Hi! I managed to compile a bionic version of cryptsetup with libcrypto instead of gcrypt, and I put it inside Steam Kernel, so anyone can play with it. This is actually not new to android, as from Froyo, the APKs that can get installed on the external SD, are actually also uding dm-crypt, although they are doing through vold, and not via device-mapper. It is actually strange, that Android has filesystem encryption on inside the kernels by default, but they are using it to keep us out from the system, and not actually to make other people get inside the system more harder.
In Steam Kernel, you can now chose to apply filesystem encryption to any of the 3 main partitions (cache, data, dbdata). The password can be entered using the screen by one, or multiple Swypes (up to 255 elements). Each swype creates a word, and words will be separated by "_". This mechanism was invented, as with this one can potentially achieve a good-enough entropy (although I'm not a cryptoanalyst), than by for example a simple PIN code entry box.
If you worry about speed, quadrant scores are around 1400 if using ext4+crypt, so they're still better, than stock rfs. I can't say much about battery life yet.
This feature is beta however, so don't rely valuable data to it yet, as it hasn't been throughly tested yet. (ancrpytion should be fine, I'm actually worried about data corruption).
The way to secure android is not yet finished however. I'm trying to find a way to secure adb, even if it's running root mode. (as running adb in root mode is good for debugging, but bad for security).
Questions on this topic is welcome.
Very impressive stuff, and still opensource.
It's a real innovation, congrats!
sztupy said:
The way to secure android is not yet finished however. I'm trying to find a way to secure adb, even if it's running root mode. (as running adb in root mode is good for debugging, but bad for security).
Click to expand...
Click to collapse
First weak security point for the Galaxy S phones is definitely the ability to flash anything with Odin.
As you cannot trust, well... anything your Filesystem Encryption approach is definitely the good one!
Other current weak point is the adbd exploit (rageagainstthecage) - so easy to use. I guess you can replace adbd in your ramdisk by the Gingerbread one, which is not vulnerable, if not done already
Yes this is really impressive man...
You should be hired by samsung to set there software ass rite :-D
Sent from my GT-I9000 using XDA App
supercurio said:
First weak security point for the Galaxy S phones is definitely the ability to flash anything with Odin.
As you cannot trust, well... anything your Filesystem Encryption approach is definitely the good one!
Other current weak point is the adbd exploit (rageagainstthecage) - so easy to use. I guess you can replace adbd in your ramdisk by the Gingerbread one, which is not vulnerable, if not done already
Click to expand...
Click to collapse
You would still lose the benefit of being secure + having the comfort of adb root. I'm more into the fact you have to login to the phone in order to use adb, just like you have to login to a real linux.
sztupy said:
You would still lose the benefit of being secure + having the comfort of adb root. I'm more into the fact you have to login to the phone in order to use adb, just like you have to login to a real linux.
Click to expand...
Click to collapse
I meant, for general security, we can replace the vulnerable adbd by a non vulnerable updated one - just that -
I feel your title could have security under [ ]. More noticiable.
AS I SEE IT NOW. supercurio's THANK's meter stands at 666. ROFL...
EVIL
Seems really great !
I'm not sure about a thing : Does this work when you power on the device (ie, you'll have to enter a pass to make it boot to Android), or before to be able entering into recovery ? Or none of these two things, and I totally misunderstood what you're saying ?
I was about to make a request to Koush if he could add some (basic?) security system to his recovery, as if you phone is stolen, they even won't be able to reflash a new rom.
This security layer + WaveSecure or any similar soft, and you would be sure that even if you phone is stolen / lost, nobody will be able to use it
Anyway thanks for your big stuff, will look deeper for sure when I'll get some free time, but your steam package seems amazing
Cheers
This works when you want to mount the partition. (eg at every boot). The partition can not be mounted wirhout a password ever
Amazing project. Good work.
Now wait just a moment...why would you encrypt those directories, when you alone (the user) are responsible for giving applications certain permissions. I mean...you agree to giving access to your Radio, messages and...whatever when you install applications, but then you want to encrypt certain directories. Why? You've already installed a trojan or a root kit and given it permission to do whatever it wants to do. That's the main security issue.
If your phone gets stolen they can't access your data.
Sent from my GT-I9000 using XDA App
... But another issue! Great work, Great project!
Edit: to slow, I was referring the post 2 above
sztupy said:
This works when you want to mount the partition. (eg at every boot). The partition can not be mounted wirhout a password ever
Click to expand...
Click to collapse
And I guess the partition has to be mounted if you want to flash another rom (By recovery, Odin, Kies, whatever) ?
If it's the case, then it's really really great !!!
No, if you're flashing a new ROM, you don't have to mount the partition. But the point is that nobody can read your data from the partition - that's the security risk sztupy is trying to prevent.
kidoucorp said:
And I guess the partition has to be mounted if you want to flash another rom (By recovery, Odin, Kies, whatever) ?
If it's the case, then it's really really great !!!
Click to expand...
Click to collapse
When you flash a new rom the data will be inaccessible (unless it's a steam rom and you know the password, or you can dump the partition AND know the password. Without the password the data can not be accessed, as it's AES encoded there).
This means that if you use all the security feautres inside Android (lockscreens, pin code, etc.), and use this too, and you don't allow adb to be run as root, there is actually no way of accessing your data (unless you can circumvent the security provided by Android, like the lockscreen), not even by flashing a new ROM.
Good work these kind of improvements make android better and better. I think the phones should be encrypted from the factory.
Great idea
If I might suggest though - can you make it so that it turns off decryption a couple of minutes after the screen is locked so that you have to enter the code again? Otherwise if the unit is on and stolen and never rebooted...
Being in Healthcare related IT I can say you'd have a product that is in severe need if any doctors really want to start using an Android tablet.
@sztupy
This is simply the best thing to happen to my SGS I've ever heard.
I can not test it right now (running 2.2.1 Darky's mod) but I have some questions about the security.
- What type of encryption is used? 128/256? weaker?
- Is it possible for you to figure how to use this encryption with different kernels/mods? We're talking about quite big a deal breaker for lots of people here. Perhaps even a separate app? I almost bought a blackberry as a second phone *kugh kugh* because android lacks encryption I so hardly need.
Sierra November said:
@sztupy
This is simply the best thing to happen to my SGS I've ever heard.
I can not test it right now (running 2.2.1 Darky's mod) but I have some questions about the security.
- What type of encryption is used? 128/256? weaker?
- Is it possible for you to figure how to use this encryption with different kernels/mods? We're talking about quite big a deal breaker for lots of people here. Perhaps even a separate app? I almost bought a blackberry as a second phone *kugh kugh* because android lacks encryption I so hardly need.
Click to expand...
Click to collapse
As already stated Android already uses dm-crypt for encrypting the application data on the external sd card, so in theory any kernel can actually use dm-crypt. Originally Android kernels only support aes-plain (which is AES-128 I think), and that is what you can use on probably every 2.2+ android (and even on some 2.1 too). (You can get a stronger encryption if you compile a better kernel as aes-plain has some weaknesses).
The hard part is actually not the encryption therefore (You just have to run cryptsetup before init, which is very-very similar of the process of creating "lagfixes"), but the fact that you'll need a way to enter the password every run. The latter is problematic, as you'll need to access the framebuffer to show the user the pin code panel, then leave the framebuffer in a state, so Android can boot from it without problems. On SGS, and probably all SGS based devices (including the Nexus S), this is already accomplished (in steam kernel). On other devices it might work too, but the framebuffer support might need to be rewritten. On other devices the fact that they use yaffs2 might also pose problems (as yaffs is working on a block), but that can be circumvented using a few tricks (like creating loop devices, putting the /data partition on the sd card, etc.)
Related
I'm assuming this is associated with the recent phenomenon of hardware ID's changing everytime a new ROM is installed. Apparently MS uses the same hardware ID when it encrypts files on SD cards. What this means is you will lose all of your files on the SD card (including backup files) if you have encryption turned on, the files get encrypted, and then you switch ROM's.
So.. uh.. this is just a little warning, and it might be obvious to everyone but me... don't use SD encryption unless you know you're going to stick with a ROM.
I have no idea why MS doesn't just use the IMEI, but... they don't.
From what I read about the encryption, the key is generated after a hard reset, so basically you can't hard reset the device once data is encrypted.
Do you know wether there is an option to backup ones key to a file, save it to ones PC, and then reimport it once one has finished hardresetting the device?
If I were MS I'd see the vast usefullness of such an option and integrate it at once
the encryption key is created when you turn the Setting on...
and when flashing a new ROM or a HardReset the key is desteroid...
i am still yet to find the location... still looking...
Providing you remember, can't you just turn off the setting before a flash or hard reset and restore all the files to there unencrypted state?
Once the ROM has been flash and everything hard-reset you can just encrypt them again?
Percz said:
Providing you remember, can't you just turn off the setting before a flash or hard reset and restore all the files to there unencrypted state?
Once the ROM has been flash and everything hard-reset you can just encrypt them again?
Click to expand...
Click to collapse
No, because turning it off doesn't decrypt existing encrypted files. Just like turning it on doesn't encrypt the normal files. It will decrypt them as you open and resave them.
:-\
walshieau said:
the encryption key is created when you turn the Setting on...
and when flashing a new ROM or a HardReset the key is desteroid...
i am still yet to find the location... still looking...
Click to expand...
Click to collapse
OK; that makes sense. I just realized that after I hard-reset I restored most of my settings with the data from a backup (Sprite Backup). I wasn't seeing the encoded files problem because I was restoring from a non-encrypted file.
ugh.
y2whisper said:
From what I read about the encryption, the key is generated after a hard reset, so basically you can't hard reset the device once data is encrypted.
Click to expand...
Click to collapse
That makes perfect sense, actually. That way someone can't hard reset your phone to get at the data.
Too bad it also means the real owner can't get to his own data..
Some FAQs from the horse's mouth: http://blogs.msdn.com/windowsmobile...ows-mobile-6-storage-card-encryption-faq.aspx
What you can do is ActiveSync your Device and then drag and drop all the files you want to keep before the hardreset. And then when you finish installing your ROM and Hardresetting your device, just transfer back the files via activesync. I know its tedious and long if you have like 1 gig of **** in the SD card, but thats the only way i've found.
just lost files to encryption
Been reflashing my 8525 with new versions of custels and vanilla and have never lost files to encyption. However just flashed to Black 3.01 and lost all my stuff. If i flash back to my previous ROM is it conceivable that the same key will be created and i will regain access to my files?
Unfortunately, I was also unaware of this. I presumed MS would use a key based on the hardware or something like that.
Anyway, is there any way of breaking the encryption and get back the files?
Thanks!
Keshen
As the DataProtection API as in WinXP and Win2003 is used, it is AES-128 by default.
"The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths."
So brute force attack is not really an option….
As the key is stored somewhere in the flash I think this will be the only feasible way to decrypt the files.
But as the key is lost because of the hard-reset during upgrade, there is not much hope...
Only if we can get more information on how the keys are generated, maybe this will reduce
the complexity of an attack.
You won't have good luck trying to crack the encryption. Which, is actually a good thing since the purpose is to keep your data safe in the wrong hands. I prefer to use a 3rd party encryption solution as it allows more choices and control.
MrGAN said:
As the DataProtection API as in WinXP and Win2003 is used, it is AES-128 by default.
"The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths."
So brute force attack is not really an option….
As the key is stored somewhere in the flash I think this will be the only feasible way to decrypt the files.
But as the key is lost because of the hard-reset during upgrade, there is not much hope...
Only if we can get more information on how the keys are generated, maybe this will reduce
the complexity of an attack.
Click to expand...
Click to collapse
Breaking AES is pretty hopeless unless you have access to the NSA's computer systems.
The big problem, in my opinion, is MS doesn't give you an easy way to back up the key and restore it. Now that I've given it more thought, it makes perfect sense that the key gets nuked on a hard-reset: otherwise someone could just hard-reset your phone and have access to your data. In most cases, it's better to permanently lose the data than to allow someone else to have access to it.
Another thing that MS would be wise to offer is a "mass decrypt" function that would go through the entire SD and decrypt all of the encrypted files.
Other than that -- the way I've been dealing with it is by using SpriteBackup (I'm sure SBP does this too) and back up the SD card along with the main memory. Since the encoding happens in the OS level, the backup software sees the normal unencrypted files. So this way I can restore the SD backup after a rebuild (I don't recommend restoring the main ROM image, since so much changes between each release).
j
keshen said:
Unfortunately, I was also unaware of this. I presumed MS would use a key based on the hardware or something like that.
Anyway, is there any way of breaking the encryption and get back the files?
Click to expand...
Click to collapse
Once you hard-reset your device and lose that key, your files are gone, unless you somehow have access to some very very high powered computer systems that can break AES -- and even then it would take several years.
I think the NSA in the US has managed to break AES (that's the rumor I've heard), but it takes quite some time.
j
AES-128 offers a sufficiently large number of possible keys, making an exhaustive search impractical for many decades.Correctly implemented AES-128 is likely to protect against a million dollar budget for at least 50 – 60 years and against individual budgets for at least another 10 years.
But as there are many pitfalls to avoid when encryption is implemented, and keys are generated.
So if the key is easy to guess it doesn’t matter if AES is secure ot not.
Creating good and strong keys is a surprisingly difficult problem and requires careful design when done with a computer. The challenge is that computers are notoriously deterministic, but what is required of a good and strong key is the opposite – unpredictability and randomness.
Provided that the implementation is correct, the security provided reduces to a relatively simple question about how many bits the chosen key, password or pass phrase really corresponds to. Unfortunately this estimate is somewhat difficult to calculate, when the key is not generated by a true random generator.
To make a long story short: if at all then the key generation might be the weak spot...
So i've to realyze that i've lost all the data of mi SD card. That sounds incredible!!, i don't know if i will be able to recover all the changes made.
I installed Mobsync, wich makes me backups of the SD data to avoid SD corruption, but the files are also encrypted on my PC.
WM5torage
I'm curious if anybody has tried turning encryption on, and using WM5torage to transfer files to/from the Hermes. Does it properly encrypt/decrypt the files, or does that work only when using ActiveSync?
-- Joe
What I need...
Someone to repackage a boot.img for me. Specifically, I need a boot.img unpacked, replace the file "/init.inc.rc" with my version, and repack it. (I'm stuck on all Windows, and cygwin is not an option.)
Purpose/Goal
Fix the annoying fact that /emmc is not accessible to almost all market apps, without resorting to using the modified media scanner from CyanogenMod or anything else drastic.
Do not change fstab. /mnt/emmc and /mnt/sdcard will not change.
NOTE: I am not trying to create a symlink on the FAT32 of the SD card.
My idea
Modify /init.inc.rc to change the EMMC settings. (Changes made, need someone with tools. See above.)
Modify /system/etc/vold.fstab to relocate EMMC mount point.
Directory structure
/sdcard (unchanged)
/sdcard/emmc (new location of emmc)
/emmc (Retarget the symbolic link to new location.)
/mnt/emmc (Change to symlink for compatibility, just in case.)
What I want to know...
This arrangement makes /emmc redundant. Can it be safely removed?
When you connect to a PC, how/what does Android map to USB drives? (I assume it is the mount blocks, not the symlinks.)
What odd behaviors may occur? (e.g. will "Settings->SD & phone storage" freak out?)
Maybe, just maybe: How to bottle this into a flashable .zip? (I'll worry about that later.)
If anyone has any pull with the ROM devs (i.e. Koush, rmk40, et al.), I really want to hear from them.
+1. I'd love to make emmc usable in Winamp
Bzzzt... Sorry.
ARGH!
The internal storage is VFAT also. No symlinks allowed.
Blast you, HTC!
What??
I hate doing this, but editing the original post doesn't bump the thread.
I did not want to create a new thread, but what I need has completely changed.
So. BUMP.
Why HTC, WHY?!
Would there be a way to format emmc to NOT be VFAT?
Progress!!!!
I'm close to getting a boot.img ready to test out on my phone.
I spent yesterday hacking away. I've made a Windows tool for handling boot images. I'm about 80% done with the required features. I have all the unpacking finished. I've repacked the ramdisk. I can generate the SHA hash to sign the image. It's just a matter to gluing the last stages together.
ppd0526 said:
Why HTC, WHY?!
Would there be a way to format emmc to NOT be VFAT?
Click to expand...
Click to collapse
I'm sure it could be done, but this is way more work/hassle that I want to deal with. Major obstacle here is that ALL data on emmc is wiped, and I'm not willing to that.
Assuming there are no hidden "features," my approach should be invisible to the Android layer (i.e. will not break any HTC software). HOWEVER... I'm pretty much Senseless, so I'm not too concerned (for my own use) about HTC's apps.
My biggest concern is that the media scanner will generate duplicates of all files found on emmc. But a/the big motivator for this work is to use Winamp, so I don't really give a whoop.
This was tried by koush when we couldn't get cm6 to scan emmc. It didn't work.
Sent from my ADR6300 using XDA App
distINCtINC said:
This was tried by koush when we couldn't get cm6 to scan emmc. It didn't work.
Sent from my ADR6300 using XDA App
Click to expand...
Click to collapse
What didn't work? Or how did it not work?
I'm not sure. I wasn't involved in the effort. Koush would be the person to talk to but island how to get a hold of him. I just think the OS rejected mounting a physical drive within a physical drive. But don't let that discourage you. It might be still be possible.
Sent from my ADR6300 using XDA App
Any progress on this? I really would love to have /emmc accessible as /sdcard.
Why HTC decided to make /data/data so small and put the rest of the space as /emmc is still a mystery to me. This is my only gripe with this phone.
Progress update
I made my first attempt on Friday, which resulted in a boot loop. So, obviously, I'm missing something important. (Battery pull and recover boot fixed the problem.)
I couldn't work on it this weekend. But I'm going to start digging into it some today.
More info:
It didn't get past the slash screen. Since I'm flashing a boot image, this is obviously where the problem is located. I just don't have any error logging to read over. Since I'm cooking on Windows, I'm wondering if my file permissions and ownership are messed up.
Also, while running my update, I observed that the boot image flashing did not seem to take long at all. So, I'm concerned that I didn't even get a complete flash.
weareallkosh said:
I made my first attempt on Friday, which resulted in a boot loop. So, obviously, I'm missing something important. (Battery pull and recover boot fixed the problem.)
I couldn't work on it this weekend. But I'm going to start digging into it some today.
More info:
It didn't get past the slash screen. Since I'm flashing a boot image, this is obviously where the problem is located. I just don't have any error logging to read over. Since I'm cooking on Windows, I'm wondering if my file permissions and ownership are messed up.
Also, while running my update, I observed that the boot image flashing did not seem to take long at all. So, I'm concerned that I didn't even get a complete flash.
Click to expand...
Click to collapse
That doesn't bode well so far.
just some info
i'm not sure if this will help any of you, but i read before that it said koush tried to get the emmc mounting.. etc... and it didn't work. but - i'm running cm 6.1 stable and winamp can and does read my music found on the internal memory. so it seems to work for me. however - i cannot take picture and have them stored on the internal memory. anyway, good luck.
OK.... I got the ramdisk sorted out. The boot loop is gone. But it doesn't progress past the splash1. sigh.
I need to see the kernel messages, and typically ADB is not available.
drwndphish said:
just some info
i'm not sure if this will help any of you, but i read before that it said koush tried to get the emmc mounting.. etc... and it didn't work. but - i'm running cm 6.1 stable and winamp can and does read my music found on the internal memory. so it seems to work for me. however - i cannot take picture and have them stored on the internal memory. anyway, good luck.
Click to expand...
Click to collapse
CM6 uses a modified media scanner (Android layer) that uses '/mnt' as its base directory, instead of '/mnt/sdcard.' And, as you say, it has its own problems.
I am trying to modify the underlying file system to make hopefully all software work (e.g. HTC stock, Winamp and other media players, 90% of the apps I've played with).
It "works!"
Alright... I have all the tools made, and bugs squashed. So, I can correctly mod a boot image. (Tip: The boot process has a zero warning or error tolerance.)
It fully booted. BUT... A permanent notification "Preparing phone storage.../Checking for errors." did not go away. All emmc directories were absent.
So, I've found a problem. Google didn't return any useful information... Especially annoying is the face that I don't even get a link to the Android source to even get a hint where this notification comes from.
AHA! Fixed that problem. Now, emmc is visible on the sdcard.
NEXT problem (this one I expected):
Media scanner picked up 2 copies of my pictures (I have them on emmc). So, my thought is to start removing links (and references) to emmc in its new location until things clear up.
weareallkosh said:
Alright... I have all the tools made, and bugs squashed. So, I can correctly mod a boot image. (Tip: The boot process has a zero warning or error tolerance.)
It fully booted. BUT... A permanent notification "Preparing phone storage.../Checking for errors." did not go away. All emmc directories were absent.
So, I've found a problem. Google didn't return any useful information... Especially annoying is the face that I don't even get a link to the Android source to even get a hint where this notification comes from.
AHA! Fixed that problem. Now, emmc is visible on the sdcard.
NEXT problem (this one I expected):
Media scanner picked up 2 copies of my pictures (I have them on emmc). So, my thought is to start removing links (and references) to emmc in its new location until things clear up.
Click to expand...
Click to collapse
The double items in media scanner seems like a small issue compared to what it fixes.
More problems created than fixed. (And WHY this is a mess to begin with.)
Postmortem thus far...
Touching ANY code related to where emmc appears will cause Setting to FC if you view the SD & phone storage usage.
Makes media visible to "other" applications, but shows duplicates in HTC's music and gallery apps.
I didn't look too closely at it, but I question that the camera was playing nice with the new config.
ppd0526 said:
The double items in media scanner seems like a small issue compared to what it fixes.
Click to expand...
Click to collapse
SO... I took some time to understand the double items, and why EMMC is such a problem to begin with.
HTC did not modify the media scanner/provider to support EMMC. They modified their APPS. Do a dump of HTC's music and gallery apps. You'll find a LOT of extra code, and a lot of added symbols/strings for handling the phone storage.
In other words, they didn't create a "public" solution. They just made their own private patch, and brushed it under the rug. (How dare we not use THEIR apps???)
Media Scanner/Provider:
I looked at Koush's code changes. I don't understand his changes. I'm not sure how/why it "works." I don't know why it reportedly breaks the HTC apps. I am also not sure that their is a way to mod it to actually fix the issue... Google's code was not written to be extensible. But, I think it may be the way to go in the long run.
What other phones have EMMC? Do they have a fix?
My tools...
There is a lot of code duplication, no GUI, or options. It ain't exactly pretty, but it works.
I'm posting this here for future reference by others wishing to work with boot.img.
Note: This specifically targets 1 file on the ramdisk (init.inc.rc), but with some changes this could do almost anything you would want.
License... Oh. GPL. If you make changes, please send me a patch.
REQUIRES: AutoHotkey (Hey.... it's all I had available, but the code should be easy for anyone to follow and port to another language.)
Runs on Windows (XP). Does not require cygwin. Native GZIP included.
I have a theory if someone is willing to try I think this might give root not sure I'm not home to try it till tomorrow but if someone wants to try and post feedback let me know .. I have two ways I'm going to try this
1. Download one click root and try to root through that.
2. Do the temp root method then run one click root.. I'm thinking this will work not positive.
Also this is my first time on any incredible device...
Make sure after you do it restart and download terminal type Su and see if it stuck.
It won't work.
Sent from my thunderbolt
It does not work.
Elaboration: These one click systems are generally for gaining root. We have no problem gaining root. Our problem is disabling write protection on the eMMC controller. This has been broken on the Tbolt, but not yet on the I2.
Couldn't there be a way to temp root then remount internal sd r/w and edit permissions on system files from there? or when u reboot does it just undo everything?
Question the fascinate uses odin to reformat system. I know inc2 has write protection but could there be something like to modify or change system to gain perm root. I only ask because i'm coming to inc2 in couple days and right now on fascinate when you flash cm7 rom you have to use odin to repartition because cm7 changes to yaffs2 and have to go back to rfs. Also to gain root you flash recovery with odin the apply a s.u. Bussy box which once you flash a kernel it gains perm root if it didnt it reflashes its own recovery back to stock. Just throwing couple things out there.
Sent from my SCH-I500 using XDA Premium App
I personally hate odin..but if thats what it takes then so be it.
Sent from my ADR6350 using XDA Premium App
Just a suggestion. If any of the problems they are having are like the fascinate reflashing its self then a similar approach may work whether its gaining root then repartition or flash to gain perm root like fascinate. Sounds like the problem is gaining access to emmc so not sure if its similar or will work. I'm not a dev but sure someone could try something with this.
Sent from my SCH-I500 using XDA Premium App
Weselers said:
Couldn't there be a way to temp root then remount internal sd r/w and edit permissions on system files from there? or when u reboot does it just undo everything?
Click to expand...
Click to collapse
The write protection is at the hardware level.
Have you noticed full size secure digital cards (SD) have a switch? If you set this switch to lock, and your card reader follows standards, then there is no amount of remounting that will make it writable.
In the case of the HTC eMMC, you can actually remount rw and it would appear you are making changes to the filesystems if you delete, add, or change files. However, with how this eMMC works, the changes are not written to the storage, they are buffered and then lost on reboot.
It is not reflashing the filesystems. It's simply just throwing out the changes.
The cool thing about the lock in the HTC eMMC is it is software controlled, not a hardware toggle switch. This means we just need to figure out how to flip this switch, which is being worked on. Once we can flip this switch, we can make more permanent changes, such as converting our temp root to a permanent root. This would, then, allow us to write bootloaders that don't do signature changes (ie: engineering hboot), and then load custom roms.
Gotcha now. The better explanation helps when I read some where it was write protected was sure exactly what was ment by that but when I get mine I will poke as much as I could. Not that experience but every little helps. I do know alot about electronics though went to school for it and know what emmc is so maybe I can help a little or I hope atleast. Good luck to all off us. Keep up the good work appreciate it.
Sent from my SCH-I500 using XDA Premium App
nimdae said:
The write protection is at the hardware level.
Have you noticed full size secure digital cards (SD) have a switch? If you set this switch to lock, and your card reader follows standards, then there is no amount of remounting that will make it writable.
In the case of the HTC eMMC, you can actually remount rw and it would appear you are making changes to the filesystems if you delete, add, or change files. However, with how this eMMC works, the changes are not written to the storage, they are buffered and then lost on reboot.
It is not reflashing the filesystems. It's simply just throwing out the changes.
The cool thing about the lock in the HTC eMMC is it is software controlled, not a hardware toggle switch. This means we just need to figure out how to flip this switch, which is being worked on. Once we can flip this switch, we can make more permanent changes, such as converting our temp root to a permanent root. This would, then, allow us to write bootloaders that don't do signature changes (ie: engineering hboot), and then load custom roms.
Click to expand...
Click to collapse
EXCELLENT explanation. Thanks!
nimdae said:
The write protection is at the hardware level.
Have you noticed full size secure digital cards (SD) have a switch? If you set this switch to lock, and your card reader follows standards, then there is no amount of remounting that will make it writable.
In the case of the HTC eMMC, you can actually remount rw and it would appear you are making changes to the filesystems if you delete, add, or change files. However, with how this eMMC works, the changes are not written to the storage, they are buffered and then lost on reboot.
It is not reflashing the filesystems. It's simply just throwing out the changes.
The cool thing about the lock in the HTC eMMC is it is software controlled, not a hardware toggle switch. This means we just need to figure out how to flip this switch, which is being worked on. Once we can flip this switch, we can make more permanent changes, such as converting our temp root to a permanent root. This would, then, allow us to write bootloaders that don't do signature changes (ie: engineering hboot), and then load custom roms.
Click to expand...
Click to collapse
So where should we be looking for such a switch if we're looking to help?
Read the stickies, questions are posted...where ...yes...in general
So i am here with a new idea. A rescue.zip which can be used to rescue any android device which have a recovery like the famous cwm.
So here is it..
Some times we people screw up our android os like hell, and to reboot the device we usualy do a recovery flash of a new os, flash back our nandroid backup ( both on worst conditions) or even do permission fix, clean cache or dalvic cache( those in 'not that worse' conditions) . So thats are all the options we got. Rit?
Although flashing recovery backups, new roms can fix all, it will also eatup our apps, current setups, contacts, msgs, etc( in case we dont have backups) and will probably screw us. All we can do is say " WTF..WTF..WTF.."
SO here is my idea,
Find out the causes of what causes a reboot, non-boot, hang,fc etc.
And keep a zip that can be flashed through recovery, that has a solution for our problem. They may be including..
1) fix permission of system, data, and user data.
2) zipalign the apps
3) fix the default clock speed of processor
4) defragment memory
5) flash a new copy of su and busy box
6)wipe data or system or ext or cache or dalvic cache
7) flash a new copy of framework.res, system-ui.apk, settings.apk with default permissions( those files are kept in separate "custom" folder on the zip, so that end user can put their own files to that "custom" folder for flashing., the reason behind it is known to all, yap. Not all devices have them in common, every device have its own files)
These are all i got for now, pls post ur ideas and knowledge for any possible cure about any problem u faced/ cured. So that we can make it an ultimate rescue.zip that have a cure for 99% problems android os have. The rest 1% will go with a clean flash.( well we cant avoid that if we did something that bad).
So my plan is to use aroma installer( now on hard learning to find how it works). Throw in some scripts, files etc. Into the zip.
And since its not a device specific .zip file, i want to know how and why any problems are caused in any device( there are many common problems, but that is not what i ask for. I ask for device/os specific problems, and not for a problem that we can cure after booting, but for a problem that can make the device un-bootable) . So u people may help me to find those problems and cures for it. For my knowledge i have experience with wildfire and hd2.
Well i will keep this thread for a week or two, so that u can post ur knowledge, and info. after that i will release the file for u.
To the admin. Of the forum, pls keep this thread as announcement so that all can take a look.
HYPERDROID EXTREEM EDITION-THE NEW BENCHMARK ROM FOR HD2.
If you plan to do this available to any android device, the file size will be so big that it will become useless. Every phone has different apk, and not only that, but those apk are different in different version of os. For example, CM9 framework should not work on google release. Worst, older CM9 framework might not work on newer CM9 and newer framework might not work on older. Also, one of the cause of bootloop that i have been experiencing since i have my GNexus is data corruption of apps. The only way i had was to wipe data. I dont think there is a way to know if your app are corrupted with script. I also seen a lot of strange problem on SGS II like the kernel being erased. Well, in this case this package would be useless. So i guess that having this package would be awesome, but wont happen. My best advice is that you could create a universal guide on how to recover from bootloop/fc/hang with the minimum of impact on the phone. This is just my opinion tho.
Sent from my Galaxy Nexus using xda premium
You could add using flags in the updates filename, see some roms or themes for the lg optimus 2x for more information. It uses sed. For example, "update-wc-wd.zip" would wipe /data and /cache.
You could also merge these features in a customized clockwork mod recovery, the up side would be that you could automatically make a backup of the last flashed full ROM's systemui etc. this would also allow usage of the touch screen/volume keys to choose an repair option. You could even allow users to backup specific applications along with their data, and let users restore it later on after a fresh flash. I have some basic knowledge in modifying the recovery so I might help you out a little if you're interested.
chadouming said:
If you plan to do this available to any android device, the file size will be so big that it will become useless. Every phone has different apk, and not only that, but those apk are different in different version of os. For example, CM9 framework should not work on google release. Worst, older CM9 framework might not work on newer CM9 and newer framework might not work on older. Also, one of the cause of bootloop that i have been experiencing since i have my GNexus is data corruption of apps. The only way i had was to wipe data. I dont think there is a way to know if your app are corrupted with script. I also seen a lot of strange problem on SGS II like the kernel being erased. Well, in this case this package would be useless. So i guess that having this package would be awesome, but wont happen. My best advice is that you could create a universal guide on how to recover from bootloop/fc/hang with the minimum of impact on the phone. This is just my opinion tho.
Sent from my Galaxy Nexus using xda premium
Click to expand...
Click to collapse
I told it already, the "custom" folder is not filled. It will be kept empty. The user can put a file, which ofcourse is the file of the device he/she have or want to get repaired. All he has to do is copy and paste the file from the working zip( zip file of his currently installed rom, that encounter the problem) of his rom to the custom folder inside the rescue.zip.
And the things that are common will be scripts, but those too will contains device specific mound points, paths, etc. I think that will be common( ie, the working of script, once the mound is done). Am i right?
So all i have to figure out is mount points, paths etc.. i got a couple of them, about 15 or so. And pls help me to find the rest.
HYPERDROID EXTREEM EDITION-THE NEW BENCHMARK ROM FOR HD2.
a good idea to add is a file system chech like windows systems has. By installing a rom the installer should first check for bad sectors and mem blocks before installing the rom. After all blocks and sectors are scanned and the bad ones marked as "bad or corrupt" it should run something like defrag and place the bad blocks at the end of the file table. When all is done .. then the true rom install should start.
This will prevent heaps of problems since the curent installs just write over a bad block or sector creating the most weird problems. A fault checker/repair will take away a lot of strange forced closes and othere software/hardware failures.
Most phones wont last that long so that bad blocks or sectors can occure. But for the flashing junkies among us its a serious problem what can occure. I guess after 1000 or more installs bad sectors or blocks will occure and not all are being able to be repaired
Sent from my Galaxy Nexus using XDA App
Mikevhl said:
You could add using flags in the updates filename, see some roms or themes for the lg optimus 2x for more information. It uses sed. For example, "update-wc-wd.zip" would wipe /data and /cache.
You could also merge these features in a customized clockwork mod recovery, the up side would be that you could automatically make a backup of the last flashed full ROM's systemui etc. this would also allow usage of the touch screen/volume keys to choose an repair option. You could even allow users to backup specific applications along with their data, and let users restore it later on after a fresh flash. I have some basic knowledge in modifying the recovery so I might help you out a little if you're interested.
Click to expand...
Click to collapse
I am totaly newbee to lg. I have experience with htc, few samsung, etc. So can u pm me the details? Also is it usable to create recovery? I think a zip file with selectable options is more friendly. The thing is building a recovery wont make it universal( or atleast common for a couple of devices) and we will have to port them for each and every device. Thats the problem.
But any way i want ur help in building it. Can u pm me an example for mounding script in lg devices? And any thing that may become useful. Thank you.
HYPERDROID EXTREEM EDITION-THE NEW BENCHMARK ROM FOR HD2.
wilwilwel said:
a good idea to add is a file system chech like windows systems has. By installing a rom the installer should first check for bad sectors and mem blocks before installing the rom. After all blocks and sectors are scanned and the bad ones marked as "bad or corrupt" it should run something like defrag and place the bad blocks at the end of the file table. When all is done .. then the true rom install should start.
This will prevent heaps of problems since the curent installs just write over a bad block or sector creating the most weird problems. A fault checker/repair will take away a lot of strange forced closes and othere software/hardware failures.
Most phones wont last that long so that bad blocks or sectors can occure. But for the flashing junkies among us its a serious problem what can occure. I guess after 1000 or more installs bad sectors or blocks will occure and not all are being able to be repaired
Sent from my Galaxy Nexus using XDA App
Click to expand...
Click to collapse
Pls pm me the idea how to make the checking script. Or links that have info in this. Thank u in figuring out such a prob. I am unaware of that.
HYPERDROID EXTREEM EDITION-THE NEW BENCHMARK ROM FOR HD2.
showlyshah said:
I am totaly newbee to lg. I have experience with htc, few samsung, etc. So can u pm me the details? Also is it usable to create recovery? I think a zip file with selectable options is more friendly. The thing is building a recovery wont make it universal( or atleast common for a couple of devices) and we will have to port them for each and every device. Thats the problem.
But any way i want ur help in building it. Can u pm me an example for mounding script in lg devices? And any thing that may become useful. Thank you.
HYPERDROID EXTREEM EDITION-THE NEW BENCHMARK ROM FOR HD2.
Click to expand...
Click to collapse
I'll send this as a PM as well, but people might learn from this. I am not talking about any specific mount points for LG phones, I just pointed out that there are some roms which use sed to check the filename of its update.zip and do tasks according to that, you need to have one line in your updater script to run the script which detects what to do. That way a user of a Galaxy Nexus would rename it to update-maguro.zip and it would know to use mount points for the maguro, while if the exact same update.zip was to be named update-p990.zip, it would know to use the mount points for the LG optimus 2x. This way you could easily keep the zip up to date for any device, because they all use the same update.zip
About the recovery, you would need to build it for every phone once, but you could make one change to the recovery source and easily compile the recovery for all phones which are capable of running CWM. I believe this method to be more user friendly, as a recovery image has support for actually choosing what you want to do, instead of having to rename the file. A recovery image also has a better way of communicating with the user. Where a update.zip can only say "Hey, I had an error and I'm quitting now, I won't give you any details what the problem was because that's just how update.zips roll", a recovery image would be able to give more advanced outputs, like "An error occurred when trying to mount /data." And then give you the option to either try again, manually fix it by using a computer with adb, or quitting.
But that's just my personal opinion. The recovery would be way harder to make, but I was the original porter of CM6, CM7 and HTC Sense to the xperia mini pro and mini back in the days. I also made a custom recovery and roms for the HTC desire Z, maintain a CWM port for the HTC Chacha which I don't even own and have used the LG optimus 2x before. (currently a maguro owner) but I'm trying to say that I've been experimenting a lot with different phones and know what the possibilities of Android are. you could even make a live Android build, tailored for recovering your phone, which is ran by an update.zip! How cool is that? That would be VERY device specific though..
let me know what you think is the best way to do this. I was thinking of making a mobile time machine app for some time so it's good I saw this thread.
Hello i´m brand new here and wonder if my question is too easy or too seldom to be answered but i am stuck with this probleme as i don´t know how things are working.
i rooted my s4 mini gt i 9195 4.4.2, that wasn´t a too big deal.
thereafter i wanted to secure all my data and used the standard 4.4.2 cryption (encoding) tool for both the phone and the exsd card.
since then i do not have anymore root rights.
is it so that root rises everytime a phone is booted but a crypted can´t as the phone can´t acess any memory in the boot mode ?
i´m sorry if this question is too oversimple but i´m fully stuck and can´t find how to root the device and same time have it fully crypted phone and exsd card.
maybe someone there to help me with this problem ?
thank you very much in advance !
wannert said:
Hello i´m brand new here and wonder if my question is too easy or too seldom to be answered but i am stuck with this probleme as i don´t know how things are working.
i rooted my s4 mini gt i 9195 4.4.2, that wasn´t a too big deal.
thereafter i wanted to secure all my data and used the standard 4.4.2 cryption (encoding) tool for both the phone and the exsd card.
since then i do not have anymore root rights.
is it so that root rises everytime a phone is booted but a crypted can´t as the phone can´t acess any memory in the boot mode ?
i´m sorry if this question is too oversimple but i´m fully stuck and can´t find how to root the device and same time have it fully crypted phone and exsd card.
maybe someone there to help me with this problem ?
thank you very much in advance !
Click to expand...
Click to collapse
it's a very long time ago I thought of stock fimware, but it should be possible to have root and encryption. But I think you might have to unroot, encrypt & then reroot. (but it may also depend on the rooting method and/or the version of the root package you are using).
If you tell us which root method you are using and the version maybe someone else will be able to help who rooted stock ver 4.
Personally I'd say you should update to to a newer custom rom which is more secure and will have more support here on forums (through you will lose the Samsung apps like s-memo etc but there are plenty of apps to replace them). Also I think the open source root addon package from Linage OS (only works on Linage rom) is best as many of the root packages have questions over trust & access by governments from the source country, if not out right malware, in my opinion.
Eg Kingroot, though they are not the only ones,
https://forum.xda-developers.com/android/general/kingroot-malware-adware-root-t3563090
thank you...
... very much for your answer, i will start the process all over, i was thinking that an other, particular a newer then stockrom might become slower, but i have also been thinking already about the linage os, but i haven´t been checking enough yet to be able to make decision. i anyhow wanted to use root also for deleting basically all bloatware and system apps i won´t use or replace them by open source, but my limited knowlegde in general about the android system didn´t let me come to a good and fully useful system yet which fullfills my requirements of fully crypted including sd card and same time having the power of deleting apps and being able if needed to move all apps which i want to the sd card and withdraw rights of apps. i will now investigate linage more, but somehow i had in mind it´s not existing for every phone i.e. my samsung gti9195.
do you know if there is anything what can use truecrypt in opensource for mounting and creating containers under android ?
wannert said:
... very much for your answer, i will start the process all over, i was thinking that an other, particular a newer then stockrom might become slower, but i have also been thinking already about the linage os, but i haven´t been checking enough yet to be able to make decision. i anyhow wanted to use root also for deleting basically all bloatware and system apps i won´t use or replace them by open source, but my limited knowlegde in general about the android system didn´t let me come to a good and fully useful system yet which fullfills my requirements of fully crypted including sd card and same time having the power of deleting apps and being able if needed to move all apps which i want to the sd card and withdraw rights of apps. i will now investigate linage more, but somehow i had in mind it´s not existing for every phone i.e. my samsung gti9195.
do you know if there is anything what can use truecrypt in opensource for mounting and creating containers under android ?
Click to expand...
Click to collapse
if you want people to see your answer/repy make sure you use the quote button or @username so hey get a notification.
No Android doesn't get slower and slower like Windows did as out works differently, newer versions have even better memory management.
If you have the normal international I9195 phone (no other letters after it) then there is a linage rom for it, that's what I have.
No you can't use Truecrypt, Veracrypt or similar on Android, as far as I know. There are apps that allow you to open Truecrypt containers but I had my doubts about almost all of them, though I didn't fully research as I don't really need it. Android built in encryption is regarded as good enough, ..... though as the key is stored in memory (on our model, & most Android phones) it could be recovered on our phones by a sophisticated attacker with personal access to a powered up phone using for example direct chip probing, freezing etc. (BTW Truecrypt is also known to have weaknesses now)
9195
IronRoo said:
if you want people to see your answer/repy make sure you use the quote button or @username so hey get a notification.
No Android doesn't get slower and slower like Windows did as out works differently, newer versions have even better memory management.
If you have the normal international I9195 phone (no other letters after it) then there is a linage rom for it, that's what I have.
No you can't use Truecrypt, Veracrypt or similar on Android, as far as I know. There are apps that allow you to open Truecrypt containers but I had my doubts about almost all of them, though I didn't fully research as I don't really need it. Android built in encryption is regarded as good enough, ..... though as the key is stored in memory (on our model, & most Android phones) it could be recovered on our phones by a sophisticated attacker with personal access to a powered up phone using for example direct chip probing, freezing etc. (BTW Truecrypt is also known to have weaknesses now)
Click to expand...
Click to collapse
------------
i downloaded now the linage s4mini lte version, mine is basic gti9195 with no extras, but hadn´t yet the time to give it a try. first i´ll have to decrypt the 200gb sd card i´m using, for that longperiod it´s taking for backdecrytion i´ll have to be home, which is in 3 days.
first i didn´t want to try linage as i understood that google was somehow buying cynagenmod some time ago. of course a stock rom is anyhow by google so it would make no difference if google would be involved in linage by part owning it.
the crypted containers would help to use the sd card flexible also in the case u want to swap it around for the purpose of sharing files with other systems or phones fast, like a portable hdd, with a crypted card you are locked to your phone, and i also don´t know if it would work after it´s removed once from the phone and used after another has been inserted.
i investigated some time ago those apps which were cabable to open true and veracrypt containers, but i didn´t manage to use them, same time i also had doubts about them in general as you did.
i personally still trust true crypt most as it was born as far i understood independently, the slight risks it has concerning those mentioned hack methodes are as i see only if the device is physically out of hand, with this risk i can live as it needs some effort to be hacked.
but it looks like for a phone, which i´m actioally not using as a phone(mine is an old nokia) but as an small perfect mainly offline computer which has all offline to hand, wikipedia, mapsme, general helpful apps and own data without storing it in a cloud etc i will now go the complet cryption for both the phone and the sd card as containers don´t work, and it´s nice to have all privat data like lifetime pictures and videos with you without fearing too loose them. i wonder if the phone can crypt more than one sdcard and use it when changing , so it would be easy to have some tens of terabyte of data behind the cover.
i will tell you when linage works, it might take still some time and new questions from that arise, as i´m still fully novice with this whole android thema as i haven´t been working with linux systems yet in general.