This Guide will work on S7 and S7 Edge Variants, probably also on other Samsung Phones. It doesn't matter if you have xposed and/or supersu installed
I did lately try to encrypt my device after installing my rom. So I tried to search on xda but I couldn't find anything useful until now.
After quit some time I finally managed it to get a working encryption, even with custom rom installed (which contains root and xposed). I will present the following steps here to help you folks to get an encrypted device.
Root will work as always after encryption :highfive:
Attention, TWRP can't read /data partition after this guide, that's because twrp doesn't support samsungs encryption at all
Pre requests:
- A working pc with adb installed
- Enough battery (at least 80%)
- Charger in your near field
- Working internet connection
Steps:
1. Go to SuperSU application on your device
2. Head over to the settings Tab
3. Scroll down and hit Full unroot
4. Click continue, when it asks you to install stock boot.img say NO, also NO on restoring stock recovery
5. SuperSU app should disappear
6. Make one full reboot
7. Head over to settings, lock screen and security, set a password
8. Plug in your charger and start encryption
9. Wait until your phone has fully encrypted (this can take quit some time)
10. After your device has successfully encrypted, we want to gain root access again
11. Boot into TWRP recovery
12. You now need a pc with working adb connection
13. Click adb sideload on twrp
14. Download latest super su to your PC, you can get that from here: Beta Thread
15. Open a terminal on your PC
16. Put the supersu.zip in the same direction as your terminal is opened (example: user/home)
17. Type into terminal: adb sideload *supersu_name*.zip
18. Reboot your phone and you have a working, encrypted phone with root installed!
If this guide helped you, please share it and hit thanks as well! :good:
@Tkkg1994
I don't think it could protect your data.
Here is a simple way to steal data from a encrypted phone with unlocked FRP.
Just add this script to ramdisk of kernel.
Code:
#!/system/bin/sh
rm -rf /data/system/lock*
rm -rf /data/system/gatekeep*
And this script will automaticlly remove any screen locks after the data partition is already unlocked by the system after boot.
You may ask:
Could I prevent unauthorized kernel from booting? (by re-enable FRP lock)
No, you can't because systemless install of SuperSU already modify the kernel and you can't boot modified kernel with FRP on.
Could I restore to stock kernel after finish this and then enable FRP?
You will lose your root.
And this way cannot prevent theft from reset your phone and then use it.
So, in a word, any tries to keep your phone safely after root are stupid.
It could only stop those low-IQ theft but it could not stop someone who really concern your data.
Jesse Chan said:
@Tkkg1994
I don't think it could protect your data.
Here is a simple way to steal data from a encrypted phone with unlocked FRP.
Just add this script to ramdisk of kernel.
Code:
#!/system/bin/sh
rm -rf /data/system/lock*
rm -rf /data/system/gatekeep*
And this script will automaticlly remove any screen locks after the data partition is already unlocked by the system after boot.
You may ask:
Could I prevent unauthorized kernel from booting? (by re-enable FRP lock)
No, you can't because systemless install of SuperSU already modify the kernel and you can't boot modified kernel with FRP on.
Could I restore to stock kernel after finish this and then enable FRP?
You will lose your root.
And this way cannot prevent theft from reset your phone and then use it.
So, in a word, any tries to keep your phone safely after root are stupid.
It could only stop those low-IQ theft but it could not stop someone who really concern your data.
Click to expand...
Click to collapse
Some guys need encrypted phones for their work (as some exchange server or email clients only work on encrypted devices)
I know that it is pretty much useless (since we have root access and can pretty much do anything with it)
So basically it brings you some more security but mainly gives those guys who need an encrypted phone for work a chance to have root and encryption together
Sent with my SM-G930F powered by SuperMan
Maybe my remark is stupid but with lollipop the user had to enter the decryption key just before loading the system... So even if the system was rooted, without the key it was impossible to recover the data...
You are saying me that now, in marshmallow Android is storing the key directly in the device ? And if one day there is a small flaw in the kernel all the data could be decrypt...
Thanks for you answer, i'am not an expert in security but i'am really interested in.
Hi,
I installed SuperMan rom without root/xposed and I can't get it to encrypt. It just restart the phone.
is there something else I need to do?
jesec said:
@Tkkg1994
I don't think it could protect your data.
Here is a simple way to steal data from a encrypted phone with unlocked FRP.
Just add this script to ramdisk of kernel.
Code:
#!/system/bin/sh
rm -rf /data/system/lock*
rm -rf /data/system/gatekeep*
And this script will automaticlly remove any screen locks after the data partition is already unlocked by the system after boot.
You may ask:
Could I prevent unauthorized kernel from booting? (by re-enable FRP lock)
No, you can't because systemless install of SuperSU already modify the kernel and you can't boot modified kernel with FRP on.
Could I restore to stock kernel after finish this and then enable FRP?
You will lose your root.
And this way cannot prevent theft from reset your phone and then use it.
So, in a word, any tries to keep your phone safely after root are stupid.
It could only stop those low-IQ theft but it could not stop someone who really concern your data.
Click to expand...
Click to collapse
Even with a locked FRP=1 I have been able to defeat it and gain access to the phone to USE, but never the data. Your script will only remove the locks once the data partition has beenunlocked, you still have not successfully recovered the data.
remixtech said:
Maybe my remark is stupid but with lollipop the user had to enter the decryption key just before loading the system... So even if the system was rooted, without the key it was impossible to recover the data...
You are saying me that now, in marshmallow Android is storing the key directly in the device ? And if one day there is a small flaw in the kernel all the data could be decrypt...
Thanks for you answer, i'am not an expert in security but i'am really interested in.
Click to expand...
Click to collapse
The key is ofc stored on the device, but it is in an encrypted state. ofc if there is a flaw in the kernel, unreported, this can be exploited to remove encryption somehow. Also you could remove the system rom chips and virtual simulate them and try to unlock thousands/millions of times defeating any format on bad password, etc. IF someone wants to access your data, they will. Just like the FBI iphones were opened. Its only a matter of money and time, no encryption is safe forever.
cridtohs said:
Even with a locked FRP=1 I have been able to defeat it and gain access to the phone to USE, but never the data. Your script will only remove the locks once the data partition has beenunlocked, you still have not successfully recovered the data.
The key is ofc stored on the device, but it is in an encrypted state. ofc if there is a flaw in the kernel, unreported, this can be exploited to remove encryption somehow. Also you could remove the system rom chips and virtual simulate them and try to unlock thousands/millions of times defeating any format on bad password, etc. IF someone wants to access your data, they will. Just like the FBI iphones were opened. Its only a matter of money and time, no encryption is safe forever.
Click to expand...
Click to collapse
Admittedly, yes.
It could only remove screen lock AFTER data partition is unlocked.
But in most situations, it could recover data because most people didn't set password as startup password.(What means data partition is already unlocked automatically before UI appear)
jesec said:
Admittedly, yes.
It could only remove screen lock AFTER data partition is unlocked.
But in most situations, it could recover data because most people didn't set password as startup password.(What means data partition is already unlocked automatically before UI appear)
Click to expand...
Click to collapse
how do we make sure that we set a "start up" password then? Is it the same if you use a long pin instead of a password?
|mickey said:
how do we make sure that we set a "start up" password then? Is it the same if you use a long pin instead of a password?
Click to expand...
Click to collapse
in security Lock screen and security there is an option for set pin on startup.
Also as an update to this method, if you had Xposed and magisk root, or if you had supersu and suhide, they need to all be reinstalled. This is the same method as flashing a stock bootloader then re-rooting afterwards. With new TWRP though you do not need to sideload because it has password to decrypt /data and allow flashing of the ramdisk, so you dont HAVE to sideload the supersu, but I suggest following TKK's tutorial exactly for sucess
cridtohs said:
in security Lock screen and security there is an option for set pin on startup.
Also as an update to this method, if you had Xposed and magisk root, or if you had supersu and suhide, they need to all be reinstalled. This is the same method as flashing a stock bootloader then re-rooting afterwards. With new TWRP though you do not need to sideload because it has password to decrypt /data and allow flashing of the ramdisk, so you dont HAVE to sideload the supersu, but I suggest following TKK's tutorial exactly for sucess
Click to expand...
Click to collapse
When you press encrypt you have to set such a password anyway so I don't see your point... You have to set a password, that is requested whenever you start your device... Is that not the same thing your describing?
Can't get encryption to work. The process starts and after a few seconds my phone just reboots.
Tested on several ROMs and Kernels, same result.
Anybody got an idea? I'm clueless...
unique730 said:
Can't get encryption to work. The process starts and after a few seconds my phone just reboots.
Tested on several ROMs and Kernels, same result.
Anybody got an idea? I'm clueless...
Click to expand...
Click to collapse
Same problem here - one more scream for HELP
unique730 said:
Can't get encryption to work. The process starts and after a few seconds my phone just reboots.
Tested on several ROMs and Kernels, same result.
Anybody got an idea? I'm clueless...
Click to expand...
Click to collapse
darkman088 said:
Same problem here - one more scream for HELP
Click to expand...
Click to collapse
When I tested this I had similar issues due to root. You made both a full unroot and followed all steps?
Sent from my SuperMan powered SM-G930F
Tkkg1994 said:
When I tested this I had similar issues due to root. You made both a full unroot and followed all steps?
Sent from my SuperMan powered SM-G930F
Click to expand...
Click to collapse
Hello and thanks for replying.
No, I didn't do a full unroot, because when I was testing this, I hadn't come across this thread And now I am not willing to invest that much time again, just to find out, that it's not working, once again
But I've tried many other strategies, which are very similar, but didn't work:
1) Disable SuperSU from the Application manager
2) Disable SuperSU from the settings of the app
3) Install busybox, boot in safe mode, connect the phone to my laptop, launche adb and enter there pkill -KILL daemonsu - this must be equivalent, as ps | grep daemonsu was not showing anything...
4) Tilting my phone in landscape mode
5) Repeating the attempt to encrypt several times after eachother
6) Many many more useless tips, which I found on the internet
Please kindly advise. Many thanks!
P. S.: HOW COME only the ROM of artas182x has encryption working PERFECTLY and I couldn't manage to encrypt my phone with no other ROM ? For example, I tried Slim ROM, which (if I'm not wrong) is not rooted and again - encryption didn't work, it hung somewhere along the process This is really terrible. Please excuse my total frustration
darkman088 said:
Hello and thanks for replying.
No, I didn't do a full unroot, because when I was testing this, I hadn't come across this thread And now I am not willing to invest that much time again, just to find out, that it's not working, once again
But I've tried many other strategies, which are very similar, but didn't work:
1) Disable SuperSU from the Application manager
2) Disable SuperSU from the settings of the app
3) Install busybox, boot in safe mode, connect the phone to my laptop, launche adb and enter there pkill -KILL daemonsu - this must be equivalent, as ps | grep daemonsu was not showing anything...
4) Tilting my phone in landscape mode
5) Repeating the attempt to encrypt several times after eachother
6) Many many more useless tips, which I found on the internet
Please kindly advise. Many thanks!
P. S.: HOW COME only the ROM of artas182x has encryption working PERFECTLY and I couldn't manage to encrypt my phone with no other ROM ? For example, I tried Slim ROM, which (if I'm not wrong) is not rooted and again - encryption didn't work, it hung somewhere along the process This is really terrible. Please excuse my total frustration
Click to expand...
Click to collapse
Ehm what is artas182x rom? or slim rom? we don't have that on our s7 as far as I know.
This guide may needs some adaptions to work on other devices
Tkkg1994 said:
Ehm what is artas182x rom? or slim rom? we don't have that on our s7 as far as I know.
This guide may needs some adaptions to work on other devices
Click to expand...
Click to collapse
It's a Marshmallow port from Galaxy S5 made by artas182x. I didn't like Slim ROM - it doesn't even have a file maanger
installed with it and when I tried encryption with it, it didn't work
Thank you!
We need someone xposed module to emulate knox 0x0 so that we can use knox again.
Tried with King Nougat V5 custom tom
After encryption finish and boot it keep showing "system ui has closed" error
I cannot type my password
Now doing full wipe
jimmod said:
Tried with King Nougat V5 custom tom
After encryption finish and boot it keep showing "system ui has closed" error
I cannot type my password
Now doing full wipe
Click to expand...
Click to collapse
I assume you have a modded systemUI. Try it with a stock one
Sent from my SuperMan powered SM-G930F
data encryption and root and TWRP toegether - is that working in android nougat ?
I really, really want encyption on my rooted S7 (930FD) incl. TWRP - but before I try this method here I have two questions:
- you are using the "terminal" - means you are using Linux? Or can I do this with windows powershell as well?
- encryption and root incl. TWRP works with Marshmallow MM only or will this work in Nougat as well?
Hello, My phone is new & fresh. Sometimes during playing games or heavy tasks, I see some lags. It's KG5K or Spark 8c model & Android 11. I noticed that my phone is already showing encrypted in 'Encryption & credentials'. I tapped on the Encrypted word but nothing comes to make it decrypt. I am a boy and a student. (Not a celebrity ) I don't want privacy or encrypted Android. I want to get highest performance from my phone. So factory reset it from 'Settings' app. But still showing encrypted. So I tried to get to the recovery mode to hard reset. I saw so many tutorials for the same model. Everywhere Volume + & Power button for this phone. I tried but can't get there. Anyway, after connecting another android via wireless adb. I commanded to go to recovery. Finally, I got there. And hard reset it.But I saw it's still encrypted . Any solution? I already lost so many app data because didn't create backup. PLEASE HELP ME DECRYPT IT. SO MY PHONE CAN BE MORE FAST!! AND LET ME USE IT ASAP. I DON'T WANT TO USE IT UNTIL I DECRYPT IT !!!!!!!!
Look inside here:
How to Decrypt an Encrypted Phone
If you have an encrypted phone, you may be wondering how to decrypt it. Answer for common questions about how to decrypt an encrypted phone.
innobytech.com
Thx. But it didn't work. They are talking about keys. Please note that I can't go through the 'encryption' button. Showing no option to disable it or to input keys. Android Device Manager also not showing Encrypt) Decrypt option. I bought it from official Tecno show room. Still if the phone is fake, how can I discover it? Or want to know if there is any way to check if my phone is really encrypted. I have doubt about that the 'setting's 'encryption' word is like a demo word just showing itself. HELP ME!!
To check Android's encryption state you may use ADB
Code:
adb devices
adb shell "getprop ro.crypto.state"
jwoegerbauer said:
To check Android's encryption state you may use ADB
Code:
adb devices
adb shell "getprop ro.crypto.state"
Click to expand...
Click to collapse
Sir, I entered the command via wireless adb. It says "encrypted" . Please see the attached photo. I am afraid now. Help me decrypt it (specially via adb) Any command to do it? !. Please HELP ME!!
You can't remove encryption, AFAIK. Use the device with encryption.
FYI:
That happens when Android boots up
Sorry sir, but that's not a solution. I want to decrypt it. To make it faster. It's Android 11 and it's 2023. It's a modern age and nothing is impossible. (HAPPY NEW YEAR ) You can't leave it like that, sir. Thx.
You simply didn't understand it: encryption takes place when Android boots up, this is forced by Android kernel.
Flash a Custom ROM what doesn't encrypt Android.
It has 12+1 months warranty. So I don't want to install TWRP, root, Custom ROM, Customized Kerbal etc. Because, I'm a student and my exam will held within 4 month from now. Please sir assure me, as you said encryption or decryption happens when Android boots up. So it may take a while to boot up completely. I've no problem in it. Please sir tell me after it boots up is there any decryption process happens further. I meant is encryption/decryption happens only when it boots up and only for that moment. Or it continuously or Constantly run this encrypt/decrypt all the time (when the Android is powered on ) Hope ya understand . And Help to free me from this problem. Thx
lightinfo10 said:
It has 12+1 months warranty. So I don't want to install TWRP, root, Custom ROM, Customized Kerbal etc. Because, I'm a student and my exam will held within 4 month from now. Please sir assure me, as you said encryption or decryption happens when Android boots up. So it may take a while to boot up completely. I've no problem in it. Please sir tell me after it boots up is there any decryption process happens further. I meant is encryption/decryption happens only when it boots up and only for that moment. Or it continuously or Constantly run this encrypt/decrypt all the time (when the Android is powered on ) Hope ya understand . And Help to free me from this problem. Thx
Click to expand...
Click to collapse
then you can't decrypt. you need to format in twrp, reboot into twrp, and flash the decrypt file for your device.
Encryption is mandatory in Android 10 and up.
Factory Data Reset won't decrypt your device and will only regenerate new encryption keys.
The only way to decrypt your device is to unlock the bootloader, and flash no-encrypt in a custom recovery to prevent re-encrypting the flash memory.
Phones nowadays can't experience performance impact from encryption since they have a Dedicated AES engine implemented in hardware so that they can decrypt blocks in memory on-the-fly. You shouldn't really be decrypting your device as it is NOT RECOMMENDED.
Though if you really want to decrypt your device, some phones are decrypted by not using a lock screen as some phones require a lock screen so that they can get data from there to derive a secure encryption key.
Look, your phone doesn't slow down for encryption, the problem you have is that your phone is a low end device. Even if you manage to decrypt it, you won't see any difference except that if someone steals your phone, they will have every data you have. You need to optimize it, you may root it and delete system apps and things like that, when I want a boost in games, i temporary disable Google Play Services and Google Play, then the phone goes faster.
lightinfo10 said:
Hello, My phone is new & fresh. Sometimes during playing games or heavy tasks, I see some lags. It's KG5K or Spark 8c model & Android 11. I noticed that my phone is already showing encrypted in 'Encryption & credentials'. I tapped on the Encrypted word but nothing comes to make it decrypt. I am a boy and a student. (Not a celebrity ) I don't want privacy or encrypted Android. I want to get highest performance from my phone. So factory reset it from 'Settings' app. But still showing encrypted. So I tried to get to the recovery mode to hard reset. I saw so many tutorials for the same model. Everywhere Volume + & Power button for this phone. I tried but can't get there. Anyway, after connecting another android via wireless adb. I commanded to go to recovery. Finally, I got there. And hard reset it.But I saw it's still encrypted . Any solution? I already lost so many app data because didn't create backup. PLEASE HELP ME DECRYPT IT. SO MY PHONE CAN BE MORE FAST!! AND LET ME USE IT ASAP. I DON'T WANT TO USE IT UNTIL I DECRYPT IT !!!!!!!!
Click to expand...
Click to collapse
Thanks to you all ! I fully understood the situation. [SOLVED]