this post was submitted on 05 Sep 2024
16 points (94.4% liked)

Privacy

31847 readers
130 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I'm looking for a way to dump raw data from an entire phone or at least the sda block to a PC, using a method other than adb pull.

When I run adb pull /dev/block/sda sdaDump.img, it creates a dump file. To find what I need, I have to search through this raw data using a Hex Editor. If the dump comes from a fully functioning phone, I can usually find what I’m looking for because all the data is still intact.

However, I accidentally wiped the metadata partition on my phone, so the decryption keys/files are gone. Now, because of that, some folders appear empty when checked with TWRP's File Manager, even though the actual files are still there.

If I create a dump now, the raw data in the file won't be the same as when the metadata was present, and those folders weren't showing as empty.

Running adb pull /dev/block/sda sdaDump.img now results in a dump where the Hex Editor shows zeroes (no data) where these files should be.

Is there any alternative method to create a raw data dump of the sda block or entire phone storage, that will capture that data as it is (not empty folders, but the data in them), even if it's encrypted?

I don't want to create the raw data dump onto the phone storage and then transfer it to a PC, but something that works like adb pull, in the sense that it pulls the data from the phone directly onto a PC.

Thanks a lot in advance to everyone!

top 1 comments
sorted by: hot top controversial new old
[–] MentalEdge@sopuli.xyz 7 points 2 months ago* (last edited 2 months ago)

If the data is encrypted, and the keys to decrypt it are gone, then so is the data.

Without the keys, the data may as well be all zeroes.