This tools is not support to decrypt the image from physical disc dump?

[davx2012]

As subject. I can't decrypt data from the phone disc dump via this tools?

[SlugFiller]

Using this tool with a phone disk dump presents several challenges:

1. The tool reads Qemu's Qcow2 images by default. You can convert raw images to Qcow2 using qemu-img, or simply replace BlockDevQcow2.open with BlockDevFile.open.
2. You need a dump of the encrypted key partition. This is usually present on the secure element, and hence, cannot be dumped without specialized tools.
3. If the phone was locked with a PIN, you need to adjust the synthetic password blob decryption process to account for the PIN.
4. If the phone was equipped with a weaver-compatible encryption chip, the synthetic password's outer key would not be present in persistent.sqlite, and instead be stored on the weaver-compatible chip itself. Extracting this outer key would require VERY specialized tools. There is actually a demonstration in which an extra switch is soldered to the phone's board to trigger a bypass of the weaver chip, combined with a special crafted ROM.

Basically, in addition to the small adjustable software deficiencies, you will also need to bypass the phone's hardware protection designed to ensure that not everything is dumpable.

Google most likely designed these hardware measures under the assumption that most people would only use short 4-digit PINs, which could easily be brute-forced with enough machines running in parallel, if one has access to a full dump.