I recently upgraded to ICS, and one of the options in ICS is built-in Android encryption. This was forced upon me by Exchange Activesync's security policy, so it encrypted my phone.
Now, when I go in to 4ext recovery to do a backup, etc, /data is not mountable.
Some of the notes about the encryption say:
The /data filesystem must be on a device that presents a block device interface. eMMC is used in the first devices. This is because the encryption is done by the dm-crypt layer in the kernel, which works at the block device layer
Booting an encrypted system.
When init fails to mount /data, it assumes the filesystem is encrypted, and sets several properties: ro.crypto.state = "encrypted" vold.decrypt = 1 It then mounts a /data on a tmpfs ramdisk, using parameters it picks up from ro.crypto.tmpfs_options, which is set in init.rc.
If init was able to mount /data, it sets ro.crypto.state to "unencrypted".
.
and so on, so /data is unmountable by the kernel which then does trickery to decrypt it ready for Android.
So am I stuck now not being able to do /data operations from recovery, only from the OS?
Would appreciate if someone can point me to the right direction here.
Having some problem to encrypt my internal SD card.
Motorola RAZR HD (XT925)
CM 11-20140104-SNAPSHOT-M2-xt925
SELinux Permissive
Problem and symptoms:
1. If I follow the normal procedure to encrypt (charged >80%, connected to USB, removed external SD card), as soon as the "green wireframe robot" appears it gets stuck there without the percentage encryption appearing. I searched and found this means encryption hasn't even started. It's true. I boot and nothing has happened.
2. If I try the same through command line running this command
vdc cryptfs enablecrypto inplace 1234
I get the following error message
200 -1 5 (or something like that)
3. The results of adb logcat when trying either the GUI or terminal are:
E/Cryptfs ( 313): Cannot get size of block device
Solutions:
I looked everywhere for solutions, but found nothing quite like the issue I'm having. See:
1. One place mentions trying to connect USB to power supply instead of computer, because that worked for him. Didn't work for me.
2. Most complaints about not being able to encrypt mention the following as the error:
E/Cryptfs ( 2407): Orig filesystem overlaps crypto footer region. Cannot encrypt in place.
This is NOT the error message I get. Maybe after I solve the problem of the current error message this other one will come up, but so far my error message is different and I have no reason to believe that the proposed solution to this error message (resizing data partition) would solve the issue.
3. The only explanations I found about the reason of my error message (Cannot get size of block device) is that you can't encrypt yaffs, only ext4. But I checked and my data partition is ext4:
$ mount | grep /data
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,noatime,nodiratime,user_xattr,barrier=1,data=writeback,noauto_da_alloc 0 0
and
$ cat /fstab.qcom
shows that /system /data /cache /firmware and /persists are ext4, that mmc_host and msm_hsusb_host are vfat, and all others are emmc
What am I overlooking? What else can the problem be?
Also a question: should I expect response time (you know, lags) to be significantly worse after encryption? And battery consumption?
Thank you.
Hi,
As it's a custom rom you are running, you will need to register on XDA and ask about your issue in the thread you downloaded the rom from.
Good luck!
Hello everyone, i have a problem with my s7500 after trying to install the SpeedMod 4.4.4 rom.
I was coming from an unsuccesful first installation, where the setup wizard application was crashing when touched at every restart, leaving the phone unusable on the home screen, so i tried again.
After rebooting in recovery mode, i started by doing a wipe as usual, waited for it to be completed and then, when looking for the zip on the sdcard, it wasnt there, the external sd (i've tried three different cards) was not recognized by the system.
There are a lot of errors in the recovery log, which i'm gonna sort on this spoiler below.
E:invalid block device on '/dev/block/mmcblk0p8 (also mmcblk0p12) /boot emmc defaults 'emmc' 40
E: invalid block device on 'dev/block/mmcblk0p16/system ext4 ro,barrier=1 wait
E: invalid block device on 'dev/block/mmcblk0p18/data ext4 nosuid,nodev,noauto_da_alloc,barrier=1 wait,check,encryptable=footer,lenght=16384 'ext4',40
E: invalid block device on 'dev/block/mmcblk0p17/cache ext4 nosuid,nodev,barrier=1 wait,check 'ext4' 40
E: invalid block device on 'devices/platform/msm_sdcc.1/mmc_host auto auto defaults voldmanager=sdcard1:auto,noemulatedsd ' , 'auto', 49
E: invalid block device on 'devices/platform/msm_hsusb_host.0 auto auto defaults voldmanager=usbdisk:auto ' ,auto' , 45
E: invalid block device on 'dev/block/zram0 none swap defaults zramsite=67108864 ' , swap' , 22
E: unable to locate storage partition for storing settings file.
Updating partition details......done
E:unmount: Unable to find partition for path '/system'
E:unmount: Unable to find partition for path '/data'
E:unmount: Unable to find partition for path '/cache'
Kernel does not have support for reading SELinux contexts
E:unmount: Unable to find partition for path '/cache'
Running boot script......
Finished running boot script.
E:mount: Unable to find partition for path '/cache'
E: no vaild storage partitions found for MTP.
Trying to install the rom via ABD Sideload worked, but after successfulling installing it a warning propted saying that no OS were installed, and rebooting left me once again on the recovery screen.
I am sorry for my english in advance and i hope this post would be understandable, i can only imagine that there are problems with the internal storage not being partitioned or something like that, googling a solution for 4 hours didnt solved the problem.
Thank you in advance for the help, im here if someone needs further explanations.
Just redownload the rom, perform full wipe and dlash it again.
Long story short, I screwed up, and now I have an encrypted storage (with my files that I want back) but TWRP and the OS thinks it is not.
It goes like this:
The Magisk v22.0 update screwed up my phone, which stuck in a bootloop.
After countless tries with Magisk (updating, uninstalling. installing, removing mods, adding mods) in TWRP, I read somewhere to dirty flash the ROM.
Due to an HDD failure in my PC, I did not have any storage to back up my internal storage from the phone.
Because I wanted to update the ROM anyways (from MIUI 11 to 12) I decided to flash the newer one. That was the first mistake.
This made the bootloop worse, and now it stuck in fastboot mode, no recovery. After many sleepless nights I found out that not every USB-C cable is equal, and I couldn't reach my phone via fastboot because of the cable itself. Tried it with the original cable, it sure showed up as a fastboot device.
So now I was able to flash an original fastboot ROM which still gave me bootloop, so I went wiping (not formatting, so the /sdcard fs doesn't gets erased) Data and Cache in TWRP.
Then reflashed the fastboot ROM, and somehow it worked. When It booted up, I had to type in my screen lock pin again, and after setup all my files were available.
Now that the phone worked again, I wanted to finish what I started, to update to latest EU (recovery) ROM. This was the second mistake. It did not work (because it required formatting data, which I did not wanted to, and just wiped it), and came bootloop again.
So I went back to the fastboot ROM again, which fixed the phone again.
But this time, it thought the internal storage was not encrypted, so it encrypted it again.
Now I can't access the internal storage. Even the camera app says that first I need an SD Card to take photos.
Its clearly still encrypted because when I browse it in TWRP, the structure and files are there, but the names are like "74t7Z1,dnvgIIexr1QAfhD".
The problem being neither the OS, nor TWRP knows the storage is encrypted double, so it doesn't even tries to decrypt it, and there are no options to do it.
Tried to set encryption in the running OS, but it gave me the same results: even tho TWRP asks for decryption key, and says it successfully decrypted, the storage is still a mess like its in encrypted state.
Is there any way to manually force some flag, so I can access my files again? I have the encryption key, I just need some way to decrypt the storage. I think of something like an ADB command to flag the partition as encrypted, so TWRP and OS would try to decrypt it.
Thanks in advance!
insetta said:
Long story short, I screwed up, and now I have an encrypted storage (with my files that I want back) but TWRP and the OS thinks it is not.
It goes like this:
The Magisk v22.0 update screwed up my phone, which stuck in a bootloop.
After countless tries with Magisk (updating, uninstalling. installing, removing mods, adding mods) in TWRP, I read somewhere to dirty flash the ROM.
Due to an HDD failure in my PC, I did not have any storage to back up my internal storage from the phone.
Because I wanted to update the ROM anyways (from MIUI 11 to 12) I decided to flash the newer one. That was the first mistake. This made the bootloop worse, and now it stuck in fastboot mode, no recovery. After many sleepless nights I found out that not every USB-C cable is equal, and I couldn't reach my phone via fastboot because of the cable itself.
Due to an HDD failure in my PC, I did not have any storage to back up my internal storage from the phone.
So now I was able to flash an original fastboot ROM which still gave me bootloop, but after wiping (not formatting, so the /sdcard fs doesn't gets erased) Data and Cache in TWRP.
Then reflashed the fastboot ROM, and somehow it worked. When It booted up, I had to type in my screenlock pin again, and after setup all my files were available.
Now that the phone worked again, I wanted to finish what I started, to update to latest EU (recovery) ROM. This was the second mistake. It did not work (because it required formatting data, which I did not wanted to, and just wiped it), and came bootloop again.
So I went back to the fastboot ROM again, which fixed the phone again.
But this time, it thinks the internal storage is not encrypted.
Now I can't access the internal storage. Even the camera app says that first I need an SD Card to take photos.
Its clearly still encrypted because when I browse it in TWRP, the structure and files are there, but the names are like "74t7Z1,dnvgIIexr1QAfhD".
The problem being neither the OS, nor TWRP knows the storage is encrypted, so it doesn't even tries to decrypt it, and there are no options to do it.
Tried to set encryption in the running OS, but it gave me the same results: even tho TWRP asks for decryption key, and says it successfully decrypted, the storage is still a mess like its in encrypted state.
Is there any way to manually force some flag, so I can access my files again? I have the encryption key, I just need some way to decrypt the storage. I think of something like an ADB command to flag the partition as encrypted, so TWRP and OS would try to decrypt it.
Thanks in advance!
Click to expand...
Click to collapse
Is twrp permanently installed
Austinredstoner said:
Is twrp permanently installed
Click to expand...
Click to collapse
No, its not.
Also, seems like the option to decrypt is not there because its being encrypted double. One with my original pin, and now with "default_password" since the encryption is forced in this ROM.
Trying to create any backup in TWRP now gives the "required key not available" error.
insetta said:
No, its not.
Also, seems like the option to decrypt is not there because its being encrypted double. One with my original pin, and now with "default_password" since the encryption is forced in this ROM.
Trying to create any backup in TWRP now gives the "required key not available" error.
Click to expand...
Click to collapse
Decryption only works when twrp permanently installed
Austinredstoner said:
Decryption only works when twrp permanently installed
Click to expand...
Click to collapse
Okay, I flashed TWRP.
Now I found that from shell, TWRP has a "decrypt" function, which I called, but no success
tucana:/ # twrp
TWRP openrecoveryscript command line tool, TWRP version 3.5.2_9-0
Allows command line usage of TWRP via openrecoveryscript commands.
Some common commands include:
install /path/to/update.zip
backup <SDCRBAEM> [backupname]
restore <SDCRBAEM> [backupname]
wipe <partition name>
format data
sideload
set <variable> [value]
decrypt <password> [USER ID]
remountrw
fixperms
mount <path>
unmount <path>
print <value>
mkdir <directory>
reboot [recovery|poweroff|bootloader|download|edl]
tucana:/ # twrp decrypt **********
Attempting to decrypt data partition or user data via command line.
Failed to decrypt data.
insetta said:
Okay, I flashed TWRP.
Now I found that from shell, TWRP has a "decrypt" function, which I called, but no success
tucana:/ # twrp
TWRP openrecoveryscript command line tool, TWRP version 3.5.2_9-0
Allows command line usage of TWRP via openrecoveryscript commands.
Some common commands include:
install /path/to/update.zip
backup <SDCRBAEM> [backupname]
restore <SDCRBAEM> [backupname]
wipe <partition name>
format data
sideload
set <variable> [value]
decrypt <password> [USER ID]
remountrw
fixperms
mount <path>
unmount <path>
print <value>
mkdir <directory>
reboot [recovery|poweroff|bootloader|download|edl]
tucana:/ # twrp decrypt **********
Attempting to decrypt data partition or user data via command line.
Failed to decrypt data.
Click to expand...
Click to collapse
Can u partition sd card if not can u install recovery ramdisk
Austinredstoner said:
Can u partition sd card if not can u install recovery ramdisk
Click to expand...
Click to collapse
What would be the purpose of partitioning the fs? Not to mention it would like cause data loss
insetta said:
What would be the purpose of partitioning the fs? Not to mention it would like cause data loss
Click to expand...
Click to collapse
That maybe true I can't think of anything else the only thing I can still think of is dm verify or vbmeta
Austinredstoner said:
That maybe true I can't think of anything else the only thing I can still think of is dm verify or vbmeta
Click to expand...
Click to collapse
"dm verify or vbmeta"
Sound familiar, please elaborate
insetta said:
"dm verify or vbmeta"
Sound familiar, please elaborate
Click to expand...
Click to collapse
How to enable and disable dm verity on android user build
How to enable and disable dm verity on android user build. adb root, adb disable-verity, adb enable-verity. remount failed: permission denied
5gnotes.com
Austinredstoner said:
How to enable and disable dm verity on android user build
How to enable and disable dm verity on android user build. adb root, adb disable-verity, adb enable-verity. remount failed: permission denied
5gnotes.com
Click to expand...
Click to collapse
Encryption / decryption of /sdcard partition relies on PIN/password set and stored in file /data/system/locksetting.db.
Neither AVB 1.0 ( AKA DM-Verity ) nor AVB 2.0 (read: Android Verified Boot - available only on project Treble devices) have anything to do with encryption / decryption of Android partitions: their purpose is the verification of the Android OS through the bootloader when phone gets started.
insetta said:
tucana:/ # twrp decrypt **********
Attempting to decrypt data partition or user data via command line.
Failed to decrypt data.
Click to expand...
Click to collapse
Look into Android's file /cache/recovery/log to get the reason why TWRP's decrypt fails.
Why not pull content of /sdcard to PC ( e.g. TAR-archived ) and then do a factory reset to get rid of the encryption?
jwoegerbauer said:
Look into Android's file /cache/recovery/log to get the reason why TWRP's decrypt fails.
Why not pull content of /sdcard to PC ( e.g. TAR-archived ) and then do a factory reset to get rid of the encryption?
Click to expand...
Click to collapse
Because pulling encrypted /storage is pointless. First I need to be able to decrypt them.
Because pulling encrypted /storage is pointless. First I need to be able to decrypt them.
Looked into the TWRP log, and seems like it uses the native android Keymaster HAL 4 to decrypt the storage, but it ran into some issues:
This is on TWRP boot:
Bash:
I:Setting up '/data' as data/media emulated storage.
I:mount -o bind '/data/media' '/sdcard' process ended with RC=0
I:mount -o bind '/data/media/0' '/sdcard' process ended with RC=0
I:File Based Encryption is present
e4crypt_initialize_global_de
Determining wrapped-key support for /data
fbe.data.wrappedkey = true
Wrapped key supported on /data
calling retrieveAndInstallKey
Key exists, using: /data/unencrypted/key
Using Keymaster HAL: 4 from QTI for encryption. Security level: TRUSTED_ENVIRONMENT, HAL: [email protected]::IKeymasterDevice/default
begin failed, code -62
Upgrading key in memory only: /data/unencrypted/key
upgrade_key failed, code -38
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de
Determining wrapped-key support for /data
fbe.data.wrappedkey = true
Wrapped key supported on /data
calling retrieveAndInstallKey
Key exists, using: /data/unencrypted/key
Using Keymaster HAL: 4 from QTI for encryption. Security level: TRUSTED_ENVIRONMENT, HAL: [email protected]::IKeymasterDevice/default
begin failed, code -62
Upgrading key in memory only: /data/unencrypted/key
upgrade_key failed, code -38
e4crypt_initialize_global_de returned fail
And this is after I wanted to decrypt it:
Bash:
I:Command 'decrypt *************' received
I:Set page: 'singleaction_page'
I:operation_start: 'TWRP CLI Command'
Attempting to decrypt data partition or user data via command line.
E:Unexpected value for crypto key location
E:Error getting crypt footer and key
E:Could not get footer
Failed to decrypt data.
I:Done reading ORS command from command line
I:operation_end - status=0
I also would like to decrypt my phone. I have access to adb shell, fastboot and twrp. Is there any news on how to do it?