MTK BROM Exploit and FDE key
After MTK Brom Exploit released, doors got opened in front of us (Forensic enthusiasts).
When I started to dig deep into the exploit, I found an interesting project “mtkclient” on github (here)
bkerler and other dudes did really great job with this project squeezing the exploit to get every little potential out of it.
What I found really interesting is how we can read “keys” from SoC directly.
Example of which keys we can read:
xflashext - MEID : f51bd974957899e8278cf31bdd1f9a2b xflashext - SOCID : 075954d3a1c6c37a4002bea5f1b0221a76ca698525f806fc4212932a56a2fcf6 xflashext - Generating dxcc rpmbkey... xflashext - Generating dxcc fdekey... xflashext - Generating dxcc rpmbkey2... xflashext - Generating dxcc km key... xflashext - RPMB : 0937497c5415e20dfc84927df9814f6f470f29645fb1dd244bc9bed0ca31a3f9 xflashext - RPMB2 : 5c1478313d7833a293769dc74695615b xflashext - FDE : 74468267926df56df4bb167f5b09d078 xflashext - iTrustee : 83b5d8e7b426b8fe925649a63d73dce80127856b3dbab7f69a370c5c386a2bc7 xflashext - PROV : c70cbc11d60af3822ff9d1dff60bb001
As you can see “fde —> Full Disk Encryption” is one of these keys.
What came to mind if we can make use of this key in order to decrypt “userdata”.
I don’t think I’m the only one who thought about that, and if so, I’d like to hear from you about that idea and if it’s applicable or not.
Didn't FDE die out with Android 9?