting the block, rebooting into TWRP and remounting the block and can see that the boot animation is still properly deleted from there. However, when I boot the phone back up normally, I see the usual stuff (including the boot animation) in the /oem folder still. That might make some sense, since it is listed as being mounted from /dev/block/dm-1 and not from /dev/block/mmcblk0p58 (though I was hoping dm-1 was a wrapper for mmcblk0p58).
This is the only dm mount on the phone; I don't have the problem with /system being uneditable because it is mounted to dm-0 like I see in many other posts for other phones. In turn, I don't think I have the "base data is encrypted" problem from those cases either (it is "just" an oem setup and not personal data). This still seems somewhat like the dm-verity problem I read about with other phones though (although this one doesn't give the dm-verity warning when I try to remount /oem as read-write). Running the commands:
Code:
adb root
adb disable-verity
just tells me
Code:
disable-verity only works for userdebug builds
verity cannot be disabled/enabled - USER build
I'm not sure how to check if there is dm-verity on in the first place though.
As a more direct question (though I would still like to know how to trace this dm-1 partition backwards), how can I make changes to this /oem folder actually persist between reboots?
@Spaceminer described the exact same problem for the Moto G6 in the Universal DM-Verity remover thread. In the end he said that it wasn't solvable without a system root.
https://forum.xda-developers.com/an...rceencrypt-t3817389/post81974407#post81974407
(I have since returned the phone because of this.)
1equals2 said:
@Spaceminer described the exact same problem for the Moto G6 in the Universal DM-Verity remover thread. In the end he said that it wasn't solvable without a system root.
https://forum.xda-developers.com/an...rceencrypt-t3817389/post81974407#post81974407
(I have since returned the phone because of this.)
Click to expand...
Click to collapse
i was unable to get this to persist either. i ended up using magisk for my work instead.
@1equals2 @HT123 To persist changes to your /oem partition the HAB (high assurance boot) verification must be deactivated. I've already successfully tested it on my device, a Moto G6 plus.
Here are the required steps: (only for Stock ROM!!)
1.) Start TWRP and backup /vendor + /system
2.) Mount /vendor + /system and delete the following
files:
- /vendor/etc/init/hw/init.mmi.hab.rc
- /vendor/bin/init.mmi.hab.sh
- /system/verity_key
3.) Go to /vendor/etc/init/hw and adb pull init.mmi.rc in order to edit the file.
4.) Open it and delete the lines 19+20:
Code:
19 # Moto verified boot extension
20 import /vendor/etc/init/hw/init.mmi.hab.rc
5.) Save the changes, copy it back to its path and set permissions to: -rw-r--r-- root:root
==> After the next reboot /vendor and /oem are mounted as ../vendor_a and ../oem_a (depending on your active slot).
As the last step you have to customize fstab.qcom to be able to access the files within the /oem folder.
Adb pull /vendor/etc/fstab.qcom and open it. The last line defines how /oem is mounted during the init process. You should change it like this:
before:
Code:
/dev/block [...] /oem ext4 ro,nosuid,nodev,[STRIKE]context=u:object_r:oemfs:s0[/STRIKE] wait,slotselect,[STRIKE]verify[/STRIKE]
after:
Code:
/dev/block [...] /oem ext4 ro,nosuid,nodev,[COLOR="red"]barrier=1[/COLOR] wait,slotselect
Save it and copy it back. Permissions: -rw-r--r-- root:root
>>> REBOOT AND ENJOY!!
Hello,
unfortunately, my Google Keep app had just decided to wipe its db file up. (/data/data/com.google.android.keep/databases/keep.db)
It is not (and never was) synchronized to Google.
When it happened I just copied (dd'ed over adb) /dev/block/sda13.
From mount command output, I could recognized /dev/block/sda13 as /data backing block device.
Then I did some searches in the output image file and noticed it actually encrypted per file.
I learned from it OP uses FBE (file-based-encryption). I wanted to try and run some ext4 recovery tools (autopsy, undelete ...).
FBE encrypts also filenames so I can't use the generated image as is.
I checked what caused FBE on /data partition and it's the encryption setting. I read it uses the fingerprint/pattern/password to decrypt the encrypted /data.
I didn't power-off the phone since then to avoid any more losses.
My questions:
1. Given /dev/block/sda13 as an image file, how can one decrypt it and use forensics/restoration tools on it?
2. Another option - how to acquire the unencrypted /dev/block/sda13 from the running device?
3. Maybe there is some backup partition for files in /data?
4. Can I run the mentioned tools straight on some unencrypted device file? (Assuming cross-compilation to android)
5. Any caches/other places I can search for residues? (I tried dumping CursorWindow ashmem the Keep app used but the app has restarted since then)
6. OP compiled the kernel without DEVMEM. Maybe there is other option to acquire the whole RAM to try to scan for residues?
More side-notes:
- I tried other files in the Keep app directory to try to recover some residues, pictures where saved outside the db file so I was able to restore them (but what is important are the notes stored in the db itself(
- I was able to notice keep.db was replaced with an empty sqlite3 db file (for some strange reason ...). My guess was it didn't overridden the original db file so if I had the ext4 /data partition, I will be able to scan it with the tools mentioned above.
References:
* https://forum.xda-developers.com/t/...-encrypt-data-partition-on-oneplus-5.3642144/
* https://www.cs1.tf.fau.de/research/system-security-group/one-key-to-rule/
If some details are missing, please let me know!
https://www.cs1.tf.fau.de/research/system-security-group/one-key-to-rule/ is really interesting.
The problem now is how to get a full memory dump without /proc/mem and signed kernel modules.
Any help? I'm out of ideas but it seems like a solvable problem.