How to mount encrypted /data partition in recovery mode?

Okay thanks! I executed the commands:

anonymous@anonymous:~$ adb shell
FP3:/ # ls /dev/block/bootdevice/by-name/userdata                                                   
/dev/block/bootdevice/by-name/userdata
FP3:/ # mkdir -p /mnt/userdata
FP3:/ # mount /dev/block/bootdevice/by-name/userdata /mnt/userdata/
FP3:/ # du -cs /mnt/userdata/* | sort -n | tail -n10
5132	/mnt/userdata/system_ce
17080	/mnt/userdata/misc
17336	/mnt/userdata/vendor
23048	/mnt/userdata/system
34888	/mnt/userdata/user_de
118424	/mnt/userdata/tombstones
3021288	/mnt/userdata/app
14200420	/mnt/userdata/data
32829028	/mnt/userdata/media
50273856	total

Also the other directories:

FP3:/ # ls -l mnt/userdata/                                                                                                                                                                                total 468
drwx------   2 root     root      4096 1970-01-02 14:24 adb
drwx------   2 root     root      4096 1970-01-02 14:24 adbroot
drwxrwxr-x   2 system   system    4096 2022-11-11 15:41 anr
drwxr-xr-x   6 root     system    4096 1970-04-28 05:40 apex
drwxrwx--x  56 system   system   12288 2022-11-11 16:13 app
drwx------   2 root     root      4096 1970-01-02 14:24 app-asec
drwxrwx--x   2 system   system    4096 1970-01-02 14:24 app-ephemeral
drwxrwx--x   2 system   system    4096 1970-01-02 14:24 app-lib
drwxrwx--x   2 system   system    4096 1970-01-02 14:24 app-private
drwxr-x---   2 system   system    4096 1970-01-02 14:24 app-staging
drwx------   5 system   system    4096 2022-11-13 13:22 backup
drwxr-xr-x   2 shell    shell     4096 1970-01-02 14:24 bootchart
drwxrwx---   5 system   cache     4096 1970-01-02 14:24 cache
drwxrwx--x   4 root     root      4096 1970-03-22 04:41 dalvik-cache
drwxrwx--x 297 system   system   20480 2022-11-11 16:06 data
drwxrwx--x   2 system   system    4096 1970-04-28 05:41 dpm
drwxrwx---   3 drm      drm       4096 2020-12-15 00:47 drm
drwxrwx--x   2 system   system    4096 1970-01-02 14:24 fota
drwx------   5 root     root      4096 1970-04-28 05:41 gsi
drwxrwx---   2 system   wifi      4096 1970-01-02 14:24 hostapd
drwxrwx--x   2 system   system    4096 1970-04-28 05:40 incremental
drwxrwx---   2 system   cache     4096 2022-11-05 16:04 lineageos_updates
drwxr-x--x   4 root     root      4096 1970-01-02 14:24 local
drwxrwx---   2 root     root     16384 1970-01-02 14:24 lost+found
drwxrwx---   3 media_rw media_rw  4096 2022-11-13 13:22 media
drwxrwx---   2 mediadrm mediadrm  4096 1970-01-02 14:24 mediadrm
drwxrwx--t  55 system   misc      4096 2022-11-07 12:22 misc
drwxrwx--t   3 system   misc      4096 2020-12-15 00:47 misc_ce
drwxrwx--t   3 system   misc      4096 1970-01-02 14:24 misc_de
drwxrwx---   3 nfc      nfc       4096 2020-12-15 00:47 nfc
drwxrwx--x   2 root     root      4096 1970-03-22 04:41 ota
drwxrwx---   2 system   cache     4096 1970-01-02 14:24 ota_package
drwx------   2 system   system    4096 2022-11-13 13:22 per_boot
drwxrwxr-x   2 system   system    4096 1970-01-02 14:24 preloads
drwx------   2 root     root      4096 2022-11-13 13:22 property
drwxrwx--x   2 system   system   20480 2022-11-07 12:22 resource-cache
drwx------   2 system   system    4096 1970-01-02 14:24 rollback
drwx------   2 system   system    4096 1970-01-02 14:24 rollback-observer
drwxrwxr-x   2 system   system    4096 1970-01-02 14:24 server_configurable_flags
drwxr-xr-x   2 system   system    4096 1970-01-02 14:24 shared
drwx------   2 system   system    4096 1970-01-02 14:24 ss
drwxr-x---   3 root     shell     4096 1970-01-02 14:24 ssh
drwxrwxr-x  26 system   system    4096 2022-11-13 13:22 system
drwxrwx---   3 system   system    4096 2020-12-15 00:47 system_ce
drwxrwx---   3 system   system    4096 2022-11-13 13:22 system_de
drwxrwx--x   2 system   system    4096 2022-10-23 13:09 tombstones
drwx------   3 root     root      4096 1970-01-02 14:24 unencrypted
drwx--x--x   3 system   system    4096 1970-04-28 05:40 user
drwx--x--x   3 system   system    4096 1970-01-02 14:24 user_de
drwxrwx--x  40 root     root      4096 1970-04-28 05:41 vendor
drwxrwx--x   3 root     root      4096 2020-12-15 00:47 vendor_ce
drwxrwx--x   3 root     root      4096 1970-01-02 14:24 vendor_de

and the question is now: Is there anything that I can remove more or less safely? I hoped to be able to remove data from certain apps. But I cannot find where the data belongs to.

you go inside media/ and drill yourself down the dirextories until you find some juicy big files, videos presumably (you wont be able to tell from outside though). It’s russian roulette and I wont take responsibility

Can I somehow copy all of it to my Ubuntu? There I could probably decrypt it.

part of the encryption schemes on Android involve a device-key, stored with the TEE (trusted exec environ)… so your pin unlocks the device-key, and the device-key (or both together) encrypt data. So if you grab that data, you’ll also need to extract the TEE key. I’m sure the forensic toolkit for this exists … but it’s easier to throw a bit of data away?

go into /mnt/userdata/media (and data) and exec a “du -cs . | sort -n” to see where there is potential? in my experience, videos received via messengers comprise a large portion of smartphone storage.

I don’t know if the find command is available (can’t check presently). If it is, then maybe this helps:

find . -type f -size +10M

It worked!!! Thank you both so much! It is possible to see the type of a file. So I could simply delete some videos and /e/OS would boot normally again!

1|FP3:/mnt/userdata/media/0/wIQzCnKK9bp7ZKlZTZC9yB # ls -l                                                                                                                                                
total 340124
drwxrwxr-x 2 media_rw media_rw        4096 2022-11-09 11:38 7ZeokuV,R3Ql3iEToWKOSC
-rw-rw-r-- 1 media_rw media_video 15933812 2020-12-20 17:01 B,wdUX7x,T60iwFvPWDIoQrxTkwgxQYhSilb,A
-rw-rw-r-- 1 media_rw media_video 23049127 2021-04-17 07:57 HHFLEXY4CcLwD,pjhK5HS1P,Gc9hFVakwpAXKA

I think /e/OS should ensure that it can always boot (if that’s possible), no matter how much memory is used. I think user applications should not be able to polute the system so much that /e/OS cannot be booted anymore. Maybe an issue can be opened for this?

so I haven’t read about code that controls this - but my guess is that your device did have enough storage for the OTA zip and the unpack → but had insufficient space at first boot when creating the dalvik cache, as this one is with the userdata partition on the FP3.

The update mechanism would need to calculate some extra space for the dalvik-cache before update. Depending on amount of apps installed the size requirements can be different.

The teamwin recovery (twrp) has menu options to clear that directory. Could be implemented with the lineage/e-recovery menu too for users that have locked devices.

Why dalvik cache? after an update all dex classes of apps and system are regenerated. That’s bytecode optimization for the java apps running in the android jvm (aka dalvik).

Edit: and nice that Android shows the file-group for encrypted files, makes it easier to pick them out. It cannot infer the filetype at that point, but file ownership gives it away interestingly

Hi everyone, I’m in the same situation as 2t8 but when i try this line:
mount /dev/block/bootdevice/by-name/userdata /mnt/userdata/
it says “need -t”, and when I do:
mount -t /dev/block/bootdevice/by-name/userdata /mnt/userdata/
it says
mount: ‘/mnt/userdata/’ not in fstab
yet, ‘/mnt/userdata/’ exists.
Any suggestion? Thanks!

if you need for whatever reasons supply -t it needs a filesystem type: it’s either ext4 or f2fs:

mkdir -pv /mnt/userdata/
mount -t ext4 /dev/block/bootdevice/by-name/userdata /mnt/userdata/

Thank you for the quick reply after all this time!
When I try the ‘mount’ line with ext4 or f2fs it now says:
mount: ‘/dev/block/bootdevice/by-name/userdata’ → ‘/mnt/userdata/’: Invalid argument
I forgot to mention that it’s a Pixel 5, if that makes a difference

redfins common-tree is redbull with that fstab layout, weird it doesn’t work. What’s the output of plain “mount” ?

it is:
mount: /dev/block/bootdevice/by-name/userdata: need -t

plain “mount” will output a list of currently mounted paths - if it doesn’t, you’re somwhere or in some context that I do not expect. What is your full command line inputs and outputs when going about the method described in this thread?

please use triple-backticks if you can for things commandline to avoid autoformatting by the forum software

>adb shell
redfin:/ # ls /dev/block/bootdevice/by-name/userdata
/dev/block/bootdevice/by-name/userdata
redfin:/ # mkdir -p /mnt/userdata
redfin:/ # mount /dev/block/bootdevice/by-name/userdata /mnt/userdata/
mount: /dev/block/bootdevice/by-name/userdata: need -t
1|redfin:/ #
1|redfin:/ #
1|redfin:/ # mount -t /dev/block/bootdevice/by-name/userdata /mnt/userdata/
mount: '/mnt/userdata/' not in fstab
1|redfin:/ # mkdir -pv /mnt/userdata/
redfin:/ # mount -t ext4 /dev/block/bootdevice/by-name/userdata /mnt/userdata/
mount: '/dev/block/bootdevice/by-name/userdata'->'/mnt/userdata/': Invalid argument
1|redfin:/ # mount -t f2fs /dev/block/bootdevice/by-name/userdata /mnt/userdata/
mount: '/dev/block/bootdevice/by-name/userdata'->'/mnt/userdata/': Invalid argument
1|redfin:/ #
1|redfin:/ # mount
rootfs on / type rootfs (rw,seclabel,size=3657996k,nr_inodes=914499)
tmpfs on /dev type tmpfs (rw,seclabel,nosuid,relatime,size=3819980k,nr_inodes=954995,mode=755)
devpts on /dev/pts type devpts (rw,seclabel,relatime,mode=600,ptmxmode=000)
proc on /proc type proc (rw,relatime,gid=3009,hidepid=2)
sysfs on /sys type sysfs (rw,seclabel,relatime)
selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime)
tmpfs on /mnt type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3819980k,nr_inodes=954995,mode=755,gid=1000)
tmpfs on /apex type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,mode=755)
tmpfs on /linkerconfig type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,mode=755)
tmpfs on /mnt/installer type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3819980k,nr_inodes=954995,mode=755,gid=1000)
tmpfs on /mnt/androidwritable type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3819980k,nr_inodes=954995,mode=755,gid=1000)
none on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime)
tmpfs on /tmp type tmpfs (rw,seclabel,relatime)
tmpfs on /storage type tmpfs (rw,seclabel,relatime,mode=050,gid=1028)
binder on /dev/binderfs type binder (rw,relatime,max=1048576,stats=global)
pstore on /sys/fs/pstore type pstore (rw,seclabel,relatime)
none on /config type configfs (rw,relatime)
adb on /dev/usb-ffs/adb type functionfs (rw,relatime)
fastboot on /dev/usb-ffs/fastboot type functionfs (rw,relatime)
/dev/block/sda15 on /metadata type ext4 (rw,seclabel,relatime,discard,nodelalloc,commit=1,data=journal)
redfin:/ #

from my fairphone3… can you skip by-name and try to mount by mmc partition? (the mmcblk path will differ on your device)

$ ls -l /dev/block/by-name/userdata
/dev/block/by-name/userdata -> /dev/block/mmcblk0p62
$ mount -t auto /dev/block/mmcblk0p62 /mnt/userdata

and if you can - I’d be interested in a

cat /etc/fstab

Thank you so much for your patience. I’m sorry I have zero knowledge in this so that makes it complicated.

redfin:/ # cat /etc/fstab
/dev/block/by-name/metadata /metadata ext4 discard,data=journal,commit=1 0 0
/dev/block/bootdevice/by-name/modem_a /vendor/firmware_mnt vfat shortname=lower,uid=0,gid=1000,dmask=227,fmask=337,context=u:object_r:firmware_file:s0 0 0
/dev/block/bootdevice/by-name/userdata /data f2fs discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,inlinecrypt 0 0
redfin:/ #
redfin:/ # ls -l /dev/block/by-name/userdata
lrwxrwxrwx 1 root root 16 1970-08-20 11:40 /dev/block/by-name/userdata -> /dev/block/sda19
redfin:/ # mount -t auto /dev/block/sda19 /mnt/userdata
mount: /dev/block/sda19: need -t

we could be all blind chickens… you could just do a

mount /data

that should work with that fstab, then navigate to /data/media/0/

redfin:/ # ls /dev/block/bootdevice/by-name/userdata
/dev/block/bootdevice/by-name/userdata
redfin:/ # mkdir -p /mnt/userdata
redfin:/ # mount /data
mount: '/dev/block/bootdevice/by-name/userdata'->'/data': Invalid argument
1|redfin:/ # mount /data/
mount: '/data/' not in fstab
1|redfin:/ #

(sorry for prior edit) - not sure what’s going on, the commands I posted work in the FP3 recovery. I’d need to sit in front of the shell myself

I understand. Thank you so much already for taking the time to help!