Failed to decrypt metadata

[fabian-thomas]

If I run it on my backup with:

export DEBUG=1
seedvault-extractor-linux-amd64 1654132963860 "maid strategy ... (10 words following)" 

I get the following error:

version: 1
token: 1654132963860
seed: <128 byte hash>
key: <64 byte hash>
error: failed to decrypt metadata: failed to read decrypted data: cipher: message authentication failed

I'm not sure how I can further help, since I don't want to share my backup. 😅
But if you give me a direction I may be able to debug it myself.
I verified that the mnemonic is the correct one by entering it in the seedvault verifier on Android.

[jackwilsdon]

Could you please try the no-tink branch? It's an older version of the code where I implemented the decryption myself instead of using Google's tink library - it might provide a more useful error.

[fabian-thomas]

Then I get error: failed to decrypt metadata: failed to decrypt segment 0: cipher: message authentication failed

[jackwilsdon]

Hmm, that's annoying. What version of Seedvault is the backup from? I've just made a backup on GrapheneOS using Seedvault 13-3.3 and it extracted fine.

[fabian-thomas]

It's 13-3.3 too on Lineage OS 20.

[jackwilsdon]

The only things I can think of are:

1. Ensure that you haven't renamed the backup directory (1654132963860), as this is used as part of the decryption key
2. That backup is a rather old one (from the directory name it appears to be from June last year) - do newer backups decrypt OK?

Apart from those two, I'm not too sure what to think here. I'll have to have a read through the Seedvault decryption code again and see if I missed anything (the files of interest are MetadataReader.kt and Crypto.kt).

[fabian-thomas]

Yeah, June last year should be the time where I replaced my phone. For me the same directory is used for incremental backups. Isn't that the default? Unix timestamps on my backup server say that new backup data is added from time to time.

Maybe I can try to delete this backup and create an entirely new one. Do you have experience with that? Can I just delete the .seedvault directory on Android and reinitialize seedvault?

[jackwilsdon]

You're right - it seems like Seedvault reuses the same directory (token) for all backups.

I'd be cautious about removing the backups directory, I ended up breaking Seedvault (crash loop) on my device by doing this and I had to clear its app data for it to recover.

I've got an old device which supports LineageOS 20 (crazy how far back they support!) - I'll try installing it and see if I can reproduce this with a fresh backup (I'd prefer this to the chance of anything happening to your Seedvault 😁)

The only other thing worth confirming is that the .backup.metadata file in the backup on your PC matches the one on your device (i.e. it hasn't been corrupted during transfer).

[jackwilsdon]

I've set up a device on LineageOS 20-20230511-NIGHTLY (Seedvault 13-3.3) and I'm able to extract the generated backup without any issues (I've attached the file to tlambertz/seedvault_backup_parser#14 (comment)). I'm not too sure what to recommend at this point except for verifying file integrity as I mentioned above.

[fabian-thomas]

Thanks for doing that. 😁
I tried my backup once again and now it decrypts fine. I guess there was some broken state involved that got resolved during a backup this night. Thanks for your help and sorry for wasting your time. 😄
( I can decrypt your backup fine too)

[jackwilsdon]

Fantastic news! Glad to hear it's working for you now 🎉

[nettnikl]

Hey, having the same issue with 3 existing backups (can't create new ones atm sadly). My phone created 3 different folders on the backup device + the sv folder.

I'm also getting
error: failed to decrypt metadata: failed to read decrypted data: cipher: message authentication failed
and on the no-tink branch
error: failed to decrypt metadata: failed to decrypt segment 0: cipher: message authentication failed
.

Could it also be related to wrong usage? ( ./seedvault-extractor-darwin-arm64 1677281112300 "tree tree tree tree tree tree tree tree tree tree tree tree") Or would you say all three backups are probably corrupted?

[fabian-thomas]

I would not say that it's due to incorrect usage. Your command looks right. I had the same issue and did not change anything until it worked.

I'm currently still having problems with the backup extraction. The tool is missing some encrypted blobs. I would say it's a problem with Seedvault itself.

Btw: how do you transfer the seedvault backup? Nextcloud, web dav or local storage?

[nettnikl]

Thanks for the reply. I was using web dav in my local network.

[fabian-thomas]

Hmm, I'm using local storage + syncthing.

[nettnikl]

I just spend way too much time on this topic, regarding i have most of my data in another backup solution, but here i am, and hear me out:

The mnemonics are the key!

In my case, i always copy/pasted the words through a (hopefully) secure storage solution, so i didn't think much about it, but i just tried out how the keys change if you switch around the mnemonics, and realized they are literally just a character array, not a fancy way to remember words (that map to like 2 bytes or something). So, i though maybe when pasting in the seedvault app, there is automatically an case correction done (or similar).

As it turns out, one of the mnemonic words was displayed with a typo in the seedvault app. Which had to be corrected!
E.g. the app displayed
tree tree tree tree tree tree tree tree tree tree tree honye.
So, after you paste it to your command line, you have to correct to
tree tree tree tree tree tree tree tree tree tree tree honey.

Now it works great, thanks everyone!