Hi Guys,
What is the way to postpone /data encryption? I don't want to completely disable it, just postpone it.
The idea is to do following:
- wipe /data
- install Magisk via patched boot.img (doesn't require TWRP).
- install Flashfire, having root it should work (for later installation of Xposed without TWRP).
- given I'm not sure Flashfire can operate with encrypted /data the need is to keep /data unencrypted for the time being.
- install Xposed via Flashfire + any other mods.
- enable encryption.
Whilst believe is it will trip Knox, system will be relatively virgin. I can't imagine it wouldn't trip Knox. But it is worth trying.
The biggy is how to postpone encryption which starts first thing first after going through first time configuration wizard.
It is also related to my efforts as described:
https://forum.xda-developers.com/galaxy-s9/help/xposed-magisk-encrypted-data-t3826476
I'm trying to figure out working way.
Thanks.
Don't think it's possible, afaik TWRP cannot read encrypted partitions
*Detection* said:
Don't think it's possible, afaik TWRP cannot read encrypted partitions
Click to expand...
Click to collapse
The idea is to not use TWRP at all. Just would need to postpone /data encryption.
It must be possible, just don't know how to do it yet.
If we can get system rooted, then postponing encryption should be easy, it is i.e. to block encryption call.
Hopefully someone knows how to do it.
dkadds2 said:
The idea is to not use TWRP at all. Just would need to postpone /data encryption.
It must be possible, just don't know how to do it yet.
If we can get system rooted, then postponing encryption should be easy, it is i.e. to block encryption call.
Hopefully someone knows how to do it.
Click to expand...
Click to collapse
Did some tests.
Installing Magisk via patching boot.img trips "Custom" flag on Download screen. So it doesn't really help.
At the same time, encryption is postponed by default by installing Magisk, in fact blocked, unless "preserve" feature is enabled.
dkadds2 said:
Hi Guys,
What is the way to postpone /data encryption? I don't want to completely disable it, just postpone it.
The idea is to do following:
- wipe /data
- install Magisk via patched boot.img (doesn't require TWRP).
- install Flashfire, having root it should work (for later installation of Xposed without TWRP).
- given I'm not sure Flashfire can operate with encrypted /data the need is to keep /data unencrypted for the time being.
- install Xposed via Flashfire + any other mods.
- enable encryption.
Whilst believe is it will trip Knox, system will be relatively virgin. I can't imagine it wouldn't trip Knox. But it is worth trying.
The biggy is how to postpone encryption which starts first thing first after going through first time configuration wizard.
It is also related to my efforts as described:
https://forum.xda-developers.com/galaxy-s9/help/xposed-magisk-encrypted-data-t3826476
I'm trying to figure out working way.
Thanks.
Click to expand...
Click to collapse
I'll answer to myself - installing boot.img via Odin trips Knox/Warranty state to go 0x1.
Flashfire didn't want to cooperate and seems to require decrypted /data.
Related
So I kind of like the fact encryption is turned on automatically by Nextbit (and I did figure out how to get out of my encryption loop)
And I have tried to encrypt the disk with
-Pacman ROM
-Reserrection ROM
-Paranoid Android
and all of them bootloop and never actuall boot up once you press "encrypt".... so is it impossible to encrypt once you have an unlocked bootloader and recovery installed? I get its detrimental to the whole process of flashing incessantly but still
Grrrrrrr
Can sum1 confirm
tlxxxsracer said:
If you unlock the bootloader,that alone won't cause encryption issues. You have to flash a specific boot.img or zip that will disable encryption.
Don't unencrypt and should be fine.
Not sure why you'd want to encrypt if your BL is unlocked. Encryption only hurts performance
Click to expand...
Click to collapse
thanks for the reply
I wanted to encrypt my current ROM to just get the extra protection from theft or lost device.
I really like the current ROM im using and dont need to flash anymore currentlty, so i would be fine locking it down with encryption
But i cant get ANY of the ROMS to encrypt like they normally do say compared to the G3
So there is a solution to this. Basically, when you encrypt the file system on one rom, even when you wipe the data certain things are still tied to the old file system. That's why when you go to encrypt the encryption fails, because the remnant stuff from the other rom is in the way. The solution is to completely reformat the data partition (using TWRP, select format data, or change the data file system to F2FS and then back to ext4.). This will clear the conflicts causing encryption to bootloop. However, this process will need to be repeated every single time you switch roms (updating a rom is fine).
I believe Cyanogenmod supports encryption, though I have never tried it.
yanowman said:
So I kind of like the fact encryption is turned on automatically by Nextbit (and I did figure out how to get out of my encryption loop)
And I have tried to encrypt the disk with
-Pacman ROM
-Reserrection ROM
-Paranoid Android
and all of them bootloop and never actuall boot up once you press "encrypt".... so is it impossible to encrypt once you have an unlocked bootloader and recovery installed? I get its detrimental to the whole process of flashing incessantly but still
Click to expand...
Click to collapse
If you flashed the custom boot image, you CANNOT re encrypt your phone. Won't work.
Hello xda. I'm making this thread in order to know if it's normal that super su is taking so much time to install. My Moto Z play is stuck on this screen since 15 minutes.
Beforehand i unlocked the bootloader and flashed the f2fs kernel. On previous phones it did'nt took this much so I don't understand. Anyone can help me ?
EDIT = Impatience is growing... How can I do to at least reboot the phone without damage ? It's brand new so I don't have to worry about losing any data. Why is it so hard to root a motorola anyway ?
try with MagiskSu, SuperSu is not working correctly in this device because of the Nougat security, if don't flash anything, maybe you should take your time and read this post https://forum.xda-developers.com/moto-z-play/how-to/guide-magisk-official-version-including-t3577875
It is not hard to root Motorola. It is hard to root any device where the /data partition is using f2fs filesystem.
SuperSU in general should work fine after f2fs fix is installed, but I like Magisk more. Not changing system partition when changing system (only do virtual changes using bind) is a very nice idea and the implementation is very good. Only thing that is missing for me is to prevent changes to system (forbid or virtualize "mount -o rw,remount /system" command).
If you want to stay with SuperSU, just use a current one. The 2.79SR3 from January 2017 is the first version that detected need of systemless install on Motorola. All later versions should work also or be improved. There may be some error corrected since then.
Shinobu-Kenji said:
try with MagiskSu, SuperSu is not working correctly in this device because of the Nougat security, if don't flash anything, maybe you should take your time and read this post https://forum.xda-developers.com/moto-z-play/how-to/guide-magisk-official-version-including-t3577875
Click to expand...
Click to collapse
Thanks, my Moto Z play is now rooted and working well. I had problems at first (like reflashing via fastboot a working stock rom) but I re tried flashing magisk and it works fine now
Here comes official Magisk support for the Galaxy S10!
Let's get Magisk to kick start the development of these Samsung devices!
Link to Instructions
Carefully read through everything in the page linked above! Follow the instructions closely so you don't end up bricking your device
Technical Details
Google enforces all devices that ships with Android 9.0 to use system-as-root in part of "Project Treble", so Samsung finally introduced their own "flavor" of the implementation. More details regarding system-as-root can be found in the official Google dev site. Samsung is using the A-only system-as-root setup, meaning that its boot image will only contain the kernel binary without ramdisk included. Similar setup has already been deployed on many new devices, and the solutions for those devices are rather simple: add a new ramdisk section into the boot image and hexpatch the kernel to always use ramdisk as rootfs. However in Samsung's case, the bootloader simply does not load anything other than the kernel binary to the memory, meaning no matter what we do the kernel will always use the system partition as root directory. This leaves us no option but to install Magisk onto the recovery partition.
Installing to the recovery partition have its own issues: first is that a service called "flash_recovery" will run when the system starts up, which will restore the recovery image back to stock on startup. This is unacceptable because not only does it uninstall Magisk in the process, the data encryption key will also be changed due to fact that Samsung's data encryption keys are tied to the bootloader status and boot/recovery image signatures, and thus causing the device unable to boot in following reboots unless factory reset. The solution to this problem is to simply repack the boot image to remove the binary integrity and also the signature of the partition. The second issue is that since Magisk and recovery shares the same partition, how can we actually boot into recovery? (e.g. to factory reset your device, or have custom recovery co-exist with Magisk) Fortunately a solution that detects button key presses is introduced, which details are already provided in instructions.
To make matters even worse, Samsung introduced a "VaultKeeper" service, which adds another "lock" on top of the OEM lock of the bootloader. By default the service will "relock" the bootloader after data is wiped. Only after the initial setup will it verify the OEM lock option and changes the bootloader state accordingly. If you are running custom firmware with stock system, DO NOT try to wipe data or else you might end up bricking your device due to vaultkeeper locking your bootloader up, which will eventually lead to bootloader refusing to boot because unofficial partitions are detected.
For custom ROM developers, the first few things you would want to remove is VaultKeeper to protect your users from bricking their devices. For stock ROM users, just make sure to always boot to Magisk after a data wipe, or never power off your device before finishing the initial setup and verify OEM lock is enabled.
thx
Yay.
The best day of my life!!
Can I ask, when we install Magisk what sammy stuff will be broken? I understand Knox will be tripped but what 'features' will still be available.
Does the fingerprint still work for instance
Amazing work though, well done buddy
Fantastic!
I hope people carefully read those instructions!
ok, who's trying it first on an European S10+ ?
..
Amazing! Is this for unlocked Snapdragon too?
S9 Exynos not install
On S9 the installation does not give error, but on restart Magisk is no longer installed.
ooonea said:
On S9 the installation does not give error, but on restart Magisk is no longer installed.
Click to expand...
Click to collapse
I'm aware of this issue
cant even boot into download mode with the way you have given... is there a step missing?
ahh, turn the phone off, USB connected and press Bixby and Volume Down.
Fix?
topjohnwu said:
I'm aware of this issue
Click to expand...
Click to collapse
Will you fix it?
A couple of questions:
1. What will happen if I boot from boot partition after installing magisk? What steps will be needed to recover from that?
2. Why final wipe after installing magisk is needed?
ooonea said:
Will you fix it?
Click to expand...
Click to collapse
What an odd question... obviously.
I got some questions about Safetynet
1. Is Safetynet still passing with this method when you boot to system with magisk?
2. Also if you boot to system without pressing any button, so system without magisk, is Safetynet passing or failing?
Thanks for your hard work.
Download Mode doesn´t work for mee
is there a step missing?
Memento_Mori said:
Download Mode doesn´t work for mee
is there a step missing?
Click to expand...
Click to collapse
The cable must be in too
Thanks,
I have one question, after install Magisk can I still install OTA update ?
tiho5 said:
The cable must be in too
Click to expand...
Click to collapse
I know, but it doesn´t work for me too
Will someone please help me before i go crazy. I done rooted several phones but i ran into this problem with the G7play. The bootloader is unlocked but Magisk wont install an everytime I modify the system partition (A or B) in TWRP recovery but I boot into Android and nothing changed… I go back to TW RP and it's still showing the files I put are all there but then when I boot back into Android nothing I do affects the actual system partition… why the hell can i modify it in TWRP an it has no effect when booted? is there a 3rd system partition or something's i don't know about??? where is it storing this original copy? someone please help me its drivin me crazy.
I'm having the same problem. I just created a new thread myself on this very issue. It seems some security has been implemented with the most recent stock OTA updates cause on older versions of the stock room, Magisk would flash fine and remain there once the phone started again.
DenhamsOwnSmoky said:
Will someone please help me before i go crazy. I done rooted several phones but i ran into this problem with the G7play. The bootloader is unlocked but Magisk wont install an everytime I modify the system partition (A or B) in TWRP recovery but I boot into Android and nothing changed… I go back to TW RP and it's still showing the files I put are all there but then when I boot back into Android nothing I do affects the actual system partition… why the hell can i modify it in TWRP an it has no effect when booted? is there a 3rd system partition or something's i don't know about??? where is it storing this original copy? someone please help me its drivin me crazy.
Click to expand...
Click to collapse
theburrus1 said:
I'm having the same problem. I just created a new thread myself on this very issue. It seems some security has been implemented with the most recent stock OTA updates cause on older versions of the stock room, Magisk would flash fine and remain there once the phone started again.
Click to expand...
Click to collapse
That is a pain the ass known as FEC hard at work. The only way around it is system root (which magisk doesn't use) or a custom kernel. Twrp is actually using a magisk binary to do root work. Magisk uses mirrors which don't actually change any files. They only simulate changes. So everything you do in twrp will never actually change anything until you root with magisk. If you make changes then root later, they'll show up when you boot the system.
I investigated it a couple months ago. If you want to see the technical side of it, read my posts that start on this page.
https://forum.xda-developers.com/android/software/universal-dm-verity-forceencrypt-t3817389/page90
FEC is like ECC RAM, but for system files instead.
Spaceminer said:
That is a pain the ass known as FEC hard at work. The only way around it is system root (which magisk doesn't use) or a custom kernel. Twrp is actually using a magisk binary to do root work. Magisk uses mirrors which don't actually change any files. They only simulate changes. So everything you do in twrp will never actually change anything until you root with magisk. If you make changes then root later, they'll show up when you boot the system.
I investigated it a couple months ago. If you want to see the technical side of it, read my posts that start on this page.
https://forum.xda-developers.com/android/software/universal-dm-verity-forceencrypt-t3817389/page90
FEC is like ECC RAM, but for system files instead.
Click to expand...
Click to collapse
Thanks that makes sense now...I managed to get it where I could modify it by installing AOSP. That's why I don't like Magisk confuses the hell outta me. Only reason I was installing it is cuz SuperSU dont usually work on newer systems no more but I have a trick with Magisk I did on my G6...This might be helpful to anyone who wants a system root with Magisk. Backup your boot an dtbo an system partition. Then install magisk. Then you go in an find all the lil files that magisk added that aren't really there (system-less) an create tarfiles of them. /sbin /data/adb /init /init.rc an there mite be more I don't remember fer sure. After you make the tarfiles you reflash the original magisk-free images you backed up earlier an go into TWRP (assuming youre usin the TWRP version that lets you make permanent changes to the system partition) an extract all the tarfiles into the same locations an then you install the magisk apk an if you did it right it'll act like magisk is installed an it manages root fer you an everything but it dont have all that system-less problems you get with regular magisk.
Coming from a Pixel 3 XL, which has been rooted since I got it (same with the Pixel XL before it). I tried fastboot boot magisk_patched (used 23011 as suggested in another post) I get a boot failure, and it kicks me back into fastboot. If I do the /vbmeta command, then I get the "can't load Android System, your data may be corrupt" error. If I sideload the OTA (latest on the Google website, not the day one patch), I can get back into Android, but still unrooted. I was rooted once, pretty sure I just flashed the modified boot.img, then installed in Android, but I wanted to see if I could root via the OTA, and here we are again. I did find this website, however, I'm concerned if I use the fastboot -w command, won't that wipe the device again? I've already lost a lot of stuff from my Pixel 3 XL due to negligance on my part (deleting files after I thought I was setup, then completely wiped the old phone), so I'd rather not do a 4th setup if possible.
[CLOSED] Firmware is out! Get your root on!
Update 12/15/21: Magisk 23016 incorporates fixes for vbmeta header patching; disabling verity/verification is no longer necessary. Update and root should work as it always has - simply patch and flash the boot image. Any update method can be...
forum.xda-developers.com
PERMANENT ROOT CURRENTLY REQUIRES A DATA WIPE.
KiLLiNGDAY said:
[CLOSED] Firmware is out! Get your root on!
Update 12/15/21: Magisk 23016 incorporates fixes for vbmeta header patching; disabling verity/verification is no longer necessary. Update and root should work as it always has - simply patch and flash the boot image. Any update method can be...
forum.xda-developers.com
PERMANENT ROOT CURRENTLY REQUIRES A DATA WIPE.
Click to expand...
Click to collapse
so each OTA/monthly patch I have to wipe my phone? That'll get old super fast. I already wiped it once when I first rooted...
Tmender said:
so each OTA/monthly patch I have to wipe my phone? That'll get old super fast. I already wiped it once when I first rooted...
Click to expand...
Click to collapse
It appears so, at least at this point. Maybe people will find a way to circumvent this.
Even though - with a decent root backup like swift - it shouldn't be that big a hassle, but it's troublesome for sure.
Morgrain said:
It appears so, at least at this point. Maybe people will find a way to circumvent this.
Even though - with a decent root backup like swift - it shouldn't be that big a hassle, but it's troublesome for sure.
Click to expand...
Click to collapse
swift? Here I've been using Titanium Backup for years...
check out and decide:
https://www.reddit.com/r/androidapps/comments/gvdnf1