This utility is specifically geared for decrypting Android emulator images. It is intended for Android version 11+ (API version 30+). For Android versions 9.0 or earlier, which use Full-Disk Encryption (FDE) you will need a different tool.
This script also doubles as the most complete documentation of FBE, as the official documentation only paints broad strokes, and the source code is spread across several different projects.
First, you will need to install NodeJS. Then, open a command line terminal, and navigate to the location of the emulator image:
cd ~/.android/avd/MyDevice.avdFinally, run the script:
node /path/to/fbe-encrypt.mjsThe script will create a file called userdata-decrypted.img in the current directory. This is an Ext4 partition image file. It can be mounted as a drive, or opened with an application that can read Ext4 images, e.g. 7-Zip.
The script does not take any parameters, and makes several assumptions regarding the image. These assumption hold for a default Android image, but may vary based on the installed ROM. These assumptions include:
persistent.sqlite and not in 1000_USRSKEY_synthetic_password_* (Applies as of Android 12). Alternately, there is no synthetic password (Applies to older Android versions when not locked with a PIN)Comments within the source code show where these assumptions are made, and give hints on how the code may be changed to support other configurations.
Before decrypting an image, make sure you shut down the emulator using the emulated power button. The emulator emulates a full system including a disk write cache. If the device is not shut down in a way the emulated system recognizes, some blocks may be left unwritten to disk. This could result in a failure to decrypt, or in a corrupt decrypted image.