Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption (Bits Please)

The "Bits Please" blog has adetailed description of how one breaks full-disk encryption on anAndroid phone. Included therein is a lot of information on how full-diskencryption works on Android devices and its inherent limitations."Instead of creating a scheme which directly uses the hardware keywithout ever divulging it to software or firmware, the code above performsthe encryption and validation of the key blobs using keys which aredirectly available to the TrustZone software! Note that the keys are alsoconstant - they are directly derived from the SHK (which is fused into thehardware) and from two 'hard-coded' strings. Let's take a moment to explore some of the implications of thisfinding."