1

So let's assume I am on Android 9 and have the encrypted FDE /data partition and the full /system partition - except for locksettings.db. I also know the pass code used to decrypt/unlock the device after rebooting. On a fresh installation it looks like the database only contains the identifier of the key but the key seems to be located in a file within the /system partition, which is intact.

Now my question is: Is there any way to decrypt the partition or reconstruct the locksettings.db file? I would be very grateful for any help with the issue.

Thank you!

aequabit
  • 11
  • 2

1 Answers1

1

There is no way to decrypt userdata partition offline. Android encryption is hardware-backed with RSA-2048 masterkey in TEE that is burned to chip. Furthermore encryption is bonded to

VENDOR_PATCH_LEVEL
BOOT_PATCH_LEVEL
OS_PATCH_LEVEL
OS_VERSION

and
bootloader state
to ensure rollback protection and tamper protection.

If your bootloader is already unlocked, crypto-footer is present in EFS/metadata and userdata is encrypted with "default_password" it is possible to decrypt from custom recovery TWRP without locksettings.db at all (except Samsung)

alecxs
  • 4,034
  • 3
  • 16
  • 34
  • That is interesting information I didn't see before. I will try reproducing the exact same environment (firmware, ROM etc.) and see if I'm successful in decrypting the partition without locksettings.db. I'm using a OnePlus 5T, so maybe there was another issue last time I tried. – aequabit Sep 16 '21 at 03:18
  • Just to clarify, if I don't have the exact OS version and patch I had when I set up the encryption, it won't be able to decrypt? – aequabit Aug 14 '22 at 23:08
  • no, only on same or higher patch level – alecxs Aug 15 '22 at 07:49