SD card encrypted, cannot retrieve

[TisMyDroid]

I wonder if this would work... if she was to take the original phone, put in her sim card, activated the old phone as if she were to use it as her phone, put in the encrypted sd card, and try to decrypt it from her old phone once it is activated. It may work and I don't think that has been tried yet. Maybe the secret is the phone has to be activated.

If that did work, then she can copy the files to her computer via usb from her old phone, check to make sure she can open the files from her pc, and once it is all done (with hope and a prayer, crossed fingers, great fortune), Sam can then reactivate the new phone and gladly return the old phone.

Sent from my DROID RAZR Maxx using Droid Forums

 

[SallyC]

It's possible, TisMyDroid, but there's nothing in what FoxKat read that says the phone must be activated. If I understand OP post #23 the problem was that it wasn't accepting any password she gave it. So it sounds like she was getting to the right screen, but she and the phone were having a bit of a disagreement about what the password is.

 

[TisMyDroid]

Yeah, I have no idea but wonder if the secret to getting the phone to recognize the password is that it needs to be activated with the sim card. Who knows but worth a try.

Sent from my DROID RAZR Maxx using Droid Forums

 

[FoxKat]

I wonder if this would work... if she was to take the original phone, put in her sim card, activated the old phone as if she were to use it as her phone, put in the encrypted sd card, and try to decrypt it from her old phone once it is activated. It may work and I don't think that has been tried yet. Maybe the secret is the phone has to be activated.

If that did work, then she can copy the files to her computer via usb from her old phone, check to make sure she can open the files from her pc, and once it is all done (with hope and a prayer, crossed fingers, great fortune), Sam can then reactivate the new phone and gladly return the old phone.

Sent from my DROID RAZR Maxx using Droid Forums

It's possible, TisMyDroid, but there's nothing in what FoxKat read that says the phone must be activated. If I understand OP post #23 the problem was that it wasn't accepting any password she gave it. So it sounds like she was getting to the right screen, but she and the phone were having a bit of a disagreement about what the password is.

Yeah, I have no idea but wonder if the secret to getting the phone to recognize the password is that it needs to be activated with the sim card. Who knows but worth a try.

Sent from my DROID RAZR Maxx using Droid Forums

Correct on all accounts, but now I understand that the OP can't even get into the old phone. God how I wish I had those devices in my hands. I suspect that she may now be a candidate for a Fastboot flash on the old phone to get back to square one.

I am also quickly coming to the conclusion that AES 256 encryption is a standard and as long as Motorola remained true to the standard, a "Password" encrypted file from the Motorola Android overlay should be able to be decrypted by ANY AES 256 encryption software. Here's a free one (AES Crypt - Downloads for Windows, Mac, Linux, and Java) that plugs into the right-click options on Windows. I tried it with a couple quick encrypt/decrypt runs with PICs that were on my hard drive and it works beautifully. I just have to get a sample file from a phone that has been encrypted with password only (lock screen password), and dump it to the PC and try it out. Does anybody have a sample PIC in encryption that they could send me?

EDIT: P.S. You must be STOCK Gingerbread either .173 or .181 to be sure of compatibility if you are going to try to help me.

 

[TisMyDroid]

Wow, so crazy, absolutely ludicrous to go through this just because you encrypt your card. We are so lucky to have you to help figure this nonsense out. Moto, Verizon or someone needs to include a warning as part of the encryption process that in the event your phone crashes, becomes ruined, lost or stolen you may lose all contents to your encrypted card...unless you seek the assistance of a FoxKat, aka Master problem solver.

Sent from my DROID RAZR Maxx using Droid Forums

 

[jkaod]

Wow, so crazy, absolutely ludicrous to go through this just because you encrypt your card. We are so lucky to have you to help figure this nonsense out. Moto, Verizon or someone needs to include a warning as part of the encryption process that in the event your phone crashes, becomes ruined, lost or stolen you may lose all contents to your encrypted card...unless you seek the assistance of a FoxKat, aka Master problem solver.

Sent from my DROID RAZR Maxx using Droid Forums

No. What Moto, Verizon or someone needs to do is PAY FOXKAT for all this work. Wow, it's been interesting to read all you're going through. I want TEAM FOXKAT on my side.

 

[FoxKat]

No. What Moto, Verizon or someone needs to do is PAY FOXKAT for all this work. Wow, it's been interesting to read all you're going through. I want TEAM FOXKAT on my side.

Only pay I want is to hear a scream of jubilation from Sam, when she finally cracks open those pics and videos. There is nothing that would make me happier than to help give her back those moments in time to be able to share with her son, friends and family, and to look back upon years later.

:biggrin: But thanks for the warm reception. You and the rest of the gang here make it all worthwhile. :hail:

 

[FoxKat]

On the phone again in yet another heated discussion with technical support at Motorola at this very moment. I am pressing to speak to a member of the development team for the encryption that was implemented into these phones. When I informed the rep on the phone that from what I read and researched, the encryption defaults to a phone-specific key (MEID/IMEI/ESN), for AES 256 data encryption and that when and if that phone either becomes inoperable or is returned for a warranty issue (as in the case of Sam), that the only way to decrypt that data will have been lost permanently, he was shocked to say the least.

He has me on hold at the moment.

For the record, I turned on encryption on my phone, sent ONE file to the encrypted SD Card, then removed the card, turned off encryption, then inserted the card and now the phone is saying "checking SD Card for errors". It's been in that state for over a half hour. :icon_evil:

If you are going to add a feature that has such a powerful effect, you need to make sure you've executed the process in such a manner that it's fool-proof. This is far from fool-proof.

 

[FoxKat]

Third call to Motorola. 1 hour, 26 minutes in this last call. I am frustrated to say the least.

I still refuse to believe this can not be undone. I pressed until the rep agreed to speak to Level 3 support on behalf of me and see what can or cannot be done to resolve this.

I would love to have 5 minutes with the twenty-something developers in that encryption team, to interrupt their Foosball championship in the middle of the work-day, or to wake them from their mid-day nap, or interrupt their Madden NFL 2012 X-box game in order to put this in front of them. I know they would have it resolved in 5 minutes with no angst involved.

As they say, it's not what you know, but who you know that makes all the difference.

 

[94lt1]

Third call to Motorola. 1 hour, 26 minutes in this last call. I am frustrated to say the least.

I still refuse to believe this can not be undone. I pressed until the rep agreed to speak to Level 3 support on behalf of me and see what can or cannot be done to resolve this.

I would love to have 5 minutes with the twenty-something developers in that encryption team, to interrupt their Foosball championship in the middle of the work-day, or to wake them from their mid-day nap, or interrupt their Madden NFL 2012 X-box game in order to put this in front of them. I know they would have it resolved in 5 minutes with no angst involved.

As they say, it's not what you know, but who you know that makes all the difference.

Bahahahahaha... that I would pay to see!!! If you get the opportunity to do so, please let me come!!

DROID RAZR MAXXAMIZED!!!

 

[FoxKat]

Sam, I do want to clarify...we're talking about the removable SD Card, NOT the internal SD Card which is permanently a part of the phone. Are you SURE that you either copied or moved the pics and video you are trying to recover from the phone's memory and onto the removable SD Card, or that you had the camera set to do so as the default? If not, we may be spinning our wheels. If the pics and videos you need to recover are on the phone, then we have to try to move them off by using a USB cable and transfer them to your desktop PC.

They may not even be encrypted when all is said and done. I don't mean to sound like a broken record (say that to a generation z and see what kind of response you get). I remember you said when you inserted the card it asked for a password, but my HOPES are that you thought you were encrypting the pics and videos thinking (as one would) that they are automatically stored on that card. The truth on the other hand is that they are stored on the INTERNAL SD card by default, so there is hope.

If however we are 100% sure that the pics and video are on the removable SD Card, then we're up against one of three distinct possibilities, and two variations of the first and third of those possibilities.

I received a return call from the Motorola Technical Support today, and in that 36 minute call, I confirmed things I suspected, received information I wasn't aware of, and even taught the technician a thing or two. First, the encryption should be the standard AES 256 as I suspected. If so, and if we have the password, we should be able to use the tool I mentioned in an earlier thread. I'll explain...

If the card was encrypted using the first choice - Device option (see below), then the phone is a critical part of the encryption and without the actual physical phone, we'll likely never be able to recover it.

View attachment 49988

If so, there's also the possibility that even with the original phone that data may still be completely unrecoverable. When the encryption is used and the Device option is chosen, the phone's unique ID is used to create the "hashcode" which is the "key" that encrypts the data. Without that unique hashcode, the data is essentially permanently encrypted. Oh, it can be decrypted, but it would take considerable time and likely great expense as well. However, if the phone is still available, I have pretty much concluded that the same phone will recreate the identical hashcode if the same method of encryption is used so having the phone is crucial.

Now, if the second choice - Password option is used (see below), then ONLY that password is needed and I'm again nearly convinced that any good AES 256 encryption tool can be used to decrypt it.

View attachment 49990

But, if the third choice was used - Device+Password (again see below), then we not only need the actual physical phone but also the correct password, and again as the first option, it can only be decrypted in the actual phone, and like option one there's still the possibility that it can not be decrypted even with the right phone and right password.

View attachment 49989

So, when you originally encrypted, the question is did you see the following screen, and if so, which option was selected?

View attachment 49991


What we should do is try downloading the utility I mentioned (http://www.aescrypt.com/download.html), and see if we can decrypt any of the files on the removable SD Card by doing the decryption on the PC. Do you have access to a MicroSD Card reader? Can you download the utility and install it onto a Windows PC? If the answers are yes to those questions, let's start there.

 

[SallyC]

FoxKat, not to be a party pooper, but I've posted about this on the Motorola forum, and if what I've learned there is correct, it sounds like when a factory reset is done, a new encryption key is generated. So even if you have the phone, you may not be able to recover the data.

The speculation there was that "I think that the idea is that items are encrypted for transport (on your handheld device) or think of it as the data is more accessible while we go about our business in public than it would be on our home computers. I also think that we are supposed to back up the data to our private storage (like your own computer) and in the process of data migration from the device to the computer your data will be unencrypted." Which, of course, is a ridiculous requirement and, if true, should be made extremely clear while encrypting.

It is also impossible to carry out because even if you backed up your phone to your pc every night, you still risk losing the data you aquired during the day. And considering phones are used in many environments (e.g., healthcare & financial sectors) where a lot of data may be acquired during the day, even losing one day of data could be disastrous.

This has been an eye opener for all of us - hopefully including Motorola. I think what they intended as a feature was never thought through carefully enough to show that it's really a bug. I hope that they change this design so that you can back up the key or at least are adequately warned of the severe limitations of this system and your risk of having irretrievable data loss.

 

[FoxKat]

FoxKat, not to be a party pooper, but I've posted about this on the Motorola forum, and if what I've learned there is correct, it sounds like when a factory reset is done, a new encryption key is generated. So even if you have the phone, you may not be able to recover the data.

The speculation there was that "I think that the idea is that items are encrypted for transport (on your handheld device) or think of it as the data is more accessible while we go about our business in public than it would be on our home computers. I also think that we are supposed to back up the data to our private storage (like your own computer) and in the process of data migration from the device to the computer your data will be unencrypted." Which, of course, is a ridiculous requirement and, if true, should be made extremely clear while encrypting.

It is also impossible to carry out because even if you backed up your phone to your pc every night, you still risk losing the data you aquired during the day. And considering phones are used in many environments (e.g., healthcare & financial sectors) where a lot of data may be acquired during the day, even losing one day of data could be disastrous.

This has been an eye opener for all of us - hopefully including Motorola. I think what they intended as a feature was never thought through carefully enough to show that it's really a bug. I hope that they change this design so that you can back up the key or at least are adequately warned of the severe limitations of this system and your risk of having irretrievable data loss.

Yeah, well I had considered going over there as well, but I've often found the information to be far less helpful than that of members here and on other public forums. I think the reason is, the Motorola forum is the first choice for people who are NOT phone geeks, but one of the last choices for those who are like you and I.

Still, what you have discovered is very disappointing.

Here's my take on it. What good is encryption on the SD card that's IN the phone if you lose the phone? If you used a 4 digit password to lock the phone, cracking into that is relatively easy with the right tools. Once you're in, you have complete and unrestricted access to all the data stored on the card, and since data copied off the phone via the USB cable is unencrypted in the process, where's the security?

On the other hand, if you remove the card, you can't decrypt it anywhere else (if what you've learned from the Motorola forum is correct), so what good is it to you at that point. And as said on several posts already, if the phone dies, you can never recover the data if you used either Device or Device+Password for the encryption choice. So even if I WAS going to use encryption, I would NEVER use options one or three. Now, option 2 is a viable option - if, and only if it can be decrypted outside of the device with a standard AES 256 encryption tool. In that case, I can use WEP Key Generator or something like it to generate a 256 bit key in ASCII and make it something like J$V6!qKDz=[2)PWXWc_ZO+'8@lp!y which will provide me with extreme security, but I can store that key somewhere safe and if I need to decrypt later without the phone I can.

The ONLY way that I can see the reason for the options one and three are if the encryption is being administered by the IT department of a company and they have remote wipe capability. In that case, removing the SD card would be futile since you could never decrypt the data.

See my reply to that thread on the Motorola forum (https://forums.motorola.com/posts/b027ce4327?start=1&stop=15#).

 

[SallyC]

Good post. Hey, all we can do is try. Matt, the forum moderator, tries hard to be helpful and I'm hoping he or other Moto folks monitoring the forum will help elevate this issue to the right places.

Right now it's a real bait and switch - you think you're doing something to make your data secure, but in reality you're making it extremely vulnerable. Like a land mine - one misstep and your data's lost forever!

 

[FoxKat]

Good post. Hey, all we can do is try. Matt, the forum moderator, tries hard to be helpful and I'm hoping he or other Moto folks monitoring the forum will help elevate this issue to the right places.

Right now it's a real bait and switch - you think you're doing something to make your data secure, but in reality you're making it extremely vulnerable. Like a land mine - one misstep and your data's lost forever!

Exactly. We need to make STRONG WARNINGS for our members about the risks of SD Card Encryption and help to prevent others from falling victim to the unfortunate situation Sam is in. Still, I'm not giving up on Sam. I want to see those pics of her beautiful son and watch and listen to his musical prowess.