Mount Android encrypted data partition on PC

Question

My Nexus 4 screen met a tragic end due to violent contact with flooring tiles. Everything works except the touchscreen (which displays fine but does not react to touch any more).

I would like to get a full copy of my data partition, but my device uses Full Disk Encryption, with a lock pattern. I can easily get image files of my partitions from CWM recovery through adb:

adb pull /dev/block/mmcblk0p23 ./userdata.img

which gives me a nice 6GB file, but mounting this image is another story since it is encrypted. My PC uses XUbuntu (I also have Windows at hand if necessary, but I guess a linux system is more useful here). My phone is rooted.

I know my unlock pattern of course, so there should be some way to mount/read my userdata.img file. Any pointers ?

Thanks !

Answer 1

I can confirm with 100% certainty that the numbers are indeed 1-9 for the pattern unlock.

My Nexus 4 met the same unfortunate end (except on concrete) and after some Googling, I found this post and was able to follow personne3000's answer in order to mount my pattern-encrypted userdata partition.

I'm running Ubuntu 15.04 x64 and had to apt-get install android-tools-adb android-tools-fastboot in order to continue the procedure.

My pattern is this (3x3 in order from 1-6):

[_   1   2]
[3   5   6]
[_   4   _]

Booted my phone to recovery from bootloader by running fastboot boot twrp-2.8.7.0-mako.img, and then when TWRP loaded, ran adb shell twrp decrypt 234856 and it successfully mounted my encrypted userdata to /dev/block/dm-0.

My 234856 decrypt password, ordered from 1-6 starting on the left, correlates to the positions on the above pattern grid, where '2' in the password correlates to '1' in the grid.

@Rhaegar Android sees the pattern as 0-8, because those are the bytes it uses when generating the SHA-1 hash for storing the pattern (http://www.cclgroupltd.com/a-rainbow-table-for-android-pattern-locks/), but TWRP sees the pattern as 1-9 when decrypting the userdata partition from the command line.

Huge +1 to personne3000 as without him providing that highly valuable information straight from TWRP devs I would not have my Android data right now.

I <3 Stack Exchange :)

Answer 2

Apparently there is no tool on PC to decrypt Android's encryption at the moment, but the TWRP recovery can be used on the device to decrypt everything... Even with a broken touchscreen, as long as your device is supported by TWRP recovery:

• Download the TWRP image (2.8.7 worked for me)
• Boot into fastboot (power + vol. down on Nexus 4)

• Start the recovery, from your PC:

  fastboot boot twrp-2.8.7.0-mako.img

• Once you are in the recovery, you can decrypt your data from the command line:

  adb shell twrp decrypt yourpassword

where yourpassword is your encryption password. In case of schema, translate it to numbers:

1 2 3
4 5 6
7 8 9

if you go through the same point twice, it is ignored after the first time.

Then it will tell you that your decrypted data is available in a block device, I think this was /dev/block/dm-0 for me (not sure). You can back it up to your PC with:

adb pull /dev/block/dm-0 ./decrypted-data.img

And finally, mount the image as ext4 on your Linux PC ! (or use some program that can read ext4 partitions on Windows).

HUGE thanks to the TWRP folks on IRC who told me about the twrp decrypt command !

Answer 3

A much simpler version: Connect a USB mouse (or keyboard, but that didn’t work in my case), using a standard USB-OTG (OnTheGo) cable, and use the appearing pointer like a finger, to tap in things.

This even worked inside of TWRP for me!

From there on, the whole endeavor should be much easier. :)
(Like just copying the files over, the regular way, and syncing PIM data to your hopefully existing personal “cloud”.)