This question is about how disk encryption for Android 5.0 to 9.0 works.
In short: Does Android 5.0 to 9.0 disk encryption use any device-specific keys (such as IMEI or model) to encrypt the disk?
I’m trying to recover data from a Nexus 5 phone with a damaged motherboard (due to short circuit).
It was running Android 6.0 with a disk that was encrypted using a user PIN (Device was shipped with an unencrypted Android 4.4).
To recover the data, I’m thinking to buy an SMD rework station to do a chip-off of the memory chip to a new Nexus 5 device, and then turn on the phone, enter the PIN, and get access to my files.
I’m trying to understand, since the disk was encrypted – would this work?
Would a new device with an old eMMC memory chip boot?
If disk encryption on Android only uses the user-entered PIN to encrypt the user-created data, I think this would work. If it uses device-specific values (such as IMEI or model) either in concatenation to the user-entered PIN or as a salt, soldering the old memory to a new device won’t work.
According to Full-Disk Encryption in the android open-source documentation, it looks like in Android 5.0 to 9.0 only the user-created data is encrypted, but not the OS itself. The Storing the encrypted key section says
Hardware backing is implemented by using Trusted Execution Environment’s (TEE) signing capability. Previously, we encrypted the master key with a key generated by applying scrypt to the user’s password and the stored salt. In order to make the key resilient against off-box attacks, we extend this algorithm by signing the resultant key with a stored TEE key.
Does this mean the encryption uses a hardware-specific key? An expert’s help would be greatly appreciated. Thanks.