Can I access the Memo data without rooting?

Question

I basically need to do two things with my Memo notes, which I was unable to do with any simple means:

backup all of them to a file on my PC (to the hell with cloud backups, I wasn't able to get my own files out of there)
get access to the full creation date/times (the Memo app will only show date for older notes)

I tried but haven't found any easier way to accomplish this, so I concluded that the only way is to get the internal data files which the Memo app uses (and try to open it somehow).

Is it possible to somehow get that file(s) without rooting the phone?

I don't know how the permissions on non-rooted phone are set, but could another specialized app be able to fetch that file? I tried to use Total Commander app and to look up different directories mentioned e.g. here but I didn't find anything.

I want to avoid rooting if possible since I heard it's a big operation, laborous and risky.

I have Samsung S7 with Android 8.0.0.

EDIT: I was able to transfer (using Samsung Smart Switch on PC and phone) the file named memo.nmmm to my PC without rooting! But only transfer, not open! So now:

Is this file how it is stored on my phone, or if it was created by the Smart Switch app?
How do I open this memo.nmmm file? It doesn't look like any known file type, file(1) on Linux doesn't recognize it:

analyzing sqlite databases is a hassle, using the app which created that database is your best option. nevertheless you can create adb backup of app and extract it, but DB-Browser-for-SQLite or SQLite-Explorer can not read everything, afaik only Sanderson-Forensic-Toolkit-for-SQLite will handle it. but you will have more fun with XML memos Opening .memo files from Samsung default memo app (btw rooting involves factory reset you would lose all data) — alecxs, Nov 02 '20 at 21:34
@alecxs 1) the sqlite was just a guess.. unfortunatelly the file doesn't look like any known file type (see updated Q), which also rules out the .memo question (probably slightly different memo app on different phone/system version). 2) "nevertheless you can create adb backup of app and extract it" - this is interesting! So I can get to the app data without rooting? How? See if I can get something better than this damn file. Thanks! — Tomas, Nov 02 '20 at 23:51
no, adb backup only contain sqlite database. How can I access the files in "/data/data" and copy them into memory card without root? — alecxs, Nov 03 '20 at 08:15

Timotheos · Answer 1 · 2021-09-03T04:17:50.130

I have the same desire to backup all my Samsung Memo data in plain text on my computer. I also used Samsung Smart Switch (using default settings) to transfer the information to my computer, then found there was an opaque memo.nmmm file.

I renamed memo.nmmm to memo.zip and found I could extract the archive successfully.

This extraction output three files:

memo.bk
SmartSwitchBackup.json
SSMDummyValue.exml

The JSON file is plain-text, but doesn't seem to contain Memos. I assume that the other files are encrypted, because I couldn't read them. I assumed that exml stands for "encrypted xml", so it's probably possible to brute force the decryption key by searching for the <?xml version=" string.

It seems the researchers here had a similar idea. They apparently developed a decryption tool as published here but the full-text PDF is not available for public download. Sadly, I could find any public tool that decrypted my local data (I did try this but the most recent software did not work as claimed - perhaps an older version of the software might do what the article says, but I didn't pursue that - yet).

However, realising that the publications by the researchers above showed that there's both PIN-based and default encryption for the backups (both happen on the phone before the data is transmitted to the computer, as per their diagrammes), I realised I should actually look at the Smart Switch settings to see if there's a way to remove the encryption settings.

On the phone, open Samsung Smart Switch app. Press the vertical-ellipsis "kebab" menu: ⋮ → Settings which takes you to Smart Switch Settings.

Under the Security heading, there is an External storage encryption option which contains:

Secure with Samsung Account
Secure with password
No encryption

I changed the setting from the first option to the last option and ran Smart Switch backup again.

Sadly, it doesn't seem to have made the files much easier to read. It still outputs the opaque memo.nmmm archive and that still extracts the same three files, with the same file sizes each. Between the first encrypted output and the second unencrypted output, I ran a binary diff on the memo.bk and SSMDummyValue.exml files. The memo.bks are completely different, but the SSMDummyValue.exmls are the same except for the last third of the file. The SmartSwitchBackup.json files didn't text-diff well until I auto-formatted them and then it was obvious they were identical.

So, my remaining options are

wait for the authors of this to respond to my request for the full PDF (but I am not with any institution, so someone else might have better chances) to see if it contains any software that may help decrypt the Memo files
try to obtain an older version of this software, perhaps by contacting those forensics experts
try to brute force decrypt the SSMDummyValue.exml file using the encryption methods mentioned in the aforementioned forensics publications

All of these options take more time than I have right now, so I thought that I would post my current findings here in case it helps someone reach the next steps. I will update my answer later when I have found a more full solution.

Can I access the Memo data without rooting?

1 Answers1

Linked