Related
Good evening (subjectively) all.
I've just recently encrypted an HD 2.* ROM on my Nexus. After encrypting the device today, it appears I have no access to the SDCard in CWR.
Can anyone give me any advice? How do I unencrypt (if I must) or fix the situation ?
My impression is that right now, you can either encrypt the device and keep it stock, or stay unencrypted if you want to mod the device/enjoy CWM. Maybe I'm wrong (I hope I am!), but I've just heard that encryption causes too much pain to be worthwhile if you want to do anything non-stock.
Rules.r said:
Good evening (subjectively) all.
I've just recently encrypted an HD 2.* ROM on my Nexus. After encrypting the device today, it appears I have no access to the SDCard in CWR.
Can anyone give me any advice? How do I unencrypt (if I must) or fix the situation ?
Click to expand...
Click to collapse
I had this problem! CWM can't see the sd card as it is encrypted. You need to do a full factory reset to remove the encryption. Google does't allow the option to decrypt yet.
Unfortunetly when you do a factory reset it wont work as it is looking for the stock bootloader to complete the wipe and it won't be able to use your existing bootloader. World of hurt!
The only way I got around this was to adb/fastboot the original stock rom. This caused me so much pain! Even then I had to do it once or twice before it fully worked.
Let me know how you get on.
Hello,
As Google has decided to turn encryption on as a standard in the upcoming Android 5.0, I thought I would give it a test on my CosmicCM 5.4.
I started the encryption and it prompts you that you for a passcode that will be used from now on, so far no problem.
It started encrypting my device and it was running for some time(I left it alone for an hour) and reboots a couple of times.
After he's finished the annoyance came.
first you will have to type twice your password with a reboot, one time do decrypt your device the second time to enter your device.
Be aware that performance can be slowed through encryption, and it can negatively impact battery life too.
So I decide to go back.
The Problem: Once encrypted, you can't decrypt it easily.
When encrypting the phone android will tell you you can only decrypt it using a factory reset. Naturally you assume it's talking about the "Factory Data Reset" option found in Settings --> Backup and Reset and this works.
Now I wanted to try a rom (TW 4.2.2 based) and see how this worked and after installing and booting.
I got prompted to enter the decryption and of course this didn’t work anymore as there is no data for the password.
So I assumed you can wipe everything from your custom recovery mod (CWM, TWRP, or one of those).
Wrong! You'll get beautiful "can't mount /data" messages and more.
After some hard time I got everything working again, by flashing CosmicCM again.
The phone booted al clean again without asking for encryption and when you check the menu it also mentioned encryption is deactivated.
Trying the previous rom again just triggerd the encryption again.
So It seems that there is still somewhere a hidden encrypted protection that will be activated when I flash a different rom.
So be warned and don’t play with encrypting your device as you could brick it.
Didn't have time to investigate further on how I can remove it completely, but my guess is I have to redo all the partitions.
I was on the same boat a month ago
akiratoriyama said:
I was on the same boat a month ago
Click to expand...
Click to collapse
I wish you told me sooner
Did you redo all the partitions to get the encryption completely removed?
RichyE said:
I wish you told me sooner
Did you redo all the partitions to get the encryption completely removed?
Click to expand...
Click to collapse
I think I had to wipe my data via Philz, CWM and stock to remove encryption.
akiratoriyama said:
I think I had to wipe my data via Philz, CWM and stock to remove encryption.
Click to expand...
Click to collapse
Thanks for the info, will try to flash stock this week and see if this helps
Has anyone noticed any issue on their h815 with regards to encrypting the phone? Mine does not work; full or quick option. Has unlocking the bootloader caused this to stop working? I have got root and twrp recovery. Could the custom recovery be causing the phone to get stuck on rebooting to encrypt? The lg website says certain features no longer work after the bootloader is unlocked; maybe this is one of those? All just guess work atm, any help would be appreciated.
v1ne said:
Has anyone noticed any issue on their h815 with regards to encrypting the phone? Mine does not work; full or quick option. Has unlocking the bootloader caused this to stop working? I have got root and twrp recovery. Could the custom recovery be causing the phone to get stuck on rebooting to encrypt? The lg website says certain features no longer work after the bootloader is unlocked; maybe this is one of those? All just guess work atm, any help would be appreciated.
Click to expand...
Click to collapse
Hi,
i do not know, as I do NOT (yet?) own the device! But I would love to know! Any unlocked + encrypted phones out there? I would be interested how many of the geeks around here encrypt their phones?
For me, these days, I do not own a single device (PC, Notebook, Smartphone whatever) that is NOT encrypted. The more easy you loose the device, the more encryption should be a standard.
What is the reality? And does it work with the unlocked bootloader?
v1ne said:
I have got root and twrp recovery. Could the custom recovery be causing the phone to get stuck on rebooting to encrypt? d.
Click to expand...
Click to collapse
Exactly the same here! I would be very happy if someone could help me out, maybe by looking at some logcat files? The device is rooted after all. Just tell me what log files you would need?
I would like to try to flash the stock recovery. Delete TWRP as I think this could be the culprit. I read about bringing the device back to stock but I am unsure what files I do need exactly and how to proceed. I downloaded the LG Flash tool. Any help would be very much appreciated!
I just got this phone, rooted, unlocked BL, installed Xposed. I tried to encrypt phone, but when I started the process, it rebooted and now it's at the white T-Mobile splash screen. There's no progress indication anywhere and it has been almost an hour. I think I'll have to pull battery.
v1ne said:
Has anyone noticed any issue on their h815 with regards to encrypting the phone? Mine does not work; full or quick option. Has unlocking the bootloader caused this to stop working? I have got root and twrp recovery. Could the custom recovery be causing the phone to get stuck on rebooting to encrypt? The lg website says certain features no longer work after the bootloader is unlocked; maybe this is one of those? All just guess work atm, any help would be appreciated.
Click to expand...
Click to collapse
Did you (or fpsq) manage to do this in the end (and if yes, how)? I have the same issue I think... rooted the phone with the method here:
http://forum.xda-developers.com/g4/general/lg-g4-100-root-success-directives-root-t3180586
and now the phone gets stuck on the initial reboot after launching encryption. It works if I unplug the battery, which shows it doesn't even start the process.
Thanks for any help.
It didn't get anywhere, so I tried it again with quick encryption. Same white screen. I rooted with a huge pre-rooted system image. using dd. Did you unlock boot loader, install custom recovery, or install Xposed?
OGIGA said:
It didn't get anywhere, so I tried it again with quick encryption. Same white screen. I rooted with a huge pre-rooted system image. using dd. Did you unlock boot loader, install custom recovery, or install Xposed?
Click to expand...
Click to collapse
No to all three. I also used dd but first dumped my system partition, injected the root files, and then rewrote it (rather than the main method that you used, writing the ready-made image). See the thread I linked earlier for details.
It really seems the root is the problem here. fpsq seems to have gotten it working in a roundabout way:
http://forum.xda-developers.com/showpost.php?p=62156629&postcount=1468
but I don't understand exactly what he did, I PMed him to ask.
WARNING: Once you encrypt your phone/sdcard you can NOT cancel the process. After you encrypt your phone/sdcard, if you forget your password, you will have to factory reset (wipes /data) and/or format your sdcard (wipes /external_SD) to get a useable phone. Your data WILL be lost!
Also TWRP can not read encrypted volumes other than some Nexus devices, so make a backup BEFORE you encrypt it or the internal/external sdcard.
Overview: You have to kill the SuperSu daemon (temporarily unrooting it) and THEN start the stock encryption process.
1. Install Busybox (need the pkill utility)
2. Open Terminal Emulator and:
Code:
$ su
# pkill -KILL daemonsu
$ exit
NOTE: You'll notice that the # changed back to $. This means that you are no longer the root user and the SuperSu daemon is not running. Do NOT open any other apps, including the SuperSu app.
3. Now go to Settings ---> Security ---> Encrypt Phone.
IMPORTANT: Make sure your phone charger is plugged in. Go through the prompts to encrypt your phone and/or sdcard and the phone will reboot. It will stay at the bootscreen for about a minute and then you will see the white encryption screen. it will ask you for an encryption password. Once you set that, write it down, email it to yourself, whatever you have to do to remember it because if you forget it, there is no helping you. You will have to factory reset (wipes /data) to get a useable phone. Your data WILL be lost!
It will run until it gets to 100% and the phone will reboot. Once it comes back up with the white screen, enter your password and the boot phone will finish booting. To check that the phone/sdcard is encrypted, go to Settings ---> Security and under Encrypt Phone and Encrypt SD card storage, you should see "Encrypted".
Hope this helps.
barcodelinux said:
You have to kill the SuperSu daemon (temporarily unrooting it) and Then start the stock encryption process.
Click to expand...
Click to collapse
It works! And it's so clear why it works, now why didn't I think of this?
Thanks a lot for figuring it out and posting it here, you really helped me! Phones hold so much private data nowadays and are so easy to lose that I was really uncomfortable using it unencrypted.
OGIGA said:
I just got this phone, rooted, unlocked BL, installed Xposed. I tried to encrypt phone, but when I started the process, it rebooted and now it's at the white T-Mobile splash screen. There's no progress indication anywhere and it has been almost an hour. I think I'll have to pull battery.
Click to expand...
Click to collapse
Hey there - did you get any luck with this? My G4 updated to MM last week, and now I'm trying encryption - but it's been sitting on the initial boot screen for over an hour (not a loop, just that one screen), with no progress bar or screen.
No idea what it's doing, but hoping that pulling the battery out won't brick it completely!
PS. my phone isn't even rooted, so it can't be THAT causing a problem
Thanks,
J
jasonnm said:
Hey there - did you get any luck with this? My G4 updated to MM last week, and now I'm trying encryption - but it's been sitting on the initial boot screen for over an hour (not a loop, just that one screen), with no progress bar or screen.
No idea what it's doing, but hoping that pulling the battery out won't brick it completely!
PS. my phone isn't even rooted, so it can't be THAT causing a problem
Thanks,
J
Click to expand...
Click to collapse
I just installed Marshmallow last week and took a stab at encryption again. I installed TWRP 2.7.8.1, by the way. What I also did was flash what I think is the original boot.img. I think this would have un-rooted my device and maybe un-Xposed too, but I forgot because I was really sick last week.
Anyway, the standard device encryption actually worked. I opted for /data encryption instead of full device. Funny thing was that the first time I did it, it was stuck at the boot screen, but was actually encrypting. I didn't know that, so I took out the battery and it screwed up my /data, so the OS made me wipe /data. Fortunately, I backed up right when I did Marshmallow, so I restored my /data. I went to encrypt again and waited this time. Eventually, the screen went from boot screen to the encrypting screen starting at like 60% finished. It finished and my /data was encrypted!
I went to TWRP but TWRP could not decrypt my /data no matter what password I tried. Since my /system and /boot were not encrypted, SuperSU installation was easy. I got the password screen at boot like expected.
However, when I installed Xposed, the password screen would keep popping up with "_____ has stopped" persistently and I had to time it right hit each key of the password. When I uninstalled Xposed, the popups stopped. Installed Xposed again, popups were back. After struggling to enter the password and booting up, everything works fine.
That's how much I have experienced so far.
OGIGA said:
I just installed Marshmallow last week and took a stab at encryption again. I installed TWRP 2.7.8.1, by the way. What I also did was flash what I think is the original boot.img. I think this would have un-rooted my device and maybe un-Xposed too, but I forgot because I was really sick last week.
Anyway, the standard device encryption actually worked. I opted for /data encryption instead of full device. Funny thing was that the first time I did it, it was stuck at the boot screen, but was actually encrypting. I didn't know that, so I took out the battery and it screwed up my /data, so the OS made me wipe /data. Fortunately, I backed up right when I did Marshmallow, so I restored my /data. I went to encrypt again and waited this time. Eventually, the screen went from boot screen to the encrypting screen starting at like 60% finished. It finished and my /data was encrypted!
I went to TWRP but TWRP could not decrypt my /data no matter what password I tried. Since my /system and /boot were not encrypted, SuperSU installation was easy. I got the password screen at boot like expected.
However, when I installed Xposed, the password screen would keep popping up with "_____ has stopped" persistently and I had to time it right hit each key of the password. When I uninstalled Xposed, the popups stopped. Installed Xposed again, popups were back. After struggling to enter the password and booting up, everything works fine.
That's how much I have experienced so far.
Click to expand...
Click to collapse
Thanks for the extra info - need to try again when I get a bit more time, but I eventually pulled the battery (risky, I know!) and put it back in and everything was normal, like nothing had changed. Certainly no encryption anywhere.
Will update when I give it another try.
Thanks again!
So if I had my SD card encrypted, and my phone puked, I get another G4 and want to use my old SD card (I have the password) how can I access the files on the SD card ?
Sent from my iPhone using Tapatalk
Hi guys! I think I screwed my phone completely.
First of all, my volume buttons are broken, I ripped off the cable from the main board trying to fix the screen. Other than that the phone was working okay.
Sometime ago I decided to format it to f2fs, and everything was smooth, but with lollipop you know there are some pink lines during videos, so yesterday, I decided to restore directly, the backup I made of the official 4.3 with fancy kernel that I have.
Now the problem is, the phone is asking for the encryption password, which I don't have, as I never encrypted it, and the computer isn't recognizing the phone, well, it actually shows in the device manager, but it doesn't show up for the toolkit, nor the explorer to save my things. I don't mind loosing everything as I only used it as a backup phone and to try cm12, but I'd like to get it working.
So, any ideas on how to make the computer/adb/toolkit recognize the phone, or how to bypass the encryption password which doesn't exist?
skyleth said:
Hi guys! I think I screwed my phone completely.
First of all, my volume buttons are broken, I ripped off the cable from the main board trying to fix the screen. Other than that the phone was working okay.
Sometime ago I decided to format it to f2fs, and everything was smooth, but with lollipop you know there are some pink lines during videos, so yesterday, I decided to restore directly, the backup I made of the official 4.3 with fancy kernel that I have.
Now the problem is, the phone is asking for the encryption password, which I don't have, as I never encrypted it, and the computer isn't recognizing the phone, well, it actually shows in the device manager, but it doesn't show up for the toolkit, nor the explorer to save my things. I don't mind loosing everything as I only used it as a backup phone and to try cm12, but I'd like to get it working.
So, any ideas on how to make the computer/adb/toolkit recognize the phone, or how to bypass the encryption password which doesn't exist?
Click to expand...
Click to collapse
Exactly the same symptoms as if you were using a ROM without F2FS support on /data. Make sure you formatted back everything to ext4.
Thanks Ziyan, that's the thing i didn't format it back to ext4 and now I can't get the computer to recognize it to solve it
solved with JIG. the thread can be closed
Hey Guys,
When I got my OP3 I unlocked the bootloader right away and installed FreedomOS to get rid of the bloatware. As this is my first device, which comes with a locked bootloader and decryption, I have some questions about this topic. I was wondering that the encryption does not make any sense when you unlock your bootloader, because if somebody steals your phone, he can just enter twrp and access all your data. Then I flashed CM and after that TWRP was asking me to set a pin or pattern to lock my phone. Now I've to unlock my phone every time I want to enter the recovery or boot the system with a pattern, which is great, because now the encryption is not worthless anymore. Now I'm asking myself if this feature is somehow integrated into CM or was it just random that I found this feature? Is there any way to get this also with OOS installed? What things do I have to note to not accidentally make my phone unencryptable with the pattern? Is this even possible, maybe by flashing a new recovery or so?
Thanks in advance
Gerrit507 said:
Hey Guys,
When I got my OP3 I unlocked the bootloader right away and installed FreedomOS to get rid of the bloatware. As this is my first device, which comes with a locked bootloader and decryption, I have some questions about this topic. I was wondering that the encryption does not make any sense when you unlock your bootloader, because if somebody steals your phone, he can just enter twrp and access all your data. Then I flashed CM and after that TWRP was asking me to set a pin or pattern to lock my phone. Now I've to unlock my phone every time I want to enter the recovery or boot the system with a pattern, which is great, because now the encryption is not worthless anymore. Now I'm asking myself if this feature is somehow integrated into CM or was it just random that I found this feature? Is there any way to get this also with OOS installed? What things do I have to note to not accidentally make my phone unencryptable with the pattern? Is this even possible, maybe by flashing a new recovery or so?
Thanks in advance
Click to expand...
Click to collapse
If your phone is encrypted, TWRP has to prompt you to decrypt the /data partition before it can be mounted. This isn't a CM feature, it should act like this with any ROM if phone encryption is enabled. I've flashed most every rom and version of twrp in this forum and they all seem to work fine with the encryption enabled. I have not flashed multiboot yet as that requires your phone to be completely unencrypted. Not sure if that answers your question.
If security is your concern though, I would recommend switching to a passphrase instead of pattern for encryption unless your pattern is very long and complex. I recommend a passphrase of at least 16 characters.
kennonk said:
If your phone is encrypted, TWRP has to prompt you to decrypt the /data partition before it can be mounted. This isn't a CM feature, it should act like this with any ROM if phone encryption is enabled. I've flashed most every rom and version of twrp in this forum and they all seem to work fine with the encryption enabled. I have not flashed multiboot yet as that requires your phone to be completely unencrypted. Not sure if that answers your question.
If security is your concern though, I would recommend switching to a passphrase instead of pattern for encryption unless your pattern is very long and complex. I recommend a passphrase of at least 16 characters.
Click to expand...
Click to collapse
Ok I see, than I was getting something wrong there, thank you. The thing is FreedomOS stated that the phone is encrypted but I was never asked for the pattern by TWRP...
Gerrit507 said:
Ok I see, than I was getting something wrong there, thank you. The thing is FreedomOS stated that the phone is encrypted but I was never asked for the pattern by TWRP...
Click to expand...
Click to collapse
When you first booted up your stock phone and went through setup it asks if you want to secure the phone using pin/pattern/passphrase. I think that is where it is created then that key is written somewhere, not on the data or system partitions because is persists between wipes, and that is where TWRP and all future roms are authenticating you.
kennonk said:
When you first booted up your stock phone and went through setup it asks if you want to secure the phone using pin/pattern/passphrase. I think that is where it is created then that key is written somewhere, not on the data or system partitions because is persists between wipes, and that is where TWRP and all future roms are authenticating you.
Click to expand...
Click to collapse
Ok, I can not remember this... Then I guess the phone just stated it was encrypted and wasn't... And how can I change this pattern or unencrypt the phone?
Gerrit507 said:
Ok, I can not remember this... Then I guess the phone just stated it was encrypted and wasn't... And how can I change this pattern or unencrypt the phone?
Click to expand...
Click to collapse
Here is how to decrypt without losing data. http://forum.xda-developers.com/oneplus-3/how-to/unencrypt-oxygenos-loosing-data-t3412228
There is another article I think I saw it on the OnePlus forums about how to decrypt and wipe which will let you change the passphrase I think.
Basically if you decrypt, then flash Oxygen or Hydrogen without SuperSU it will force you to re-encrypt. At least that is my understanding as I haven't decrypted yet.
Good luck
kennonk said:
Here is how to decrypt without losing data. http://forum.xda-developers.com/oneplus-3/how-to/unencrypt-oxygenos-loosing-data-t3412228
There is another article I think I saw it on the OnePlus forums about how to decrypt and wipe which will let you change the passphrase I think.
Basically if you decrypt, then flash Oxygen or Hydrogen without SuperSU it will force you to re-encrypt. At least that is my understanding as I haven't decrypted yet.
Good luck
Click to expand...
Click to collapse
As far as I understood it, it's all about wiping userdata, which I did before flashing Freedom OS. This might explain why I had no encryption... Still strange that it did not prompt me again to set a new one...
edit: FreedomOS has supersu, but systemless... I also flashed supersu right after CM which is even more strange...
Gerrit507 said:
As far as I understood it, it's all about wiping userdata, which I did before flashing Freedom OS. This might explain why I had no encryption... Still strange that it did not prompt me again to set a new one...
Click to expand...
Click to collapse
Yeah I have wiped userdata and system and clean reflashed like 20-30 times in the last few weeks and I've never been prompted to recreate the initial passphrase I set for encryption.
kennonk said:
Yeah I have wiped userdata and system and clean reflashed like 20-30 times in the last few weeks and I've never been prompted to recreate the initial passphrase I set for encryption.
Click to expand...
Click to collapse
But I never had to decrypt in TWRP... It's mysterious As far as I understand the guide he just wipes userdata and the encryption is gone... Is there somebody who knows for sure where the key is located actually?
edit: Seems like the encryption key is coupled to your password
When a user elects to change or remove their password in settings, the UI sends the command cryptfs changepw to vold, and vold re-encrypts the disk master key with the new password.
Click to expand...
Click to collapse
https://source.android.com/security/encryption/
I can confirm that. I changed my pattern and unlocked the phone with it at booting.
If I remove my password it still says "encrypted" in security but I don't have to enter any pattern at boot.
Mine says "Encrypted" under Settings > Security & Fingerprint > Encryption but I can boot into TWRP and browse the entire file system without ever entering my pin code.
dcdruck1117 said:
Mine says "Encrypted" under Settings > Security & Fingerprint > Encryption but I can boot into TWRP and browse the entire file system without ever entering my pin code.
Click to expand...
Click to collapse
Sounds like you have the same issue like I had. It seems to me like an issue in OOS.
This is awesome. I thought rooting and unlocking the bootloader to install custom ROMs would need the phone to be decrypted -- great, great news!
So without knowing the passphrase a possible attacker can't get to the data even when the bootloader is unlocked and OS rooted?
kanttii said:
This is awesome. I thought rooting and unlocking the bootloader to install custom ROMs would need the phone to be decrypted -- great, great news!
So without knowing the passphrase a possible attacker can't get to the data even when the bootloader is unlocked and OS rooted?
Click to expand...
Click to collapse
Yes, all your data is being decrypted after your enter the passphrase.
Does anyone have any idea how I can encrypt my phone if it already says Settings > Security & fingerprint > Encryption > Encrypt phone = "Encrypted"? It's clearly not actually encrypted because I do not have to enter any pin to boot or read data in TWRP.
dcdruck1117 said:
Does anyone have any idea how I can encrypt my phone if it already says Settings > Security & fingerprint > Encryption > Encrypt phone = "Encrypted"? It's clearly not actually encrypted because I do not have to enter any pin to boot or read data in TWRP.
Click to expand...
Click to collapse
Go to lock screen settings and set it up again. You will be prompted if you want to enter pin every reboot.
proag said:
Go to lock screen settings and set it up again. You will be prompted if you want to enter pin every reboot.
Click to expand...
Click to collapse
Hey, thanks! The "require PIN to start device" screen doesn't make any mention of encryption, so I was under the impression that it was far more basic and wasn't at all related to encryption. I tried it though and now TWRP does ask me to decrypt my data partition, so it does work. Thanks for the assist!
been following this thread and i had a quick questions - so it looks like if you unlock BL and run a custom ROM, you can still have the security of encryption, but does this ONLY apply to the USERDATA partition?
for example, could someone launch TWRP recovery on your phone and flash something into the SYSTEM partition without ever touching your userdata partition (ie, a keylogger or malware)?
It seems to me that only the data partition is encrypted, but someone correct me if I'm wrong. I looked at the Android full disk encryption page and I only see mentions of the data partition.
dcdruck1117 said:
It seems to me that only the data partition is encrypted, but someone correct me if I'm wrong. I looked at the Android full disk encryption page and I only see mentions of the data partition.
Click to expand...
Click to collapse
so system is never encrypted? i guess at that point the stock recovery stops you from flashing malware but \TWRP wont
dcdruck1117 said:
It seems to me that only the data partition is encrypted, but someone correct me if I'm wrong. I looked at the Android full disk encryption page and I only see mentions of the data partition.
Click to expand...
Click to collapse
Your internal storage is mounted into your data partition actually. I think this means it's also encrypted.
2x4 said:
so system is never encrypted? i guess at that point the stock recovery stops you from flashing malware but \TWRP wont
Click to expand...
Click to collapse
I see no reason behind encrypting system, it's used read-only anyway as long as you don't flash something to it.
edit: Ah I see now what you mean. But if you have stock recovery you can also simply flash twrp over it or flash something to system via adb... I don't know if it would even be possible technically to encrypt system. Anyway I think the only solution would be to lock the bootloader I think. I don't know what actually happens if you lock your bootloader again while on twrp and custom rom, might brick your device