37

Using the SD card as Adopted Storage encrypts it. How can it be decrypted?

Matthew Read
  • 50,567
  • 30
  • 145
  • 273
poqdavid
  • 1,323
  • 2
  • 12
  • 18

1 Answers1

34

How to decrypt adopted storage.

  1. Your Android device must be rooted.

  2. Browse to /data/misc/vold, e.g. using a file browser app like "ES Explorer".

  3. The .key file there is the encryption key of your adopted storage.

  4. View the 16-byte key using a graphical hex editor or alternatively run hexdump -e '/1 "%02x"' filename_here.key.

  5. Mount your SD card e.g. using a GNU/Linux system. In my case, SD card was mounted at /dev/sdb2.

  6. Then run this command to decrypt the drive:

    dmsetup create crypt1 --table "0 `blockdev --getsize /dev/sdb2` crypt aes-cbc-essiv:sha256 <Put the 16-byte hex key here> 0 /dev/sdb2 0"

    Some types of errors/warnings can be ignored.

  7. If your key is correct, you can mount it by mount -t ext4 /dev/mapper/crypt1 /mnt/1/

  8. Finally, you can run cd /mnt/1 to browse the decrypted storage.

Andrew T.
  • 15,988
  • 10
  • 74
  • 123
poqdavid
  • 1,323
  • 2
  • 12
  • 18
  • 2
    Related: Corrupt SD card formatted as internal storage. The answer is similar, but gives an alternative approach to finding the 16-byte key. – Izzy May 22 '16 at 16:05
  • 1
    Is it possible to generate the .key keyfile from a known password/pin code and access to the device? Or is the key completely random? In my case, my internal storage is wiped, so I don't have access to the original keyfile anymore. – zerwas Jul 07 '16 at 08:53
  • 1
    @zerwas the right thing is that you copy your key after making your SD as internal, but you can for sure encrypt your storage same as android do and make a key then put it there it will work but if you copy your key once its done by the phone it will be much simpler – poqdavid Jul 08 '16 at 19:02
  • 2
    the full manual has the correct way of extracting the key using od: http://nelenkov.blogspot.com.br/2015/06/decrypting-android-m-adopted-storage.html – brauliobo Mar 26 '17 at 23:40
  • 1
    I have unrooted encrypted Android 10 device and I don't see anything of mentioned in p. 2-3. I don't have /data folder in my root storage, no vold folder and I don't have any .key file. When I search my root storage for vold string, all I can see are vold.fstab and vold.rc files. When I search for .key, I am getting a bunch of files with .so extension having .keymaster as a part of file name and now file with filename ending in .key. Is it because these are available only on rooted phone or because this answer is a little bit out dated and no longer valid for Android 10? – trejder Dec 05 '20 at 19:39
  • 1
    @trejder root access is required for /data/misc/vold – alecxs Dec 06 '20 at 09:47