Related
Hi,
I have a friend who buy a oneplus 3T (second hand), and I have a oneplus 5.
I noticed a strange difference between these both devices. Indeed, when oneplus 5 is booting, there is the oneplus logo, then the oxygenos logo, then the lockscreen (normal).
But when the oneplus 3t is booting, there is the oneplus logo, then the oos logo, then we need to enter password, then there is oxygenos logo again, and finally there is the lockscreen and we need to re-enter the password (pin).
Futhermore when open twrp on the OP3T, we need the password, then we can read "fail to mount storare" and twrp boot up and works fine after that.
Both of them are secure with pin and sim card pin are disabled.
OP 3T : oos 5.0.7, magisk 18.0, encrypted
OP5 : OB22, magisk 18.0, encrypted
So I dont understand what goes wrong on the 3T, is it normal or do I need a factory on something else?
Sorry for my bad English,
Thanks
Androrax said:
So I dont understand what goes wrong on the 3T, is it normal or do I need a factory on something else?
Thanks
Click to expand...
Click to collapse
Perfectly normal.
OP3/T uses Full Disk Encryption (FDE). OP5 uses File Based Encryption (FBE). The latter is also known as Direct Boot, and for good reason. As the name implies Direct Boot allows you to get straight to the Lockscreen before having to enter any security. That's because with FBE the files needed to Boot the phone don't need Decrypting. As you can see, it's more convenient that way and the startup procedure is less janky.
With FDE on the OP3 you can't do anything until security is entered so you get the Boot prompt to Decrypt and then a Fingerprint on the Lockscreen to unlock the device. (You'll notice on the OP5 you always have to enter a PIN/Password on the Lockscreen after a reboot. That step is on Boot with the OP3).
For Encryption to be secure with the OP3, you have to have your security, whether a PIN or Password, set to prompt you at Boot. This is an option during the Initial Setup of the device when you set your security stuff. It always prompts you to add that security at Boot. Same too if you now remove your PIN in settings and set a new one. You obviously said yes to this prompt as you have on-boot security.
If you had said 'No' you would Boot straight to the Lockscreen, same as the OP5, and would have to enter PIN/Password instead of just Fingerprint on the Lockscreen. It's a big security hole that way though as someone could remove your Lockscreen security from TWRP and gain full access to your phone. This is why you need on-boot security with FDE.
With TWRP:
OP5 - You should get prompted for security by TWRP when you try to load it. If not, something is wrong.
OP3 - With on-boot security:
You will have already entered your security so you are decrypted and TWRP will then load without additional prompt.
OP3 - Without on-boot security:
TWRP will use default_password to decrypt and load automatically. This is a problem as anyone with physical access to your device can use TWRP to remove your Lockscreen security and boot into your phone.
TL;DR:
1) On-boot security is essential when using FDE, even if the bootup sequence is horrible.
2) FBE is superior in that you can boot straight to Lockscreen and TWRP is protected if someone boots to Recovery.
Wow, thank you very much for this very comprehensive answer.
I am reassured now
This is the new thread for Pie & 10 TWRP Recovery 3.3.1-x
Feature list:
- Pie stock ROMs are fully decryptable with this TWRP, either protected with secure startup or without :good: OREO encrypted userdata is not decryptable with 3.3 . However, if you're on encrypted oreo and update to pie stock, either via zip or kdz, crypto gets migrated and you're good to go in terms of access to your encrypted data with 3.3. So, with this recovery, the urgent need for flashing no-verity-opt-encrypt zip isn't really there anymore
- everything working: backup & restore even with encrypted userdata, no matter if it's from oreo or pie. If you restore a backup containing an encrypted userdata, you'll need to format userdata before, for crypto removal. But only when coming from another encrypted ROM, otherwise you can just restore, boot up (it will use the encryption settings you"ve set up) ; decryption; time & dat; mtp; adb; installing of ROMs and zips in general; themeable; .........
- Possibility to leave out lockscreen settings when restoring a backup (sometimes you were forced to delete them manually, otherwise no login into your restored ROM possible -.- You can bypass this with this. Note: lockscreensettings ≠ encryption pin/pw/pattern.)
- Time and date is shown correctly, independent of /data. This should work after a few boots of ROM and TWRP, TWRP needs to get the data once and later on it will then be calculated from persist's settings file.
- modem image support: backup, restore, flashing of modem images either taken directly from kdz or diskdump. Same for OP partition (not present on USA and some others possibly)
- For removing encryption completely you can now do it as already known, via format userdata. Crypto is removed with it now again.
- busybox instead of toolbox/toybox, for better zip compatibility as it looks for now
- Pie 3.3.1-x: compiled with full 9.0 TWRP sources
- capable of installing every ROM and zip files
- some extra partitions (see below)
Don't forget your timezone settings after flashing. Also there are some extra partitions you can mount/backup/flash/explore, like LAF, persist-LG and OP configs. There's the thought of some people to flash TWRP as a second copy to LAF partition to be on the sure side when it comes to ROM switching or sth like that. You can do this, anyway it's not really recommended (by me and some others) because you'll lose download mode, but you now have the option.
For extra partitions: Some of them are needed for decryption (modem / persist-lg (drm)), some are for VoLTE (OP), time is stored on /persist/time (and /data/vendor/time), modem should be known and the LAF partition should be known already too (described above).
For decryption: it works as it should. Therefore it is a little bit tricky to restore a backup of a ROM which had encrypted userdata, when you'd installed any other ROM in between. There are some points to remember when restoring, a little guide is available in old thread's third post (https://forum.xda-developers.com/showpost.php?p=77839649&postcount=3), and some tipps too.
Some instructions:
How to flash?
If starting fresh with an unmodified phone, this thread should help you installing it
When you already have TWRP installed, you can flash this recovery from within TWRP:
- Copy the new image file to one of your phone storages
- Tap "Install"
- Tap "Install image" button, located down right
- Locate your downloaded image and select it
- Select "recovery" from the list which shows up then
- Install; and reboot to recovery after installing immediately, don't use it for any other tasks until rebooted pls, as it may not function. Things can go bollox when phone wasn't rebooted to recovery after installing.
And of course you can flash it via fastbootmode. Reboot to bootloader (adb reboot bootloader; when magisk is installed, you can use magisk manager => module => menu on the top right => reboot to bootloader. You can reboot to recovery from there too) and then:
fastboot flash recovery <twrp-image-name.img>
How to (re)boot to TWRP?:
If your phone is rooted:
- Magisk has options to reboot to different targets like bootloader or recovery, but this menu is a little bit hidden: you can access it by starting Magisk.Manager, going to the "Module" menu, tapping on the three dot menu on the top right. Then select your target
- If a terminal emulator is installed, open it, type "su" followed by enter and type "reboot recovery"
- You can do the same with an adb shell, open a shell and type the commands from above, they're the same
- There also are apps for rebooting to recovery or other targets. Just search around in PlayStore
- The good old "button dance" When phone is powered off, press the volume down key and power button at the same time. When a first sign of life is seen on display, immediately release the power button, but just to instantly press it again. A menu will show, which wants you to do a factory reset: do it You have to confirm this two times, and afterwards TWRP will boot without performing a factory reset. TWRP is compiled with a flag which recognizes this procedure and hinders the bootloader to pass the command for factory resetting.
This time no optional version of TWRP is available, it's "one for all". This TWRP works for every V30 model, and only for them. I removed vendor partition too btw, there isn't any active development about that, so it's useless and only confuses ppl. DataImage function is available.
If you want to use data_image, system_image or internal storage included in data backup, first check your filesystem on your external sdcard. It needs to be capable of writing big files, which isn't the case with fat/fat16/fat32. You need exFAT (for stock) or ext4/ntfs (only available with custom kernel and/or AOSP based builds).
CHANGELOG:
February 23rd, 2020, TWRP 3.3.1-2:
- corrected blocksize for formatting crypto related partitions
- included timezone data, maybe helps some ppl with time still not showing correct; should speed up time calc
- used pre-compiled full mke2fs and e2fsdroid binaries
- enabled ntfs experimental support (rw in kernel, NTFS_3G flag in twrp / ofox)
- minimal tweaks
- enabled F2FS and NTFS support
January 1st, 2020, TWRP 3.3.1-1:
- Formatting problem solved, TWRP now removes crypto as it should when user initiates a data format
- small fixings like checkbox layout in restore menu
- Moved a LOGERR to LOGINFO: "E: Unable to decrypt FBE device". Couldn't get rid of it with our needed config...
Dec. 30th, 2019, TWRP 3.3.1-0:
- initial first version
- almost everything working like in 3.2 oreo TWRP
- Formatting your device doesn't remove crypto from disk, so a "fresh" (formatted) userdata gets disturbed by old security lock
DOWNLOADS:
Nougat, Oreo and Pie capable 3.3.1-0 TWRP, but decrypting support only for PIE (AOSP untested, stock confirmed):
Download links below (always the latest and newest only; one version for all):
File name: TWRP-JOAN-3312_2020-02-23.img
MD5sum: 2fd78a606b65274977f1cd63080d5f23
MAIN Download: MEGA, TWRP-JOAN-3312_2020-02-23.img
As always: Use it at your own risk! You are the one who changes stuff on your phone, I'm not responsible for anything which happens to your phone. TWRP is powerful, be careful at what you do with it :good: And it just works.
All you need to compile this yourself:
[url]https://github.com/seader/android_device_lge_joan-twrp[/url]
[url]https://github.com/minimal-manifest-twrp/platform_manifest_twrp_omni[/url]
[url]https://github.com/seader/android_kernel_lge_msm8998[/url] (not really needed as a prebuilt kernel is used)
[url]https://github.com/seader/bootable_recovery-twrp[/url] (copy of twrp recovery with the stuff added. Pie is "encrypt-9.0" branch. omni's android-9.0 branch almost fully compatible, beside not being able to remove crypto (dirty hack, sry )
Much appreciated for your hard work. Twrp after all is the base for all customization
Thanks!
sure, enjoy it
btw, is there someone with oreo encrypted...? would be nice to know if it's decryptable with this new twrp too, and we therefore only need this one (and the other one can be archived...?)?
which is spoken very early, there's a lot left to do for 3.3 running really flawlessly. but, of course, this will be continued and being further worked on :good: starting right now xD
@ChazzMatt: it will take a while until wtf can be updated with this new one here. this is in an late beta stage, it works but has some quirks left. nothing that can destroy a phone but this twrp isn't fully working at this point of time and therefore not possible to use "in productive threads".
Everything works as well as the previous stable recovery.
I have tried:
1. backing up and restoring ROMs
2. Flashing, ROMs(stock pie and aosp Q), kernels and other mods.
Big thanks ??
In my case time is still not correct, I have to choose a different timezone compared to actual.... When booted up normally, it is correct.
kanehun said:
In my case time is still not correct, I have to choose a different timezone compared to actual.... When booted up normally, it is correct.
Click to expand...
Click to collapse
it needs some boots and reboots to recovery. after setting up everything it showed in twrp as it should :good: i'll add the tzdata back, a registry of all timezones, used for calculation of time, maybe it helps.
Time zone is beyond screwed up, 3 hours off without DST. Also, I'm on Oreo and it's asking for the decrypt password to access internal SD.Going back to 3.2.3-7.
ldeveraux said:
, I'm on Oreo and it's asking for the decrypt password to access internal SD.Going back to 3.2.3-7.
Click to expand...
Click to collapse
Try using the Pie compatible Decryption Disabler and then Reformatting data...
Have you tried flashing the @Zackptg5 Disable_Dm-Verity_ForceEncrypt_08.18.2019 (encryption disabler) before reformatting?
Flash Magisk,
Flash Pie-compatible encryption disabler,
Flash JohnFawkes Root Checker disabler,
Reformat data (where you type yes),
Reboot to recovery from within TWRP,
Flash Magisk AGAIN,
Reboot phone.
See this post: https://forum.xda-developers.com/showpost.php?p=79972563&postcount=107
_____________
7. MORE TWRP ACTIONS - Now turn off data encryption and install essential items… all in TWRP:
(This is not a "menu" in TWRP, it's merely a list of what you NEED to do before booting to the OS)
a. Wipe Data – Factory Reset
b. Install – set storage to the External SD (if you have a microSD card) OR drag necessary files over from PC once in TWRP.
c. Install the Magisk zip. (This is to give the encryption disabler root privileges)
d. Install @Zackptg5 Disable_Dm-Verity_ForceEncrypt_08.18.2019 (encryption disabler).
e. Install @JohnFawkes AnyKernel 3 RCTD Remover (root checker disabler); this disables LG's firmware root checks, which may impede performance.
f. FORMAT DATA (Select WIPE, then FORMAT DATA, then select yes.)
Do NOT delete your OS, but you do need to FORMAT your data , not just "wipe" it this time. Otherwise you may get an encryption error when you boot up the first time. If you get any red mount errors, go back to the TWRP reboot menu and select reboot to recovery and try to FORMAT DATA again. Then, after successfully formatting...
g. Reboot – "Reboot Recovery" from TWRP reboot menu (choose to reboot back to Recovery). Now that the data partition has been formatted, TWRP needs to reload the recovery partition for usage. If you skip this step, when Magisk is installed again below, it may think that /data is still encrypted and set "preserve force encryption". This is also a good sanity check that LG encryption has been removed from /data.
h. Re-flash the Magisk zip again. (This is to make sure, due to Pie changes.)
i. Reboot – to System (NOW you are finally rebooting your phone! Until now this whole section has been done within TWRP.)
ChazzMatt said:
Try using the Pie compatible Decryption Disabler and then Reformatting data...
Have you tried flashing the @Zackptg5 Disable_Dm-Verity_ForceEncrypt_08.18.2019 (encryption disabler) before reformatting?
Flash Magisk,
Flash Pie-compatible encryption disabler,
Flash Root Checker disabler,
reformat data (where you type yes),
reboot to recovery from within TWRP,
flash Magisk AGAIN,
reboot phone.
See this post: https://forum.xda-developers.com/showpost.php?p=79972563&postcount=107
_____________
7. MORE TWRP ACTIONS - Now turn off data encryption and install essential items… all in TWRP:
(This is not a "menu" in TWRP, it's merely a list of what you NEED to do before booting to the OS)
a. Wipe Data – Factory Reset
b. Install – set storage to the External SD (if you have a microSD card) OR drag necessary files over from PC once in TWRP.
c. Install the Magisk zip. (This is to give the encryption disabler root privileges)
d. Install @Zackptg5 Disable_Dm-Verity_ForceEncrypt_08.18.2019 (encryption disabler).
e. Install @JohnFawkes AnyKernel 3 RCTD Remover (root checker disabler); this disables LG's firmware root checks, which may impede performance.
f. FORMAT DATA (Select WIPE, then FORMAT DATA, then select yes.)
Do NOT delete your OS, but you do need to FORMAT your data , not just "wipe" it this time. Otherwise you may get an encryption error when you boot up the first time. If you get any red mount errors, go back to the TWRP reboot menu and select reboot to recovery and try to FORMAT DATA again. Then, after successfully formatting...
g. Reboot – "Reboot Recovery" from TWRP reboot menu (choose to reboot back to Recovery). Now that the data partition has been formatted, TWRP needs to reload the recovery partition for usage. If you skip this step, when Magisk is installed again below, it may think that /data is still encrypted and set "preserve force encryption". This is also a good sanity check that LG encryption has been removed from /data.
h. Re-flash the Magisk zip again. (This is to make sure, due to Pie changes.)
i. Reboot – to System (NOW you are finally rebooting your phone! Until now this whole section has been done within TWRP.)
Click to expand...
Click to collapse
No, that's an insane amount of hassle for no apparent gain! I'm just sticking with the older TWRP [emoji6]
ldeveraux said:
No, that's an insane amount of hassle for no apparent gain! I'm just sticking with the older TWRP [emoji6]
Click to expand...
Click to collapse
Were you already on a decrypted ROM using the older version of TWRP? Trying to figure out if the same encrypted internal storage situation will happen to me if I bother to try this Pie version of TWRP. Just would stick with Oreo TWRP if it's going to be this whole hassle to upgrade.
Thanks!
:victory: thank you seadersn!
ldeveraux said:
No, that's an insane amount of hassle for no apparent gain! I'm just sticking with the older TWRP [emoji6]
Click to expand...
Click to collapse
It's the exact steps people have to do when installing TWRP to work with bootloader unlocked Pie KDZ.
We needed new Encryption Disabler and we needed new Root Checker Disabler and we needed to flash Magisk twice.
The order of steps had to be rewritten besides new files.
Those have been in effect ever since EU H930 got Pie. Works on Oreo AND Pie bootloader unlocked KDZ.
drewcu said:
Were you already on a decrypted ROM using the older version of TWRP? Trying to figure out if the same encrypted internal storage situation will happen to me if I bother to try this Pie version of TWRP. Just would stick with Oreo TWRP if it's going to be this whole hassle to upgrade.
Thanks!
Click to expand...
Click to collapse
I'm on the TWRP flashable US99820H, so no clue
ChazzMatt said:
It's the exact steps people have to do when installing TWRP to work with bootloader unlocked Pie KDZ.
Those have been in effect ever since EU H930 got Pie.
Click to expand...
Click to collapse
I guess. I don't have Pie and don't plan on updating soon. I don't even know what the decryption password was all about. My TWRP was working fine, I've learned one thing with Android: if it ain't broke...
ldeveraux said:
I'm on the TWRP flashable US99820H, so no clue
I guess. I don't have Pie and don't plan on updating soon. I don't even know what the decryption password was all about. My TWRP was working fine, I've learned one thing with Android: if it ain't broke...
Click to expand...
Click to collapse
Any TWRP flashable ROM was likely decrypted and is similar to my situation (except I'm on Pie VS99630c). Sounds like upgrading to TWRP 3.3.1 Pie is more hassle than it's worth and I'll stay put.
Thanks.
ldeveraux said:
I'm on the TWRP flashable US99820H, so no clue
I guess. I don't have Pie and don't plan on updating soon. I don't even know what the decryption password was all about. My TWRP was working fine, I've learned one thing with Android: if it ain't broke...
Click to expand...
Click to collapse
Sure. I'm still on stock rooted Oreo firmware, also.
But those two new files, different order of steps work with both Oreo AND Pie Bootloader Unlocked KDZ with 3 2.3.7 -- whereas the older method and (with original decryption and root check disabler files) were in place before Pie.
WTF has always had decryption and root check disabler files and reformat of data to install TWRP.
What's different now is newer files to be effective on Pie KDZ as well as different order of steps -- as well as flashing Magisk at the beginning and again at the end.
I am hoping those files and steps also work with this new TWRP 3.3.1.
---------- Post added at 05:54 PM ---------- Previous post was at 05:51 PM ----------
drewcu said:
Any TWRP flashable ROM was likely decrypted and is similar to my situation (except I'm on Pie VS99630c). Sounds like upgrading to TWRP 3.3.1 Pie is more hassle than it's worth and I'll stay put.
Thanks.
Click to expand...
Click to collapse
Those files and steps I posted work with all Pie KDZ on 3.2.3.7. If they don't work on this 3.3.1 that's strange.
ChazzMatt said:
Sure. I'm still on stock rooted Oreo firmware, also.
But those two new files, different order of steps work with both Oreo AND Pie Bootloader Unlocked KDZ with 3 2.3.7 -- whereas the older method and (with original decryption and root check disabler files) were in place before Pie.
WTF has always had decryption and root check disabler files and reformat of data to install TWRP.
What's different now is newer files to be effective on Pie KDZ as well as different order of steps -- as well as flashing Magisk at the beginning and again at the end.
I am hoping those files and steps also work with this new TWRP 3.3.1.
---------- Post added at 05:54 PM ---------- Previous post was at 05:51 PM ----------
Those files and steps I posted work with all Pie KDZ on 3.2.3.7. If they don't work on this 3.3.1 that's strange.
Click to expand...
Click to collapse
I am on John Fawkes' Pie VS99630c TWRP flashable ZIP using TWRP 3.2.3.7. The concern is whether upgrading TWRP to 3.3.1 is as simple is flashing the IMG file within TWRP 3.2.3.7, or whether we'll have to reflash multiple things in a whole list of steps. If it's the latter, then why not just stay on TWRP 3.2.3.7 which seems to do everything we need in terms of flashing Pie ROMs?
ChazzMatt said:
Those files and steps I posted work with all Pie KDZ on 3.2.3.7. If they don't work on this 3.3.1 that's strange.
Click to expand...
Click to collapse
it's only formatting data switched to "fastboot -w" (reformats cache and data) or "fastboot erase userdata" (reformats data). both remove eventually present encryptions. everything else works like in the default wtf recovery :good: and that's really an enerving point... i want to simply format my userdata in twrp and not have to switch to fastboot...
formatting now works :good:
drewcu said:
I am on John Fawkes' Pie VS99630c TWRP flashable ZIP using TWRP 3.2.3.7. The concern is whether upgrading TWRP to 3.3.1 is as simple is flashing the IMG file within TWRP 3.2.3.7, or whether we'll have to reflash multiple things in a whole list of steps. If it's the latter, then why not just stay on TWRP 3.2.3.7 which seems to do everything we need in terms of flashing Pie ROMs?
Click to expand...
Click to collapse
it's the first: flashing image easily. only thing is, as described above, removing encryption requires fastboot. atm not possible to do this in recovery as usual. therefore nod suitable for wtf thread, but for anybody else, especially the ones who have pie installed and want to acces their data in twrp when encrypted. i'll test oreo decryption compatibility soon, zip needs downloading time lol
oreo decryption compatibility not given with 3.3 but: you can easily migrate from encrypted oreo via fw zip to pie, it adopts the storage encryption then and 3.3 is able to unlock :good: i've got a solution for 3.3 not being able to remove encryption: i keep a copyof 3.2.3-7 image on external sd and install it when formatting needed xD then back to 3.3 and good to go.
workaround no more needed, working now
Hey everyone,
After updating to the last stable version of xiaomi.eu I wanted to reflash magisk but when I boot into recovery I'm not asked for any password yet my data is still encrypted.
I tried running #twrp decrypt password in the terminal but it fails.
Has anyone here encounter the same problem?
Tom403 said:
Hey everyone,
After updating to the last stable version of xiaomi.eu I wanted to reflash magisk but when I boot into recovery I'm not asked for any password yet my data is still encrypted.
I tried running #twrp decrypt password in the terminal but it fails.
Has anyone here encounter the same problem?
Click to expand...
Click to collapse
Why don't you install Magisk by patching Boot image from Magisk Manager and flashing the patched image from Fastboot.
Just for Magisk, you don't need (to bother with) TWRP
zgfg said:
Why don't you install Magisk by patching Boot image from Magisk Manager and flashing the patched image from Fastboot.
Just for Magisk, you don't need (to bother with) TWRP
Click to expand...
Click to collapse
Won't that replace my recovery with the stock one?
I'd like to keep twrp
Tom403 said:
Won't that replace my recovery with the stock one?
I'd like to keep twrp
Click to expand...
Click to collapse
You flash the patched Boot image from Fastboot, so Recovery (and other partitions) remains the one you have currently installed.
Also, just patching in Magisk Manager does not affect either Recovery, Boot (Vendor, etc)
When patching Boot image by Magisk Manager make sure you take the options:
-Preserve ADM dm-verity: YES
-Preserve force encryption: YES
-Recovery mode: NO
zgfg said:
You flash the patched Boot image from Fastboot, so Recovery (and other partitions) remains the one you have currently installed.
Also, just patching in Magisk Manager does not affect either Recovery, Boot (Vendor, etc)
When patching Boot image by Magisk Manager make sure you take the options:
-Preserve ADM dm-verity: YES
-Preserve force encryption: YES
-Recovery mode: NO
Click to expand...
Click to collapse
Ok, I'll do that then
Thanks for the help ?
Tom403 said:
Ok, I'll do that then
Thanks for the help ?
Click to expand...
Click to collapse
For the Boot image you have to patch boot.img extracted from zip/recovery package of your stock ROM
But you can also backup Boot partition by TWRP and then let Magisk Manager patch the backup boot.emmc.win file
Is it safe to assume that Tom403 didn't find any love at the end of the encrypted rainblow? I JUST WANT to verify, This IS the same situation that used to be remedied by deleting locksettings.db and a files with .key extension?? No such luck for anymore, wow, what a setup for future-screwing your users Google!! Dicks
goo. said:
Is it safe to assume that Tom403 didn't find any love at the end of the encrypted rainblow? I JUST WANT to verify, This IS the same situation that used to be remedied by deleting locksettings.db and a files with .key extension?? No such luck for anymore, wow, what a setup for future-screwing your users Google!! Dicks
Click to expand...
Click to collapse
Okay, I may have found a lightbulb somewhere in the tunnel that may be whats required for others as well to unencrypt when deleting .keyfiles is no longer an option having version greater than PIE. It's in the form of in a recovery log from a recent, perhaps backup attempt, that states the version of Orange Fox recovery I had (11.0) and also says fbe encryption in use and info like the following that looks very promising... I'd really appreciate if someone that knows more than me to let me know if I'm on the right path and guide me in if so... heres part of the LOG that gives me hope --
ased Encryption is present
e4crypt_initialize_global_de
Determining wrapped-key support for /data
fbe.data.wrappedkey = false
calling retrieveAndInstallKey
Key exists, using: /data/unencrypted/key
Using SoftwareWrappedKeymaster1Device from Google for encryption. Security level: TRUSTED_ENVIRONMENT, HAL: [email protected]::IKeymasterDevice/default
Determining wrapped-key support for /data
fbe.data.wrappedkey = false
Added key 90117251 (ext4:72f7ca8ad834ad5d) to keyring 322439018 in process 546
Added key 866183642 (f2fs:72f7ca8ad834ad5d) to keyring 322439018 in process 546
Added key 321684719 (fscrypt:72f7ca8ad834ad5d) to keyring 322439018 in process 546
contents mode 'aes-256-xts' filenames 'aes-256-heh'
Wrote system DE key reference to:/data/unencrypted/ref
e4crypt_ini
Thanks in advance for any help with this
Tom403 said:
Hey everyone,
After updating to the last stable version of xiaomi.eu I wanted to reflash magisk but when I boot into recovery I'm not asked for any password yet my data is still encrypted.
I tried running #twrp decrypt password in the terminal but it fails.
Has anyone here encounter the same problem?
Click to expand...
Click to collapse
thanks for the terminal command
Forgive me, If I am asking something that was previously answered.
I have been looking around this community, also did some homework, but I am still confused and need double-check.
It seems that fastboot flashing is getting more and more complicated these days. I always just did a flash-all bat (after removing -w) and flashed the patched img for my previous Pixel 1 and 3.
I have flashed my Pixel 6 to November firmware, January firmware, patched with the latest magisk without disabling any flags for now.
Everything goes well until I happen to flash several third-party kernels using EXKM. I am not very sure whether flashing a kernel or recovering to magisk patched stock kernel via EXKM causes the issue.
Now every time I boot the phone, the annoying corrupted message shows up. I was stupid that when I saw that message, I immediately flashed the stock boot.img, then the full firmware. It turned out that I can move forward by pressing the power button after the corrupted message appeared. You must know, that annoying message is still there.
To cut a long story short,
Now I need your help to confirm before proceeding.
1. If I try to live with this corrupted message, is there any further potential damage to my phone, will it become soft-bricked even bricked?
2. If I am going to disable these flags, will it be a must to disable them every time I monthly flash the google firmware?
3. For now my phone is with the latest January firmware and that annoying corrupted message is rooted. How can I proceed? just
Code:
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
then, reboot the bootloader and do a flash-all without removing -w
then flash patched boot image.
Will the above operations get rid of the corrupted message and bring my phone back to normal?
Thanks very much in advance for your attention and I appreciate your comments pretty much
Stay safe
OK, I have finally managed to flashed January firmware with flags disabled, skipping reboot, and patched again.
For now, the annoying message disappeared. That is to say question 3 get answered
I do like this
Code:
PATH=%PATH%;"%SYSTEMROOT%\System32"
fastboot flash bootloader bootloader-oriole-slider-1.0-8013568.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash radio radio-oriole-g5123b-93368-211225-b-8029609.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot --disable-verity --disable-verification --skip-reboot update image-oriole-sq1d.220105.007.zip
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash boot root24001.img
fastboot reboot
echo Press any key to exit...
pause >nul
exit
credit to @guruoop
Answeres to question 1 & 2 still welcomed
Sorry, but I read Oriole... Do you have a P6 or a P6 Pro? P6 Pro is Raven, not Oriole... Oriole is P6.
Could you have the wrong firmware?
bush911 said:
Answeres to question 1 & 2 still welcomed
Click to expand...
Click to collapse
1. That corrupt message means you have a dm verity corruption. Because there is a corruption, you are in eio dm verity mode. A clean flash (or factory reset) without corruption errors will allow the bootloader to see that a new OS has been installed and will switch back to restart mode and remove that warning. Apparently the root hash of the hash tree and the expected root hash aren't matching up, thus triggering this warning. See documentation below.
Also, pressing the power button puts the phone in restart mode and will allow you to boot up in this circumstance. I don't believe "living" with this corruption message will lead to any further damage to your phone, but can't be 100% sure of this.
2. Depends. You no longer have to have them disabled if using Canary 23016 or newer to boot a Magisk-patched boot image. However, some custom kernels may still require them to be disabled, depending on whether they have updated the Magiskboot binary to Magisk 23016 or later. Others that provide a boot image (among other images) you can probably just patch the provided boot image with Magisk 23016 or later without having to disable verity and verification. Best to check with the custom kernel developer beforehand (or check in their OP and threads).
So, depending on whether you are using a custom kernel that may require these 2 flags to be disabled will determine whether you need to keep those flags disabled when updating to a new monthly security build. If just updating, then you don't have to keep these flags disabled. If you decide to keep these flags enabled, and then later decide to disable them you will have to perform a factory reset after disabling them again.
Boot Flow | Android Open Source Project
source.android.com
that's also the issue I run into
Lughnasadh said:
1. That corrupt message means you have a dm verity corruption. Because there is a corruption, you are in eio dm verity mode. A clean flash (or factory reset) without corruption errors will allow the bootloader to see that a new OS has been installed and will switch back to restart mode and remove that warning. Apparently the root hash of the hash tree and the expected root hash aren't matching up, thus triggering this warning. See documentation below.
Also, pressing the power button puts the phone in restart mode and will allow you to boot up in this circumstance. I don't believe "living" with this corruption message will lead to any further damage to your phone, but can't be 100% sure of this.
2. Depends. You no longer have to have them disabled if using Canary 23016 or newer to boot a Magisk-patched boot image. However, some custom kernels may still require them to be disabled, depending on whether they have updated the Magiskboot binary to Magisk 23016 or later. Others that provide a boot image (among other images) you can probably just patch the provided boot image with Magisk 23016 or later without having to disable verity and verification. Best to check with the custom kernel developer beforehand (or check in their OP and threads).
So, depending on whether you are using a custom kernel that may require these 2 flags to be disabled will determine whether you need to keep those flags disabled when updating to a new monthly security build. If just updating, then you don't have to keep these flags disabled. If you decide to keep these flags enabled, and then later decide to disable them you will have to perform a factory reset after disabling them again.
Boot Flow | Android Open Source Project
source.android.com
Click to expand...
Click to collapse
Thank you very much for your detailed explanation, it really helped.
To conclude:
Once these flags are disabled, every time flashing a full image will re-enable them again if I don't add "--disable-verity --disable-verification --skip-reboot" to the flash-all.bat.
Once the flags are enabled again, next time if I disable them again, it will lead to a factory data reset again.
Am I right?
gpvecchi said:
Sorry, but I read Oriole... Do you have a P6 or a P6 Pro? P6 Pro is Raven, not Oriole... Oriole is P6.
Could you have the wrong firmware?
Click to expand...
Click to collapse
Thank you for your attention. I mean to post here as it is more active here
bush911 said:
Thank you very much for your detailed explanation, it really helped.
To conclude:
Once these flags are disabled, every time flashing a full image will re-enable them again if I don't add "--disable-verity --disable-verification --skip-reboot" to the flash-all.bat.
Once the flags are enabled again, next time if I disable them again, it will lead to a factory data reset again.
Am I right?
Click to expand...
Click to collapse
Correct. Although you don't need to add the --skip-reboot unless you are doing something else like flashing the patched boot image during the same flashing session, which it appears you are doing, so yeah, all good
When I Use Twrp the data folder automatically locks itself and I tried many passwords but it won't open. Then I delete all the data and flash new rom with decrytion file flashing but still the decrytion is temporary and whenever I update my custom rom it strucks in boot loop... I want permanent Decryption someone please help to decrypt my Mi 11x.
AFAIK there is no way around this. You must flash DFE (Disable-Force-Encryption) after every update to avoid bootloops/encryption.
(in my experience, if I forget to re-flash DFE after an OS update, it just doesn't start anymore, only bootloops.)
This is because OS Updates replace system-files, including the text-file which, by default, contains the line for AES-encryption.
I think the DFE-Mod sets the system to read-write (if it's read-only), and removes the AES-encryption argument in a specific text-file.
cyanGalaxy said:
AFAIK there is no way around this. You must flash DFE (Disable-Force-Encryption) after every update to avoid bootloops/encryption.
(in my experience, it just doesn't start anymore, if I forget to re-flash DFE after an OS update)
This is because OS Updates replace system-files, including the text-file which, by default, contains the line for AES-encryption.
I think the DFE-Mod sets the system to read-write (if it's read-only), and removes the AES-encryption argument in a specific text-file.
Click to expand...
Click to collapse
Is there any way to know my data encryption password because if I know it I do not need to decrypt it using file anymore?
Ishan.Sharma said:
Is there any way to know my data encryption password because if I know it I do not need to decrypt it using file anymore?
Click to expand...
Click to collapse
Oh yes, I remember now. You are using Android 12, yes?
Use "TWRP skkk", it's a special version that supports Android 12's Encryption.
I think OrangeFox also has a version that supports Android 12's Encryption...
YouTube Video:
Download Link for unofficial TWRP skkk: https://dl.akr-developers.com/?dir=skkk/TWRP/A12
I found both the video and the download link from here: https://forum.xda-developers.com/t/...p-3-6-0_11-v2-9-3_a11-alioth-skkk-is.4373463/
I use it myself and it works.
cyanGalaxy said:
Oh yes, I remember now. You are using Android 12, yes?
Use "TWRP skkk", it's a special version that supports Android 12's Encryption.
I think OrangeFox also has a version that supports Android 12's Encryption...
YouTube Video:
Download Link for unofficial TWRP skkk: https://dl.akr-developers.com/?dir=skkk/TWRP/A12
I found both the video and the download link from here: https://forum.xda-developers.com/t/...p-3-6-0_11-v2-9-3_a11-alioth-skkk-is.4373463/
I use it myself and it works.
Click to expand...
Click to collapse
Ok thanks
I bought my poco few months ago and it is still locked, with my old phone i removed the encription simply formatting (not wiping) the internal storage with TWRP. Is this still working with the poco?
massima said:
I bought my poco few months ago and it is still locked, with my old phone i removed the encription simply formatting (not wiping) the internal storage with TWRP. Is this still working with the poco?
Click to expand...
Click to collapse
No, Android encrypts the data-partition using AES-algorithm on first boot, unless before the first boot you flash a script that removes the Encryption-argument.