2

-Update:

Looked into TWRP log, and it seems like it has key problems:

I:Setting up '/data' as data/media emulated storage.
I:mount -o bind '/data/media' '/sdcard' process ended with RC=0
I:mount -o bind '/data/media/0' '/sdcard' process ended with RC=0
I:File Based Encryption is present
e4crypt_initialize_global_de
Determining wrapped-key support for /data
fbe.data.wrappedkey = true
Wrapped key supported on /data
calling retrieveAndInstallKey
Key exists, using: /data/unencrypted/key
Using Keymaster HAL: 4 from QTI for encryption.  Security level: TRUSTED_ENVIRONMENT, HAL: [email protected]::IKeymasterDevice/default
begin failed, code -62
Upgrading key in memory only: /data/unencrypted/key
upgrade_key failed, code -38
e4crypt_initialize_global_de returned fail

And this is after I wanted to decrypt it:

I:Command 'decrypt *********' received
I:Set page: 'singleaction_page'
I:operation_start: 'TWRP CLI Command'
Attempting to decrypt data partition or user data via command line.
E:Unexpected value for crypto key location
E:Error getting crypt footer and key
E:Could not get footer
Failed to decrypt data.
I:Done reading ORS command from command line
I:operation_end - status=0

Checked the location at /data/unencrypted/key and the files are there for sure.

Currently I'm on the same ROM as the one that on I could access my internal storage, but the issue could be that I went FDE -> FBE -> FDE as it's mentioned in the comments.

Keymaster error codes are respectively:

KEY_REQUIRES_UPGRADE = -62
INVALID_ARGUMENT = -38

How to fix the keys is the answer I might looking for.

Long story short, I screwed up, and now I have an encrypted storage (with my files that I want back) but TWRP and the OS thinks it is not.

It goes like this:

  • The Magisk v22.0 update screwed up my phone, which stuck in a bootloop.
  • After countless tries with Magisk (updating, uninstalling. installing, removing mods, adding mods) in TWRP, I read somewhere to dirty flash the ROM.
  • Due to an HDD failure in my PC, I did not have any storage to back up my internal storage from the phone.
  • Because I wanted to update the ROM anyways (from MIUI 11 to 12) I decided to flash the newer one. That was the first mistake. This made the bootloop worse, and now it stuck in fastboot mode, no recovery. After many sleepless nights I found out that not every USB-C cable is equal, and I couldn't reach my phone via fastboot because of the cable itself.
  • Due to an HDD failure in my PC, I did not have any storage to back up my internal storage from the phone.
  • So now I was able to flash an original fastboot ROM which still gave me bootloop, but after wiping (not formatting, so the /sdcard fs doesn't gets erased) Data and Cache in TWRP.
  • Then reflashed the fastboot ROM, and somehow it worked. When It booted up, I had to type in my screenlock pin again, and after setup all my files were available.
  • Now that the phone worked again, I wanted to finish what I started, to update to latest EU (recovery) ROM. This was the second mistake. It did not work (because it required formatting data, which I did not wanted to, and just wiped it), and came bootloop again.
  • So I went back to the fastboot ROM again, which fixed the phone again.
  • But this time, it thinks the internal storage is not encrypted.

Now I can't access the internal storage. Even the camera app says that first I need an SD Card to take photos.

It's clearly still encrypted because when I browse it in TWRP, the structure and files are there, but the names are like "74t7Z1,dnvgIIexr1QAfhD".

The problem being neither the OS, nor TWRP knows the storage is encrypted, so it doesn't even tries to decrypt it, and there are no options to do it.

Tried to set encryption in the running OS, but it gave me the same results: even tho TWRP asks for decryption key, and says it successfully decrypted, the storage is still a mess like it's in encrypted state.

Is there any way to manually force some flag, so I can access my files again? I have the encryption key, I just need some way to decrypt the storage. I think of something like an ADB command to flag the partition as encrypted, so TWRP and OS would try to decrypt it.

Thanks in advance!

alecxs
  • 4,034
  • 3
  • 16
  • 34
Levente Zilahy
  • 21
  • 2
  • your description is too broad. it looks like you switched encryption type from FDE -> FBE -> FDE so at least you should install ROM+recovery which support FBE. be aware encryption keys are downgrade protected – alecxs Apr 15 '21 at 08:19
  • It seems like it really is an encryption key problem.

    TWRP log showed this:

    Determining wrapped-key support for /data fbe.data.wrappedkey = true Wrapped key supported on /data calling retrieveAndInstallKey Key exists, using: /data/unencrypted/key Using Keymaster HAL: 4 from QTI for encryption. Security level: TRUSTED_ENVIRONMENT, HAL: [email protected]::IKeymasterDevice/default begin failed, code -62 Upgrading key in memory only: /data/unencrypted/key upgrade_key failed, code -38 e4crypt_initialize_global_de returned fail

     – Levente Zilahy Apr 15 '21 at 12:39
  • pulled the whole block, which is 230GB (256GB storage...).

    How do I decrypt a double encryption? This is the question I cant find an answer to :/

     – Levente Zilahy Apr 18 '21 at 11:13
  • tucana:/ # df -h Filesystem Size Used Avail Use% Mounted on tmpfs 3.6G 288K 3.6G 1% /dev tmpfs 3.6G 0 3.6G 0% /mnt tmpfs 3.6G 140K 3.6G 1% /tmp /dev/block/sda30 356M 1.1M 355M 1% /cache /dev/block/sde51 320M 139M 181M 44% /firmware /dev/block/sda32 228G 15G 214G 7% /data

    This is the current state after pulling, formatting data, then installing latest OS wich already has force encryption. Just push back data? Because the img is like 230GB :D

     – Levente Zilahy Apr 18 '21 at 16:06
  • well, rip then Tho I don't want to let it go. Is there any way to decrypt *.img offline/locally – Levente Zilahy Apr 18 '21 at 17:11
  • It was sda32. How is it hardware-backed? Never read it in documentations, all I saw was the key, and some salt, no hardware-based encryption. – Levente Zilahy Apr 18 '21 at 20:19
  • so all you need is flash the ROM which did the FBE encryption (MIUI 12?) and let TWRP decrypt. if it fails you can read this chat for creating keyring and decrypting manually (FBE) – alecxs Apr 18 '21 at 20:32
  • this TWRP should work https://forum.xda-developers.com/t/recovery-3-4-0-10-tucana-official-unofficial-twrp-xiaomi-mi-note-10-cc9-pro-stable.4015805 – alecxs Apr 19 '21 at 12:34
  • I came across somebody with a similar issue after an OS update... I used TWRP from the beginning, exactly the version you linked. The problem is not with TWRP sadly.

    I will look into the forums you linked, much appreciated. Thanks for you effort so far, I learned a lot.

     – Levente Zilahy Apr 20 '21 at 01:33
  • Reading about FDE I think I never had FDE. Because it required to enter pass at boot, which prevented the phone to fully boot up -> preventing apps like clock or calendar (alarm) to work if the phone silently restarted at night.

    So now I'm pretty sure that its only about FBE.

     – Levente Zilahy Apr 20 '21 at 01:36
  • "FBE keys derive sub keys using HKDF-SHA512. The master key is wiped on factory reset which leaves FBE keys encrypted without any way of decrypting them in future.

    The master key is itself derived from user's passcode and SHA-512 of 16KB random file. Resetting the device wipes this file and seed which makes it impossible to reconstruct the same master key again even if user sets the same passcode again after factory reset."

    Well, I guess this is the end. Even if I could retrieve deleted master key from a formatted /data, I already formatted and wiped it like 10 times, so no chance :(

     – Levente Zilahy Apr 20 '21 at 01:41
  • FDE is using 'default_password' on all Xiaomi devices, no need to enter password on boot. crypto-footer is used for FDE and flag forceencrypt= is for FDE only (and the value is pointing to crypto footer. FBE keys are wiped on factory reset because stock recovery is sending deleteKey instruction to TEE. Are you 100% sure TWRP recovery does the same? simply formatting userdata partition does not affect keystore – alecxs Apr 20 '21 at 06:15
  • as i already mentioned keys are downgrade protected. you need proper ROM version (including firmware, modem, etc) which matches the version that created/modified 74t7Z1,dnvgIIexr1QAfhD file last (key is in xattrs). then, and only then, TWRP is able to decrypt, because TWRP uses other partitions for decrypting (assuming you did not factory reset from stock ROM/recovery and keystore is not wiped yet) – alecxs Apr 20 '21 at 06:22
  • https://android.stackexchange.com/q/216155 – alecxs Apr 20 '21 at 06:48

0 Answers0