• Skip navigation
  • Skip to navigation
  • Skip to the bottom
Simulate organization breadcrumb open Simulate organization breadcrumb close
IT Security Infrastructures Lab
  • FAUTo the central FAU website
  1. Friedrich-Alexander-Universität
  2. Faculty of Engineering
  3. Department Computer Science
  • Campo
  • UnivIS
  • Jobs
  • Map
  • Help
  1. Friedrich-Alexander-Universität
  2. Faculty of Engineering
  3. Department Computer Science

IT Security Infrastructures Lab

Navigation Navigation close
  • Research
    • Forensic Computing Group
    • Human Factors in Security and Privacy Group
    • Multimedia Security
    • Security Education Development Group
    • System Security Group
    • Archive
    • Funded Projects
    • Publications
    Portal Research
  • Lab
    • Staff & Research Groups
    • Alumni
    • Partners
    Portal Lab
  • Teaching
    • Courses
    • Hinweise zu den Lehrveranstaltungen
    • Notes on Examinations
    • eTeaching
    • Theses
    • Writing a Thesis at Informatik 1
    Portal Teaching
  • How to reach us
  1. Home
  2. Research
  3. System Security Group
  4. One Key to Rule Them All: Recovering the Master Key from RAM to break Android’s File-Based Encryption

One Key to Rule Them All: Recovering the Master Key from RAM to break Android’s File-Based Encryption

In page navigation: Research
  • Forensic Computing Group
    • DiOS: Dynamic Privacy Analysis of iOS Applications
    • Fingerprinting Mobile Devices Using Personalized Configurations
    • Selective Deletion
  • Human Factors in Security and Privacy Group
    • Antivirus Usability
    • Browser Fingerprinting
    • IoT Security Update Labels
    • Phishing Susceptibility
    • Security Experts
    • ZigBee Security Research
  • Multimedia Security
    • Image & Video Forensics
    • Image Analysis & Enhancement
    • X-ray Phase Contrast
    • Blog
    • Code and Data
      • Copy-Move Forgery Detectors and Ground Truth Generator
      • Image Manipulation Dataset
    • Colloquium
  • Security Education Development Group
    • Open C3S Overview
    • Open-C3S-Projektergebnisse
    • Ulix – a Literate OS
  • System Security Group
    • AppAuth: On App-based Matrix Code Authentication in Online Banking
    • AppTAN (In)Security: (In)Security of App-based TAN Methods in Online Banking
    • AVX Crypto: AVX Instructions to Accelerate Crypto Primitives
    • Bispe: A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory
    • Centroid
    • CPU-bound Encryption (TRESOR, TreVisor, ARMORED)
    • FROST: Forensic Recovery Of Scrambled Telephones
    • How Android’s UI Security is Undermined by Accessibility
    • HyperCrypt: Hypervisor-based Encryption of Kernel and User Space
    • N26
    • Nomorp
    • One Key to Rule Them All: Recovering the Master Key from RAM to break Android’s File-Based Encryption
    • RamCrypt: Kernel-based Address Space Encryption for User-mode Processes
    • ReFuzz — Structure Aware Fuzzing of the Resilient File System (ReFS)
    • RISCoT – Security Analysis of Trusted Execution Environments on RISC-V
    • SED (In)Security: Hardware-based Full Disk Encryption (In)Security
    • SGX-Kernel: Isolating Operating System Components with Intel SGX
    • SGX-Timing: Cache Attacks on Intel SGX
    • SoK: The Evolution of Trusted UI on Mobile
    • Soteria: Offline Software Protection within Low-cost Embedded Devices
    • STARK / MARK: Tamperproof/Mutual Authentication to Resist Keylogging
    • TEEshift: Protecting Code Confidentiality by Selectively Shifting Functions into TEEs
    • VMAttack: Deobfuscating Virtualization-Based Packed Binaries
  • Archive
    • ContrOWL: A new security app based on crowed intelligence
    • Ext4 File Recovery
    • Forensic Email Visualization
    • Forensic RAID Recovery
    • Forensig²: File System Images for Training Courses in Forensic Computing
    • Mobile Hotspots
    • Mobile-Sandbox & ADEL: Automated Malware Analyses / Mobile Phone Forensics
    • Privacy Aspects of Forensic Computing
    • PyBox – A Python Sandbox
    • TrustedPals: Framework to Help Establish Security in a Mutually Untrusted Distributed System
    • VirMA: Windows NT pagefile.sys Virtual Memory Analysis
    • Win Vista/7/8/10 Thumbnails Analyzer
  • Funded Projects
  • Publications
    • Technische Berichte in Digitaler Forensik

One Key to Rule Them All: Recovering the Master Key from RAM to break Android’s File-Based Encryption

Tobias Groß

Dr.-Ing. Tobias Groß

Department of Computer Science
Chair of Computer Science 1 (IT Security Infrastructures)

  • Email: tobias.gross@cs.fau.de
  • Website: https://www1.informatik.uni-erlangen.de/staff/tobiasgross
  • Twitter: Page of Tobias Groß
  • LinkedIn: Page of Tobias Groß
  • Xing: Page of Tobias Groß

Abstract

As known for a decade, cold boot attacks can break software-based disk encryption when an attacker has physical access to a powered-on device, including Android smartphones. Raw memory images can be obtained by resetting a device and rebooting it with a malicious boot loader, or—on systems where this is not possible due to secure boot or restrictive BIOS settings—by a physical transplantation of RAM modules into a system under the control of the attacker. Based on the memory images of a device, different key recovery algorithms have been proposed in the past to break Full-Disk Encryption (FDE), including BitLocker, dm-crypt, and also Android’s FDE. With Google’s switch from FDE to File-based Encryption (FBE) as the standard encryption method for recent Android devices. However, existing tools have been rendered ineffective. To close this gap, and to re-enable the forensic analysis of encrypted Android disks, given a raw memory image, we present a new key recovery method tailored for FBE. Furthermore, we extend The Sleuth Kit (TSK) to automatically decrypt file names and file contents when working on FBE-enabled EXT4 images, as well as the Plaso framework to extract events from encrypted EXT4 partitions. Last but not least, we argue that the recovery of master keys from FBE partitions was particularly easy due to a flaw in the key derivation method by Google.

Paper: One Key to Rule Them All (by Tobias Groß, Marcel Busch and Tilo Müller)

Slides:Presentation (presented at DFRWS EU 2021, Cyberspace)

Implemented Tools

With this research we implemented three different modules to recover master keys and to forensically analyze FBE-enabled ext4 partitions:

  • Extension of The Sleuth Kit, which now outputs encryption related metadata of files and can decrypt filenames and file content if master keys are provided
  • Extension of Plaso, which can now extract events from FBE encrypted files if master keys are provided
  • fbekeyfind script, which can recover EXT4 FBE master keys from a memory dump and userdata image of an Android Device

Installation

To install all the modules, simply download this script and execute it on an Ubuntu or Debian Linux system (tested on Ubuntu 18.04). This script will install all software dependencies with apt and pip, clones the code repositories and builds the projects in the right order. On some systems, Plaso needs forensic artifacts, additionally. If the Plaso tools are quitting with complaining about forensic artifacts, use this script. It will download the artifacts and copies them to the right path.

Get the Code

  • The Sleuth Kit: https://faui1-gitlab.cs.fau.de/tobias.gross/sleuthkit-ext4-fbe
  • pytsk: https://faui1-gitlab.cs.fau.de/tobias.gross/pytsk3
  • dfVFS: https://faui1-gitlab.cs.fau.de/tobias.gross/dfvfs
  • Plaso: https://faui1-gitlab.cs.fau.de/tobias.gross/plaso
  • fbekeyfind: https://faui1-files.cs.fau.de/public/one_key_to_rule/fbekeyfind.tar.gz

Test Data

Here you can download test data including a memory dump, user data image and FBE master keys of an Android device, to verify the correctness of the build and installation of our tools. The following code lists example executions of the tools:

# Recovery of master keys. Will create fbe.keys file which includes the used FBE master keys
cd fbekeyfind
python3 findMasterKeys.py --part /path/to/testdata/test_userdata.img /path/totestdata/one_memdump

# Example usage of TSK fls tool.
# Without decryption
fls /path/to/testdata/test_userdata.img 122881
# With decryption
fls -K /path/to/fbe.keys /path/to/testdata/test_userdata.img 122881

# Example event extraction with Plaso tools
# master keys have to be provided with the --credential parameter in the format ext4_master:key_desc,key_part1,key_part2
log2timeline.py --credential ext4_master:6e6429b27d3ea260,c7dd3315d1f3232b82d6f780c8fde693fd879c74e5521fe15cf8295552e36c55,d3616f32ab7c57215dd9d7448867b2c68d2b6678df099243722598f94e195e33 --credential ext4_master:dc32ba6b0bb3e4fe,e128a34adb29f513b4a314fd113455a2d00dfeb7bc80e6f7f66f2695964cea7a,6e39dd463722f08509fe58957badd66272ce5f174ff38199d797c565a43a3b63 --credential ext4_master:8cc70c86db338e17,ddd5df1c7b9a0c0b1887b1bfac88915d157144830f5011e1f8e4fcf7f2c6c3b5,d2d06cb92340c353473dff3594b5b7674fd0699c9a2d5d42b826178f1ca66d34 test.plaso /path/to/testdata/test_userdata.img

# Generate event log from Plaso DB. Should include Chrome Cookies from the visit of nytimes.com.
# The cookies are stored encrypted on the user data image and log2timeline is able to decrypt them by providing the master keys.
psort.py -w test.log test.plaso

 

Lehrstuhl für Informatik 1
Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)

Martensstrasse 3
91058 Erlangen
  • Impressum
  • Datenschutz
Up