Is it possible to k...
 
Notifications
Clear all

Is it possible to know if an Android has been never rooted?

15 Posts
4 Users
0 Likes
591 Views
(@skywalker)
Posts: 152
Reputable Member
Topic starter
 

That is the question. How is possible to know if an Android device has been never or ever rooted.

Thanks!

 
Posted : 18/09/2015 12:04 am
(@einstein9)
Posts: 50
Trusted Member
 

Good Q really, but i think CANNOT

coz you can save the Original Dump and write/try whatever you want to to TRY
then write the original back.

Its not like the Hard Disk where you scan it and compare Dates to judge n tell how many times the hdd was formatted.

unless there is something which i did not know/try yet.

 
Posted : 20/09/2015 2:01 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Its not like the Hard Disk where you scan it and compare Dates to judge n tell how many times the hdd was formatted.

It would be interesting to know WHICH dates you can compare on a hard disk. 😯
I would say that if you image a disk, then do whatever and finally restore the original image you won't find ANY date (nor ANY OTHER data) that would allow you to tell how many times it was formatted (nor anything else that happened between the image and the restore).

jaclaz

 
Posted : 20/09/2015 2:24 pm
(@einstein9)
Posts: 50
Trusted Member
 

When you scan and get multiple DUPLICATED Files/Folders

i go personally n compare those duplicated NAMES and see which one came 1st.

about my example here when i compared it with the Hard disk, my example is when i Scan the HDD and compare those duplicated NAMES and see which one came 1st.

but for sure, WHEN you take any HDD Image (Sector Dump) and change it from inside (the Dumped IMage), and write it back to the HDD you will get the same results for sure.

ur right here >

 
Posted : 20/09/2015 4:00 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

When you scan and get multiple DUPLICATED Files/Folders

i go personally n compare those duplicated NAMES and see which one came 1st.

about my example here when i compared it with the Hard disk, my example is when i Scan the HDD and compare those duplicated NAMES and see which one came 1st.

So, you additionally need duplicated names (which obviously must reside on different paths) and from the dates of them (if ANY) you assume that they were created right after a format operation? 😯

Since the format operation does actually erase (depending on the OS either the whole files or just their indexing records from the filesystem) I wonder how you can have duplicated files (unless you create them BOTH after the very last format operation)

jaclaz

 
Posted : 20/09/2015 5:27 pm
(@einstein9)
Posts: 50
Trusted Member
 

When you scan and get multiple DUPLICATED Files/Folders

i go personally n compare those duplicated NAMES and see which one came 1st.

about my example here when i compared it with the Hard disk, my example is when i Scan the HDD and compare those duplicated NAMES and see which one came 1st.

So, you additionally need duplicated names (which obviously must reside on different paths) and from the dates of them (if ANY) you assume that they were created right after a format operation? 😯

Since the format operation does actually erase (depending on the OS either the whole files or just their indexing records from the filesystem) I wonder how you can have duplicated files (unless you create them BOTH after the very last format operation)

jaclaz

Humm, seems its complicated to understand here, here is the step-by-step of what i was trying to explain

1- Get a new HDD (Zero Filled sectors)
2- Install ur Windows (OS) blah blah
3- when you are done, use your Installer CD and format and RE-INSTALL your OS again

now, in this case, you will have 2 records of WINDOWS FOLDER for example with Diff. DATES

try it and see,

What i was trying to tell you is this, I DO COMPARE both WINDOWS FOLDER dates and see which one is which,

there is ALWAYS STANDARD FOLDER/FILE NAMES, either in Windows OS or Mobile OS, the Diff. is that the way Mobile phones write to MEMORY CHIP if totally Diff. than writng in HDD by OS or so.

Spero suo chiaro ora per voi

 
Posted : 20/09/2015 6:56 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Humm, seems its complicated to understand here, here is the step-by-step of what i was trying to explain

1- Get a new HDD (Zero Filled sectors)
2- Install ur Windows (OS) blah blah
3- when you are done, use your Installer CD and format and RE-INSTALL your OS again

now, in this case, you will have 2 records of WINDOWS FOLDER for example with Diff. DATES

No, I won't, if the volume was formatted.

Quick recap (given that partition/volume size is not changed)

  • if format is used on a volume up to XP/2003 the format command doe not wipe sectors of the volume, but it will 00 either the FAT tables or the $MFT, then the subsequent install will rewrite the files (only one instance of the file or folder can be found "normally" in the filesystem and even with direct sector parsing the chances of finding two "duplicated" files is minimal as even the filesystem structures will be spanning on exactly the same sector extents and the new install files will likely overwrite the areas where they were before)*
  • if format is used on a volume on Vista or later (unless the /q option is chosen) the entire volume is wiped (zero filled) before applying the filesystem structures so there is no possibility whatsoever to find *anything* belonging to the previous state.

You are probably referring to when you reinstall "over" an existing OS (without formatting the volume) and usually the "old install" Windows directory is renamed to "windows.old".

jaclaz

* there are of course a number of what I call "extreme" cases of NTFS when a different OS is reinstalled after a non-wiping format and since some filesystem structures on same filesystems created by different OS are placed on different extents there are some chances of finding some fragments of the $MFT, and the same may happen in some other cases where the "previous" OS has an extremely large $MFT and by sheer luck parts of it were not overwritten by "normal" files.

 
Posted : 20/09/2015 7:38 pm
(@einstein9)
Posts: 50
Trusted Member
 

Then how do you explain this case for example

You restore your Windows (for example) by Quick Restore Option (hidden partition) activated by the user, and the USER Data will be overwritten.

but when you run your recovery App. you will be able to see the User Data but mostly damaged, files/folders are there and most are not working.

and FEW Users know how to RESTORE THOSE DAMAGED FILES BACK.

do you?

 
Posted : 20/09/2015 11:44 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Then how do you explain this case for example

Where is the format part in the given example? ?

and FEW Users know how to RESTORE THOSE DAMAGED FILES BACK.

do you?

Maybe yes, maybe no. roll

jaclaz

 
Posted : 21/09/2015 12:08 am
(@skywalker)
Posts: 152
Reputable Member
Topic starter
 

I have no doubt it is a very interesting discussion but… could we come back to the original question?

Thanks D

 
Posted : 21/09/2015 3:39 pm
Page 1 / 2
Share: