Hi Guys,
Should it be possible to have Magisk and Xposed on encrypted data?
The idea is to install both at the same time, first TWRP after wipe, prior it will get encrypted.
Theoretically it should just work and once /data is encrypted, TWRP wouldn't be able to get to /data, but having Magisk already installed it doesn't matter, does it?
Or is there any reasoning why encryption cannot be enabled with Xposed and/or Magisk?
Is it correct that Samsung uses hardware related encryption and that's the result why TWRP can't access /data? Theoretically TWRP should be able to open encrypted container with password we would provide.
Any solution to the problem would be more than welcome (problem = encrypted S9 with root/magisk and Xposed).
Thanks!
dkadds2 said:
Hi Guys,
Should it be possible to have Magisk and Xposed on encrypted data?
The idea is to install both at the same time, first TWRP after wipe, prior it will get encrypted.
Theoretically it should just work and once /data is encrypted, TWRP wouldn't be able to get to /data, but having Magisk already installed it doesn't matter, does it?
Or is there any reasoning why encryption cannot be enabled with Xposed and/or Magisk?
Is it correct that Samsung uses hardware related encryption and that's the result why TWRP can't access /data? Theoretically TWRP should be able to open encrypted container with password we would provide.
Any solution to the problem would be more than welcome (problem = encrypted S9 with root/magisk and Xposed).
Thanks!
Click to expand...
Click to collapse
I'll answer to myself - installing Magisk via Odin push of patched boot.img is possible on encrypted /data as Magisk doesn't touch /data. (seems it worked for me).
Xposed is installed then from Magisk level.
Related
What's the least involved way to unencrypt my device? Will wiping data from TWRP give me the option, or do I need to install a custom kernel as well, or SuperSU?
Pls format (not wipe) data partition inside TWRP.
If you reboot into system the "forced encryption" flag inside stock kernel (boot.img) will automatically encrypt your data partition again.
To prevent this automatic encryption you just install SuperSU.zip before you boot into system again.
Or you can use a custom kernel without "forced encryption" flag inside boot.img (e.g. ramdisk)
Hi
I'm a bit lost reading posts about flashing twrp, installing magisk or cf auto root, disabling encryption on /data. So:
- is it possible to install twrp and magisk without having to format /data (as smart switch unfortunately does not backup apps datas... it's a long story to reconfigure every app...) ?
- we loose /data only when we want to disable encryption ?
thanks
sambastrakan said:
Hi
I'm a bit lost reading posts about flashing twrp, installing magisk or cf auto root, disabling encryption on /data. So:
- is it possible to install twrp and magisk without having to format /data (as smart switch unfortunately does not backup apps datas... it's a long story to reconfigure every app...) ?
- we loose /data only when we want to disable encryption ?
thanks
Click to expand...
Click to collapse
I really don't think so
Envoyé de mon SM-A520F en utilisant Tapatalk
Guys, every rooting guide for the Samsung A 2017 states we need to format /data to remove encryption. I understand this is mostly due to TWRP not being able to decrypt it. However, if we don't care about an inaccessible /data in TWRP, can we leave /data encrypted (or reencrypt it later, after rooting)?
My idea is to have full rooting with Magisk + Xposed, while keeping my /data secure with encryption. Appreciate answers, even if alternative approaches to this security matter.
Actually, this is the current situation. At least here with Oreo after having done the root the /data remained encrypted. But in fact, you can not install any .zip for twrp because the /data is encrypted.
Hmm that's interesting. Have you formatted /data prior to flashing a rooted ROM / Magisk? In that case, how did you reencrypt it? I'm asking because from what I could find about other Galaxy models, people couldn't reencrypt their devices after rooting (the corresponding option in Settings just force closes). But it seems to vary among phone models and firmware versions.
Regarding the inability to flash ZIPs from TWRP with /data encrypted, have you tried using FlashFire for that?
Since the data is encrypted in Oreo twrp how can we have a nandroid backup for our phone?
Edit : Thanks to AleNonsense for this guide
1. Back up your apps data with oandbackup or titanium (whatever works for you)
2. Backup your internal storage on your pc or sdcard (recheck if the oandbackup/titanium folders are copied. Most of the times they are in internal storage)
3. reboot in TWRP,
4. format /data,
5. flash forced encryption disabler from
this thread,
6. flash Magisk and then reboot.
7. Phone is decrypted and rooted
(for check, Magisk manager will have the keep force encryption box unflagged and TWRP will detect data partition dimension instead of the 0MB which it's shown while phone is encrypted)
Fingerprints Not Recognised
For some reasons our existing fingerprint are not erased but are not seen either too. Try registering different finger so that you can get rid of the register fingerprint screen and then try unlocking your phone with previously registered finger. It should work.
suhel28 said:
Since the data is encrypted in Oreo twrp how can we have a nandroid backup for our phone?
Click to expand...
Click to collapse
Afaik it's not possible unless you decrypt your phone (at least that's what I did after many failed attetmps).
AleNonsense said:
Afaik it's not possible unless you decrypt your phone (at least that's what I did after many failed attetmps).
Click to expand...
Click to collapse
Wouldn't decrypting format your phone?
Also how do you do it?
suhel28 said:
Wouldn't decrypting format your phone?
Click to expand...
Click to collapse
Yup, but you can always restore everything from HiSuite for once and then being able to do nandroids.
suhel28 said:
Also how do you do it?
Click to expand...
Click to collapse
I did it this way: reboot in TWRP, format /data, flash forced encryption disabler from this thread, flash Magisk and then reboot.
Phone is decrypted and rooted (for check, Magisk manager will have the keep force encryption box unflagged and TWRP will detect data partition dimension instead of the 0MB which it's shown while phone is encrypted).
AleNonsense said:
Afaik it's not possible unless you decrypt your phone (at least that's what I did after many failed attetmps).
Click to expand...
Click to collapse
AleNonsense said:
Yup, but you can always restore everything from HiSuite for once and then being able to do nandroids.
I did it this way: reboot in TWRP, format /data, flash forced encryption disabler from this thread, flash Magisk and then reboot.
Phone is decrypted and rooted (for check, Magisk manager will have the keep force encryption box unflagged and TWRP will detect data partition dimension instead of the 0MB which it's shown while phone is encrypted).
Click to expand...
Click to collapse
Thanks mate, i will try and let you know ??
Edit : It worked. Thanks a lot. You should make a guide in the forums for this.
Thanks!
it works like a charm! I'm on RR openkirin OREO.
Only two questions:
- Now the fingerprint sensor doesn't work very well when I try to save my fingerprint
- I cannot mount the vendor partition in TWRP, but I can browse it with the filemanager. Is it normal? If so, do I have to skip that partition during the backup?
Thanks again for sharing that info!
spiritwashere said:
Thanks!
it works like a charm! I'm on RR openkirin OREO.
Only two questions:
- Now the fingerprint sensor doesn't work very well when I try to save my fingerprint
- I cannot mount the vendor partition in TWRP, but I can browse it with the filemanager. Is it normal? If so, do I have to skip that partition during the backup?
Thanks again for sharing that info!
Click to expand...
Click to collapse
For some reasons our existing fingerprint are not erased but are not seen either too. Try registering different finger so that you can get rid of the register fingerprint screen and then try unlocking your phone with previously registered finger. It should work.
I don't know about vendor issue. I never back it up though.
You are right! With the other fingers, sensor works flawlessy also with the 'ghost' fingerprints.
This info could avoid hours of headache for others
Thanks again!
About the vendor partition, it seems is a normal TWRP behavior in Oreo with treble ROMs.
Great job mate! I searched for days how to make unencrypted data partition!
A question about decrypting your device, in this case Luisrom Android 10, but would most probably count for other roms too.
Did not try it already but would like to decrypt my device and would like a confirmation if the following is the right procedure without doing a new install:
Boot in recovery
Make a backup of /data to internal storage with TWRP
Make a backup of internal storage to my pc
Format data in TWRP
Copy internal storage back from pc to OP3(T)
Restore backup from /data with TWRP
Reboot with decrypted phone
I could do a dirty flash afterwards ofcourse, but because /system is not touched I think the steps above should be enough.
Could someone confirm if this is right?
Just tried what I described above but seems not to work.
After reboot, phone is starting again with encrypting and after next reboot everything is encrypted again.
It also seems as if Android 10 (read it somewhere) is using file based encryption, so not only on a higher level...
So for now, I only see a fresh install as the solution.
Would someone know another solution to keep your data without doing a fresh install it would be nice to know.
Any input is welcome!
Johan2020 said:
Just tried what I described above but seems not to work.
After reboot, phone is starting again with encrypting and after next reboot everything is encrypted again.
It also seems as if Android 10 (read it somewhere) is using file based encryption, so not only on a higher level...
So for now, I only see a fresh install as the solution.
Would someone know another solution to keep your data without doing a fresh install it would be nice to know.
Any input is welcome!
Click to expand...
Click to collapse
First of all: decrypting is what happens on each reboot if data is encrypted. Decrypting is making something encrypted readable again. Removing encryption is something completely different.
For your question: which rom are you booting? This sounds like you are using a rom with forced encryption enabled. Dosable forced encyption in fstab before first system boot.
You can't use fbe with op3/t. No blobs, no twrp... Either you havn't read closly enough or you belived some ignorant not reading closely enough: g requires new devices shipped the first time with q to use fbe. All devices shipped originaly with fde can still use fde with q.
Reference: https://source.android.com/security/encryption/file-based
nvertigo67 said:
First of all: decrypting is what happens on each reboot if data is encrypted. Decrypting is making something encrypted readable again. Removing encryption is something completely different.
For your question: which rom are you booting? This sounds like you are using a rom with forced encryption enabled. Dosable forced encyption in fstab before first system boot.
You can't use fbe with op3/t. No blobs, no twrp... Either you havn't read closly enough or you belived some ignorant not reading closely enough: g requires new devices shipped the first time with q to use fbe. All devices shipped originaly with fde can still use fde with q.
Reference: https://source.android.com/security/encryption/file-based
Click to expand...
Click to collapse
I am using CrDroid 6.4 Luisrom which is not enforcing encryption, just as most other custom roms.
I had enabled encryption though after installation to see if encryption was working already for installing CrD Luis on my work phone (where I want encryption).
After that I decided to go back to unencrypted, following the procedure above, which did not work.
Did not make the link between fbe and file based encryption, but ofcourse this is the same and not available on op3/t.
Must have been sleeping when I wrote that.
Based on what you wrote and my missing knowledge;
After encrypting, is fstab changed also and would the solution have been to change fstab back also before rebooting after restore?
Johan2020 said:
After encrypting, is fstab changed also and would the solution have been to change fstab back also before rebooting after restore?
Click to expand...
Click to collapse
No. fstab isn't changed during encryption, neither for forced encryption nor for "voluntary" ( ) encryption.
Maybe the problem is the restored data itself: the rom setting for encryption is restored as well if you restore the data unconditionaly... Perhaps this way the reencryption is triggered. Did you try to boot the rom without restoring data? If it's unencrypted on a clean boot, but is (re)encrypted after first boot after restoring the backup, you have the answer. If it's encrypzed on a clean boot, formating to remove the enctyption has failed.
nvertigo67 said:
No. fstab isn't changed during encryption, neither for forced encryption nor for "voluntary" ( ) encryption.
Maybe the problem is the restored data itself: the rom setting for encryption is restored as well if you restore the data unconditionaly... Perhaps this way the reencryption is triggered. Did you try to boot the rom without restoring data? If it's unencrypted on a clean boot, but is (re)encrypted after first boot after restoring the backup, you have the answer. If it's encrypzed on a clean boot, formating to remove the enctyption has failed.
Click to expand...
Click to collapse
Good point, did not try that unfortunately and just did a fresh install so.... not really eager to try it now
But I think indeed reencryption was triggered because of also restoring the encryption settings.
Will try it when I have some spare time and want to take the risc of a fresh install again