Develop Bugs

[SECURITY] Security on android - FS encryption, among others

Hi! I managed to compile a bionic version of cryptsetup with libcrypto instead of gcrypt, and I put it inside Steam Kernel, so anyone can play with it. This is actually not new to android, as from Froyo, the APKs that can get installed on the external SD, are actually also uding dm-crypt, although they are doing through vold, and not via device-mapper. It is actually strange, that Android has filesystem encryption on inside the kernels by default, but they are using it to keep us out from the system, and not actually to make other people get inside the system more harder.
In Steam Kernel, you can now chose to apply filesystem encryption to any of the 3 main partitions (cache, data, dbdata). The password can be entered using the screen by one, or multiple Swypes (up to 255 elements). Each swype creates a word, and words will be separated by "_". This mechanism was invented, as with this one can potentially achieve a good-enough entropy (although I'm not a cryptoanalyst), than by for example a simple PIN code entry box.
If you worry about speed, quadrant scores are around 1400 if using ext4+crypt, so they're still better, than stock rfs. I can't say much about battery life yet.
This feature is beta however, so don't rely valuable data to it yet, as it hasn't been throughly tested yet. (ancrpytion should be fine, I'm actually worried about data corruption).
The way to secure android is not yet finished however. I'm trying to find a way to secure adb, even if it's running root mode. (as running adb in root mode is good for debugging, but bad for security).
Questions on this topic is welcome.

Very impressive stuff, and still opensource.
It's a real innovation, congrats!

sztupy said:
The way to secure android is not yet finished however. I'm trying to find a way to secure adb, even if it's running root mode. (as running adb in root mode is good for debugging, but bad for security).
Click to expand...
Click to collapse
First weak security point for the Galaxy S phones is definitely the ability to flash anything with Odin.
As you cannot trust, well... anything your Filesystem Encryption approach is definitely the good one!
Other current weak point is the adbd exploit (rageagainstthecage) - so easy to use. I guess you can replace adbd in your ramdisk by the Gingerbread one, which is not vulnerable, if not done already

Yes this is really impressive man...
You should be hired by samsung to set there software ass rite :-D
Sent from my GT-I9000 using XDA App

supercurio said:
First weak security point for the Galaxy S phones is definitely the ability to flash anything with Odin.
As you cannot trust, well... anything your Filesystem Encryption approach is definitely the good one!
Other current weak point is the adbd exploit (rageagainstthecage) - so easy to use. I guess you can replace adbd in your ramdisk by the Gingerbread one, which is not vulnerable, if not done already
Click to expand...
Click to collapse
You would still lose the benefit of being secure + having the comfort of adb root. I'm more into the fact you have to login to the phone in order to use adb, just like you have to login to a real linux.

sztupy said:
You would still lose the benefit of being secure + having the comfort of adb root. I'm more into the fact you have to login to the phone in order to use adb, just like you have to login to a real linux.
Click to expand...
Click to collapse
I meant, for general security, we can replace the vulnerable adbd by a non vulnerable updated one - just that -

I feel your title could have security under [ ]. More noticiable.
AS I SEE IT NOW. supercurio's THANK's meter stands at 666. ROFL...
EVIL

Seems really great !
I'm not sure about a thing : Does this work when you power on the device (ie, you'll have to enter a pass to make it boot to Android), or before to be able entering into recovery ? Or none of these two things, and I totally misunderstood what you're saying ?
I was about to make a request to Koush if he could add some (basic?) security system to his recovery, as if you phone is stolen, they even won't be able to reflash a new rom.
This security layer + WaveSecure or any similar soft, and you would be sure that even if you phone is stolen / lost, nobody will be able to use it
Anyway thanks for your big stuff, will look deeper for sure when I'll get some free time, but your steam package seems amazing
Cheers

This works when you want to mount the partition. (eg at every boot). The partition can not be mounted wirhout a password ever

Amazing project. Good work.

Now wait just a moment...why would you encrypt those directories, when you alone (the user) are responsible for giving applications certain permissions. I mean...you agree to giving access to your Radio, messages and...whatever when you install applications, but then you want to encrypt certain directories. Why? You've already installed a trojan or a root kit and given it permission to do whatever it wants to do. That's the main security issue.

If your phone gets stolen they can't access your data.
Sent from my GT-I9000 using XDA App

... But another issue! Great work, Great project!
Edit: to slow, I was referring the post 2 above

sztupy said:
This works when you want to mount the partition. (eg at every boot). The partition can not be mounted wirhout a password ever
Click to expand...
Click to collapse
And I guess the partition has to be mounted if you want to flash another rom (By recovery, Odin, Kies, whatever) ?
If it's the case, then it's really really great !!!

No, if you're flashing a new ROM, you don't have to mount the partition. But the point is that nobody can read your data from the partition - that's the security risk sztupy is trying to prevent.

kidoucorp said:
And I guess the partition has to be mounted if you want to flash another rom (By recovery, Odin, Kies, whatever) ?
If it's the case, then it's really really great !!!
Click to expand...
Click to collapse
When you flash a new rom the data will be inaccessible (unless it's a steam rom and you know the password, or you can dump the partition AND know the password. Without the password the data can not be accessed, as it's AES encoded there).
This means that if you use all the security feautres inside Android (lockscreens, pin code, etc.), and use this too, and you don't allow adb to be run as root, there is actually no way of accessing your data (unless you can circumvent the security provided by Android, like the lockscreen), not even by flashing a new ROM.

Good work these kind of improvements make android better and better. I think the phones should be encrypted from the factory.

Great idea
If I might suggest though - can you make it so that it turns off decryption a couple of minutes after the screen is locked so that you have to enter the code again? Otherwise if the unit is on and stolen and never rebooted...
Being in Healthcare related IT I can say you'd have a product that is in severe need if any doctors really want to start using an Android tablet.

@sztupy
This is simply the best thing to happen to my SGS I've ever heard.
I can not test it right now (running 2.2.1 Darky's mod) but I have some questions about the security.
- What type of encryption is used? 128/256? weaker?
- Is it possible for you to figure how to use this encryption with different kernels/mods? We're talking about quite big a deal breaker for lots of people here. Perhaps even a separate app? I almost bought a blackberry as a second phone *kugh kugh* because android lacks encryption I so hardly need.

Sierra November said:
@sztupy
This is simply the best thing to happen to my SGS I've ever heard.
I can not test it right now (running 2.2.1 Darky's mod) but I have some questions about the security.
- What type of encryption is used? 128/256? weaker?
- Is it possible for you to figure how to use this encryption with different kernels/mods? We're talking about quite big a deal breaker for lots of people here. Perhaps even a separate app? I almost bought a blackberry as a second phone *kugh kugh* because android lacks encryption I so hardly need.
Click to expand...
Click to collapse
As already stated Android already uses dm-crypt for encrypting the application data on the external sd card, so in theory any kernel can actually use dm-crypt. Originally Android kernels only support aes-plain (which is AES-128 I think), and that is what you can use on probably every 2.2+ android (and even on some 2.1 too). (You can get a stronger encryption if you compile a better kernel as aes-plain has some weaknesses).
The hard part is actually not the encryption therefore (You just have to run cryptsetup before init, which is very-very similar of the process of creating "lagfixes"), but the fact that you'll need a way to enter the password every run. The latter is problematic, as you'll need to access the framebuffer to show the user the pin code panel, then leave the framebuffer in a state, so Android can boot from it without problems. On SGS, and probably all SGS based devices (including the Nexus S), this is already accomplished (in steam kernel). On other devices it might work too, but the framebuffer support might need to be rewritten. On other devices the fact that they use yaffs2 might also pose problems (as yaffs is working on a block), but that can be circumvented using a few tricks (like creating loop devices, putting the /data partition on the sd card, etc.)

[Q] Dump Memory from Mango Phone / Extract Data From Backup?

I haven't found anything on the forums about this (I have searched) so forgive me if it's a basic question. Is it possible to either:
1) Dump all data on a mango phone (in my case, a Samsung Focus, no interop-unlock) to a file on my computer, or alternatively
2) Access the data stored in the umpteen files created during a WP7 backup.
If anyone knows how to do either of these things (without interop unlocking -- I have data I need to pull off, but my firmware is too old to get interop unlocked, and I get error messages when I try to manually update the firmware), it would be greatly appreciated.
Thanks,
Beakin
Note: edited to clarify

I doubt it's even possible *with* interop-unlock.
1) A native app could map a large region of memory, but the WinCE kernel uses process isolation (same as every other modern OS) so there's no way for one app to access the full physical memory.
2) They're encrypted with a key that appears to be stored in the device itself. Nobody has yet figured out how to reverse this encryption.

GoodDayToDie said:
I doubt it's even possible *with* interop-unlock.
1) A native app could map a large region of memory, but the WinCE kernel uses process isolation (same as every other modern OS) so there's no way for one app to access the full physical memory.
2) They're encrypted with a key that appears to be stored in the device itself. Nobody has yet figured out how to reverse this encryption.
Click to expand...
Click to collapse
On #1, I should have been more specific -- I meant dump the phone's storage; what's in non-volatile memory, not RAM.

Still no without interop-unlock, then - standard apps don't have the privileges to access the filesystem (aside from a few very specific locations, like their isolated storage folder). That probalby means no access to the storage device itself either, although I admit to not knowing how that works on CE (NT or Linux, but that's it). If the app was initially sideloaded you can use the Isolated Storage Explorer to pull files from that app specifically, but if it's a marketplace app or something built-in like the SMS store, no such luck.
Of course, you can get more permissions if you can call into a driver - which is what ID_CAP_INTEROPSERVICES allows you to do, and ID_CAP_INTEROPSERVICES is why you need interop-unlock. I'd suggest you focus on figuring out why you can't interop-unlock and fixing that. Unfortunately I can't really help you there; I don't have a Samsung phone and the steps to IU an HTC phone are very different.

GoodDayToDie said:
Still no without interop-unlock, then - standard apps don't have the privileges to access the filesystem (aside from a few very specific locations, like their isolated storage folder). That probalby means no access to the storage device itself either, although I admit to not knowing how that works on CE (NT or Linux, but that's it). If the app was initially sideloaded you can use the Isolated Storage Explorer to pull files from that app specifically, but if it's a marketplace app or something built-in like the SMS store, no such luck.
Of course, you can get more permissions if you can call into a driver - which is what ID_CAP_INTEROPSERVICES allows you to do, and ID_CAP_INTEROPSERVICES is why you need interop-unlock. I'd suggest you focus on figuring out why you can't interop-unlock and fixing that. Unfortunately I can't really help you there; I don't have a Samsung phone and the steps to IU an HTC phone are very different.
Click to expand...
Click to collapse
Thanks for the clarification. I've spent the last month trying to figure out how to get the interop unlock working on my phone to no avail, which is why I was changing tact by asking this. Oh well, back to the old drawing board.
BTW if you or anyone know how to take a windows phone firmware CAB file and alter it (removing items) I'd appreciate it. My problem with updating the firmware is that I get a "file name conflict" error pointing to specific items in the CAB. At the risk of bricking my phone, at this point I'd try removing those items and installing it anyway.

Editing a CAB is easy; Win7 Explorer can open them natively and many third-party tools also exist. Editing a CAB so that it can still be isntalled may take a little bit more effort, but the important point is that as soon as you edit it, you'll invalidate the signature on the CAB. That means it will no longer install through the default update-OS at all. On HTC phones, you can use RSPL (or HSPL) to install custom updates, but on a phone with a retail bootloader (such as a Samsung), you can only install official updates.

[Q] Desperate newbie with deleted files problem….help please!!

I have a real cry for help!
Somehow all my pictures disappeared from my Galaxy Nexus. My only possible explanation (since it could not have decided to delete them itself!) is that I must have been a complete idiot and last night when I thought I was deleting a video I had just taken I must deleted the camera directory itself. This is supported by the fact that there was no ‘camera’ directory when I looked this morning. I then took a new photo and the directory reappeared. I have plenty of experience with PC’s but I’m a newbie with smartphones. I figured if I don’t write any more files to the phone then most of the actual data should still be there so I hoped to do some kind of undelete.
I’ve done some research and it looks like the ‘feature’ of only connecting as an MTP device (rather than USB mass storage) is potentially a killer blow. Without an assigned drive letter it seems that none of the usual recovery programmes will recognise the phone.
In theory an alternative might be to take a complete image of the phone contents and somehow recover the data from here?
I am pretty desperate as I have five months of pictures/videos of my kids etc, and most of that data must still be on the phone – but how to get to it?
Finally – yes I am a complete plonker, I shouldn’t have made such a stupid mistake and I should have backed up the phone or the pictures. I have learned my lesson. But given that, is there anything I can do?
BTW - the phone came from 3 network (via a reseller) and I have not touched it with respect to unlocking/rooting etc. It is in the state I received it.
HELP please!
Thanks very much...........

I believe the MTP vs. USB Mass storage would be a driver thing. There are many different versions of drivers so its possible there are ones that will mount the phone with a drive letter. I can think of some other things to try (Boot into fastboot mode by turning phone off then powering on by holding power, volume up and volume down at the same time and holding till it vibrates). You could also try Disk Management under windows to see if you can assign a letter
In the future I highly recommend setting up a google account and using Google Photo/Instant Upload to keep a backup of your photos. You dont even have to sync anything else

Thanks for your suggestions, much appreciated.
I’ve now tried going into fastboot mode and connecting to PC but no joy – Windows recognises there is a device connected (usually ID’d as an OMAP4440) but can’t find a driver.
Disk Management also doesn’t show the Nexus as a drive and therefore won’t allow a Drive letter to be assigned.

Try these (obviously no guarantees and I havent used any personally)
https://play.google.com/store/apps/details?id=fahrbot.apps.undelete
http://android-photo-recovery.com/tutorials/deleted-file-recovery-for-google-nexus-phones.html
EDIT: Found another:
http://www.wondershare.com/disk-utility/recover-deleted-photos-from-nexus-s-and-galaxy-nexus.html

Thanks again, I appreciate all suggestions. Yes I have come across these and unfortunately they don’t solve my issue. The last two are amongst those I’d seen reported as not working as they need a drive letter. I had installed both anyway but found that to be true (
The first requires root access which I don’t have. If I understand correctly, to root I’ll need to unlock the bootloader first, and unlocking will erase all the data anyway??

Unfortunately, you are out of luck. You cannot mount the storage on a GNex in USB Mass Storage mode, and I am pretty sure that none of the "undelete" programs that run in Android support ext4 (which is what our GNex internal storage is formatted).
If you are running 4.0.1 or 4.0.2, you can still get root access without losing your data (but not on 4.0.4), but I can't see how it will help you given what I mentioned above.

I am on 4.04 so sounds like I can't get root access without overwriting, can I roll back to 4.01/2 without overwriting the data? (sounds unlikely but I have to ask - I upgraded from 4.02 without losing data....).
If not, is there a way to get a data image without rooting? That way at least I have the data preserved if at some future point it becomes possible to do an undelete on Ext4 data??

Gavdroid said:
[snip]
can I roll back to 4.02/3 without overwriting the data?
Click to expand...
Click to collapse
Unfortunately no.
Gavdroid said:
If not, is there a way to get a data image without rooting? That way at least I have the data preserved if at some future point it becomes possible to do an undelete on Ext4 data??
Click to expand...
Click to collapse
I believe there are utilities to "do an undelete" on ext4. The problem is how to get access to the data image. I don't really know of any way to pull off the data partition of a GNex to your computer, but it may be possible.
Have a look at this thread. I think shaaXo managed to find a way for your computer to see the memory on the GNex and likely dump it (although it is not very user-friendly).

That sucks. If it's deleted, it's gone for good. Sorry, buddy.
Sent from my Galaxy Nexus using XDA

Thanks very much I will go through that post and see where I get to!
Edit! - uh-oh, taking a quick look it seems you need to use CWM, which I take to be ClockworkMod, which I thought required the phone to be rooted to install it? And if I understand correctly, rooting requires an unlocked bootloader, which wipes your data??
I will take a deeper look in case I've misunderstood (very likely), but am I thinking clearly here?

Question Should I spent time on recovering or it's not possible at all

Hello, there is my problem with OP9 Pro – phone was stuck with some bug and only way to fix it was Wipe Data. Now it's ok, but I do really need to restore photos and videos. Phone is NOT rooted.
After reading tons of information I'm not sure that it's possible to get data back. As I understand I need to follow next steps:
1. Unlock bootloader without wiping data again in order not to lose old structure.
2. Root device, or at least temporary root it.
3. Use some tools to search and restore photos.
But now I'm not sure that everything would be fine. Even the first step is not 100% guarantee that it's possible to avoid data wiping.
So, If there are someone who understand this better, could you please advice me what should I do? Should I waste tons of time or it's muck more likely impossible to do?
Thanks!

mrGenry said:
Hello, there is my problem with OP9 Pro – phone was stuck with some bug and only way to fix it was Wipe Data. Now it's ok, but I do really need to restore photos and videos. Phone is NOT rooted.
After reading tons of information I'm not sure that it's possible to get data back. As I understand I need to follow next steps:
1. Unlock bootloader without wiping data again in order not to lose old structure.
2. Root device, or at least temporary root it.
3. Use some tools to search and restore photos.
But now I'm not sure that everything would be fine. Even the first step is not 100% guarantee that it's possible to avoid data wiping.
So, If there are someone who understand this better, could you please advice me what should I do? Should I waste tons of time or it's muck more likely impossible to do?
Thanks!
Click to expand...
Click to collapse
If you are not bootloader unlocked right now. All hope is lost since unlocking will force a wipe of data that can't be stopped.

MrSteelX said:
If you are not bootloader unlocked right now. All hope is lost since unlocking will force a wipe of data that can't be stopped.
Click to expand...
Click to collapse
I just wiped phone and restored some latest backup (which did not contain media ofc). I was reading about scenario, when we can backup current system, patch it somehow, unlock bootloader and keep old data somehow in place. But it looks so unstable for me.

The folder structure was destroyed when the data was deleted. Although the files still exist -if- they haven't been overwritten, they would be completely juxtaposed. A vast sea of files that could only be sorted by size and file type. No associated time stamps, exif data, original file names and no way to restore it. Let that sink in for a moment.
Just recovering a flash card with a 100 images on it and then trying to sort them is a major headache unless you have a photographic memory. The files names are gone. The recovered images will have a new assigned number generated that is unrelated to the file's original name. Now imagine trying to do that with a 100gb jigsaw puzzle from hell.
Always redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC.

blackhawk said:
The folder structure was destroyed when the data was deleted. Although the files still exist -if- they haven't been overwritten, they would be completely juxtaposed. A vast sea of files that could only be sorted by size and file type. No associated time stamps, exif data, original file names and no way to restore it. Let that sink in for a moment.
Just recovering a flash card with a 100 images on it and then trying to sort them is a major headache unless you have a photographic memory. The files names are gone. The recovered images will have a new assigned number generated that is unrelated to the file's original name. Now imagine trying to do that with a 100gb jigsaw puzzle from hell.
Always redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC.
Click to expand...
Click to collapse
Yeah, thanks! Really, there is nothing critical, just default amount of family photos and videos (phone is my father's, I'm just investigating possibility of recovering).
And tons of different information is all across the web. Also, latest Android 12 is pretty new and I guess lots of articles are not suite for that phone.
So, I guess it's too overwhelmed even to try root phone and search files. Maybe, data value is lower that possibility to turn phone into a brick.

mrGenry said:
Yeah, thanks! Really, there is nothing critical, just default amount of family photos and videos (phone is my father's, I'm just investigating possibility of recovering).
And tons of different information is all across the web. Also, latest Android 12 is pretty new and I guess lots of articles are not suite for that phone.
So, I guess it's too overwhelmed even to try root phone and search files. Maybe, data value is lower that possibility to turn phone into a brick.
Click to expand...
Click to collapse
If you want the best possible outcome take it to a data recovery specialist. That's all they do.
Don't use any apps like FoneDoctor, they will find stuff but encrypt the drive $o only that app can unencrypt it.

blackhawk said:
If you want the best possible outcome take it to a data recovery specialist. That's all they do.
Don't use any apps like FoneDoctor, they will find stuff but encrypt the drive $o only that app can unencrypt it.
Click to expand...
Click to collapse
Thanks! A bit upset, but Im great to get useful information.

mrGenry said:
Thanks! A bit upset, but Im great to get useful information.
Click to expand...
Click to collapse
Losing critical data is never pretty.
I've lost a database with decades of data on it. The only way to help prevent this is redundant backups.
Perhaps your father had backup them up deliberately or by happenstance to a PC or other device.

6 yr old son somehow erased phone

My wife has a PIN on her phone. She told our 6 yr old to put the phone down as she put my our other children to bed, and when she came back the phone was erased and reset. He couldn't have got in to the phone and through the menus. Does the phone reset and wipe everything after too many failed attempts at the PIN? Is there anyway out of this? I am familiar with rooting phones. Is there any back entry and restore through ADB? The phone was not previously rooted.

Doesn't take long to navigate to settings and do a factory reset.
Data is likely lost but you can try... I hope you backed up critical data. Even if you do manage to retrieve it the file structure has been lost.
A sea of random files and no way to recreate the file structure or associations except by memory.

blackhawk said:
Doesn't take long to navigate to settings and do a factory reset.
Data is likely lost but you can try... I hope you backed up critical data. Even if you do manage to retrieve it the file structure has been lost.
A sea of random files and no way to recreate the file structure or associations except by memory.
Click to expand...
Click to collapse
So pictures and everything are gone?
He doesn't know the PIN. Is there something that comes up that's says the phone will be wiped after so many bad attempts that he could have pressed?

Schroeder09 said:
So pictures and everything are gone?
He doesn't know the PIN. Is there something that comes up that's says the phone will be wiped after so many bad attempts that he could have pressed?
Click to expand...
Click to collapse
Jpeg files if recoverable will be separated from their exif files, no order, original time stamp or number. Even 100 jpegs are a small nightmare to try and sort.
You start to get the depth of the problem.
Not sure but I think you're correct.
I never use screen locks or encryption; security is purely physical. Meh, wysiwyg
"Kids do the darndest things..."
My cousin once "waxed" the whole kitchen floor with a bottle of baby oil.
My mother exclaimed:"Who did this?!"
Danny replied:"I doed it!"
He was quite proud of his achievement. The floor really did shine... clean up took a bit longer then the wax job.
Somebody may have a better plan than my call it a wash. If backed up on cloud you have another option. Personally I use hard backups.

blackhawk said:
Jpeg files if recoverable will be separated from their exif files, no order, original time stamp or number. Even 100 jpegs are a small nightmare to try and sort.
You start to get the depth of the problem.
Not sure but I think you're correct.
I never use screen locks or encryption; security is purely physical. Meh, wysiwyg
"Kids do the darndest things..."
My cousin once "waxed" the whole kitchen floor with a bottle of baby oil.
My mother exclaimed:"Who did this?!"
Danny replied:"I doed it!"
He was quite proud of his achievement. The floor really did shine... clean up took a bit longer then the wax job.
Somebody may have a better plan than my call it a wash. If backed up on cloud you have another option. Personally I use hard backups.
Click to expand...
Click to collapse
How do I try to see what is left on the phone? Is there an ADB process for this?
I've never understood backing stuff up on a phone. The restoring part seems to be more the problem for me. I did used to do multiple backups with titanium backup, but never once was successful restoring from the backup. How are you backing up and how are you restoring from it? Especially on a NON-ROOTED device? The latter will be more important. When I pick up my next phone (probably an s22. Currently have rooted 2xl running A10 yet) I will not be rooting. It's too much of a time-consuming PITA, and while the gains are noticeable; they're not worth the effort.

Not sure what if anything adb can do for you. I never use that to restore as I run stock devices and assume the file decryption keys are already lost as well as file structure after a factory reset!
For backup first identify all critical data that can be backed up. DCIM folder, Documents, contacts, all needed accounts/passwords written or as text files etc, music, vids and so on.
Apps that allow backup of settings like Poweramp and Color Note (can be used for bookmarks rather than the browser). I use ApkExport to make installable copies of all my apps and updates. On reload no Playstore needed.
Copy, paste, verify size and if readable to 2 or more hdds that are physically and electronically isolated from each other and the PC. A OTG flashstick can be used for quick backups but don't use as the only backup; hdds are more reliable. Work out a sync folder for media, etc.
SmartSwitch can be used to backuo homepage but never rely on it to backup critical data! It may or may not work!!!
If you have an SD card slot use an SD card as a data drive; all critical data goes here. There can be only DCIM folder so periodically backup the DCIM folder to the SD card but name something without DCIM in the name. Only apps and the download folder go on internal memory. Then backup the SD card redundantly and regularly to the hdd backups. That gives you multiple backups should one fail. NEVER encrypt backup data drives!!!
You have to methodically plan this to do backup this way but it's pretty foolproof and has built in redundantcy. Once you get used to it, it's not hard to do.
I have over a dozen backup hdds in various locations. I may lose some data but never all my data. Syncing data is the biggest headache with this method.

blackhawk said:
Jpeg files if recoverable will be separated from their exif files, no order, original time stamp or number. Even 100 jpegs are a small nightmare to try and sort.
You start to get the depth of the problem.
Not sure but I think you're correct.
I never use screen locks or encryption; security is purely physical. Meh, wysiwyg
"Kids do the darndest things..."
My cousin once "waxed" the whole kitchen floor with a bottle of baby oil.
My mother exclaimed:"Who did this?!"
Danny replied:"I doed it!"
He was quite proud of his achievement. The floor really did shine... clean up took a bit longer then the wax job.
Somebody may have a better plan than my call it a wash. If backed up on cloud you have another option. Personally I use hard backups.
Click to expand...
Click to collapse
how could I attempt to recover these JPEG files?

Schroeder09 said:
how could I attempt to recover these JPEG files?
Click to expand...
Click to collapse
What OS version? Not rooted?
I don't think you got a prayer but it depends on if the old data is encrypted which I assume it is because of the screen lock.
Full-Disk Encryption | Android Open Source Project
source.android.com
Of you're really hell bent on recovering some of the data a data recovery service that specializes in Samsung's is probably your best shot.
I could be wrong... do some Google searches, to search XDA simply add "XDA" to the end of the Google search parameter. XDA's search engine leaves something to be desired... and misses a lot that the all seeing Google web crawlers don't.
Leave the phone powered down until you decide what to do as any activity can now overwrite those old files.

Is this droidkit a gimic or will it work? the note 8 is on android 8 or 9.
Get Data Recovery, Screen Unlock, and FRP Bypass with DroidKit
www.xda-developers.com

Schroeder09 said:
Is this droidkit a gimic or will it work? the note 8 is on android 8 or 9.
Get Data Recovery, Screen Unlock, and FRP Bypass with DroidKit
www.xda-developers.com
Click to expand...
Click to collapse
Most likely a gimmick if not malware. AFAIK a factory wipe doesn't actually erase or overwrite the storage, it just removes the file structure and pointers, so a forensic data recovery tool could potentially help. Unfortunately, doing this on a smartphone is even harder to do, especially considering that most newer Samsung devices use encryption, and since a new key is generated when the device is reset, it won't be able to read the old data.

V0latyle said:
Most likely a gimmick if not malware. AFAIK a factory wipe doesn't actually erase or overwrite the storage, it just removes the file structure and pointers, so a forensic data recovery tool could potentially help. Unfortunately, doing this on a smartphone is even harder to do, especially considering that most newer Samsung devices use encryption, and since a new key is generated when the device is reset, it won't be able to read the old data.
Click to expand...
Click to collapse
Brute forced decryption be the only way as it uses random encryption. Folders are encrypted vs full disk encryption on the newer OS's if I recall correctly. The folder association with the files is already gone, lost with the factory reset. How the effects the encryption, no clue.
It's a mess.

blackhawk said:
Brute forced decryption be the only way as it uses random encryption. Folders are encrypted vs full disk encryption on the newer OS's if I recall correctly. The folder association with the files is already gone, lost with the factory reset. How the effects the encryption, no clue.
It's a mess.
Click to expand...
Click to collapse
is there a service that can recover the pictures? my wife already restarted the phone and has started downloading stuff (if that matters). I told her it would have been best to not even have restarted it and hand it to someone so they could recover from recovery mode prior to any new data being installed.

V0latyle said:
Most likely a gimmick if not malware. AFAIK a factory wipe doesn't actually erase or overwrite the storage, it just removes the file structure and pointers, so a forensic data recovery tool could potentially help. Unfortunately, doing this on a smartphone is even harder to do, especially considering that most newer Samsung devices use encryption, and since a new key is generated when the device is reset, it won't be able to read the old data.
Click to expand...
Click to collapse
Is there any company or service who aren't criminals that I can send it to to recover the pictures?

I think it's a dead horse especially if you're wife keeps using it!
Found this one. Do some searches and research.
Keep the phone powered off until you decide.