Android: restoring app data via adb push

So after taking CI6230 I decided to encrypt my phone storage. I was running CyanogenMod (CM) 10.1.2, which is awesome. But I digress. So the encryption went fine. It took awhile, and things were A-OK until I decided to tinker with my phone — despite all of the horror stories and downtime I’ve endured (my colleagues can attest to that) and try Paranoid Android (PA) 3.94. I mean, we’re explorers aren’t we?

So I downloaded the ROM and Google Apps zip files after doing Titanium Backup (of course!) and copied everything to my Mac (in hindsight, this was what saved me, even though I didn’t realize it at that time), and then rebooted to recovery.

In recovery, I realized the storage couldn’t be accessed as it was encrypted. I seem to recall unrooting (and rooting) the phone, and then it wouldn’t even boot into the ROM. OK, so I’d rendered my phone unworkable (again). I was stumped for awhile, but luckily Google provides Nexus factory images and the Android SDK so I used that to reset things. Now I had a working device, but I was unhappy because my app data was now lost. All the save games… and then some.

So I figured that I could just flash PA and then restore using TitaniumBackup, as I’d always done before. The problem was, it didn’t work. I got a parse error message. I decided to ignore the error, and reinstalled via Google Play, following by a data-only restore; i.e. just the .properties and .tar.gz files. Now this caused the applications to crash, leading me to think that my files were encrypted. I was sidetracked by the fact that the applications crashed repeatedly, and Liya could only display the Liya the table structure, but there was no data.

So I pretty much did a ton of research trying to find out what happened:

https://santoku-linux.com/howto/mobile-forensics/how-to-brute-force-android-encryption
https://www1.informatik.uni-erlangen.de/frost

I even used openssl to attempt decrypt, since I remembered my pin, and I knew the cipher; e.g.

$ openssl aes-128-cbc -d -in financisto.db -nosalt -out financisto.db.clear

I am ashamed to note that I’m a noob. Vim gave me a hint, in that the DML was not enciphered. I could see something like ‘create table foo…’, but I ignored it. Then I realized then AES 128 ciphertext didn’t even look like what I had, and then I opened it using the sqlite3 tool:

$ sqlite3 financisto.db
SQLite version 3.7.7 2011-06-25 16:35:41
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> select * from transactions;
1|1|0|0|0|0|Opening amount (MYR)|53400|0|1300572979084||0.0|0.0|0.0||0||||UR||0|1300572979086|0|0|0|0
.
.
.

OK, nothing was encrypted after all, but my apps wouldn’t work. The trick was to use adb push to individually push files into the device. It’s pretty tedious, but in the end it worked for me. Just tar -xof the .tar.gz, and then descend into data/data for the list of files to push over:

$ FOO=/data/data/ru.orangesoftware.financisto/databases/
$ BAR=financisto.db
$ adb push ~/Dropbox/Mako/TitaniumBackup/$FOO/$BAR $FOO

Setting the envvars will help things move along a lot faster, then after that you should have app+data.

Hope this helps some poor paranoid soul like myself sometime soon. Of course, your mileage will vary.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s