[Q] eCryptFS Key

1 posts
Thanks Meter: 0
By cr0vax, Junior Member on 14th May 2012, 03:40 AM
Post Reply Email Thread
Hey Folks,

I have a Motorola Droid X. I was running Encryption on it via the built in Android encryption option. I assume the key was derived from the pattern lock? I did not specify anything when I encrypted my phone, so I assume the Android device used eCryptFS to encrypt the files on my phone using a key derived from my pattern lock? Anyone have any information on how Android encrypts it's files and how it derives it's key when using the built in encryption options?

I read through this article \h\t\t\p\:\/\/\\h\t\m\l (sorry about the fake tags, forums didn't want me spamming the place up) and can glean SOME information off of it.

The reason I ask these questions, and what my situation is, is as follows,

I had encrypted my device sometime ago. SD card and NAND. I wanted to reset my phone for freshness back to factory default (no root, etc etc). So I plugged 'er in and copied off my dcim folder directory. I noticed that the image/video files from the date of encryption were not accessible etc etc. (due to the encryption i'm sure.) So I turned off the encryption on the device, it rebooted itself and did it's thing. Great. I figured my files were decrypted at this point. I copy off the DCIM folder and reset the phone, wipe everything, etc etc. Well whatdya know? In my brilliance I forgot to check the DCIM folder I copied off the second time to make sure I could check out my images. Still couldn't, still encrypted? I assume as such.

I copy the DCIM folder to the formatted SD card, hoping that if I use the same pattern lock and enable encryption, my phone could then access those files. No go.

So as it stands, I have a bunch of encrypted files. I carved the MSD card sometime ago using test disk, just for grins, and it pulled a bunch of eCryptFS files out of it. That's why I assume eCryptFS.

At this point I am thinking, perhaps if I could figure out how Android derives the encryption key, and it's method of encryption. I could work some trickery decrypt those files. However through reading that link, I feel as if I have diminished hope. It would stand to reason that FS encryption would... encrypt the entire file system :P Obviously I could still see the directory structure so the fat tables and all that good stuff was still clear text, so I wonder if the files were individually encrypted file system wide?

I need to pull some more info, I did some light googling and searched over these forums and didn't see much that was of any value.

Any input is great! Thanks
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes