cant mount userdata...
 
Notifications
Clear all

cant mount userdata from TWRP

9 Posts
4 Users
0 Likes
1,277 Views
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

hey all …
i got a new phone locked with passwords …
phone model is SM-g532f … i upload twrp but i cant mount the userdata ( how i can solve this issue and why this happens ….

photos

 
Posted : 14/10/2018 3:39 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

You can't mount it because the userdata partition is encrypted.

Solving the issue is by creating a decrypted physical acquisition )

 
Posted : 14/10/2018 5:08 pm
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

You can't mount it because the userdata partition is encrypted.

Solving the issue is by creating a decrypted physical acquisition )

What this mean !! If i create a full dump by dd can i tead the userdata !! Or i should make a dump for userdata only
Need more details please
Thanks u

 
Posted : 14/10/2018 6:30 pm
(@thomass30)
Posts: 110
Estimable Member
 

in either way you get encrypted dump roll

 
Posted : 14/10/2018 8:26 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

QAssam

In order to acquire a physical image, the phone must be rooted. Basically rooting means changing all of the locks on the file cabinet that phones are. Once you root a phone and change all of the locks, your forensic tool can then open and extract the formerly locked (encrypted) drawer.

However, the partition in your photo might not be encrypted but rather the tool you are using to view that partition is not configured correctly to display files and folders. For example, trying to look at Mac APFS folders and files on a Windows computer will not work; not because the APFS volume is encrypted but because Windows only understands FAT/exFAT/NTFS.

Also after using fdisk to determine the drive geometry, you should be able to mount the image of your phone using testdisk. If you enter in the correct drive geometry CHS, TestDisk will allow you to “export folders and files” from the user data partition.

Could be encrypted as well in which case you need to “change the locks” on the file cabinet and then extract folders and files from the newly unlocked file cabinet drawer.

 
Posted : 14/10/2018 11:58 pm
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

i think its encrypted !! can u explain in more about this step ?

QAssam

Could be encrypted as well in which case you need to “change the locks” on the file cabinet and then extract folders and files from the newly unlocked file cabinet drawer.

photos

in part number 1 fdisk shows nothing
in part number 2 i cant read any clear text by hexeditor
in part number 3 i cant find anything by testdisk

😯 😯 😯 😯

 
Posted : 15/10/2018 6:46 am
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

I gave the answer about the situation regarding encryption and what has to be done to have a decrypted dump, I don't get what else are you asking for ?!

If you don't got the right tools or the knowledge needed for this task to be done right, that's something else.

If it is really important, we can do it in-lab for 3999 EUR if needed.

 
Posted : 15/10/2018 1:31 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

in either way you get encrypted dump roll

This is not true!

The first step is bruteforcing the Secure Startup if enabled.

The second step is creating a decrypted dump of the userdata partition.

 
Posted : 15/10/2018 2:35 pm
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

I gave the answer about the situation regarding encryption and what has to be done to have a decrypted dump, I don't get what else are you asking for ?!

If you don't got the right tools or the knowledge needed for this task to be done right, that's something else.

If it is really important, we can do it in-lab for 3999 EUR if needed.

u did not give a full details ….
after search on internet …. i this protction related to ( secure startup ) … and this is ur replay here about the problem

Well, you should look for a signed eng. boot which disables the PIN for your device and flash it.

https://www.forensicfocus.com/Forums/viewtopic/t=16739/postdays=0/postorder=asc/start=7/
https://www.forensicfocus.com/Forums/viewtopic/t=16719/

i cant find any eng. boot ) by the way the phone is protected by password its not a pin

so !! is there any solution for this case than brute force attack !! and how we can perform attack in this case !!
is nand mirroring work in this case ?
give us some details man

 
Posted : 16/10/2018 7:00 am
Share: