Related
Introduction to Rooting:
This is meant as a very basic discussion for people relatively new to rooting and Android or people that go through the steps but don't have a good idea of WHY. As a result, it will omit many details and simplify others. Also, it's not meant to be a rooting guide (as there are excellent ones out there already) so much as an explanation of concepts most of us take for granted, but noobies don't. All of this info is out there, but when you're new you may not know how to find it or even that you should be looking for it.
DISCLAIMER: I, nor anyone else, am not responsible for what you do with your phone. Rooting and otherwise altering your phone has the potential to brick your device, void your warranty, and many other bad things. Perform these actions at your own risk.
Post 1: before you root
What is rooting?
Phone Partitions
Intro to ROMS and kernels
Post 2: rooting and flashing
Steps of rooting
How to flash ROMs
What is root/rooting?
In Unix-style operating systems, "root" is the name of the user who has all permissions and is therefore able to run/modify/change/delete just about anything. If you're familiar with Windows, this account is called Administrator. The default account (that's you!) on an Android phone does NOT have these privileges. Rooting is the process of obtaining them (i.e. obtaining root access). Once you root, you can "flash" new software onto your phone without (much) restriction. This is great because you now have control over what programs are on your phone, how your phone handles resources, what kernels you run, and more!
Once your phone is rooted, you don't always wield all of that power. You control your access to all these new abilities with a program called SuperUser (available on the market and baked into ROMS). This program can grant these special rights to any other program that requests them. So let's say a program wants to write data to a place it's not normally allowed. It will ask SuperUser to up its privileges and then BAM! it can write where it wants to. You yourself can gain SuperUser privileges in a shell by typing su. Then YOU can read, write, and execute to your hearts desire.
Before you root:
Before rooting, there are some basic things you should know.
Phone partitions: Your phone has a number of partitions. The important ones to know at first are:
1. System - this partition is essentially what you think of when you think of the operating system, the Android UI, and preinstalled apps. When people talk about flashing ROMs (e.g. CyanogenMod, Synergy, etc), they are talking about flashing a new system partition...with some exceptions to be discusse later.
2. Boot - this is the kernel and ramdisk. The kernel is responsible for managing the interactions between the phones software (including the ROM) and the hardware. Altering the kernel can increase/decrease performance, battery life, and more because it manages applications and system resources. When you flash a new kernel, it flashes to the boot partition. You may not notice a big difference like you do when changing ROMS, but behind the scenes, your phone's performance can be drastically altered. A *LOOSE* analogy is that the ROM is like the body and interior of your car (including color, AC, stereo, heated seats, TV in headrests, etc.) and the kernel is like the engine. You may not see it, but you'll know it's there if it's awesome or it sucks.
3. Aboot - this was largely unimportant for newbies until the bootloader lock/unlock situation. The short story is that aboot contains functions which authenticate the boot partition (that's the kernel, remember?). It checks to see if your boot partition is Verizon legal and if not, it aborts the boot process and politely tells you to contact Verizon. This authentication is what is referred to as a "locked" bootloader. It prevents you from completely booting the phone with a custom kernel. The bootloader is "unlocked" by replacing the stock aboot partition with one that does NOT check up on the boot partition. This is important because it allows us to run whatever kernel we want without bothering with kexec.
4. Data - this contains user installed apps, settings, contacts, bookmarks, etc, etc, etc. You can wipe this partition (as opposed to the above partitions) and still boot into the operating system. However, you will have lost all your setting and user installed apps. This is also called a factory/data reset.
5. Cache - this is stuff that you frequently use so it's kept available by Android. You can wipe it without much consequence and SHOULD wipe it when flashing new ROMs.
6. Recovery - this partition contains a separate operating system that allows you to recover from a corrupted/absent/otherwise jacked up Android operating system. It has a number of other functions as well. The big ones are to backup your device and restore said backups, to wipe certain partitions, and to flash things to your phone (i.e. install new ROMs, recoveries, or other programs). The stock recovery is limited so you will definitely want a custom recovery, created by the fine devs in the community, on your device.
What is a ROM and what is a kernel?
I touched on this above. A ROM is what goes on the system partition. It contains what you think of as the Android OS including the UI and preinstalled apps. It controls how programs interact with you, the user. A kernel controls how those programs interact with the phones hardware. You need both a ROM and a kernel to have a functional phone. Not only that, but not all ROMs and kernels are compatible. A ROM based on Touchwiz (TW) needs a TW kernel and an AOSP (Android Open Source Project) ROM needs an AOSP kernel.
Kernels come as standard kernels, as described above, and kexec kernels. As the bootloader is unlocked, there's really no need for kexec on OUR device. However, it does bear mentioning...sooooo, kexec is a method of getting a custom kernel running without having it reside on the boot partition. Once the kernel is loaded, the phone doesn't care where it came from. Your phone has already checked the boot partition, OK'ed it, and loaded the kernel. The custom kernel that you actually WANT running is waiting patiently on your SD Card. The phone boots into a kexec enabled recovery, which loads the custom kernel while the over the current one (the boring stock kernel) while it is still running. The old bait and switch.
What is a recovery and which one should I use?
A recovery, as mentioned above, is a separate operating system that loads from the recovery partition and allows you to make changes to your phone should it need to be "recovered". It goes beyond this though, allowing you to backup and restore your phone, flash ROMs, flash a different recovery, install programs, mods, etc. On the d2vzw, you can enter recovery by powering down your phone and holding down volume up, home, and power. There are also ways to reboot into recovery easily through programs and mods commonly found in custom ROMs.
Backups of your phone are called nandroids and they contain the contents of the system, data, cache, recovery, and boot partitions. This means when you create a nandroid, you are backing up all that stuff.
I'm not going to tell you which one to use because for the most part it's a matter of preference. There are anecdotal stories about one recovery or another causing issues, but I've personally never had those issues and each recovery has its die hard supporters. I WILL say that if you want to use a ROM with a kexec kernel, you need a kexec enabled recovery. Lastly, if you decide to use kexec, your phone will look like it's bootlooping. That's normal.
I'm ready to start rooting/flashing!
There is an excellent guide stickied in the development thread here http://forum.xda-developers.com/forumdisplay.php?f=1672 (big thanks to droidstyle). However, many of us forget what it's like to be a COMPLETE newbie and to someone who has no idea about anything, even that guide can be a little intimidating. You can follow the instructions, but may not understand what you're doing. The steps to take to start out with are:
1. Make sure you understand what I've written above. Make sure you are comfortable with the possibility of bricking your phone.
2. Root your device. As I said above, this is simply gaining root/Admin/whatever you want to call it access on your phone. In and of itself, it does NOT alter the ROM or kernel. However, there are many different ways to obtain root and some of them DO alter these things. The easiest and safest way to root (IMO) is to use Noxious Ninjas excellent tool. http://forum.xda-developers.com/showthread.php?t=1792342. If you like it, I encourage you to donate or at least "Thanks" him. It works by taking advantage of debugfs permissions to get the su binary (remember this from above??) onto your phone with permissions set so you can run it. It therefore doesn't change ROMs or anything else. You won't lose data, apps, or anything else. It just sneaks su right onto your current setup.
3. Install a custom recovery. This will allow you to do all the fun stuff I talked about above. I recommend installing EZ-recovery from the market and flashing CWM 6.0.1.0.
-- Install EZ-recovery
-- Under the "Recovery" heading, click the Recovery radio button and select CWM 6.0.1.0
-- Click flash
4. Backup everything as if your life depended on it. This means backing up your NV/IMEI as shown here http://rootzwiki.com/topic/32397-tutorial-imei-backup-nv-with-qpst-us-variants/ and making a nandroid (see above). You can restore a nandroid backup and you'll be right back where you were before flashing or changing things around. You should also back up texts, anything on your internal sd card, and programs SEPARATELY from a nandroid (see below) so that you can easily replace them after flashing a new ROM. The steps to making a nandroid are (similar steps to restore):
-- Turn off your phone.
-- Hold down volume up, home, and power until recovery appears.
-- Use the volume rocker to go to "backup and restore" and hit the power button
--- Select backup and then select the external or internal SD card
5. Unlock the bootloader. See the aboot partition discussion above for what this means. You must do this seperately from flashing ROMs and kernels. Refer to this thread http://forum.xda-developers.com/showthread.php?t=1839791 and give appropriate thanks! A warning...if you mess up your aboot partition, there's really nothing (that I know of) you can do to revive your phone besides sending it to someone with JTAG.
A quick note about backing up apps. Personally, I use Titanium backup because I've used it forever...and I think it's a great app. I'm not going to go into details, because it's not too tough to do a few basic things with it and because I want to stick to things that will help prevent bricks.
You're now ready to start flashing ROMs!
As a precursor, there are ROMS that are based on TouchWiz modified Android from Verizon/Samsung and there are ROMS based on AOSP (e.g. CyanogenMod). TW roms need a TW kernel and AOSP roms need an AOSP kernel. Until you get comfortable with everything, I would stick with TW, but that's just my opinion. Don't worry, you'll get comfortable pretty quickly.
Also, some roms come with kernels and will flash the kernel to your boot partition in addition to flashing the ROM to your system partition. Some ROMs don't come with kernels. If the ROM you choose comes with a kernel, that's great. If not, you'll still have the kernel you are currently running and you need to make sure there are no incompatibilities with your new ROM. ALWAYS ALWAYS ALWAYS read the OP of a rom you want to flash to find out kernel information as well as how to install the rom and anything else you may need to know. The general steps to flashing a ROM are (remember to read the OP for specifics):
1. Backup apps, data, call log, contacts, messages, etc. My program of choice for much of this is Titanium Backup available on the market. If you choose to use it, buy it as you'll use it a billion times.
2. Download the ROM you want and check the MD5
3. Place the ROM on the root of your SD card. Do NOT unzip it.
4. Reboot into recovery and make a nandroid backup
5. Wipe data/factory reset and wipe cache. Wipe it more than once if paranoid. People sometimes talk about wiping Dalvik cache. It's an option in your recovery, but it's not necessary IF you did a factory/data reset because the Dalvik cache is on the data partition which is wiped in the reset. You may want to wipe the Dalvik cache for some other purpose however.
6. Go to "install zip from sdcard" and select the ROM you want
7. If you want/need to flash a kernel, install that zip from the sdcard too.
8. Reboot and restore all that you backed up
If you want to flash a kernel without flashing a ROM, all you need to do is reboot into recovery, make a nandroid, wipe cache and Dalvik cache, and install the zip from your sd card.
Remember:
-- ALWAYS read the OP before installing anything
-- backup before making changes
-- verify MD5 checksums
-- wipe data and cache when flashing a new ROM (unless told not to by the ROM dev...sometimes referred to as a dirty flash)
-- NEVER accept an OTA (having a custom recovery should block OTAs anyway)
That's it for now. If people like this or have requests about other good noob topics, I'll consider adding to it. If not, then screw you!
Reserved
I didn't realize it was that easy to flash a custom kernel. Cool. The guide is very helpful.
Nice writeup, a lot if good information. I think I've successfully graduated from noob but still like to read more. One minor problem I noticed. All your rooting, and unlocking links are for ICS I don't think anyone is still on it. You may want to link to open your eyes guide for JB.... which will probably require a whole post to explain what is going on.
Sent from my VS920 4G using xda app-developers app
Great post OP.
Team Win Recovery Project 2.x, or twrp2 for short, is a custom recovery built with ease of use and customization in mind. It’s a fully touch driven user interface – no more volume rocker or power buttons to mash. The GUI is also fully XML driven and completely theme-able. You can change just about every aspect of the look and feel.
Phone look:
Tablet look:
CHANGELOG for 2.6.3.0:
-Proper backup and restore of SELinux contexts (thanks to Tassadar)
-Pull in some ROM information for backup name generation
-Merge all recent patches from AOSP bringing TWRP up to date with Android 4.3
-Add 1200x1920 theme (thanks to Tassadar)
-A few other fixes and tweaks
CHANGELOG for 2.6.1.0:
-Initial SELinux support (only a few devices, need testers so come by IRC if your device doesn't have it and needs it)
-Initial support for f2fs file system formatting (Moto X)
-Update SuperSU install for 4.3 ROMs
-Fixed a permissions bug on files created during backup
-Fixed a bug that caused TWRP to not wait for compressed backups to finish causing 0 byte files and md5sums to not match
-Fixed decryption of encrypted data so that both TouchWiz and AOSP decryption are possible
-Ignore lost+found folder during backup and size calculations
-Various other minor bug fixes and tweaks
CHANGELOG for 2.6.0.0:
Special Note: If you are running a custom theme, you will likely need to remove that theme before updating to 2.6.0.0 as your custom theme will likely not have some of the new changes visible (e.g. you won't be able to encrypt a backup)!
-Can encrypt a backup to prevent theft of private data from your backup files
-Updated graphics / icon courtesy of shift
-Updated exFAT to latest commits
-Fixed a problem with Samsung TouchWiz decryption
-Update SuperSU binary
-Fixed saving of backup partitions list
-Fixed saving of last used zip install folder
-Fixed backup of datadata on devices that use a separate partition for datadata
-Fixed some issues with the advanced wipe list (android_secure, can now wipe internal storage on data/media deivces and wipe data on the advanced list no longer formats the entire data partition)
-Fixed some problems with partitioning a SD card
-Various other bug fixes and tweaks
Notes about encrypted backups:
Why encrypt your backups? -- Most people store their backups on the device. Any app that has permission to access storage could potentially read your backup files and try to harvest your data. Encrypted backups also provide an added layer of security if you move your backups to other storage devices or to the cloud. The encryption that we're using is probably not strong enough for enterprise level security, but should be strong enough to make it significantly difficult to get to your data.
Encryption is using OpenAES which uses AES 128-bit cbc encryption. If you happen to use a longer password (over 16 characters) then the encryption strength improves to 192 or 256 bits. Do not forget your password. If you forget your password you will be unable to restore your backup. We don't encrypt the entire backup. Encryption is very CPU intensive and can be fairly slow even when we spread the workload over multiple cores even on the latest high-end devices. To ensure that encrypted backups don't take forever, we don't encrypt any other partitions besides /data and in /data we don't encrypt /data/app (or other app related directories where apks are stored) and we don't encrypt dalvik cache.
DOWNLOAD:
Latest Builds Here
BUGS:
If you have found a bug, please consider posting it to our github issues log. It's pretty much impossible for us to keep up with the more than 40 threads that we have for the devices that we "directly" support. If you have a significant problem that cannot be answered in this thread, your best bet is to PM me directly, contact us via our website, or find us in our IRC channel below. If you see someone that's struggling, feel free to point it out to us. We need your help to help us keep track of all of our devices! Thanks!
SUPPORT:
Live support is available via #twrp on Freenode with your IRC client or just click this link.[/QUOTE]
Links are up enjoy the light show
Twrp now has haptic feedback.
edit: This is untested.
Wow, finally no more empty zips that bricks the phone. Downloading.
Finally the 2.6.3.0 version
Waited for long time for this
Sent from my Nexus 5 using xda app-developers app
Does this work with all partitions?
Sent from my SPH-D700 using Tapatalk 2
DaKillaWilla said:
Does this work with all partitions?
Sent from my SPH-D700 using Tapatalk 2
Click to expand...
Click to collapse
Yes , it was confirmed working.
Hello all,
I flashed TWRP 2.6.3.0 and now any ROM I try to flash getting FAILED message. Am I missing something...
Thx in Adv
FerociousAndroid said:
Hello all,
I flashed TWRP 2.6.3.0 and now any ROM I try to flash getting FAILED message. Am I missing something...
Thx in Adv
Click to expand...
Click to collapse
Give more info what rom? What recovery etc.
Sent from my SPH-D710 using Tapatalk
Unjustified Dev said:
Give more info what rom? What recovery etc.
Sent from my SPH-D710 using Tapatalk
Click to expand...
Click to collapse
Fashed from CMW 5.0.2.7 to Twrp_6.3_Unofficial_20140211_d700.zip. Then tried installing any of the following:
cm-7.2.0-epicmtd.zip
cm-10.1.3.1-epicmtd.zip
Try to go back to cwm-5.0.2.7-epic4g.zip
ThePeoplesROMv2.22_BML.zip
ThePeoplesROMv2.22_MTD.zip
I odin back to "pit & Deodexed-FC09.zip" and then installed CMW 5.0.2.7. I'm on CM10.x. Didn't bother with TWRP. I could be have been the new Samsung 4GB micro SD card I was using who knows.
Thx any way.
FerociousAndroid said:
Fashed from CMW 5.0.2.7 to Twrp_6.3_Unofficial_20140211_d700.zip. Then tried installing any of the following:
cm-7.2.0-epicmtd.zip
cm-10.1.3.1-epicmtd.zip
Try to go back to cwm-5.0.2.7-epic4g.zip
ThePeoplesROMv2.22_BML.zip
ThePeoplesROMv2.22_MTD.zip
I odin back to "pit & Deodexed-FC09.zip" and then installed CMW 5.0.2.7. I'm on CM10.x. Didn't bother with TWRP. I could be have been the new Samsung 4GB micro SD card I was using who knows.
Thx any way.
Click to expand...
Click to collapse
I second this, my backups & flashable zips that worked fine with 2.6.0.0 are no longer working in this TWRP version, even though the md5 checks out. There is a problem with this new release, imo, as this was an occurrednce with both of my Epics.
Luthiensdad said:
I second this, my backups & flashable zips that worked fine with 2.6.0.0 are no longer working in this TWRP version, even though the md5 checks out. There is a problem with this new release, imo, as this was an occurrednce with both of my Epics.
Click to expand...
Click to collapse
Probably because of the updates etc that were done. I can't guarantee older backups will be compatible.
Unjustified Dev said:
Probably because of the updates etc that were done. I can't guarantee older backups will be compatible.
Click to expand...
Click to collapse
I don't think that's the case, the problem occurs when flashing ROM & kernel zips too, not just when attempting to restore existing backups. I re-downloaded a couple (& checked md5) again to confirm this. (Of course, I also checked md5 for this new recovery prior to installing it)
Luthiensdad said:
I don't think that's the case, the problem occurs when flashing ROM & kernel zips too, not just when attempting to restore existing backups. I re-downloaded a couple (& checked md5) again to confirm this. (Of course, I also checked md5 for this new recovery prior to installing it)
Click to expand...
Click to collapse
Well sorry I guess this won't be fixed because I quit developing. I can do no more than answer questions.
flash off of CWM and now I got stuck on the Samsung screen. any help?
Nexus11 said:
flash off of CWM and now I got stuck on the Samsung screen. any help?
Click to expand...
Click to collapse
Give me some time to compile a new one I have to update both epic 4g and epic 4g touch.
Hey all, I read somewhere (cant remember where anymore) that due to the extra security (encryption) TWRP and CWM would be having issues with android 5.0 as they cant make backups of the data and restore it properly, is this true or have it perhaps been fixed in new versions of TWRP?
cheers all!
Natherul said:
Hey all, I read somewhere (cant remember where anymore) that due to the extra security (encryption) TWRP and CWM would be having issues with android 5.0 as they cant make backups of the data and restore it properly, is this true or have it perhaps been fixed in new versions of TWRP?
cheers all!
Click to expand...
Click to collapse
If you manually encrypt the Dev preview, TWRP cannot access the storage, so cannot flash zips etc. There was a belief that encryption will be enforced by default on the full release. I am still not sure if that will be teh case. The AOSP builds that came out over the last 2 days are not encrypted by default. So currently, by default you are OK. If you choose to encrypt, You're screwed from a recovery perspective. When the final, full release comes out - I don't know what will happen.
You might be confused of many terms in Android if you are a new developer or new to android. Here I got some meanings of these terms. Please give me some thanks if this topic helps you.
i. Root - Talking root access means that you have gained the full control of your device. You have made the system directory as read/write. When you buy a device there may be some files which the manufacturer deter to modify or delete since doing this may hamper the working of your device. But by gaining root access you can have the control of your visuals and looks of your phone. It is somewhat similar to the Administrator of Windows OS.
ii. The bootloader is a line of code that is executed even before your Android operating system boots up. The bootloader’s code is specific for each make and model of the many Android devices. Bootloaders come “locked” because the device manufacturer doesn’t want you tinkering with the software that they worked so hard to optimize for that particular piece of hardware. Unlocking the bootloader allows you to tinker with the phone’s firmware, or even replace it with a custom firmware (aka: ROM). It is important to note that unlocking your bootloader will erase all data stored on your phone, essentially putting it back to a “factory reset” state, so you’ll want to save any pictures, music, or any other important files that are on your device.
iii. Recovery - Once your bootloader is unlocked and you have rooted your device, you will need a custom recovery. A recovery is a piece of software that is called up separate from the actual Android operating system. Its purpose is to make changes to the Android OS at a core level, such as delete user data, apply updates and more. The stock recovery is limited in function, so if you are planning on modifying/hacking/rooting your phone, you will need to install a “Custom Recovery” such as Clockwork Mod Recovery. A custom recovery will allow you to make backups, restore them, wipe partitions, install custom software and more.
iv. Backup / Nandroid - Once your custom recovery is installed, you will want to make a backup (also known as a Nandroid). A Nandroid is simply a complete and total backup of your phone. It will store all of your data, apps, settings, SMS messages, and more, basically allowing you to restore your phone to the exact state that it was in when you made the backup.
v. Wipe - Now that your backup is made, you don’t have to be afraid of making changes to your phone or losing data, since you can always restore it (just be sure to not delete the backup!). Now you can “wipe” your phone without worry. Wiping is deleting all the user data from your phone, essentially resetting it to its factory state. You can also wipe (ie: delete) other partitions of your phone like the cache partition. It is always recommended to wipe your phone before installing a custom ROM (we’ll get to that in a second). You can wipe your phone via the custom recovery you installed.
vi.Flashing - Flashing is the process of installing some sort of software or code via your custom recovery.
vii. Flashable ZIP - A flashable ZIP is the actual file that you install or “flash” via the custom recovery to make changes to your phone’s software. It is a normal .zip file that contains the lines of code to modify your software. These Flashable ZIPs can be used to flash a ROM, Kernel, Radio, mod, and more, which we will define below.
viii. ROM - A ROM is the main firmware or operating system that your phone runs. Just like Windows 7 runs on your PC, or Mac OSX runs on your Macbook, a ROM is the main software you interact with to use your phone. It includes all the system apps (messaging, email, phone), the launcher, the notification bar…everything really. Google’s Nexus line runs a “stock” Android ROM (meaning it’s unmodified) while manufacturers make significant changes to the look and feel of their ROMS before they ship them with your phone (for example: note the difference between the Samsung Galaxy S III’s software and the software on LG’s Nexus 4) . Code-savvy developers have taken the manufacturers’ code and created their own “Custom ROMs”. These ROMs can dramitically enhance the look and feel of your phone, and often add tons of useful features. Two very popular custom ROMs are CyanogenMod and MIUI. A ROM is made for a specific model phone and comes in a Flashable ZIP file that is installed (“flashed”) via your custom recovery.
ix. Kernel - Unlike a ROM the Kernel does not alter the look and feel of your phone, but is a “deeper” line of code that rests beneath the surface, so to speak. It tells the software how to interact with the hardware.
Deleted
guitarboy021 said:
Thank you so much man. This is EXACTLY what I was looking for! I saw ur post on my thread and followed it. Thanks man. Ill definitely give this one a try.
Sent from my LG-E988
Click to expand...
Click to collapse
Thank you. Go to this thread of mine to know about Custom Recovery and flashing it http://forum.xda-developers.com/showthread.php?t=3046718
Thanks a lot!
seemeandyou said:
Thanks a lot!
Click to expand...
Click to collapse
If you are helped then please hit the thanks button
Hello everybody,
I created a tool - initially for the nexus 9 (flounder|flounder_lte) - that gets rid of the ForceEncrypt flag in a generic way (meaning it should work no matter what rom you are on). It does that by patching the currently installed boot.img.
I enhanced that tool to make it work for other devices too. (See the list below to see if your device is supported)
Disclaimer
Code:
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about the features in this tool
* before using it! YOU are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you. Hard. A lot.
*/
Background
The Android CDD (Compatibility Definition Document) suggests demands that all devices with the appropriate horse power SHOULD MUST enable full disk-encryption (FDE) by default. Even though I support every step towards more security I have to criticize this approach. Full-disk-encryption comes at a price. Encryption takes time because some component has to de- and encrypt the stuff on the disk at some point and in current devices it's the CPU's task. Even though modern devices have quite fast CPU cores you can still easily feel the difference between FDE in the on- or off-state. The I/O is faster and boot-times take only half as long. (I did not do any scientific measurements though)
There is an ongoing discussion about this topic in cyanogenmod's gerrit for the nexus 9. Although it's a fun read it is pretty clear that this exchange of views is not going anywhere near a useful outcome. Additionally, Google's stock ROMs always have forced encryption enabled on newer devices.
Because performance is important to me and at least my tablet does not need the extra security I created the FED-Patcher (ForceEncrypt Disable Patcher).
How does it work?
FED-Patcher is a simple flashable ZIP that is supposed to be run in a recovery that has busybox integrated (like TWRP or CWM). This is what it does:
Checks if your device is compatible
Dumps the currently installed boot.img.
Unpacks the dump of your currently installed boot.img. The unpacking process is done via a self-compiled, statically linked version of unmkbootimg.
It patches the filesystem tables which include the force-encrypt flags. This process will change "forceencrypt" to "encryptable".
Then, if necessary, it patches the filesystem tables to not use dm-verity. This is done by removing the "verify" mount-parameter.
Creates a new boot.img. The unpacking process is done via a self-compiled, statically linked version of mkbootimg.
Flashes the modified boot.img
Supported devices
HTC Nexus 9 WiFi (flounder)
HTC Nexus 9 LTE (flounder_lte)
Motorola Nexus 6 (shamu)
LG Nexus 5X (bullhead)
Huawei Nexus 6P (angler)
Version History
v1 - Initial version with HTC Nexus 9 WiFi (flounder) support
v2 - Added Motorola Nexus 6 (shamu) support
v3 - Added support for HTC Nexus 9 LTE (flounder_lte)
v4 - Added support for signed boot-images
v5 - Changed error handling to compensate for missing fstab files. Some roms seem not to ship with the complete set of boot-files from AOSP.
v6 - FED-Patcher will enforce the same structure for the patched boot.img that the original boot.img had. Additionally, the kernel commandline will also be taken over. This should fix pretty much every case where devices would not boot after patching.
v7 - FED-Patcher will now disable dm-verity in fstab to get rid of the red error sign on marshmallow roms.
v8 - Added support for LG Nexus 5X (bullhead) and Huawei Nexus 6P (angler)
What do I need to make this work?
A supported device
An unlocked bootloader
An already installed ROM with forceencrypt flag. (like cyanogenmod CM12.1)
A recovery that includes busybox (TWRP, CWM)
How do I use it?
Make a thorough, conservative backup of your data if there is any on your device
Go into your recovery (TWRP, CWM)
Flash fed_patcher-signed.zip
If your device is already encrypted (You booted your ROM at least once) you need to do a full wipe to get rid of the encryption. This full wipe will clear all your data on your data-partition (where your apps as well as their settings are stored) as well as on your internal storage so please, do a backup before. If you don't do a backup and want to restore your data... well... Call obama.
How do I know if it worked?
Go into your "Settings"-App. In "Security", if it offers you to encrypt your device it is unencrypted. If it says something like "Device is encrypted" it indeed is encrypted.
IMPORTANT: If you update your ROM you have to run FED-Patcher again because ROM-updates also update the boot-partition which effectively removes my patch. So, if you are on CM12.1 for example and you used my patch and do an update to a newer nightly you have to run FED-Patcher again. If you don't do so Android will encrypt your device at the first boot.
Is it dangerous?
Well, I implemented tons of checks that prevent pretty much anything bad from happening. But, of course, we're dealing with the boot-partition here. Even though I tested FED-Patcher quite a lot there is still room for crap hitting the fan.
Screenshot
Scroll down to the attached thumbnails.
Credits
* pbatard for making (un)mkbootimg (dunno if he is on xda)
* @rovo89 for his xposed framework - I used some of his ideas by reading the source of his xposed installer flashable ZIP for FED-Patcher.
GibHub: https://github.com/gladiac1337/fed-patcher
XDA:DevDB Information
FED-Patcher, Tool/Utility for all devices (see above for details)
Contributors
gladiac, rovo89
Version Information
Status: Beta
Current Beta Version: v8
Beta Release Date: 2015-10-27
Created 2015-10-27
Last Updated 2016-10-23
Hi @gladiac and first of all thanks for the work and time spent developing this amazing tool.
I'm currently running stock Marshmallow on my Nexus 6 and i plan to stay like that, but would like to test my device with ForceEncrypt disabled. Here are my doubts.
1 - Does this work on stock?
2 - Would i be able to flash the monthly security update images without having to wipe my device every time?
3 - In your opinion, do the speed gains justify the all the work?
Thanks in advance.
cyberon said:
Hi @gladiac and first of all thanks for the work and time spent developing this amazing tool.
I'm currently on stock Marshmallow and i plan to stay like that, but would like to test my device with forcencrypt disabled. Here are my doubts.
1 - Does this work on stock?
2 - Would i be able to flash the monthly security update images without having to wipe my device every time?
3 - In your opinion, do the speed gains justify the all the work?
Thanks in advance.
Click to expand...
Click to collapse
Hi @cyberon,
good questions!
Yes, FED-Patcher works on stock! Marshmallow made it necessary to do a new release, v7, to get rid of an error message at boot but other than that, FED-Patcher works just fine on Android 6.
Well, I don't know how the monthly security-updates will be deployed. I guess it will be done by OTA (Over the Air) updates. OTA will probably not work after modifying the boot-image. However, flashing factory images should work just fine. Additionally, most of the time, OTA-zips are being posted here on xda or androidpolice whenever they become available so doing manual OTA updates is another possibility to do updates.
To get back to your question - wiping should not be necessary after an upgrade - be it via OTA or factory images. Google did a fantastic job with the upgrade-functionality in newer Android versions. However, whenever you do an update, be sure to run FED-Patcher afterwards because, in case the boot-partitions got updated, forced encryption will be in place again and on the first boot it will encrypt you device.
Well, I do all my tests on a HTC Nexus 9 (flounder). It is a pretty fast beast. However, on an unmodified stock rom, it was clearly tangible that the GUI had more latency than necessary. Apps loaded pretty slowly - compared to my Sony Xperia Z1 (honami) it took like twice as long to start youtube - and in general it just did not behave like a beast. This was why I started writing FED-Patcher. In my opinion it was worth my time. (it wasn't that much actually)
I hope I could help.
Enjoy, gladiac
Thanks for the quick and detailed answer @gladiac, now regarding point number 2.
I never wait for the OTA, but always flash the images manually.
As far as i understand from your answer, it would it be ok to flash all the img files manually, then flash TWRP and finally flash FED without booting the OS.
Am i missing something?
cyberon said:
Thanks for the quick and detailed answer @gladiac, now regarding point number 2.
I never wait for the OTA, but always flash the images manually.
As far as i understand from your answer, it would it be ok to flash all the img files manually, then flash TWRP and finally flash FED without booting the OS.
Click to expand...
Click to collapse
That's pretty much how I would do it. You don't even have to flash TWRP if you just skip flashing the recovery.img which is included in the factory-image package.
Thanks @gladiac, will try that way.
PS: I have a feeling that if we had this option added to a toolkit like Wugfresh Nexus Root Toolkit, it would be an instant success.
hi @gladiac
first of all thanks for your patch
I'm on Nexus 6 with stock Marshmallow and all I want to do is disable encryption and enable root.
Is your patch + SuperSU enough or I need something else?
Thanks a lot
Worked on my N9 - thanks!
provolinoo said:
hi @gladiac
first of all thanks for your patch
I'm on Nexus 6 with stock Marshmallow and all I want to do is disable encryption and enable root.
Is your patch + SuperSU enough or I need something else?
Thanks a lot
Click to expand...
Click to collapse
Hi @provolinoo,
well, FED Patcher will disable the forced encryption for you. However, SuperSU will not work so easily. The reason for that is that the stock ROM has SeLinux enabled in "enforcing" mode. SuperSU does not work without adding more SeLinux Policies to the stock ROM. Unfortunately, it's not in the scope of FED Patcher to add SeLinux policies for SuperSU. This should be done inside the flashable ZIP of SuperSU instead.
The last time I tested SuperSU with marshmallow stock was with version 2.52 BETA. It did not work. The result was a boot-loop because of one or more SeLinux denials. A little more info on that matter is here.
So, to get SuperSU working you would have to set SeLinux to "permissive" mode. Alternatively, you can use @Chainfire's boot.imgs to make SuperSU work.
Have fun, gladiac
Thank you gladiac. Your FED patcher (v8) works flawlessly on my Nexus 9. Edit: I am using TWRP 2.8.7.1
The gerrit conversation you linked is interesting. I am grateful that someone with your skills decided to support our ability to choose whether or not to encrypt. CM thinks I am smart enough for root priveleges but I am too stupid to be trusted with decryption?
Don't some major vendors allow the disabling of encryption from within Android?
Anyway, thanks for the patcher.
dmantilal said:
Thank you gladiac. Your FED patcher (v8) works flawlessly on my Nexus 9.
The gerrit conversation you linked is interesting. I am grateful that someone with your skills decided to support our ability to choose whether or not to encrypt. CM thinks I am smart enough for root priveleges but I am too stupid to be trusted with decryption?
Don't some major vendors allow the disabling of encryption from within Android?
Anyway, thanks for the patcher.
Click to expand...
Click to collapse
I agree, I love CM roms but their decision to force encryption when most of cm users are power-user is a nonsense
Sooo....basically, I cannot use a stock Marshmallow that is FEDpatched and with root (using SuperSU, unless there is alternative)? If I want those, I have to get one of the custom ROMs?
EDIT: also, I tried using Chainfire's modified boot. It is stated that it will disable the forceencrypt. It didn't work in mine, still encrypted.
jamesalfred said:
Sooo....basically, I cannot use a stock Marshmallow that is FEDpatched and with root (using SuperSU, unless there is alternative)? If I want those, I have to get one of the custom ROMs?
EDIT: also, I tried using Chainfire's modified boot. It is stated that it will disable the forceencrypt. It didn't work in mine, still encrypted.
Click to expand...
Click to collapse
Did you follow the directions and format the entire "data" partition?
dmantilal said:
Did you follow the directions and format the entire "data" partition?
Click to expand...
Click to collapse
I too have the same problem didnt work for me.
im on the the new 6.0 L build but went ahead and flashed the modified boot image for K build just so I could flash the TWRP img.
Once TWRP was installed, I installed the Fed path ZIP and that went well supposedly. and then after that I did a factory reset, then I WIPED the DATA, CACHE and Dalvik.. I rebooted setup my device and it still shows encrypted.
nextelbuddy said:
I too have the same problem didnt work for me.
im on the the new 6.0 L build but went ahead and flashed the modified boot image for K build just so I could flash the TWRP img.
Once TWRP was installed, I installed the Fed path ZIP and that went well supposedly. and then after that I did a factory reset, then I WIPED the DATA, CACHE and Dalvik.. I rebooted setup my device and it still shows encrypted.
Click to expand...
Click to collapse
It did not work because you did not follow the directions.
Flash TWRP. Flash FED. Full wipe (or format, depending on your choice of terminology). OP goes on to clarify by saying "This full wipe will clear all your data on your data-partition (where your apps as well as their settings are stored) as well as on your internal storage so please, do a backup before.", meaning if you did not lose everything on data, which includes "/sdcard", you most likely did it wrong.
Give us more info so we can help (assuming you fid it right initially).
P.S. - 6.0 is M(arshmallow), not L(ollipop).
dmantilal said:
Did you follow the directions and format the entire "data" partition?
Click to expand...
Click to collapse
dmantilal said:
It did not work because you did not follow the directions.
Flash TWRP. Flash FED. Full wipe (or format, depending on your choice of terminology). OP goes on to clarify by saying "This full wipe will clear all your data on your data-partition (where your apps as well as their settings are stored) as well as on your internal storage so please, do a backup before.", meaning if you did not lose everything on data, which includes "/sdcard", you most likely did it wrong.
Give us more info so we can help (assuming you fid it right initially).
P.S. - 6.0 is M(arshmallow), not L(ollipop).
Click to expand...
Click to collapse
i solved my issue. i was wiping DATA but not choosing internal storage. i did that and rebooted and now it says ENCRYPT not ENCRYPTED
THANKS!
so currently I have a modified boot image from the K build, TWRP and now a modifier boot.img kernel for no force encrypt BUT I am not rooted and dont plan on it. does this mean I can still get OTAs?> i would guess not since my boot image has been modified and i am unlocked? would i even want an OTA? wouldnt that just give me a stock boot.img again causing me to get encrypted on the next boot after OTA?
nextelbuddy said:
i solved my issue. i was wiping DATA but not choosing internal storage. i did that and rebooted and now it says ENCRYPT not ENCRYPTED
THANKS!
so currently I have a modified boot image from the K build, TWRP and now a modifier boot.img kernel for no force encrypt BUT I am not rooted and dont plan on it. does this mean I can still get OTAs?> i would guess not since my boot image has been modified and i am unlocked? would i even want an OTA? wouldnt that just give me a stock boot.img again causing me to get encrypted on the next boot after OTA?
Click to expand...
Click to collapse
Side-loading the OTA then following that with a FED flash seems much safer.
Loading an OTA directly would over-write the boot.img with a ForceEncrypt boot.img, logically Forcing Encryption (derp) at boot.
I am using chroma ROM which doesn't force encryption and my device is still encrypted. Can I still use this?
jamespat93 said:
I am using chroma ROM which doesn't force encryption and my device is still encrypted. Can I still use this?
Click to expand...
Click to collapse
You can if you want But if you want to unencrypt your phone, backup your ROM, copy sd content to your computer, wipe everything! in recovery (twrp) including Format Data, Factory reset, internal storage etc. Connect your phone while in recovery to your computer (you'll see 25.98GB instead of 23.03GB), copy sd content back to your phone, restore your rom backup and you'll be fine.
I can't get it work on Nexus 6 and chroma rom r26.
My steps: wipe everything, push folder (rom,patcher and gapps), flash chroma, flash gapps, flash patcher, wipe everything but system
after boot in setting/security it is again encrypted. what I am doing wrong?