0

I'd like to encrypt my SD card for Android conveniently, safely and in a cross-platform way so that it can also be used on other devices. I asked about that here.

As of right now there doesn't seem to be a way to do that (an app on FDroid or Playstore which doesn't put data at risk and is secure and very convenient/easy/fast to use).

This is why I decided to keep using the Android's default way of encrypting the SD card. However, this way it's not possible to access the data from other devices. Here it has been described how data of the SD card can be decrypted from other devices but that way requires rooting the Android phone. Is it possible to do this without rooting the phone? In specific how could one get the .key file in /data/misc/vold?

mYnDstrEAm
  • 310
  • 3
  • 8
  • 21
  • 1
    As far as I know the linked page for decrypting the SD-card is outdated because it is only for devices that don't use hardware encryption, which now (nearly?) all devices do. Additionally since Android 9 the adoptable storage can make use of File Based Encrytion (FBE) which cant be decrypted with the presented commands. – Robert Jun 04 '20 at 10:21
  • 2
    *As of right now there doesn't seem to be a way to do that* Most probably it won't be possible in future either. Because Android apps are not designed to interact directly with kernel level APIs and access low level resources. *Is it possible to do this without rooting the phone?* No. *In specific how could one get the .key file in /data/misc/vold?* Not possible without root. And also that won't work for FBE as Robert said. – Irfan Latif Jun 04 '20 at 13:01
  • 1
    @Robert I'm not sure but I think decrypting Adoptable SD card using dmsetup should work even for devices with hardware-backed encryption. It's because in case of Adoptable Storage there are no user credentials, RSA key or middle key involved in encryption. Instead the master key in plain text is saved to /data/misc/vold. Adoptable Storage relies on the hardware-backed secure encryption of internal storage (/data). – Irfan Latif Jun 04 '20 at 13:18
  • 2
    Nearly duplicate questions/answers: https://android.stackexchange.com/q/206206/218526, https://android.stackexchange.com/q/217175/218526, https://android.stackexchange.com/q/181476/218526 – Irfan Latif Jun 04 '20 at 13:41
  • So it seems like the answer is "No, it's impossible". Maybe I should edit to ask why that is or make a new question for that. I thought there has to be a way, maybe a bit complicated, to extract this key from the data on the phone. – mYnDstrEAm Jun 04 '20 at 15:37
  • 1
    @mYnDstrEAm it's already answered here: Why are superuser permissions needed to acess /data partition? – Irfan Latif Jun 04 '20 at 16:25
  • 1
    depending on chipset and android version there may exist rooting exploit (mediatek) or low level access (qualcomm) to make backup. some stock recovery have backup option. after rooting (or from TWRP), backup can restored and decrypted, then vold keys can be extracted. should even work for FBE – alecxs Jun 05 '20 at 10:49

0 Answers0