1

The mainboard of my s7 passed away and i need to decrypt my SD card. Does Samsung store the keys in their cloud? Is there any way to decrypt the card? I can't believe that once the phone dies (mb, whatever), the user loose immediately their data on the whole SD card.

There was some discussion without any solution. Can I decrypt my SD card with another phone?

Thank you.

FranzHuber23
  • 103
  • 7
John Smith
  • 19
  • 1
  • 3
  • 1
    Sorry for your loss. Encryption is for preventing others from using your data. Without backups you would have lost the same data if the phone was stolen or lost. Sure you have automated backups, right? – Esa Jokinen Apr 04 '19 at 03:03
  • If it was possible to decrypt the SD card, you simply wouldn't need encryption... If you do not have backups, your data is gone I think. Maybe you can ask the NSA ;) – FranzHuber23 Apr 04 '19 at 06:58
  • Related or duplicated of [Can I decrypt my SD card with another phone?](https://security.stackexchange.com/questions/185981/can-i-decrypt-my-sd-card-with-another-phone?rq=1) – bradbury9 Apr 04 '19 at 13:34

1 Answers1

1

The mainboard of my s7 passed away and i need to decrypt my SD card. Does Samsung store the keys in their cloud?

I do not think Samsung stores the keys in their cloud as it would expose them to law enforcement agencies asking for them.

Is there any way to decrypt the card?

There are ways, however, none of them are practical:

  1. You could try and crack the key, this would probably take years.
  2. Locate the chip where the key is stored and read it with specialized equipment; this might NOT be possible.

I can't believe that once the phone dies (mb, whatever), the user loose immediately their data on the whole SD card.

The whole point of this feature is twofold:

  1. Prevent people who have stolen your phone from accessing the data
  2. Prevent you from tinkering with the Android system. An encrypted SD card can hold apps, if the feature is enabled in the OS.

You have also lost the data on the phone. If you do not make regular backups, and backups of backups (I have three), then the data you hold is not important enough for you.

A lesson you have learned the hard way today.

thecarpy
  • 319
  • 1
  • 9
  • 1
    You dont need backups of backups. You should do a backup, integrity check it, and store in different places in a safe way. – bradbury9 Apr 04 '19 at 13:31
  • It all depends on how important the data is to you. One set of backups is, imho, not enough ... I have personally lost data relying on a hard drive that conveniently gave up as I was restoring the backup. Life's a bitch sometimes ... – thecarpy Apr 04 '19 at 13:37
  • Two separate storages of the backup. One fails, you have a different one, redundancy. You could also have those storages implement a raid1 or similar, or backup your backup, indeed... But the key aspect of my comment is doing the integrity check. Doing a backup of a backup of a backup of a backup if the initial backup is unreadable is useless. – bradbury9 Apr 04 '19 at 13:43
  • I check all backups for integrity as I go along. But two is definitely a must. Yeah, I could have a raid1, but I prefer separate disks in separate enclosures, not always powered up at the same time. Hard drives are cheap, so I have a third. I do the second backup from the first because I do not want to hog the main system that is actively used. My personal strategy, YMMV. – thecarpy Apr 04 '19 at 13:49
  • Why it's not possible to store keys in their cloud and pass protect them with user defined password? Why there is no option to export keys to local phone storage? – John Smith Apr 09 '19 at 23:15
  • Why option Locate the chip where the key is stored and read it with specialized equipment; this might NOT be possible. is not possible? What about to buy other identical phone and replace old imei chip? I heard that key might be linked with imei somehow. – John Smith Apr 09 '19 at 23:24
  • Actually, on Snapdragons,the blob is stored on a chip, somewhere: https://www.theregister.co.uk/2016/07/01/turns_out_breaking_android_fulldisk_encryption_is_easy_with_the_right_code/ Since mb is dead, he cannot read it by 0wning device and cannot obtain the key as it is stored in an encrypted blob in hw most likely, the only phone that can decrypt it is op's phone. – thecarpy Apr 10 '19 at 11:44
  • What is op's phone? – John Smith Apr 10 '19 at 14:20
  • Also still miss why keys can't be pass protecred and stored in cloud? – John Smith Apr 10 '19 at 14:35
  • Samsung S7, which comes with a Snapdragon CPU. I do not think Google or any other vendor would store the key in the cloud, because then law enforcement would become a problem for the vendor in question. San Bernardino, anyone ? – thecarpy Apr 11 '19 at 07:37