Backup efs using samsung tool. How to Make an EFS Backup on Samsung Galaxy S3 Using One-Click Method

When working with operating rooms Windows systems XP/Vista/7 and recovering passwords for mail and Internet sites. The next task that often has to be done when investigating incidents is recovering passwords to archives, mail clients and EFS (Encrypting File System). This will be discussed in this article.

EFS Key Recovery

In fact, the best thing to do in this situation is to recover the user's password. Then decrypting EFS will be much easier, we will return to this later. However, you need to understand that even if you do not have a password, you can still try to decrypt the corresponding files and folders. This is what Advanced EFS software is designed for. Data Recovery.

In this software For the convenience of the user, a corresponding Advanced EFS Data Recovery wizard has been created, with which you can go through the entire decryption process step by step. Or you can use "Expert Mode" to perform the actions yourself.

In my opinion, if a person using Advanced EFS Data Recovery does not feel confident, it is much more convenient to use the Advanced EFS Data Recovery Wizard. Let's look at this mode in more detail.

At the first stage of the Advanced EFS Data Recovery wizard, the system will request a personal certificate used for EFS.

Let's assume you have such a certificate (this is an extremely rare situation, because for some reason users either neglect to export certificates or simply forget where they exported it). In this case, everything is quite simple. You are required to select the certificate file and enter the certificate password. Next, a search is made for all folders and files encrypted with its help on local partitions. You receive a list of files encrypted with this certificate that you can decrypt. Naturally, if you examine your computer, you will have to decrypt it onto another hard drive or external storage device so as not to damage anything.

But what if you don't have a certificate? In this case, the Advanced EFS Data Recovery wizard will prompt you to search for it on your hard drive. Please note that you will be able to search for a certificate not only among existing files, but also among the remote ones. But to do this, you need to enable the "Scan sector by sector" checkbox. It is recommended to enable this mode when rescanning, if on the first pass you did not find the required certificates.

Next, it will take you some time to find the keys. As a result of the search, a wizard window will be displayed. If the keys are not found, you must enter the username (EFS owner) and his password or, as a last resort, a HEX code. How to obtain a user password was described in the previous article.

If you know the user's password, you enter the appropriate account name and password and click Next. Next, the found folders and files encrypted using EFS are decrypted. As you can see, even if you reinstalled the operating system, this does not mean that you have lost the data encrypted with EFS.

Don't forget that if you know the name and password of the account under which encryption was carried out, the decryption process will take much less time. IN otherwise You can try to decrypt using expert mode. Although it must be admitted that the probability of a positive result in this case is noticeably lower. You will be prompted to add a password from the dictionary. Naturally, it is assumed that you have the dictionary files.

I would like to note the following. As we can see, today there are quite powerful tools for recovering (cracking) passwords. Therefore, to ensure their durability we have three options:

1. Further increase in length and complexity (in my opinion, the path is a dead end, because sooner or later users begin to get confused, forget passwords, use the same one for all occasions, etc.).
2. Use of biometric authentication tools.
3. Use of multi-factor authentication and certificates. This path again, in my opinion, much more promising, but it is worth considering that the proposed solutions, of course, cost money, and sometimes quite a lot.

The choice, of course, is yours.

Vladimir BEZMALY

If you sew very often or are sewing for the first time Android smartphone or a Samsung tablet, you need to take care of the safety of the IMEI. In the article How to save and restore IMEI on Samsung you will learn how to do this in 2 ways.

Method No. 1 Save and restore IMEI

1. Install on Android Device free application Android Terminal Emulator

2. Go to this application and type the commands:

su dd if=dev/block/xxxxxx of=sdcard/efs.img

In order to repair IMEI:

su dd if=/sdcard/efs.img of=/dev/block/xxxxxxx

Where xxxxxxx this is the name of the EFS block.

How to find out the EFS block name

Go to Android app Terminal Emulator and type the command:

mount

then find the section and its name (in my case the name mmcblk0p1)

su dd if=dev/block/mmcblk0p1 of=sdcard/efs.img su dd if=/sdcard/efs.img of=/dev/block/mmcblk0p1

Method No. 2 Save and restore IMEI

That’s all for the detailed article on backup and restoration of efs android, don’t lose your IMEI!

We have already looked at how it is possible. I said there that by default only the given user. I also said there that the private key, which is used to decrypt encrypted EFS files, is stored in the personal certificate store. But what happens if the user loses access to his private key? How then to recover files encrypted using EFS?

EFS Recovery Agent

EFS Recovery Agent is an Administrator account local computer or domain administrator, depending on where you are. The administrator account can decrypt files encrypted by other users and return them to the owner. But to do this, you need to create an EFS Recovery Agent certificate and allow it access to all newly encrypted files. I hope you remember how in the previous article we allowed another user to access encrypted files. This is exactly what happens with the recovery agent, only it's all done automatically.

How to create an EFS recovery agent?

In this article, I will not cover creating an EFS recovery agent within a domain. Let's consider only creating the Encrypting File System recovery agent on the local machine. To do this, use the default administrator account to run the following command in a command prompt window:

cipher /r:recoveryagent

The response to this command will be the creation of two files:

1. recoveryagent.cer
2. Recoveryagent.pfx

They will both be located in the root folder of the computer administrator. The next step is to make it clear operating system that the EFS Recovery Agent has just been created. To do this you need to open Local editor group policy and go to node Computer Configuration/Windows Configuration/Security Settings/Public Key Policies/Encryption file system and find the item Add data recovery agent. Opening this policy certificate must be specified recoveryagent.cer. Then save the changes and .

How to recover EFS encrypted files?

After creating an EFS recovery agent, all newly encrypted files can be recovered via account administrator. To do this, the computer administrator needs to find and run the file Recoveryagent.pfx. After launching, you need to go through all the newly opened windows in hamster mode, after which the computer administrator will be able to access all encrypted files. And he will also be able to remove encryption from them and return them to the user. This is how EFS recovery is possible.

What is NVRAM

NVRAM in the application to smartphones on the MTK platform is a service area in non-volatile memory that stores IMEI, MAC addresses for WiFi, BT, and much other information unique to your smartphone. When you do a factory reset, a copy is made from this partition to the user data /data partition, and Android uses this data.

What is the risk of damaging the NVRAM partition?

WiFi, BT, and mobile communications that are malfunctioning or not working at all

How can you ruin an NVRAM partition?

SP version that worked incorrectly during firmware Flash Tool(this is why it is recommended to use the version that comes with the firmware), full memory formatting in the SP Flash Tool (in rare cases you have to do this operation), the wrong recovery script.

These problems can be avoided if follow simple rule : Having received a smartphone in your hands, the first thing you need to do is make a backup (including the NVRAM partition, or at least just that) and save it on your computer!

Perhaps there will be some problems with it and you will have to return it under warranty, it happens that the firmware with which it came is simply not found on the network, perhaps you will re-experiment with the firmware.... I recommend making a full backup, and then experiment.

To create a backup you must have root rights on your phone or have TWRP recovery installed.

A backup of the NVRAM partition can be obtained in the following ways:

Spoiler

Using TWRP custom recovery.

If your phone already has an extended TWRP recovery, you can make a backup in it to restore (in it) all the main system partitions - just press the button in the main menu

Backup, tick all the boxes Select partitions to back Up , check the box to enable compression Enable compression , set a name by pressing Set Backup Name and swipe right to start creating a backup

Spoiler

After that, reboot and, having connected the smart phone to the PC, copy the TWRP\BACKUPS\name of your backup folder to a safe place. From such a complete backup you can always restore any necessary partition, including NVRAM

Spoiler

Using the MTK Droid Tools program from a PC.

Most phone owners on the MTK platform know this powerful tool.

Download latest version from here(the link is the author’s, it will be the simplest form of gratitude to download the program from it)

• On the phone in the settings in the "Developer Options" section it is enabled USB Debugging. If you don’t have the “Developer Options” section in your settings, then go to the “About phone” item in the settings and tap on the build number 7 times to turn on the display of the “Developer Options” section.

After that, run MTKdroidTools.exe as administrator and connect the phone cable to the port on motherboard PC (rear)

After the program detects your phone, a colored rectangle will appear in the lower left corner, indicating the capabilities of working with the phone.

If this rectangle green, as in the screenshot - everything is fine, there is a root shell

Spoiler

If this rectangle yellow, then you need to click the button at the bottom right ROOT and follow directions

Spoiler

Most often, the program manages to obtain a temporary root shell.

After that, press the IMEI/NVRAM button, check the checkboxes /dev/nvram And /data/nvram and press the button Backup. Upon completion of work, two files with the extensions bin and tar and information in the name about the phone name, IMEI and the date/time of creation of the NVRAM backup will appear in the subfolder of the BackupNVRAM program.

Spoiler

Spoiler

Download archive and unpack it into a folder with full access for you (preferably without spaces or Russian letters in the path), in which you will store your NVRAM backup.

Check before starting that:

• The antivirus is temporarily disabled on the computer
• Installed on the computer ADB drivers
• On your phone, USB Debugging is enabled in the Developer Options section of your phone. If you don’t have the “Developer Options” section in your settings, then go to the “About phone” item in the settings and tap on the build number 7 times to turn on the display of the “Developer Options” section.

Connect the phone cable to the port on the PC motherboard (on the back) and run NVRAM_backup.bat, upon completion of work, a file will appear in the folder nvram.img.

Every time you decide to update Samsung Galaxy S3 custom firmware, you can end up losing data that is stored in internal memory. Unfortunately, not only regular data such as contacts, messages, call logs or applications can be destroyed, but also Internet settings or the EFS folder can be erased too. So, to avoid any unpleasant situations, we will teach you how to do EFS backup and restore on Samsung Galaxy S3 using the one-click method. As usual, it's all explained in a simple step-by-step guide, so let's get started.

Why should you do it? backup copy EFS? EFS stores the IMEI and allows the phone to establish an internet connection, so in case this folder is erased, the phone will no longer be able to use the internet connection. So, if you recently updated your Galaxy S3 and can't access the World Wide Web, then the EFS folder may have been destroyed. That's why you need to do it in advance so that you can easily restore it if necessary. For those who cannot do this, the only solution is to install stock firmware or apply official update, released by Samsung, suitable for S3.

There are many ways to learn how to make an EFS backup, today we will explain the one-click tool option. To do this you will need a computer with Windows control And USB cable for a phone, since you will need to connect the S3 to a PC. In addition, this procedure requires root access on the smartphone. If they are not there, then first you need to root the device and remove factory restrictions. Please note that rooting automatically voids the warranty. We recommend that you search through our Guides section for a suitable step by step guide, where you can find everything you need to know about the root access operation. Then come back here and continue with the rest of the guide.

Remember that it is recommended to back up all data on your Galaxy S3 (before upgrading or making system changes), not just the EFS folder. It is important to save your personal information as it will likely be destroyed. For a complete backup, you can download SMS Backup & Restore for Android, Call Logs Backup & Restore, sync with Google to save contacts, or use a custom recovery image (such as CWM) to backup your current system.

Before performing all the steps, you must disable security tools on your computer and phone, as these programs can interrupt the backup operation by stopping the one-click tool. Next, enable the USB debugging option on the Galaxy S3 (this requirement is present in the steps below) and charge the smartphone battery so that it does not turn off in the middle of the process.

You may like:

Please note that this guide can and should only be applied to Samsung Galaxy S3 and not to any other android device. This method was first developed and tested by XDA Developers, so we have to thank them for this opportunity. Now, finally, you can follow the appropriate steps. Read everything carefully. The process is simple and will only take a couple of minutes to complete, so let's get started.

How to Make an EFS Backup on Samsung Galaxy S3 Using One-Click Method

• First of all, download Samsung Kies to your computer to install the appropriate drivers for the Samsung Galaxy S3.
• Then download the EFS backup and restore application from here (search for download).
• You should have a file with the extension .rar.
• Unpack the archive.
• The USB debugging option must be enabled on the Galaxy S3. Go to Settings -> Developer and make sure the USB debugging option is checked.
• Now, connect your device to your computer using a USB cable.
• Once the phone is connected, go to the folder where you extracted the downloaded file and click on the executable Backup file EFS.
• Follow all steps.
• EFS will be saved to the same folder in .img format.
• If you need to restore EFS, then you need to run Restore_EFS and go through all the steps again.

This was a one-click method that can be used to easily perform EFS backup and restore on Samsung Galaxy S3. Now you can calmly think about updating your phone with custom ROM since your data and EFS are in good hands.