I would have posted this in the thread for the ROM in question, but due to new user restrictions I cannot post in the development forum.
I have flashed the NF9 ROM to my GTS 8.4. I'm now wanting to encrypt the device. I've set a password (not a pin, but a password). I select the option to encrypt, enter the password, and up comes the black screen with the green android. It stays this way for about 5 - 10 minutes and then the device reboots.
No warning, no error message. Just a normal reboot. And the device is not encrypted. I've tried to select the fast encrypt option, however this has no effect and the same behavior ensues.
Anyone else seen this before? I'm not sure if it is ROM related...
After flashing a stock, unrooted ROM, I found that I was able to encrypt no problem. As soon as I rooted using CF-Auto root, encryption failed. Even worse, if you try to encrypt first and then root afterwards, the root appears to work but the device gets soft bricked. I tried multiple different root methods, but currently only CF-Root works.
Some searching indicates that this problem with encrypting the device when rooted happens on other Samsung devices
http://forum.xda-developers.com/showthread.php?t=2487018
http://forum.xda-developers.com/showthread.php?t=2769248
A further search showed that member bruzzy recently came up with a workaround that also works for the SM-T700:
http://forum.xda-developers.com/showthread.php?t=2791587
I followed bruzzy's procedure with a stock rom, but it would probably work with any ROM given that the cause is SuperSU. The procedure on a stock ROM would be
flash stock rom with odin
root with cf-auto root
run supersu - say no to knox disable as it hangs and doesn't seem to disable properly
either on the host pc run adb shell then su or do the same with terminal emulator
disable knox by typing the command "pm disable com.sec.knox.seandroid"
temporarily disable supersu by unchecking the "Enable Supersu" option in settings
reboot
encrypt the device
reboot the device into odin mode
flash twrp
boot into recovery
mount /system
open the console
cp /system/xbin/daemonsu /system/xbin/su
/system/xbin/su --install)
restart
Now, be aware the TWRP does not see the encrypted data partition, instead throwing errors, so you cannot access your internal storage from within recovery. Furthermore, using different roms, whenever I made a nandroid to external sd, on reboot the backup was deleted. As a result, I was forced to make a backup to usb otg. Overall, having an encrypted device just seems like a lot of trouble. A factory reset of the encrypted device will require you to reflash stock recovery as twrp does not do the reset properly.
My work required that I encrypt my OP3T. I don't use my OP3T for work anymore.
I have read that it isn't possible to remove the encryption (If this isn't true, please let me know).
I would like to modify my existing encryption settings, so I had a few questions:
Can I change my current "strong" encryption password to a different password? It would be easier if my wife needs to get into it.
My OP3T is currently configured to require a password entry every time after rebooting. Can I turn this off?
I remember reading somewhere that I need to remove all fingerprint patterns before backing up the OP3T or I wouldn't be able to restore properly (which I always did before I encrypted my phone). Do I still need to do that before I backup my encrypted OP3T?
If I do a TWRP backup and then a wipe/restore (after entering the current password), can I remove the encryption, or will my phone still be encrypted?
Thanks,
¿GJ?
¿GotJazz? said:
My work required that I encrypt my OP3T. I don't use my OP3T for work anymore.
I have read that it isn't possible to remove the encryption (If this isn't true, please let me know).
I would like to modify my existing encryption settings, so I had a few questions:
Can I change my current "strong" encryption password to a different password? It would be easier if my wife needs to get into it.
My OP3T is currently configured to require a password entry every time after rebooting. Can I turn this off?
I remember reading somewhere that I need to remove all fingerprint patterns before backing up the OP3T or I wouldn't be able to restore properly (which I always did before I encrypted my phone). Do I still need to do that before I backup my encrypted OP3T?
If I do a TWRP backup and then a wipe/restore (after entering the current password), can I remove the encryption, or will my phone still be encrypted?
Thanks,
¿GJ?
Click to expand...
Click to collapse
It is possible to remove encryption but you will lose all data on the phone. You see OxygenOS has this very annoying force encryption. It basically means whenever you boot you phone and force encryption is on it will automatically encrypt. What I usually do is go to Fastboot then type "fastboot erase userdata" then I boot straight into TWRP and wipe every partition. After that I flash the rom and encryption should be gone (no more boot password).. If you have any more questions be sure to ask.
¿GotJazz? said:
My work required that I encrypt my OP3T. I don't use my OP3T for work anymore.
I have read that it isn't possible to remove the encryption (If this isn't true, please let me know).
I would like to modify my existing encryption settings, so I had a few questions:
Can I change my current "strong" encryption password to a different password? It would be easier if my wife needs to get into it.
My OP3T is currently configured to require a password entry every time after rebooting. Can I turn this off?
I remember reading somewhere that I need to remove all fingerprint patterns before backing up the OP3T or I wouldn't be able to restore properly (which I always did before I encrypted my phone). Do I still need to do that before I backup my encrypted OP3T?
If I do a TWRP backup and then a wipe/restore (after entering the current password), can I remove the encryption, or will my phone still be encrypted?
Thanks,
¿GJ?
Click to expand...
Click to collapse
1) It depends by the pattern/password/PIN you're using.
Android encryption is based on internal keys, do not consider it like Dm-crypt or BitLocker, they are quite different.
2) I discourage it.
Without bootup authentication, recovery is fully accessible, anyone can access/transfer data or wipe device.
3) I've read nothing about that.
4) Encryption is upper to /data: the only way to remove it is doing fastboot format userdata via ADB.
To make decryption permanent, you've to unlock bootloader, flash TWRP recovery, then install (at the same time) OxygenOS and Magisk.
Magisk will prevent the force encryption.
After first boot, you can remove Magisk.
Thanks, guys! Not the answers I hoped for, but good answers nonetheless.
Hello
About securing your device after having an unlocked bootloader. Using TWRP you can easily delete whatever lockscreen is installed by removing a few files from /data/system, the gatekeeper files and the three locksettings files.
You might as well not have a lockscreen at all if a potential phone thief has any idea what he's doing. How would you secure your device?
Encryption isn't possible on Lineage 14, and 15 still has too many bugs for me to consider using it. The only other option is staying stock and having a massively outdated Android security patch.
Are there any other security options I'm missing?
a tiny ant said:
Hello
About securing your device after having an unlocked bootloader. Using TWRP you can easily delete whatever lockscreen is installed by removing a few files from /data/system, the gatekeeper files and the three locksettings files.
You might as well not have a lockscreen at all if a potential phone thief has any idea what he's doing. How would you secure your device?
Encryption isn't possible on Lineage 14, and 15 still has too many bugs for me to consider using it. The only other option is staying stock and having a massively outdated Android security patch.
Are there any other security options I'm missing?
Click to expand...
Click to collapse
Install a stock recovery to avoid the easy deletion of files in TWRP.
But...as long as you have a LP or MM bootloader stack you can still boot a TWRP image by fastboot boot when having physical access. To avoid this you need the bootloader stack for N which is available only for h815 devices and denies fastboot boot commands. While fastboot flash is still available for flashing TWRP...
Another option:
Install any ROM which has working encryption. Encrypt the device.
Flash the ROM of your choice over it. The issue we had in 14.1 was about enabling(!) encryption. The decrypt of a previous one worked fine. Just ensure that you do not use format data as that would remove encryption.
Even when you have encrypted your device your bootloader unlock will let a door open which can allow the modification of system files (which never gets encrypted). Means: I can place a malware in system, you will boot next time android and activate my malware after you have entered your pass for the decrypt.
So all the above can make things harder for an attacker while not impossible to break.
TLDR;
Once unlocked there is always a way to allow access. The warnings of the vendors are there for a reason
Sent from my LG-H815 using XDA Labs
steadfasterX said:
Install a stock recovery to avoid the easy deletion of files in TWRP.
But...as long as you have a LP or MM bootloader stack you can still boot a TWRP image by fastboot boot when having physical access. To avoid this you need the bootloader stack for N which is available only for h815 devices and denies fastboot boot commands. While fastboot flash is still available for flashing TWRP...
Another option:
Install any ROM which has working encryption. Encrypt the device.
Flash the ROM of your choice over it. The issue we had in 14.1 was about enabling(!) encryption. The decrypt of a previous one worked fine. Just ensure that you do not use format data as that would remove encryption.
Even when you have encrypted your device your bootloader unlock will let a door open which can allow the modification of system files (which never gets encrypted). Means: I can place a malware in system, you will boot next time android and activate my malware after you have entered your pass for the decrypt.
So all the above can make things harder for an attacker while not impossible to break.
TLDR;
Once unlocked there is always a way to allow access. The warnings of the vendors are there for a reason
Sent from my LG-H815 using XDA Labs
Click to expand...
Click to collapse
Thanks! Very informative post. I think the risks of having an unlocked bootloader are acceptable if the phones' data can be encrypted.
I have tried encrypting on stock Nougat and then flashing LineageOS over it, however it resulted in the LineageOS installation not recognizing my pattern and refusing to boot past the boot prompt. Maybe deleting the keyguard files right after flashing? I will try this later.
So the next step was disabling the pattern altogether and then trying to use TWRP again, but then it asks for a password, which technically shouldn't exist since there isn't any lock on the screen.
**Well I've actually figured this one out, apparently Android defaults to "default_password". It almost seems too silly to be true but it has to be something I guess. Will try flashing LOS later over an encrypted storage.
steadfasterX said:
Another option:
Install any ROM which has working encryption. Encrypt the device.
Flash the ROM of your choice over it. The issue we had in 14.1 was about enabling(!) encryption. The decrypt of a previous one worked fine. Just ensure that you do not use format data as that would remove encryption.
Click to expand...
Click to collapse
I've actually tried this, encrypting from stock Nougat and flashing Lineage over it, except then Lineage refuses to boot, asking for a password instead. "default_password" doesn't work even though no actual password is set.
It seems to be dependant on what setting it was on stock nougat, as it could also ask for a pattern which then won't be accepted.
I also cannot find any lockscreen or keyguard related files in /data/system after flashing stock Nougat. Are there any other options I could try? The device is decrypted in TWRP before rebooting, but afterwards the encryption activates making it no longer possible to enter the system.
Another bit of a strange/interesting thing. The only way out was to format data, thus removing encryption. I then restore a TWRP backup where encryption was enabled, deleted the lockscreen files and upon booting the device appeared to be fully encrypted again. Is this a bug or something?
Hello! I'm very new to building custom recoveries, and haven't even completed a successful build yet. I have a OnePlus 7T model HD1905 (aka North American model/Global) running OOS 12. I've tried to find guides on how to make a TWRP recovery, but nothing has worked for OOS 12. I am able to extract the OOS 12 stock recovery.img with Payload Dumper, and am able to create a basic TWRP device tree for android 12.1 using the official TWRP 12.1 Github manifest, but I'm not able to find a good guide to create a TWRP-ready device tree from my stock recovery.img I mentioned earlier. I've tried updating to OOS 11, and using the twrp-keep module on the magisk modules github to keep the official TWRP installed. (It support OOS 11, but not OOS 12). I've also tried flashing the unofficial build made by Mauronofrio, but none of the specified methods have worked. Can someone please either make a OOS12-compatible version of TWRP for the OnePlus 7T, or if they can't do that, guide me in a step-by-step process on how to do i myself? Any help would be greatly appreciated.
Oos12 does NOT support twrp nor does A13
I compiled it but i didn't test it with oos12 (fbe) and custom rom a13 (erofs). I hope it will work..
Device Tree
Sourceforge
rabilgic said:
I compiled it but i didn't test it with oos12 (fbe) and custom rom a13 (erofs). I hope it will work..
Device Tree
Sourceforge
Click to expand...
Click to collapse
I just flashed it, and it booted successfully! I'll let you know if I can format /data.
Format /data works.
For confirmation, I flashed the .img of the OOS12 version to the recovery partition.
rabilgic said:
I compiled it but i didn't test it with oos12 (fbe) and custom rom a13 (erofs). I hope it will work..
Device Tree
Sourceforge
Click to expand...
Click to collapse
So... upon further inspection, there's an issue with decryption. I can successfully flash the image to the recovery partition, and it boots just fine. When I tap on "Mount", all of the options are unchecked. One of the buttons is called "Decrypt Data". I currently don't have face unlock, fingerprint unlock, password or PIN set up, and it still promts me for a password when I tap on "Decrypt Data". I've tried entering "default_password" and "password" (but without the quotation marks), but neither of them work. Is there a way to solve this? This is on the OOS12 TWRP, btw.
SiegeDaBoss said:
So... upon further inspection, there's an issue with decryption. I can successfully flash the image to the recovery partition, and it boots just fine. When I tap on "Mount", all of the options are unchecked. One of the buttons is called "Decrypt Data". I currently don't have face unlock, fingerprint unlock, password or PIN set up, and it still promts me for a password when I tap on "Decrypt Data". I've tried entering "default_password" and "password" (but without the quotation marks), but neither of them work. Is there a way to solve this? This is on the OOS12 TWRP, btw.
Click to expand...
Click to collapse
I just tested the non-OOS Android 13 TWRP file, and it has the same issue.
Can u back up all partitions except data? At least that would be helpful
HueyT said:
Can u back up all partitions except data? At least that would be helpful
Click to expand...
Click to collapse
Nope. Even when I de-select Data, and select everything else, it still fails with the "Failed to mount /data" error.
Yeah, I was afraid of that. No one has cracked twrp for oos12 yet
HueyT said:
Yeah, I was afraid of that. No one has cracked twrp for oos12 yet
Click to expand...
Click to collapse
I mean, at least both of them boot.
rabilgic said:
I compiled it but i didn't test it with oos12 (fbe) and custom rom a13 (erofs). I hope it will work..
Device Tree
Sourceforge
Click to expand...
Click to collapse
Hi again. As I've mentioned, both TWRP images boot just fine. However, I am unable to mount /data, as when I enter the "Mount" section of TWRP, nothing except the Cache partition is checked. It doesn't ask me for a password upon booting into TWRP, however it DOES ask for one when I tap on the "Decrypt Data" button in the "Mount" section. I've tried entering "default_password" (without the quotation marks), "password" (again, without the quotation marks), and also my password that I set up when I flashed LineageOS 20. I'm curently running LineageOS 20 on the device. I'm able to access USB OTG in TWRP, but I'm not able to flash anything from there. I'm also unable to change boot slots, or backup any partitions. Formatting Data doesn't allow me to access the data partition on rebooting, and the only fix I've been able to find is changing the data partition format from ext4, to ext2, and then back to ext4. This only works temporarily, and only with OxygenOS installed. Even then, after I change the data partition's format like I mentioned above, it resets my data, as is expected. After setting up the device again, and rebooting into TWRP, the /data partition goes back to being un-selected, and I have to repeat the process over again, and once again lose my data. I am unable to carry out the process described while running LineageOS, and its respective TWRP file that you have made. Any help would be greatly appreciated, and if you know the password that TWRP is asking for in the Mount section (when I select "Decrypt Data"), I'd like to know what it is so that I can hopefully get the rest of TWRP to work. Even with these issues, I'd like to give MASSIVE thanks to you, because you were able to do something that my inexperienced self was able to: That is, create a TWRP file that boots, made from the latest custom rom files, and the latest OxygenOS versions' files.
SiegeDaBoss said:
Hi again. As I've mentioned, both TWRP images boot just fine. However, I am unable to mount /data, as when I enter the "Mount" section of TWRP, nothing except the Cache partition is checked. It doesn't ask me for a password upon booting into TWRP, however it DOES ask for one when I tap on the "Decrypt Data" button in the "Mount" section. I've tried entering "default_password" (without the quotation marks), "password" (again, without the quotation marks), and also my password that I set up when I flashed LineageOS 20. I'm curently running LineageOS 20 on the device. I'm able to access USB OTG in TWRP, but I'm not able to flash anything from there. I'm also unable to change boot slots, or backup any partitions. Formatting Data doesn't allow me to access the data partition on rebooting, and the only fix I've been able to find is changing the data partition format from ext4, to ext2, and then back to ext4. This only works temporarily, and only with OxygenOS installed. Even then, after I change the data partition's format like I mentioned above, it resets my data, as is expected. After setting up the device again, and rebooting into TWRP, the /data partition goes back to being un-selected, and I have to repeat the process over again, and once again lose my data. I am unable to carry out the process described while running LineageOS, and its respective TWRP file that you have made. Any help would be greatly appreciated, and if you know the password that TWRP is asking for in the Mount section (when I select "Decrypt Data"), I'd like to know what it is so that I can hopefully get the rest of TWRP to work. Even with these issues, I'd like to give MASSIVE thanks to you, because you were able to do something that my inexperienced self was able to: That is, create a TWRP file that boots, made from the latest custom rom files, and the latest OxygenOS versions' files.
Click to expand...
Click to collapse
Thank you for testing the builds and for the feedback . I've been on oos11 for a long time, but today I'm going to flash oos12. Because i would need recovery log files to fix errors.
I don't have no time for some fixes, i will try to fix errors whenever possible.
did you not ttry to use the twrp and the twrp installer builds that are on official twrp site for one plus 7t
then how are folks then flashing roms to one plus 7 t devices if there is or isnt a working twrp .
SiegeDaBoss said:
Hi again. As I've mentioned, both TWRP images boot just fine. However, I am unable to mount /data, as when I enter the "Mount" section of TWRP, nothing except the Cache partition is checked. It doesn't ask me for a password upon booting into TWRP, however it DOES ask for one when I tap on the "Decrypt Data" button in the "Mount" section. I've tried entering "default_password" (without the quotation marks), "password" (again, without the quotation marks), and also my password that I set up when I flashed LineageOS 20. I'm curently running LineageOS 20 on the device. I'm able to access USB OTG in TWRP, but I'm not able to flash anything from there. I'm also unable to change boot slots, or backup any partitions. Formatting Data doesn't allow me to access the data partition on rebooting, and the only fix I've been able to find is changing the data partition format from ext4, to ext2, and then back to ext4. This only works temporarily, and only with OxygenOS installed. Even then, after I change the data partition's format like I mentioned above, it resets my data, as is expected. After setting up the device again, and rebooting into TWRP, the /data partition goes back to being un-selected, and I have to repeat the process over again, and once again lose my data. I am unable to carry out the process described while running LineageOS, and its respective TWRP file that you have made. Any help would be greatly appreciated, and if you know the password that TWRP is asking for in the Mount section (when I select "Decrypt Data"), I'd like to know what it is so that I can hopefully get the rest of TWRP to work. Even with these issues, I'd like to give MASSIVE thanks to you, because you were able to do something that my inexperienced self was able to: That is, create a TWRP file that boots, made from the latest custom rom files, and the latest OxygenOS versions' files.
Click to expand...
Click to collapse
Hi again, i updated my repo and download links.
-OOS12 decryption working.
-Flash zip working . "I installed with zip by the Magisk and copy partititon, i flashed los20 & stock oos12 .)"
-Adb sideload working, i tried stock oos12 flashed successfully.
-Format data working.
-Mtp working.
-Otg working.
-Adb working.
-Vibration working.
* Backup data working, but restore data on oos bootloop
* i use swift backup instead of nandroid backup
When i have free time, i will work on twrp a13 fbev2.
mrk2815 said:
then how are folks then flashing roms to one plus 7 t devices if there is or isnt a working twrp .
Click to expand...
Click to collapse
Every ROM comes built-in with its own recovery. So you'll have to flash the ROM via that recovery's ADB Sideload feature.
lets hope you can get a working twrp going for both andrid 12 and 13 .as my one plus 7t is just been put away in my drawer after seeing that one plus has given up on these older devices. when there is a working twrp i would probably want to flash something down the road. my primary driver unfortunately is a samsung S21 plus .
rabilgic said:
Hi again, i updated my repo and download links.
OOS12 decryption working.
Mtp working.
Adb working.
Vibration working.
I installed with zip by the Magisk and copy partititon.
Backup/restore boot.img working.
I haven't tested: flash rom, format data, needs some testing
When i have free time, i will work on twrp a13 fbev2.
Click to expand...
Click to collapse
All works until I tried to restore. Then it got stuck at red dot going around in circle. When I tried to go back in twrp again to format data, it won't mount data after that. Ended up having to restore all over using msmtool.
It mounted data fine before I tried to restore the data part, then it messed up decryption of data despite not having a lock code, no fingerprint, no pattern-lock, or lock screen enabled.