asked on decrypt Encrypted Samsung media
A client was having a Samsung S8 mobile phone, and he used SD encryption to encrypt the photos and media he has. Accidentally the phone was broken and is no longer working, so he bought a Samsung S9 mobile. When he put the SD card, the media are encrypted. The old phone (S8) is not working so we can decrypt the SD on the phone.
Any ideas on how to decrypt the SD card to work in S9?
attached one of the photos that are encrypted.
20171222_161738.jpg
Usually, to enable decryption of a removable the client would have had to have exported the encryption key if the option is available.
In that case, the encryption would need to be imported on the new phone and only at that point would the data on the sd become accessible with the pin.
Can we, in any mean, if we communicate with the company, can have a decrypt tool from Samsung? is this possible?
Can we, in any mean, if we communicate with the company, can have a decrypt tool from Samsung? is this possible? No
It is important to remember to decrypt your microSD card before a Factory Data Reset, or if you are switching to a new phone. The data on your SD card will not be able to be read or decrypted after a reset or in another device. The only option to use the microSD card again is to wipe it completely.
https://www.samsung.com/au/support/mobile-devices/how-to-encrypt-decrypt-sd-card/
The tool you will need is luks tools for using encrypted disk on linux. The device keys ARE stored on the SD in a vault locked by a passphrase. What you need is the passphrase to unlock the keys. That passphrase is on the original phone somewhere... the passphrase can of itself be a random binary string as well for automated use such as in a phone the passphrase is in general a random generated string.
Encryption most probably is AES so without a key you need to guess a random 128 or 192 or 256 bit key. Which probably will take a while. You can make (and probably should) take an image from the SD card. Can be done on any linux system using dd.
I will let him know. I know that encryptions are hard to break down, but I thought Samsung might have a tool or something like this.
Thanks a lot.
You may need to consult a data recovery company to retrieve the keys from the base system on the original phone.
The screen may be broken, the board may very well still function, in that case a (temporary) replacement screen might help salvage the data.
One option is to connect the old phone to a computer if it will show up as a storage device without a need to authorize on the phone. If so. You could try looking for the encryption key.
Use a blank sd on the new phone. Encrypt it.
Then check for the location of the key on the new in an effort to narrow your search on the old.
Also check whether it has an option to export he key for safe storage to regain access should the phone fail.
Arnold no need to do that: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/LUKS-standard/on-disk-format.pdf
See also for references: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
unless he can get the previous phone fixed so unless he has a copy stored somewhere i.e. google drive then these files are useless. The encryption is designed to thwart another user/machine from decrypting the files