I've either made a hugely stupid error and turned on encryption and nobody will detail me why this is a bad idea.....
Or nobody who looks at my post in huge threads seems to want to answer this question:
I enabled encryption in my Galaxy Nexus settings. I am rooted on a custom ROM. I want to update/flash a new ROM.
Will things be different? Can I update like normal? or am I going to need to wipe/reset everything in order to flash an update?
XFreeRollerX said:
I've either made a hugely stupid error and turned on encryption and nobody will detail me why this is a bad idea.....
Or nobody who looks at my post in huge threads seems to want to answer this question:
I enabled encryption in my Galaxy Nexus settings. I am rooted on a custom ROM. I want to update/flash a new ROM.
Will things be different? Can I update like normal? or am I going to need to wipe/reset everything in order to flash an update?
Click to expand...
Click to collapse
Neither Clockwork Mod or even the stock recovery can access the storage on the device after it's encrypted. The fact that the stock recovery can't is exceptionally poor form on Google's behalf.
You can't even perform a factory reset. The only way to unencrypt the device is to flash it via fastboot.
I posted some details in this thread - http://forum.xda-developers.com/showthread.php?t=1392037
MrPendulum said:
Neither Clockwork Mod or even the stock recovery can access the storage on the device after it's encrypted. The fact that the stock recovery can't is exceptionally poor form on Google's behalf.
You can't even perform a factory reset. The only way to unencrypt the device is to flash it via fastboot.
I posted some details in this thread - http://forum.xda-developers.com/showthread.php?t=1392037
Click to expand...
Click to collapse
Thank you very much! Reading up on that was really a learning experience on this mess lol
Can I flash a ROM via Fastboot using a zip? Im not sure about that... any1 know?
XFreeRollerX said:
Thank you very much! Reading up on that was really a learning experience on this mess lol
Can I flash a ROM via Fastboot using a zip? Im not sure about that... any1 know?
Click to expand...
Click to collapse
Had the exact same problem and found out this solution the hard way. You can't do a factory reset to remove the encryption because the bootloader is different when you root.
The only way is to fastboot as mentioned above. You need to use the files provided for going back to stock. You should find them on here. Good luck.
I found this out the hard way as well, but I think this is the great benefit of encryption. If someone were to get a hold of your phone there would be no way for them to access anything without having or breaking the passcode. For serial rom flashers this kinda sucks but if you really care about your data and are willing to stick with either stock or stock rooted then this means you actually have a phone that's truly secure.
Sent from my Galaxy Nexus using Tapatalk
You'd have to be extremely paranoid about your data to want to encrypt your phone. I couldn't care less, nothing of importance is on my phone anyway
EddyOS said:
You'd have to be extremely paranoid about your data to want to encrypt your phone. I couldn't care less, nothing of importance is on my phone anyway
Click to expand...
Click to collapse
I run my business on Google Apps and my data would be sensitive. Not everyone uses there phones just for personal stuff.
I don't use it for that either! I delete SMSs after they've been read, email is downloaded to my PC once Outlook is opened and bar Facebook/Twitter and a small selection of other apps there's nothing personal on my phone
Funnily enough I use it as a phone more than anything
EddyOS said:
I don't use it for that either! I delete SMSs after they've been read, email is downloaded to my PC once Outlook is opened and bar Facebook/Twitter and a small selection of other apps there's nothing personal on my phone
Funnily enough I use it as a phone more than anything
Click to expand...
Click to collapse
Wow, I couldn't operate that way, I use my phone for everything, even my laptop and tablet are a bit useless now Each to their own I suppose
Im having some trouble going back to stock image to factory reset the phone
I flashed stock bootloader, stock radio images and booted into the OS and did factory reset, doesn't seem to work...help? I can't get this encryption off
XFreeRollerX said:
Im having some trouble going back to stock image to factory reset the phone
I flashed stock bootloader, stock radio images and booted into the OS and did factory reset, doesn't seem to work...help? I can't get this encryption off
Click to expand...
Click to collapse
Factory reset won't work. You need to completely wipe the phone by loading the stock img from Google that came on the phone. It is the only way it will work. You can find out how to do that on here, sorry I don't have the link on hand though so just search a bit. Feel free to PM as I had the exact same issue.
EDIT - try this toolkit to go back to the stock rom. You loose everything but it should remove encryption.
http://forum.xda-developers.com/showthread.php?t=1392310
I don't know why Google don't give the option to decrypt from the Google Apps dashboard. So annoying! Good luck, hope you get sorted.
Thanks for posting that - in the end the g-nex toolkit ended up bringing the phone back to stock and rooted the device again and I've now successfully factory reset the device and am back to running a custom ROM with root and no encryption
Thanks for the help
XFreeRollerX said:
Thanks for posting that - in the end the g-nex toolkit ended up bringing the phone back to stock and rooted the device again and I've now successfully factory reset the device and am back to running a custom ROM with root and no encryption
Thanks for the help
Click to expand...
Click to collapse
Yaaaaey glad you got sorted. Encryption from GApps at the moment is woeful. I am sure they are working on it.
jd1001 said:
Yaaaaey glad you got sorted. Encryption from GApps at the moment is woeful. I am sure they are working on it.
Click to expand...
Click to collapse
Hopefully they are as if you want a real secure device, its pretty pitiful to bypass if in the wrong hands.
Does this only apply if you've rooted your device and flashed a different ROM? If you have an unrooted phone and turn on encryption, will you have the same issues (i.e. unable to do a factory reset)? Is this only a problem with the Nexus or would any Android phone have this problem?
I ask because the company I work for is talking about forcing users to encrypt their phones if they want ActiveSync enabled. But they also want to be able to run a wipe on the phone if necessary. It would seem to me that encrypting the phone may prevent that as an option.
HuskerWebhead said:
Does this only apply if you've rooted your device and flashed a different ROM? If you have an unrooted phone and turn on encryption, will you have the same issues (i.e. unable to do a factory reset)? Is this only a problem with the Nexus or would any Android phone have this problem?
I ask because the company I work for is talking about forcing users to encrypt their phones if they want ActiveSync enabled. But they also want to be able to run a wipe on the phone if necessary. It would seem to me that encrypting the phone may prevent that as an option.
Click to expand...
Click to collapse
Touchdown.
It's a little pricy at $20 but well worth it in IMHO.
A remote wipe will only kill off touchdown and optionally SDcard storage.
Matridom said:
Touchdown.
It's a little pricy at $20 but well worth it in IMHO.
A remote wipe will only kill off touchdown and optionally SDcard storage.
Click to expand...
Click to collapse
Yeah, they are already looking at using Touchdown for devices that don't support encryption natively, but those that do (support encryption natively) they just want to enable the devices' own encryption.
So I'm still not sure if with encryption turned on, will it prevent a phone from being remotely wiped?
XFreeRollerX said:
Hopefully they are as if you want a real secure device, its pretty pitiful to bypass if in the wrong hands.
Click to expand...
Click to collapse
When you bypass it by flashing a new system over it you wipe all data that was ever on the phone. Ok your phone could be stolen, but no-one will ever know what CP you were hiding with that encryption. I'm very happy with the fact that there is a save backdoor... imagine forgetting your password for some reason or filling out the wrong password on setup... when that happend this thread would have been a "bricked my phone by forgetting the password. Who wants some nice spareparts for his phone" Q&A
Sent from my Galaxy Nexus using XDA
HuskerWebhead said:
Yeah, they are already looking at using Touchdown for devices that don't support encryption natively, but those that do (support encryption natively) they just want to enable the devices' own encryption.
So I'm still not sure if with encryption turned on, will it prevent a phone from being remotely wiped?
Click to expand...
Click to collapse
Just don't tell them you are using touchdown. I've tested the remote wipe in Android, it can kill the whole phone. The only way to keep your personal info safe is to use touchdown
Sent from my Galaxy Nexus
Matridom said:
Just don't tell them you are using touchdown. I've tested the remote wipe in Android, it can kill the whole phone. The only way to keep your personal info safe is to use touchdown
Click to expand...
Click to collapse
I think you're misunderstanding my intentions. I'm not looking for a way to bypass the encryption requirement they may be introducing. I'm just trying to understand if it will cause a problem for the remote wipe functionality if the phone is lost or stolen. If it will, I'll have to let them know so they can decide what is more important: encryption or remote wipe capabilities.
If a remote wipe functions regardless of encryption being enabled, then it's a moot point.
Hey guys, sorry if this has been answered somewhere else, but I just want to confirm my understanding about encryption.
I'm setting up MobileIron and TouchDown for my work email and paused when the IT policy asked me to encrypt my phone.
So, is doing encryption will make it impossible for us to flash rom, radio, any kind of flashing + impossible to do all other things in CWM - due to the partition is being locked and encrypted before the device boots up?
(I'm not good to explain it technically, hopefully you get what I mean).
Slower boot time? The only way to decrypt is to factory reset and wipe all data? Impossible to backup nandroid? etc etc...
Of course the device would be more secure from the company's security point of view, but is that it?
I'm pretty sure there's no other workaround if I want to setup my phone with work email, since of course the IT policy applies to all employees so I can't ask for an exception.
At the same time I don't want to lose my ability to flash just because of the work email, it defeats the purpose of me having Android (which is to tweak and mess with my phone).
I came from SGSII where the IT policy only enforces PIN/password/pattern requirement, or perhaps because SGSII doesn't have encryption capability.
Appreciate your comment and opinion guys.
Hopefully someone knows.
kisekio said:
Hey guys, sorry if this has been answered somewhere else, but I just want to confirm my understanding about encryption.
I'm setting up MobileIron and TouchDown for my work email and paused when the IT policy asked me to encrypt my phone.
So, is doing encryption will make it impossible for us to flash rom, radio, any kind of flashing + impossible to do all other things in CWM - due to the partition is being locked and encrypted before the device boots up?
(I'm not good to explain it technically, hopefully you get what I mean).
Slower boot time? The only way to decrypt is to factory reset and wipe all data? Impossible to backup nandroid? etc etc...
Of course the device would be more secure from the company's security point of view, but is that it?
I'm pretty sure there's no other workaround if I want to setup my phone with work email, since of course the IT policy applies to all employees so I can't ask for an exception.
At the same time I don't want to lose my ability to flash just because of the work email, it defeats the purpose of me having Android (which is to tweak and mess with my phone).
I came from SGSII where the IT policy only enforces PIN/password/pattern requirement, or perhaps because SGSII doesn't have encryption capability.
Appreciate your comment and opinion guys.
Click to expand...
Click to collapse
Once your device is encrypted you won't be able to flash roms because recovery can't see the SD when you try to flash a kernel or rom.
You can't remove the encryption through a factory reset if your device is rooted and running CWM recovery. It will fail and the phone just boots up as normal. The only way I was able to remove encryption was to ADB/Fastboot the stock images onto my Nexus.
Lastly, I noticed the phone being very slow to boot with encryption.
Until Google give the option to decrypt I won't go near encryption again. Hope this helps and answers some of your questions.
jd1001 said:
Once your device is encrypted you won't be able to flash roms because recovery can't see the SD when you try to flash a kernel or rom.
Click to expand...
Click to collapse
I assume any kind of flashing won't work with encryption, including rom, kernel, radio, circlesmod, and all other kinds of mods that require flashing from CWM.
Is that correct?
If that's the case looks like I'm not going to use my work email on my phone.
Yeah your assumptions are correct!
jd1001 said:
Once your device is encrypted you won't be able to flash roms because recovery can't see the SD when you try to flash a kernel or rom.
You can't remove the encryption through a factory reset if your device is rooted and running CWM recovery. It will fail and the phone just boots up as normal. The only way I was able to remove encryption was to ADB/Fastboot the stock images onto my Nexus.
Lastly, I noticed the phone being very slow to boot with encryption.
Until Google give the option to decrypt I won't go near encryption again. Hope this helps and answers some of your questions.
Click to expand...
Click to collapse
I'm in exactly the same situation, unfortunately found out that i can't decrypt it with factory reset after I'm already encrypted
Do you happen to know good tutorial for flashing via ADB/fastboot?
I flashed my CM10 4.1.1 using galaxy nexus toolkit
http://forum.xda-developers.com/showthread.php?t=1830108 You're welcome.
Hi all,
I recently got a HK N7105 and because it lacked the possibility to use a french keyboard I upgraded to a stock unbranded ROM from Sweden (XXDLL1) and succesfully rooted with the relevant CF_autoroot through Odin. Also installed TWRP 2.3.3.1.
Then, I connected the Note 2 to my corporate exchange server which enforced a full encryption policy (device and external SD card) so I had to type in a password at each boot time (with a "nice" swedish prompt that took ma while to decypher), plus a password to unlock the screen. All was well as the root survived the process.
Next I upgraded to a later stock ROM from France (XXDLL4 from SFR) to try and get rid of the swedish prompt. That worked fine (and root was loast in the process, as expected) but I hated the branded stuff so much I reverted to XXDLL1 until a proper unbranded "english" or "french" ROM is available.
At this point I decided to root again. I was running XXDLL1 like the first time and used the same autoroot tar from Chainfire. Except my Note 2 was still encrypted and after that it would not accept my boot password (a four digit PIN) anymore so I was guted and had to factory reset and root then reinstall everything before reconnecting to the exchange server.
Question 1: Does anyone know of a safe, proven way to root a fully encrypted Samsung device so I can go another upgrade without having to wipe the device first?
Why reinstall everything? Why not backup everything first so you can restore after the wipe? Well, it so happens that no recovery (at least neither CWM or TWRP) can read any encrypted media on the Note 2 at the moment. And no Recovery can actually fully backup the device as well.
Question 2: Does anyone know of a proper way to handle this situation with minimum hassle?
So far, the best I can think of is doing a Titanium backup and FTP the files to my NAS so I can retrieve them later. But (Question 3) will this be enough to restore my phone to the expected state after a stock firmware upgrade?
Thanks in advance,
François
frankieGom said:
Hi all,
I recently got a HK N7105 and because it lacked the possibility to use a french keyboard I upgraded to a stock unbranded ROM from Sweden (XXDLL1) and succesfully rooted with the relevant CF_autoroot through Odin. Also installed TWRP 2.3.3.1.
Then, I connected the Note 2 to my corporate exchange server which enforced a full encryption policy (device and external SD card) so I had to type in a password at each boot time (with a "nice" swedish prompt that took ma while to decypher), plus a password to unlock the screen. All was well as the root survived the process.
Next I upgraded to a later stock ROM from France (XXDLL4 from SFR) to try and get rid of the swedish prompt. That worked fine (and root was loast in the process, as expected) but I hated the branded stuff so much I reverted to XXDLL1 until a proper unbranded "english" or "french" ROM is available.
At this point I decided to root again. I was running XXDLL1 like the first time and used the same autoroot tar from Chainfire. Except my Note 2 was still encrypted and after that it would not accept my boot password (a four digit PIN) anymore so I was guted and had to factory reset and root then reinstall everything before reconnecting to the exchange server.
Question 1: Does anyone know of a safe, proven way to root a fully encrypted Samsung device so I can go another upgrade without having to wipe the device first?
Why reinstall everything? Why not backup everything first so you can restore after the wipe? Well, it so happens that no recovery (at least neither CWM or TWRP) can read any encrypted media on the Note 2 at the moment. And no Recovery can actually fully backup the device as well.
Question 2: Does anyone know of a proper way to handle this situation with minimum hassle?
So far, the best I can think of is doing a Titanium backup and FTP the files to my NAS so I can retrieve them later. But (Question 3) will this be enough to restore my phone to the expected state after a stock firmware upgrade?
Thanks in advance,
François
Click to expand...
Click to collapse
I think using Exynos Abuse apk will do the work
http://forum.xda-developers.com/showthread.php?t=2050297
Thanks for the heads up, I'll look into it. But to be clear, that answers question 1, correct?
Sent from my GT-N7105 using xda app-developers app
frankieGom said:
Thanks for the heads up, I'll look into it. But to be clear, that answers question 1, correct?
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
Yes that's a way to root the device.
Regarding encryption, very few people on xda seem to use it. So for that reason you'll have trouble finding out what works... I do use it though through choice so I can help you a bit.
When you encrypt the device, just consider /data to be off limits to anything not booted fully. That's why it asks you for your key in swedish - it can't see what language is in use until you unlock /data.
You will have issues using recovery with the device, since they can't read /data. You can use an external sd to perhaps load data to the device though.
I believe that TWRP might soon support the Samsung encryption on the device, meaning you could use it as recovery. Once you have a recovery that supports Samsung encryption, you should be able to consider it a fairly normal device.
Just be more cautious to backup your data as it is hard to recover if something goes wrong...
If your using stock rom 4.1.2, exynos abuse method of root will not work. It's been patched
Sent from my GT-N7100 using xda app-developers app
pulser_g2 said:
Yes that's a way to root the device.
Regarding encryption, very few people on xda seem to use it. So for that reason you'll have trouble finding out what works... I do use it though through choice so I can help you a bit.
When you encrypt the device, just consider /data to be off limits to anything not booted fully. That's why it asks you for your key in swedish - it can't see what language is in use until you unlock /data.
You will have issues using recovery with the device, since they can't read /data. You can use an external sd to perhaps load data to the device though.
I believe that TWRP might soon support the Samsung encryption on the device, meaning you could use it as recovery. Once you have a recovery that supports Samsung encryption, you should be able to consider it a fairly normal device.
Just be more cautious to backup your data as it is hard to recover if something goes wrong...
Click to expand...
Click to collapse
Fine, I understand. As long as I have a way to recover my data if I need to wipe I'm okay... I just have to hope Titanium backup gives me that until TWRP can manage encruption on the Note 2.
I'm really waiting for a stock rom that boots in English or French now.
Sent from my GT-N7105 using xda app-developers app
vash_h said:
If your using stock rom 4.1.2, exynos abuse method of root will not work. It's been patched
Sent from my GT-N7100 using xda app-developers app
Click to expand...
Click to collapse
Not the case with xxdll1. When was it patched, xxdll4 or xxdll7?
Sent from my GT-N7105 using xda app-developers app
frankieGom said:
Not the case with xxdll1. When was it patched, xxdll4 or xxdll7?
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
I am on Stock 4.1.2 and Exynos Abuse did work on my device, it's successfully rooted using the Exynos AbuseAPK on 4.1.2 :good:
OK, now I have been experimenting a bit with backups and upgrade and have trouble restoring my device fully. Let me explain...
I got hold of a TWRP build that seems to handle Samsung encryption fine through one of the TWRP devs (thanks!), so I decided to go back and try to update my device.
Current ROM: N7105XXDLL1_N7105TLADLL1_N7105XXDLK7_HOME.tar (obtained from Samsung Updates)
New ROM: N7105XXDLL7_N7105OLBDLL2_N7105DXDLL1_HOME.tar (obtained from Samsung Updates)
First I performed a complete Titanium Backup on the device and pulled the files to my laptop using ADB.
Then I restarted into TWRP 2.4.0.0 (got a prompt for my password), performed a full backup and pulled the files to the laptop using ADB.
(for some reason, I could not install the new ROM from TWRP (unable to open ZIP), but the ZIP looked OK, as well as after a second download which TWRP since did not like, so I had to use Odin instead).
Next, I flashed DLL7 with Odin. It worked, asked for the password at boot, but the device was unrooted at this point (I expected that).
Then, I flashed CF-Auto-Root-t0lte-t0ltexx-gtn7105.tar from Odin, but the boot up password would not be accepted anymore as I already knew.
Tried to flash DLL7 again from Odin, same thing
Flashed TWRP back on recovery partition, but on startup it would not ask for password anymore and the external sdcard looked empty to it.
I then copied my backup to a different, non encrypted sdcard and could restore from TWRP but the password would still not work after reboot.
I did a factory reset, restored backup, same result.
At this point I decided to factory reset, wipe Dalvik and format /data. The format did the trick and after TWRP restore of my original back up the device booted up, did not ask for password and all my data was there. Except the Exchange account I use for Corporate email wants me to restore encryption in order to work (I expected that too).
Back at DLL1, so I flashed DLL7 again with Odin (OK), rooted the phone, triangled away the flash counter and reflashed TWRP to recovery.
I was where I wanted to be except for one thing: I need to restore Corporate access. But when I let it encryp the phone it does nothing. I let it through the night and nothing). And if I reboot the phone no password is needed at boot time, yet the phone seems to behave as if it thought the device was still encrypted...
I reflashed my original, full, backup (i.e DLL1) succesfully but Exchange still wants to encrypt my device. Isn't restore supposed to restore the encrypted /data I backed up?
At this point I'm left with possibly tryinjg to go back to full factory settings, not use the backup at all, encrypt the device then restore my data from the Titanium backup I made.
Is there a better option?
[edited jan 18 - TWRP/TB behaviour]
My comments apply to encrypted devices only! I am not trying to talk down TWRP or TB here, as they provide splendid performance on non encrypted devices. I have come upon hard time trying to upgrade/restore an encrypted device using thoise tools, that's all
For those considering upgrading & re-rooting encrypted devices, don't!
I am finding the hard way that this is a one way street. At this point, my TWRP made full backup does not restore the device to the expected status. Each time I apply it, subsequent bootup takes several minutes and I end up going through the initial setup procedure. It seems the device for some reasoin goes through a complete reset procedure.
[edit]
Clarification: The TWRP build I use, 2.4.0.0 is an alpha build and I was not current when I restored my backup. I so happens that it was overwriting the encryption header on the partition, which messed things up bad, and had issues writing back the data partition, ending up in a factory reset status!
Using the latest drop as of today (jan 27) I was able to restore my original backup and am now back to my original state. All is well.
[/edit]
Titanium Backup is none better. It keeps telling me that my Android ID has changed, a host of system applications start to fail when I try to restore and generally speaking I have now spent between a good 20 hours trying to simply restore my data.
[edit]
this behaviour is probably linked to encryption. I know for a fact that TB works very well on non encrypted phones. The 20h figure is overall, not just with TB.
[/edit]
The end story is: root before you encrypt, and either don't upgrade or don't re-root if you do! If you do, be prepared for some rough times...
Unless someone has a cleat idea of how to do this properly without losing all your data, that is.
François
frankieGom said:
For those considering upgrading & re-rooting encrypted devices, don't!
I am finding the hard way that this is a one way street. At this point, my TWRP made full backup does not restore the device to the expected status. Each time I apply it, subsequent bootup takes several minutes and I end up going through the initial setup procedure. It seems the device for some reasoin goes through a complete reset procedure.
Titanium Backup is none better. It keeps telling me that my Android ID has changed, a host of system applications start to fail when I try to restore and generally speaking I have now spent between a good 20 hours trying to simply restore my data.
The end story is: root before you encrypt, and either don't upgrade or don't re-root if you do!
Unless someone has a cleat idea of how to do this properly without losing all your data, that is.
François
Click to expand...
Click to collapse
I have had no issues despite doing upgrades, with and without wipes.
Titanium is fine, just stop restoring system app data. Seriously, what data do you have in a system app that you want to restore.
Restore your user apps, their data, and the xml based call, sms, Wifi backups. It will work fine.
Device ID isn't a problem - it's just trying to help you.
pulser_g2 said:
I have had no issues despite doing upgrades, with and without wipes.
Titanium is fine, just stop restoring system app data. Seriously, what data do you have in a system app that you want to restore.
Restore your user apps, their data, and the xml based call, sms, Wifi backups. It will work fine.
Device ID isn't a problem - it's just trying to help you.
Click to expand...
Click to collapse
Sorry if I came across dissing Titanium Backup and/or TWRP. This was not the intent... I am sure both tools work real nice in general cases (and I have had success restoring data on a Jetstream before).
My main issue here is _full device encryption_ enforced by my company's corporate IT to allow me on the corporate exchange server. Do you have full device encryption on?
On my device, even after a full wipe and flashing a fresh stock rom Titanium Backup just did not work as I hoped. When I had to confirm individual popups of apps closing unexpectedly while it was proceeding and got nothing back in the end, what was I supposed to think? It could be that I don't understand how TB works... I was neither able to restore missing apps after the flash (missing apps: 0) nor installed apps data (they would close unexpectedly when started after restoring the back up). So I say: until full operation of TB on encrypted devices is documented, I will stay away from it, even though I am a registered user (and I do not plan to seek reimbursment)!
Anyway, I got to a belated happy ending (previous post edited).
frankieGom said:
Sorry if I came across dissing Titanium Backup and/or TWRP. This was not the intent... I am sure both tools work real nice in general cases (and I have had success restoring data on a Jetstream before).
My main issue here is _full device encryption_ enforced by my company's corporate IT to allow me on the corporate exchange server. Do you have full device encryption on?
On my device, even after a full wipe and flashing a fresh stock rom Titanium Backup just did not work as I hoped. When I had to confirm individual popups of apps closing unexpectedly while it was proceeding and got nothing back in the end, what was I supposed to think? It could be that I don't understand how TB works... I was neither able to restore missing apps after the flash (missing apps: 0) nor installed apps data (they would close unexpectedly when started after restoring the back up). So I say: until full operation of TB on encrypted devices is documented, I will stay away from it, even though I am a registered user (and I do not plan to seek reimbursment)!
Anyway, I got to a belated happy ending (previous post edited).
Click to expand...
Click to collapse
Yup I use device encryption Enabled manually, but it's the same encryption.
You should find that titanium shouldn't even be aware of it - the encryption is transparent!
I wonder... I'm sure lenny had that issue on a recent 4.1.2 "stock" ROM... And he doesn't use encryption...
I personally have had no issues with titanium on an encrypted device anyway
I notice you were using the newest rom - that's the one lenny had issues on.
pulser_g2 said:
Yup I use device encryption Enabled manually, but it's the same encryption.
You should find that titanium shouldn't even be aware of it - the encryption is transparent!
I wonder... I'm sure lenny had that issue on a recent 4.1.2 "stock" ROM... And he doesn't use encryption...
I personally have had no issues with titanium on an encrypted device anyway
I notice you were using the newest rom - that's the one lenny had issues on.
Click to expand...
Click to collapse
Exactly like I thought, encryption should be transparent to Titanium Backup since it runs within the OS.
I have had problems restoring into 4.1.2 DLL1 (the build I came from) and DLL7 (the one I was trying to go to)
The point is moot anyway since the DLL7 I tried was actually branded (Singtel stuff all around the launcher) and did not include French, which is why restoring my TWRP backup was a tempting proposition.
Good to know TB runs fine with encryption as well. What ROM are you running?
François
frankieGom said:
Hi all,
I recently got a HK N7105 and because it lacked the possibility to use a french keyboard I upgraded to a stock unbranded ROM from Sweden (XXDLL1) and succesfully rooted with the relevant CF_autoroot through Odin. Also installed TWRP 2.3.3.1.
Then, I connected the Note 2 to my corporate exchange server which enforced a full encryption policy (device and external SD card) so I had to type in a password at each boot time (with a "nice" swedish prompt that took ma while to decypher), plus a password to unlock the screen. All was well as the root survived the process.
Next I upgraded to a later stock ROM from France (XXDLL4 from SFR) to try and get rid of the swedish prompt. That worked fine (and root was loast in the process, as expected) but I hated the branded stuff so much I reverted to XXDLL1 until a proper unbranded "english" or "french" ROM is available.
At this point I decided to root again. I was running XXDLL1 like the first time and used the same autoroot tar from Chainfire. Except my Note 2 was still encrypted and after that it would not accept my boot password (a four digit PIN) anymore so I was guted and had to factory reset and root then reinstall everything before reconnecting to the exchange server.
Question 1: Does anyone know of a safe, proven way to root a fully encrypted Samsung device so I can go another upgrade without having to wipe the device first?
Why reinstall everything? Why not backup everything first so you can restore after the wipe? Well, it so happens that no recovery (at least neither CWM or TWRP) can read any encrypted media on the Note 2 at the moment. And no Recovery can actually fully backup the device as well.
Question 2: Does anyone know of a proper way to handle this situation with minimum hassle?
So far, the best I can think of is doing a Titanium backup and FTP the files to my NAS so I can retrieve them later. But (Question 3) will this be enough to restore my phone to the expected state after a stock firmware upgrade?
Thanks in advance,
François
Click to expand...
Click to collapse
About a backup : have you tried Online Nandroid (Playstore) (or similar, based on Onandroid) ? This makes a CWM or TWRP compatible backup while the device is running (everything should be unencrypted at this moment).
See http://forum.xda-developers.com/showthread.php?t=1620255
About rooting : you can try the same trick as above, by using ADB-shell and pushing the needed files to root to the device while it is running.
For my S3 there is a Toolkit that automates all this (http://forum.xda-developers.com/showthread.php?t=1703488), maybe there is something similar for your device ?
If not, you should still be able to do it using manual ADB-pushing.
I'm sorry I can't give you detailed instructions about the rooting as I'm not familiar with your device. Search here on XDA and you'll find more details.
pat357 said:
About a backup : have you tried Online Nandroid (Playstore) (or similar, based on Onandroid) ? This makes a CWM or TWRP compatible backup while the device is running (everything should be unencrypted at this moment).
See http://forum.xda-developers.com/showthread.php?t=1620255
About rooting : you can try the same trick as above, by using ADB-shell and pushing the needed files to root to the device while it is running.
For my S3 there is a Toolkit that automates all this (http://forum.xda-developers.com/showthread.php?t=1703488), maybe there is something similar for your device ?
If not, you should still be able to do it using manual ADB-pushing.
I'm sorry I can't give you detailed instructions about the rooting as I'm not familiar with your device. Search here on XDA and you'll find more details.
Click to expand...
Click to collapse
Thanks for the suggestions, and no I had not tried Online Nandroid as I was not aware of it. Anyway, my main issue is now resolved since TWRP has include support for Samsung TouchWiz based encryption in 2.4 and that works well.
For those interested, the only remaining issues I have with TWRP regarding encryption are that if you want to format /data from TWRP (say, to remove encryption) it will fail unless you _do not_ enter the password at boot, and the TWRP formated /data cannot be re-encrypted (you must use stock recovery to factory reset/wipe the device or else the encryption step will sit deat in the water doing nothing). I suppose the second one is a bug that will be fixed in a later version.
I will check Online Nandroid out anyway, being able to make a backup from a live system sounds good!
François
frankieGom said:
Thanks for the suggestions, and no I had not tried Online Nandroid as I was not aware of it. Anyway, my main issue is now resolved since TWRP has include support for Samsung TouchWiz based encryption in 2.4 and that works well.
For those interested, the only remaining issues I have with TWRP regarding encryption are that if you want to format /data from TWRP (say, to remove encryption) it will fail unless you _do not_ enter the password at boot, and the TWRP formated /data cannot be re-encrypted (you must use stock recovery to factory reset/wipe the device or else the encryption step will sit deat in the water doing nothing). I suppose the second one is a bug that will be fixed in a later version.
I will check Online Nandroid out anyway, being able to make a backup from a live system sounds good!
François
Click to expand...
Click to collapse
I have a similar issue. I had the device encrypted and decided to ROOT (using CF-AutoRoot). Unfortunately I cannot bypass the password screen now, although I know that I'm entering the right password. You are saying that if I flash TWRP everything will be fine?
ludovicianul said:
I have a similar issue. I had the device encrypted and decided to ROOT (using CF-AutoRoot). Unfortunately I cannot bypass the password screen now, although I know that I'm entering the right password. You are saying that if I flash TWRP everything will be fine?
Click to expand...
Click to collapse
Two separate things:
Root messing up encrypted touchwiz devices and twrp not handling touchwiz encrypted partitions properly.
The 2nd one, as much as I can tell, is fixed since before 2.5 so if youwork with the latest (2.6) you should be fine.
The first one I haven't played with in a while, but my finding is that you don't want to root a device once it's been encrypted. I've tried several different methods including rooting as you flag as is possible with twrp and all end up the same:the password is not recognised anymore!
The only thing that works for me is rooting before encrypting or only flashing pre-rooted ROMs.
frankieGom said:
Two separate things:
Root messing up encrypted touchwiz devices and twrp not handling touchwiz encrypted partitions properly.
The 2nd one, as much as I can tell, is fixed since before 2.5 so if youwork with the latest (2.6) you should be fine.
The first one I haven't played with in a while, but my finding is that you don't want to root a device once it's been encrypted. I've tried several different methods including rooting as you flag as is possible with twrp and all end up the same:the password is not recognised anymore!
The only thing that works for me is rooting before encrypting or only flashing pre-rooted ROMs.
Click to expand...
Click to collapse
Yes - I had to factory reset the phone and format the SD Card. Never root AFTER encryption :silly:
Since encryption is in the news right now with iPhones perhaps it's time we Android users looked into it more. I'm interested to hear other people's experiences. Did it work at all? Did it affect performance? Were you able to do upgrades after?
Search button, ~20 results, filter the useful ones, leave out the misleading ones...
Tayyab.Hasan said:
Disk encryption is working flawless. (Phone restarted in first attempt and wont show decrypt screen after first reboot otherwise no problem).
allangoing said:
Disk Encryption on Jan 26 is working correctly.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
llenp said:
Tested encryption and can verify it works 100%. But, there is a catch. It's always going to be a one-way street. Typically, when you encrypt a regular Android phone, the only way to decrypt it is to do a factory reset.
The only way to go back to an unencrypted state with our Fire Phones would be to format data (not wipe data) in Safestrap.
Unfortunately, this means you lose EVERYTHING. So you will definitely want to store any TWRP backups you have on your computer first.
Fortunately though, you will end up with a clean CM11 install after formatting data. Then all you have to do is go back and restore whatever TWRP backups you made before encrypting in the first place.
Click to expand...
Click to collapse
it's working on slimkit, suppose working on CM11, but yes, you have to do factory reset for decryption.
When I encrypted, the encryption itself was fine, but Safestrap can't access /media that I know of. I put .zips in /cache and it worked like a charm. You'll need root to do that, though.
--EDIT--
If you also want to perform a NAND dump while encrypted, Onandroid seems to do a fantastic job at it.