If you sew very often or are sewing for the first time Android smartphone or a Samsung tablet, you need to take care of the safety of the IMEI. In the article How to save and restore IMEI on Samsung you will learn how to do this in 2 ways.

Method No. 1 Save and restore IMEI

1. Install on Android Device free application Android Terminal Emulator

2. Go to this application and type the commands:

su dd if=dev/block/xxxxxx of=sdcard/efs.img

In order to repair IMEI:

su dd if=/sdcard/efs.img of=/dev/block/xxxxxxx

Where xxxxxxx this is the name of the EFS block.

How to find out the EFS block name

Go to Android app Terminal Emulator and type the command:

mount

then find the section and its name (in my case the name mmcblk0p1)

su dd if=dev/block/mmcblk0p1 of=sdcard/efs.img su dd if=/sdcard/efs.img of=/dev/block/mmcblk0p1

Method No. 2 Save and restore IMEI

That’s all for the detailed article on backup and restoration of efs android, don’t lose your IMEI!

This article is about recovery
encrypted file system (efs) performance, import
keys from the old user profile in
new system for gaining access to
encrypted information. To start
let's decide what you can do first
try a number of existing utilities for
this work, the work performed in the article
requires certain knowledge and skills.

• Our favorite elcomsoft offers advanced
  efs data recovery for 2K/XP for $99 with
  demo version available.
• Our beloved Microsoft also has in its
  arsenal recovery program
  reccerts.exe, which can be obtained via
  paid support service.
• Well, unknown to us, Passware offers efskey,
  which is said to be slower
  aefsdr, but costs exactly the same - 95 conventional
  raccoons

Let's return to our sheep. By default names
efs in XP are colored green. If everything fails
keys are naturally lost, and when opened
file creates a blank document with
description of the error. For example:

• notepad: cannot open the c:\documents and settings\foo\my
  documents\report.txt
• file: make sure a disk is in the drive you specified.
• wordpad: access to c:\docume~1\foo\mydocu~1\report.txt was denied.

This error usually appears
indicates that for everyone
users who had access to the file,
The wrong encryption key is being used.
There may be several reasons for this -
the most common is reinstallation
systems.

Everyone is recommended before the first
using efs to export
public and private keys, and
preferably on another medium (cipher /?) - these
keys are randomly generated upon creation and
when reinstalling the system
naturally do not repeat. Surprisingly,
maybe on purpose, at the first
no warnings when using efs
valiant Microsoft does not give out and there is a real
completely forget about the danger.

In 2K and XP, data on efs is here:

c:\documents and settings\user\application data\microsoft\crypto\ -
private key
c:\documents and settings\user\application data\microsoft\protect\ -
password entry to the private key
c:\documents and settings\user\application data\microsoft\systemcertificates\ -
public key. In general, not so
important.

Let's say the files have been saved and you need them
use. To work with file
the system requires the same account with the same
computer number, which is what it was originally.
You can find this data here:

c:\documents and settings\%username%\application data\microsoft\crypto\rsa\s-1-5-21-1078081533-
1606980848-854245398-1003

Computer number: 1078081533-1606980848-854245398
User number: 1003

In hex, respectively: fd374240 f094c85f 16c0ea32 and 3eb.

Go to hklm\sam\sam\domains\account\users\%usernumbers% and
check if there is an account with the same number in
system. If there is, then you need to find the name
user and create a profile with
original password. If it doesn’t exist, we create it,
having previously changed hklm\sam\sam\domains\account\f to
offset 48 to the required number, and add
him to the admin group. Next: in
hklm\sam\sam\domains\builtin\aliases\00000220\c change the machine SID
to the original one. We do the following and
here: hklm\sam\sam\domains\account\v. From hklm\software\microsoft\windows
nt\currentversion\profilelist\ export the key,
describing the car number with the suffix of
user numbers, change to
original numbers and import them back.
Copy the folders with keys to c:\documents and
settings\%username%\application data\microsoft\, reboot...
and everything should work.

In the next part we will look at the situation
in which there are no key files.

We have already looked at how it is possible. I said there that by default only the given user. I also said there that the private key, which is used to decrypt encrypted EFS files, is stored in the personal certificate store. But what happens if the user loses access to his private key? How then to recover files encrypted using EFS?

EFS Recovery Agent

EFS Recovery Agent is an Administrator account local computer or domain administrator, depending on where you are. The administrator account can decrypt files encrypted by other users and return them to the owner. But to do this, you need to create an EFS Recovery Agent certificate and allow it access to all newly encrypted files. I hope you remember how in the previous article we allowed another user to access encrypted files. This is exactly what happens with the recovery agent, only it's all done automatically.

How to create an EFS recovery agent?

In this article, I will not cover creating an EFS recovery agent within a domain. Let's consider only creating the Encrypting File System recovery agent on the local machine. To do this, use the default administrator account to run the following command in a command prompt window:

cipher /r:recoveryagent

The response to this command will be the creation of two files:

1. recoveryagent.cer
2. Recoveryagent.pfx

They will both be located in the root folder of the computer administrator. The next step is to let the operating system know that an EFS recovery agent has just been created. To do this you need to open Local editor group policy and go to node Computer Configuration/Windows Configuration/Security Settings/Public Key Policies/Encryption file system and find the item Add data recovery agent. Opening this policy certificate must be specified recoveryagent.cer. Then save the changes and .

How to recover EFS encrypted files?

Once the EFS Recovery Agent is created, all newly encrypted files can be recovered using an administrator account. To do this, the computer administrator needs to find and run the file Recoveryagent.pfx. After launching, you need to go through all the newly opened windows in hamster mode, after which the computer administrator will be able to access all encrypted files. And he will also be able to remove encryption from them and return them to the user. This is how EFS recovery is possible.

EFS on Qualcomm devices, backup, recovery

You can share your experience or ask a question at.
This instruction is dedicated to how to use the program " QFIL"make a backup" EFS"on PC, as well as the process of restoring a backup copy" EFS" to device: " Lenovo based on Qualcomm".

Preparation

• Follow the instructions: .
• Open the folder of the installed software package" QPST", and run " QFIL.exe".

• Make sure that the program has detected the device in the mode: " Lenovo HS-USB Diagnostics".

• IN top menu programs " QFIL" choose " Tools" -> "QCN Backup Restore".

Creating an EFS Backup

Backup QCN" and wait for the process to finish Reserve copy. By default, the backup copy (file 00000000.qcn) will be saved in the folder " C:\temp\", it is better not to change the location for saving and the name of the backup copy. If the device is a dual-SIM device, then check the "Enable Multi-SIM" option. Backup " EFS"It is advisable to copy it to a couple of safe places.

Log of a successfully created backup:

Process Index:0 Start Download QCN COM Port number:7 Checking if phone is connected... IsPhoneConnected: Passed. Phone is connected Sent SPC code to the phone successfully Downloading QCN file: C:\temp\00000000.qcn Done downloading the qcn file: C:\temp\00000000.qcn Finish Backup QCN

Restoring EFS from a backup

In the window that opens, click on the button " Browse", specify the path to the file " 00000000.qcn" and press " Open". If the device is dual-SIM, then check the "Enable Multi-SIM" option.
Click on the " Restore QCN" and wait for the recovery process to complete.

Log of a successfully restored backup

Process Index:0 Start Restore QCN COM Port number:7 Uploading QCN file: C:\temp\00000000.qcn Checking if phone is connected... Done uploading the QCN file: C:\temp\00000000.qcn Finish Restore QCN

When working with operating rooms Windows systems XP/Vista/7 and recovering passwords for mail and Internet sites. The next task that often has to be done when investigating incidents is recovering passwords to archives, mail clients and EFS (Encrypting File System). This will be discussed in this article.

EFS Key Recovery

In fact, the best thing to do in this situation is to recover the user's password. Then decrypting EFS will be much easier, we will return to this later. However, you need to understand that even if you do not have a password, you can still try to decrypt the corresponding files and folders. This is what Advanced EFS Data Recovery software is designed for.

In this software For the convenience of the user, a corresponding Advanced EFS Data Recovery wizard has been created, with which you can go through the entire decryption process step by step. Or you can use "Expert Mode" to perform the actions yourself.

In my opinion, if a person using Advanced EFS Data Recovery does not feel confident, it is much more convenient to use the Advanced EFS Data Recovery Wizard. Let's look at this mode in more detail.

At the first stage of the Advanced EFS Data wizard Recovery system will ask for the personal certificate used for EFS.

Let's assume you have such a certificate (this is an extremely rare situation, because for some reason users either neglect to export certificates or simply forget where they exported it). In this case, everything is quite simple. You are required to select the certificate file and enter the certificate password. Next, a search is made for all folders and files encrypted with its help on local partitions. You receive a list of files encrypted with this certificate that you can decrypt. Naturally, if you examine your computer, you will have to decrypt it onto another hard drive or external storage device so as not to damage anything.

But what if you don't have a certificate? In this case, the Advanced EFS Data Recovery wizard will prompt you to search for it on your hard drive. Please note that you can search for a certificate not only among existing files, but also among deleted ones. But to do this, you need to enable the "Scan sector by sector" checkbox. It is recommended to enable this mode when rescanning, if on the first pass you did not find the required certificates.

Next, it will take you some time to find the keys. As a result of the search, a wizard window will be displayed. If the keys are not found, you must enter the username (EFS owner) and his password or, as a last resort, a HEX code. How to obtain a user password was described in the previous article.

If you know the user's password, you enter the name of the corresponding account and her password and press the "Forward" button. Next, the found folders and files encrypted using EFS are decrypted. As you can see, even if you reinstalled operating system, this does not mean that you have lost data encrypted with EFS.

Don't forget that if you know the name and password of the account under which encryption was carried out, the decryption process will take much less time. Otherwise, you can try to decrypt using expert mode. Although it must be admitted that the probability of a positive result in in this case noticeably lower. You will be prompted to add a password from the dictionary. Naturally, it is assumed that you have the dictionary files.

I would like to note the following. As we can see, today there are quite powerful tools for recovering (cracking) passwords. Therefore, to ensure their durability we have three options:

1. Further increase in length and complexity (in my opinion, the path is a dead end, because sooner or later users begin to get confused, forget passwords, use the same one for all occasions, etc.).
2. Use of biometric authentication tools.
3. Use of multi-factor authentication and certificates. This path again, in my opinion, much more promising, but it is worth considering that the proposed solutions, of course, cost money, and sometimes quite a lot.

The choice, of course, is yours.

Vladimir BEZMALY