Recovering Private Keys from a Destroyed Airgapped Device

Karl gmkarl at gmail.com
Mon Oct 12 04:22:14 PDT 2020 

Something that most victims of [s/having your life fucked up by being
made a corporate mafia bully/accidental destruction of property/]
don't all know is that it is incredibly hard to actually erase
anything from an electronic device.  So please if you tell your
friends let them know that [s/they need to kill you, because you would
be making it blindingly public that your group is surveilling this
mailing list/to keep it secret from anybody who would ever cave to
pressure to erase something/].

Me, I have an old device that I removed the radios from, that has
things like my expired gpg private key, and two factor authentication
codes for accessing various internet accounts that I no longer have
access to.  I used to keep it chained to my belt, which let everyone
who see me know that I was [s/a cool hacker to work with/a person with
exotic skills to limit and control/] except that no normal person has
any clue that it indicates that, because we haven't told them yet.

The way to recover all the data from a destroyed device depends on how
destroyed it is.  It's basically a process of exploration.  My device
no longer turns on, and my computers don't wear their coronavirus
masks; I would have already connected it to a system and copied the
data over with a normal USB cable if that worked.

What we will begin doing here is the pursuit of extracting the data
from the flash chip on the device itself.  Let me get my device first,
it's in my [s/messy broken truck that is my precious only home, where
i have vivid flashbacks of torture whenever i try to organize or even
enter it/desk drawer/].

... psychotic rummaging around ...

Well, I managed to find my box full of destroyed devices with
important information on them, but naturally I did not find the device
in question inside the box.  Instead, we will be opening an example
device, that does not have any crucial private keys, or inaccessible
cryptographic money, inside it, at all.

Here's a beat-up device on an envelope on a table in my parents'
basement.  I actually beat this device up myself, something [s/I was
forced to learn to do to protect my body and mind/I do by accident
when I'm a little careless/].  This phone has some valuable memories
of mine on it, that I haven't been able to access:
https://bico.media/de8fc4b698bf335a706ea59de7ce62b8db4faadf30840ed226cf0964fad84478

The first most important but optional piece of information is the
model number of the phone.  Looking on the back, I see it's an LG
phone.  Lucky for me, the back case snaps right off, like it's
designed to have its battery replaced or something.  Woah!  There's a
128GB SD card in here.  That'll be easy to image, and probably
contains boring large crucial trash like torrent downloads, source
code repositories, or bloated compiled libraries.  Under the battery
we find the model number: LX-X210APM.  This will be important to
google if we need help removing the flash chip, so we don't destroy
the next phone we try this on after further destroying this one.

Next we get to unscrew the back of the phone.  Anybody who
[s/reverse-engineers microchips from live explosives/thinks the
insides of devices are way cooler than the outsides/], has a set of
tiny little screwdrivers.  We'll be using some tiny screwdrivers --
just like those from a glasses repair kit you might by at a pharmacy
or something -- to remove the back of this phone:
https://bico.media/80a558bac401073824196cc762dc11abcdaa38d9efbbb2dfbdad692c550137f3

I'd like to take a little time to reference part of the phone visible
in that picture.  On the left you can see two or three of the antennas
included in the phone.  Each of these antennas is connected to its own
radio.  The antennas are often little conductive stickers placed on
plastic.  The antennas are removable, and you should remove them, but
this doesn't disable the radio, which can still communicate without an
antenna by using more power.  It does significantly reduce its range
and effectiveness.

There are 12 screws on the back of this device, and I will be removing
all of them.

... screws tumble around as a confused man tries to figure out how to
control his fingers ...

Arright.  They're all removed.  Like usual, the back still doesn't
come off.  Usually devices have these kind of one-way plastic snaps,
and you have to figure out where to insert pressure to get them to
unlatch without breaking.  Generally a repair guide tells how to do
this, although sometimes such guides are only available to
professional technicians. I try pressing on the back of the battery
compartment, gently and carefully flexing the body of the device, and
seeing if a tiny flathead screwdriver fits inside any of the crevices,
to see if there are any clues on how to remove the back plate.

At this point I develop an incredible urge to do things that will
destroy my phone, [s/because of being forcibly trained with extensive
torture to harm my own community and values, and the opportunity to
hurt the phone being so near triggering my experience/because I'm
kinda frustrated and breaking it is the easiest way to open it/].  So,
let's see if it's easy to find a disassembly guide online.  Likely
not, I imagine, since there are so many cell phones out there
nowadays.  I use google "LM-X210APM disassembly" [s/so that it's
marketing algorithms can learn better how to predict and control my
behavior in network with other corporations/because google is the only
search engine that gives results for me/] since [s/the developers of
open source decentralized search engines have all been killed by
corporate goonies/we haven't prioritized access to information yet as
a software development community/].

Great!  The community has caught up to cell phone diversity.  There
are lots and lots of disassembly guides.  This one is pretty clear:
https://thd.ifixit.com/Guide/LG+Phoenix+2+Screen+Replacement/105271 .
I'll try to follow the steps of the disassembly guide to access the
mainboard of my broken phone.

The steps turn out to be for a different model of phone, but they
still work great.  The plastic snaps are accessed around the frame
around the screen, on the front side of the phone, and now we have
access to the mainboard.

I want to link a third blockchained photo of the mainboard, but the
transactions for the other two photos are still confirming, and my
blockchaining software (https://github.com/xloem/gitlakepy.git it
needs the confirmations PR to the polyglot library) isn't mature
enough to not produce doublespends.  Additionally, I don't know if
I'll be able to control my hands well enough to remove the shielding
from around the chips: but I bet I could find a way.  For a possible
future email.

More information about the cypherpunks mailing list