So I was forced by my employer to enabled Device Encryption on my Gnex. Not a huge problem, as we already had to enter a PIN/Password to access company email. Fine.
So then I decide to switch ROMs from CNS 1.5.1 to AOSP r7, and lo and behold, when I flash, everything on my sdcard has been devoured. I did not select any options to do a full wipe, and as I would come to find out later, I couldn't have if I wanted to, since even the latest version of TWRP doesn't know how to correctly decrypt using the supplied PIN.
So here I am with my thumb up my ass wondering how to prevent this from happening again. I'm also considering decrypting my device, leaving it decrypted, and just using the web interface for my work mail.
Is this expected?? I'm reading in other threads for other devices that TWRP and CWM both don't know how to decrypt Samsung phones.
Say it ain't so....
maxawesome said:
So I was forced by my employer to enabled Device Encryption on my Gnex. Not a huge problem, as we already had to enter a PIN/Password to access company email. Fine.
So then I decide to switch ROMs from CNS 1.5.1 to AOSP r7, and lo and behold, when I flash, everything on my sdcard has been devoured. I did not select any options to do a full wipe, and as I would come to find out later, I couldn't have if I wanted to, since even the latest version of TWRP doesn't know how to correctly decrypt using the supplied PIN.
So here I am with my thumb up my ass wondering how to prevent this from happening again. I'm also considering decrypting my device, leaving it decrypted, and just using the web interface for my work mail.
Is this expected?? I'm reading in other threads for other devices that TWRP and CWM both don't know how to decrypt Samsung phones.
Say it ain't so....
Click to expand...
Click to collapse
what version of twrp are you using? the newest version supposedly fixed decrypting.
simms22 said:
what version of twrp are you using? the newest version supposedly fixed decrypting.
Click to expand...
Click to collapse
The very latest version that can be downloaded via GooManager. I always update it before flashing any new ROMs. This was done last night, so the very latest version GooManager installs as of around 9PM PST yesterday. 2.3.2.1 I suppose?
Ok, I'm drawing a blank on this...
I have Encryption Enabled in CM10.1 on my GSIII
The problem is that when I reboot to apply an update it fails due to not being able to decrypt the mmc.
TWRP acknowledges that it's encrypted and asks for the password (a PIN that I set up)
but every time I try it tells me it's a bad password.
Am I missing something, some setting somewhere?
The work around is rather annoying, it just involves me copying the zip to the external SD card and installing from there.
Does CMUpdater support storing the zip on the sd natively that'd be a great work around for this as well? I can't find that setting anywhere.
Have you been able to resolve this? I'm running in a similar issue.
Company policy demands encryption and today, suddenly out of the blue, it reboots and asks for decryption password.
When I enter it, devices says it's invalid... no way to boot into recovery or into flash mode.
Device is a samsung galaxy s3 mini
Thanks,
Me too!
glennexpert said:
Have you been able to resolve this? I'm running in a similar issue.
Company policy demands encryption and today, suddenly out of the blue, it reboots and asks for decryption password.
When I enter it, devices says it's invalid... no way to boot into recovery or into flash mode.
Device is a samsung galaxy s3 mini
Thanks,
Click to expand...
Click to collapse
This is really strange, I'm getting this too. I also have to have my device encrypted for my work's MS Exchange access
I'm using latest TWRP 2.6.3.3 and have had no issues with my encryption password not being recognised with this version of TWRP before.
Device details - I'm using an international (GSM) HTC One. Recently I have upgraded to Android 4.3/Sense 5.5 via Telstra OTA update. The ROM is entirely stock from Telstra, just unlocked/rooted. Super user is via SuperSU v1.80
walleyeuk said:
This is really strange, I'm getting this too. I also have to have my device encrypted for my work's MS Exchange access
I'm using latest TWRP 2.6.3.3 and have had no issues with my encryption password not being recognised with this version of TWRP before.
Device details - I'm using an international (GSM) HTC One. Recently I have upgraded to Android 4.3/Sense 5.5 via Telstra OTA update. The ROM is entirely stock from Telstra, just unlocked/rooted. Super user is via SuperSU v1.80
Click to expand...
Click to collapse
Hi, I haven't had an HTC since the first "desire" and before that I had an HD2 for over 5 years...
So, if you are able to access TWRP you can get around this by fully formatting all your encrypted partitions and installing your custom rom again.
If that doesn't work you can try to restore the device with proper HTC tools, like Kies for Samsung devices. It fully resets the device back to stock recovery and stock rom.
I've found no way to restore any of my data. Luckily I had a cloud back-up with Titanium Back-up pro.
i googled it and there are people with other phones saying their twrp asks for encryption password and can still perform flashes and backups on an encrypted phone (i realize there are also alot of ppl who it doesn't work for) just wondering if anyone has gotten it working on G3.
Yes. I have the nexus 9 encrypted and when I go on twrp and ask me for my password (using a full keyboard) and it does take a longer time to perform the operation .
Sent from my LG-D852 using Tapatalk
Same problem here. Can't get /data to mount in TWRP. Had the same problem in some versions on Nexus 4, but it always got fixed quite fast. Would be nice to get it working on the G3... Tried to compile TWRP myself, but failed badly...
Hey Guys,
When I got my OP3 I unlocked the bootloader right away and installed FreedomOS to get rid of the bloatware. As this is my first device, which comes with a locked bootloader and decryption, I have some questions about this topic. I was wondering that the encryption does not make any sense when you unlock your bootloader, because if somebody steals your phone, he can just enter twrp and access all your data. Then I flashed CM and after that TWRP was asking me to set a pin or pattern to lock my phone. Now I've to unlock my phone every time I want to enter the recovery or boot the system with a pattern, which is great, because now the encryption is not worthless anymore. Now I'm asking myself if this feature is somehow integrated into CM or was it just random that I found this feature? Is there any way to get this also with OOS installed? What things do I have to note to not accidentally make my phone unencryptable with the pattern? Is this even possible, maybe by flashing a new recovery or so?
Thanks in advance
Gerrit507 said:
Hey Guys,
When I got my OP3 I unlocked the bootloader right away and installed FreedomOS to get rid of the bloatware. As this is my first device, which comes with a locked bootloader and decryption, I have some questions about this topic. I was wondering that the encryption does not make any sense when you unlock your bootloader, because if somebody steals your phone, he can just enter twrp and access all your data. Then I flashed CM and after that TWRP was asking me to set a pin or pattern to lock my phone. Now I've to unlock my phone every time I want to enter the recovery or boot the system with a pattern, which is great, because now the encryption is not worthless anymore. Now I'm asking myself if this feature is somehow integrated into CM or was it just random that I found this feature? Is there any way to get this also with OOS installed? What things do I have to note to not accidentally make my phone unencryptable with the pattern? Is this even possible, maybe by flashing a new recovery or so?
Thanks in advance
Click to expand...
Click to collapse
If your phone is encrypted, TWRP has to prompt you to decrypt the /data partition before it can be mounted. This isn't a CM feature, it should act like this with any ROM if phone encryption is enabled. I've flashed most every rom and version of twrp in this forum and they all seem to work fine with the encryption enabled. I have not flashed multiboot yet as that requires your phone to be completely unencrypted. Not sure if that answers your question.
If security is your concern though, I would recommend switching to a passphrase instead of pattern for encryption unless your pattern is very long and complex. I recommend a passphrase of at least 16 characters.
kennonk said:
If your phone is encrypted, TWRP has to prompt you to decrypt the /data partition before it can be mounted. This isn't a CM feature, it should act like this with any ROM if phone encryption is enabled. I've flashed most every rom and version of twrp in this forum and they all seem to work fine with the encryption enabled. I have not flashed multiboot yet as that requires your phone to be completely unencrypted. Not sure if that answers your question.
If security is your concern though, I would recommend switching to a passphrase instead of pattern for encryption unless your pattern is very long and complex. I recommend a passphrase of at least 16 characters.
Click to expand...
Click to collapse
Ok I see, than I was getting something wrong there, thank you. The thing is FreedomOS stated that the phone is encrypted but I was never asked for the pattern by TWRP...
Gerrit507 said:
Ok I see, than I was getting something wrong there, thank you. The thing is FreedomOS stated that the phone is encrypted but I was never asked for the pattern by TWRP...
Click to expand...
Click to collapse
When you first booted up your stock phone and went through setup it asks if you want to secure the phone using pin/pattern/passphrase. I think that is where it is created then that key is written somewhere, not on the data or system partitions because is persists between wipes, and that is where TWRP and all future roms are authenticating you.
kennonk said:
When you first booted up your stock phone and went through setup it asks if you want to secure the phone using pin/pattern/passphrase. I think that is where it is created then that key is written somewhere, not on the data or system partitions because is persists between wipes, and that is where TWRP and all future roms are authenticating you.
Click to expand...
Click to collapse
Ok, I can not remember this... Then I guess the phone just stated it was encrypted and wasn't... And how can I change this pattern or unencrypt the phone?
Gerrit507 said:
Ok, I can not remember this... Then I guess the phone just stated it was encrypted and wasn't... And how can I change this pattern or unencrypt the phone?
Click to expand...
Click to collapse
Here is how to decrypt without losing data. http://forum.xda-developers.com/oneplus-3/how-to/unencrypt-oxygenos-loosing-data-t3412228
There is another article I think I saw it on the OnePlus forums about how to decrypt and wipe which will let you change the passphrase I think.
Basically if you decrypt, then flash Oxygen or Hydrogen without SuperSU it will force you to re-encrypt. At least that is my understanding as I haven't decrypted yet.
Good luck
kennonk said:
Here is how to decrypt without losing data. http://forum.xda-developers.com/oneplus-3/how-to/unencrypt-oxygenos-loosing-data-t3412228
There is another article I think I saw it on the OnePlus forums about how to decrypt and wipe which will let you change the passphrase I think.
Basically if you decrypt, then flash Oxygen or Hydrogen without SuperSU it will force you to re-encrypt. At least that is my understanding as I haven't decrypted yet.
Good luck
Click to expand...
Click to collapse
As far as I understood it, it's all about wiping userdata, which I did before flashing Freedom OS. This might explain why I had no encryption... Still strange that it did not prompt me again to set a new one...
edit: FreedomOS has supersu, but systemless... I also flashed supersu right after CM which is even more strange...
Gerrit507 said:
As far as I understood it, it's all about wiping userdata, which I did before flashing Freedom OS. This might explain why I had no encryption... Still strange that it did not prompt me again to set a new one...
Click to expand...
Click to collapse
Yeah I have wiped userdata and system and clean reflashed like 20-30 times in the last few weeks and I've never been prompted to recreate the initial passphrase I set for encryption.
kennonk said:
Yeah I have wiped userdata and system and clean reflashed like 20-30 times in the last few weeks and I've never been prompted to recreate the initial passphrase I set for encryption.
Click to expand...
Click to collapse
But I never had to decrypt in TWRP... It's mysterious As far as I understand the guide he just wipes userdata and the encryption is gone... Is there somebody who knows for sure where the key is located actually?
edit: Seems like the encryption key is coupled to your password
When a user elects to change or remove their password in settings, the UI sends the command cryptfs changepw to vold, and vold re-encrypts the disk master key with the new password.
Click to expand...
Click to collapse
https://source.android.com/security/encryption/
I can confirm that. I changed my pattern and unlocked the phone with it at booting.
If I remove my password it still says "encrypted" in security but I don't have to enter any pattern at boot.
Mine says "Encrypted" under Settings > Security & Fingerprint > Encryption but I can boot into TWRP and browse the entire file system without ever entering my pin code.
dcdruck1117 said:
Mine says "Encrypted" under Settings > Security & Fingerprint > Encryption but I can boot into TWRP and browse the entire file system without ever entering my pin code.
Click to expand...
Click to collapse
Sounds like you have the same issue like I had. It seems to me like an issue in OOS.
This is awesome. I thought rooting and unlocking the bootloader to install custom ROMs would need the phone to be decrypted -- great, great news!
So without knowing the passphrase a possible attacker can't get to the data even when the bootloader is unlocked and OS rooted?
kanttii said:
This is awesome. I thought rooting and unlocking the bootloader to install custom ROMs would need the phone to be decrypted -- great, great news!
So without knowing the passphrase a possible attacker can't get to the data even when the bootloader is unlocked and OS rooted?
Click to expand...
Click to collapse
Yes, all your data is being decrypted after your enter the passphrase.
Does anyone have any idea how I can encrypt my phone if it already says Settings > Security & fingerprint > Encryption > Encrypt phone = "Encrypted"? It's clearly not actually encrypted because I do not have to enter any pin to boot or read data in TWRP.
dcdruck1117 said:
Does anyone have any idea how I can encrypt my phone if it already says Settings > Security & fingerprint > Encryption > Encrypt phone = "Encrypted"? It's clearly not actually encrypted because I do not have to enter any pin to boot or read data in TWRP.
Click to expand...
Click to collapse
Go to lock screen settings and set it up again. You will be prompted if you want to enter pin every reboot.
proag said:
Go to lock screen settings and set it up again. You will be prompted if you want to enter pin every reboot.
Click to expand...
Click to collapse
Hey, thanks! The "require PIN to start device" screen doesn't make any mention of encryption, so I was under the impression that it was far more basic and wasn't at all related to encryption. I tried it though and now TWRP does ask me to decrypt my data partition, so it does work. Thanks for the assist!
been following this thread and i had a quick questions - so it looks like if you unlock BL and run a custom ROM, you can still have the security of encryption, but does this ONLY apply to the USERDATA partition?
for example, could someone launch TWRP recovery on your phone and flash something into the SYSTEM partition without ever touching your userdata partition (ie, a keylogger or malware)?
It seems to me that only the data partition is encrypted, but someone correct me if I'm wrong. I looked at the Android full disk encryption page and I only see mentions of the data partition.
dcdruck1117 said:
It seems to me that only the data partition is encrypted, but someone correct me if I'm wrong. I looked at the Android full disk encryption page and I only see mentions of the data partition.
Click to expand...
Click to collapse
so system is never encrypted? i guess at that point the stock recovery stops you from flashing malware but \TWRP wont
dcdruck1117 said:
It seems to me that only the data partition is encrypted, but someone correct me if I'm wrong. I looked at the Android full disk encryption page and I only see mentions of the data partition.
Click to expand...
Click to collapse
Your internal storage is mounted into your data partition actually. I think this means it's also encrypted.
2x4 said:
so system is never encrypted? i guess at that point the stock recovery stops you from flashing malware but \TWRP wont
Click to expand...
Click to collapse
I see no reason behind encrypting system, it's used read-only anyway as long as you don't flash something to it.
edit: Ah I see now what you mean. But if you have stock recovery you can also simply flash twrp over it or flash something to system via adb... I don't know if it would even be possible technically to encrypt system. Anyway I think the only solution would be to lock the bootloader I think. I don't know what actually happens if you lock your bootloader again while on twrp and custom rom, might brick your device
Ugh, this phone has been a hot mess for me here in the US.
TWRP never seems to stay more than one time I use it, but any ways, once I get into TWRP it asks me to decrypt the data partition. I got this with the 9.6.4.0 global rom and unlocked. Are they encrypting the phones too before they ship them?
Anyone run across this and know what the decryption password is?
Every official MIUI rom force encrypts userdata. There is no password per say, it's a hardware generated key and unique for any single device. If TWRP for Max 3 wasn't buggy it would decrypt it without you even noticed it...
So reading and reading here I keep asking myself is anybody testing anything he builds before sharing it here...!?
nijel8 said:
Every official MIUI rom force encrypts userdata. There is no password per say, it's a hardware generated key and unique for any single device. If TWRP for Max 3 wasn't buggy it would decrypt it without you even noticed it...
So reading and reading here I keep asking myself is anybody testing anything he builds before sharing it here...!?
Click to expand...
Click to collapse
No-one ever managed to create a TWRP for Mi Mix 1 lithium that handled encryption correctly.
Having followed raupes attempts at Mix1, from a safe distance, I can appreciate the difficulties.
Don't know about Max3, if it has any peculiarities?
omniphil said:
Ugh, this phone has been a hot mess for me here in the US.
TWRP never seems to stay more than one time I use it, but any ways, once I get into TWRP it asks me to decrypt the data partition. I got this with the 9.6.4.0 global rom and unlocked. Are they encrypting the phones too before they ship them?
Anyone run across this and know what the decryption password is?
Click to expand...
Click to collapse
I did came across yday: https://forum.xda-developers.com/mi-max-3/how-to/news-mi-max-3-global-rom-t3825700/page30
Wasn't a pleasant surprise. Just like you I couldn't decrypt it. At the end I did wipe the storage which bricked my phone. It was a long way to get it back to life. I don't recommend wiping it. Apparently there are steps you would need to do if you wish to install EU or other roms. A user called "dogiex" shared it and you can see on the above link. Good luck...
nijel8 said:
Every official MIUI rom force encrypts userdata. There is no password per say, it's a hardware generated key and unique for any single device. If TWRP for Max 3 wasn't buggy it would decrypt it without you even noticed it...
So reading and reading here I keep asking myself is anybody testing anything he builds before sharing it here...!?
Click to expand...
Click to collapse
When i finally got the phone up and running again, I did notice it encrypting again. Sigh...
At least the phone is working again, I just cannot get AT&T to get it working on their network.
this did not work for me at all, but it didn't hard-brick my device either. It just kept failing. I'm guessing it would have worked if I wasn't on Miui 11.0.6 after a forced update (but that forced update is what caused me to lose root!)
On the other hand, having lost root on my Redmi Note 5 (redmi note 5 pro in india), I was saved by a custom TWRP desiged to decrypt whyred which worked a treat. I would love to credit the developer who tweaked it but I only have the file name which was reposted in XDA: fx_TWRP_Pie_whyred.img
Brilliant ... but my Whyred was still on some version of Miui 10. This is the md5: e9b9484ab6cb624a98df7954cb526bd1
This is the link: https://androidfilehost.com/?w=files&flid=295272&sort_by=date&sort_dir=DESC (posted on the off chance that the method used might somehow be adapted for the Mi Max 3 by one of you whizzes).
Many thanks for your efforts and patience!
Honestly, I try, but Miui updates are just too much for my tiny brain. My last three devices have been Xiaomi but as it stands now I will never buy another.
I wish I could just buy an unlocked, rooted device already loaded LineageOS.