My wife had a Samsung Galaxy S3 which she just traded in for a new phone. I would like to get some of the files off of the micro SD card if possible but it was encrypted.
I have tried using cryptsetup on my Linux machine, hoping that this answer would work, but it doesn't appear to be a LUKS device.
In hopes that it would help provide some kind of path forward, I took a hex dump of several files of different types. Here are the first ten lines of the dumps from a few of them:
JPEG 1:
00000000: 0000 0000 0022 8ac4 5282 b84f 6e03 0fba ....."..R..On...
00000010: 0300 0002 0000 1000 0002 8c2d 0409 0301 ...........-....
00000020: 0000 0000 0000 0000 60bc 3f25 69ef 529c ........`.?%i.R.
00000030: 42e6 84a4 9b77 8acc bbff ebd2 bf4f 091f B....w.......O..
00000040: 8d6a 675b f2ca 954f 05ed 1662 085f 434f .jg[...O...b._CO
00000050: 4e53 4f4c 4500 0000 0012 1c67 4e5c db56 NSOLE......gN\.V
00000060: a100 0000 0000 0000 0000 0000 0000 0000 ................
00000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
JPEG 2:
00000000: 0000 0000 0020 0d83 f7b2 3960 cb33 8e95 ..... ....9`.3..
00000010: 0300 0002 0000 1000 0002 8c2d 0409 0301 ...........-....
00000020: 0000 0000 0000 0000 6037 fe30 1a9a 587d ........`7.0..X}
00000030: ee25 b522 312e 4a8b 2e19 7311 e015 85ef .%."1.J...s.....
00000040: e2ca 7adb 9c96 7d95 cced 1662 085f 434f ..z...}....b._CO
00000050: 4e53 4f4c 4500 0000 0012 1c67 4e5c db56 NSOLE......gN\.V
00000060: a100 0000 0000 0000 0000 0000 0000 0000 ................
00000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
MP3:
00000000: 0000 0000 0007 1ac5 ba01 eb4a 8680 5cbf ...........J..\.
00000010: 0300 0002 0000 1000 0002 8c2d 0409 0301 ...........-....
00000020: 0000 0000 0000 0000 60f4 5e28 b606 e462 ........`.^(...b
00000030: 3cbf f809 0f3b 212f 7d25 7ecc 116d 2456 <....;!/}%~..m$V
00000040: f66a 736d 6875 3dde 3bed 1662 085f 434f .jsmhu=.;..b._CO
00000050: 4e53 4f4c 4500 0000 0012 1c67 4e5c db56 NSOLE......gN\.V
00000060: a100 0000 0000 0000 0000 0000 0000 0000 ................
00000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
There are definitely some similarities, for example:
- They start with 5 null bytes
- The string "b._CONSOLE" (and the following bytes, up to the nulls) appears in all of them, followed by a large number of null bytes
- The null bytes go on much longer than these lines would suggest
I'm hoping this will help trigger someone's knowledge of how this encryption might work. I can't find anything about what this format might be. We still have the SD card but I'm slightly worried we might need the phone to decrypt the files.
Any suggestions on how we can access these files?