Closed fabian-thomas closed 1 year ago
jackwilsdon
commented
1 year ago Could you please try the no-tink branch? It's an older version of the code where I implemented the decryption myself instead of using Google's tink library - it might provide a more useful error.
fabian-thomas
commented
1 year ago Then I get error: failed to decrypt metadata: failed to decrypt segment 0: cipher: message authentication failed
jackwilsdon
commented
1 year ago Hmm, that's annoying. What version of Seedvault is the backup from? I've just made a backup on GrapheneOS using Seedvault 13-3.3 and it extracted fine.
fabian-thomas
commented
1 year ago It's 13-3.3 too on Lineage OS 20.
jackwilsdon
commented
1 year ago The only things I can think of are:
1654132963860), as this is used as part of the decryption keyApart from those two, I'm not too sure what to think here. I'll have to have a read through the Seedvault decryption code again and see if I missed anything (the files of interest are MetadataReader.kt and Crypto.kt).
fabian-thomas
commented
1 year ago Yeah, June last year should be the time where I replaced my phone. For me the same directory is used for incremental backups. Isn't that the default? Unix timestamps on my backup server say that new backup data is added from time to time.
Maybe I can try to delete this backup and create an entirely new one. Do you have experience with that? Can I just delete the .seedvault directory on Android and reinitialize seedvault?
jackwilsdon
commented
1 year ago You're right - it seems like Seedvault reuses the same directory (token) for all backups.
I'd be cautious about removing the backups directory, I ended up breaking Seedvault (crash loop) on my device by doing this and I had to clear its app data for it to recover.
I've got an old device which supports LineageOS 20 (crazy how far back they support!) - I'll try installing it and see if I can reproduce this with a fresh backup (I'd prefer this to the chance of anything happening to your Seedvault :grin:)
The only other thing worth confirming is that the .backup.metadata file in the backup on your PC matches the one on your device (i.e. it hasn't been corrupted during transfer).
jackwilsdon
commented
1 year ago I've set up a device on LineageOS 20-20230511-NIGHTLY (Seedvault 13-3.3) and I'm able to extract the generated backup without any issues (I've attached the file to https://github.com/tlambertz/seedvault_backup_parser/issues/14#issuecomment-1552173811). I'm not too sure what to recommend at this point except for verifying file integrity as I mentioned above.
fabian-thomas
commented
1 year ago Thanks for doing that. 😁 I tried my backup once again and now it decrypts fine. I guess there was some broken state involved that got resolved during a backup this night. Thanks for your help and sorry for wasting your time. 😄 ( I can decrypt your backup fine too)
jackwilsdon
commented
1 year ago Fantastic news! Glad to hear it's working for you now :tada:
nettnikl
commented
1 year ago Hey, having the same issue with 3 existing backups (can't create new ones atm sadly). My phone created 3 different folders on the backup device + the sv folder.
I'm also getting
error: failed to decrypt metadata: failed to read decrypted data: cipher: message authentication failed
and on the no-tink branch
error: failed to decrypt metadata: failed to decrypt segment 0: cipher: message authentication failed
.
Could it also be related to wrong usage? ( ./seedvault-extractor-darwin-arm64 1677281112300 "tree tree tree tree tree tree tree tree tree tree tree tree") Or would you say all three backups are probably corrupted?
fabian-thomas
commented
1 year ago I would not say that it's due to incorrect usage. Your command looks right. I had the same issue and did not change anything until it worked.
I'm currently still having problems with the backup extraction. The tool is missing some encrypted blobs. I would say it's a problem with Seedvault itself.
Btw: how do you transfer the seedvault backup? Nextcloud, web dav or local storage?
nettnikl
commented
1 year ago Thanks for the reply. I was using web dav in my local network.
fabian-thomas
commented
1 year ago Hmm, I'm using local storage + syncthing.
nettnikl
commented
1 year ago I just spend way too much time on this topic, regarding i have most of my data in another backup solution, but here i am, and hear me out:
The mnemonics are the key!
In my case, i always copy/pasted the words through a (hopefully) secure storage solution, so i didn't think much about it, but i just tried out how the keys change if you switch around the mnemonics, and realized they are literally just a character array, not a fancy way to remember words (that map to like 2 bytes or something). So, i though maybe when pasting in the seedvault app, there is automatically an case correction done (or similar).
As it turns out, one of the mnemonic words was displayed with a typo in the seedvault app. Which had to be corrected!
E.g. the app displayed
tree tree tree tree tree tree tree tree tree tree tree honye.
So, after you paste it to your command line, you have to correct to
tree tree tree tree tree tree tree tree tree tree tree honey.
Now it works great, thanks everyone!
If I run it on my backup with:
I get the following error:
I'm not sure how I can further help, since I don't want to share my backup. 😅 But if you give me a direction I may be able to debug it myself. I verified that the mnemonic is the correct one by entering it in the seedvault verifier on Android.