I have had my u11 going on 4 + years, and some things about it I understand quite well and other things not so much ,,with that being said I have 2 part question, is it possible to decrypt pie with twrp and if so how do you know its decrypted? What action or actions can be performed with a decrypted stock pie rom? Thanks for any and all replys.
Um by decrypted meaning usually removing the pin or password or pattern or whatever form of lock screen you have.
Having an unencrypted data partition allows you to make modifications to twrp without any issues but allows intruders for the same.
I have a port of TWRP like orangefox or blackhawk which allows decryption of the data partitiln by entering the lock screen password in twrp itself.
Related
Hi all,
I'm planning to root my encrypted Nexus 5 with Lollipop by the latest CF Auto Root. Is it still the case that encrypted phones will be wiped by CF Auto Root? Chainfire said that would no longer be the case on 11 October 2014 (head to his Google+ page for the post). I'm wondering if the latest CF Auto Root for Nexus 5 Lollipop will wipe my encrypted storage.
It would be great if Chainfire could answer my question.
Thanks!
yes, it will no longer touch the data.
See his October 10, 2014 post.
CF-Auto-Root
There have been a few changes to the CF-Auto-Root installer as well. One noteworthy one is that in preparation for L having encryption enabled by default, it no longer touches /data. This is both good and bad.
The good is that it doesn't need to know your decryption key, the process remains automatic, and encrypted phones are no longer wiped on usage of CF-Auto-Root.
The bad is that this means some /data cleanup code is run on first boot after rooting, which may trigger a (one) reboot in the process. I do not expect bootloops because of this, it works fine on all the devices I have tested it on, but you never know.
Additionally, because CF-Auto-Root cannot distinguish between a garbage and an encrypted partition, it no longer fixes OEM unlock issues. On several fastboot based devices, the OEM unlock command, instead of formatting /data and /cache, wipes them. Android will not automatically re-format them anymore (used to in 2.x days), which means that your device will forever bootloop until you manually format /data and /cache (which CF-Auto-Root did for you automatically in the past).
Last but not least, some changes have been made to allow the progress to be visible on some new Qualcomm based devices. While I would normally not waste words on something as trivial as this, I would like to point out that these devices no longer support fbdev to put content on screen, but instead use something called Qualcomm overlay. Nothing basically wrong with that either, aside from the absolutely horrid fact that the interface to this changes between different kernels in a completely incompatible way, pretty much requiring a userspace program to use the exact right version of kernel headers to do something as basic as putting anything onscreen. Making a non-kernel specific binary that support a wide range of devices is thus now nigh impossible unless some very ugly code and errorprone methods are employed. As such, I expect that ultimately there will be no visual progress for CF-Auto-Root anymore on Qualcomm based devices, as I certainly can't be bothered keeping track of these shenanigans.
Click to expand...
Click to collapse
Thanks. This is the post that I was referring to.
Has anyone with encrypted Nexus 5 tried it out yet?
matthew01202 said:
Thanks. This is the post that I was referring to.
Has anyone with encrypted Nexus 5 tried it out yet?
Click to expand...
Click to collapse
Encrypted Nexus 6 works fine. Didn't wipe anything. I'm sure it's the same for the N5.
Why is there no Encrypt device in settings security ? this is hugely important and i can't understand why Oppo decided it's a good idea to remove this ! is there a way to force-enable it ?
To enable encryption you
1. need a ROM that support it. Oppo does not.
2. need a partitioning that support it, r7plusf's doesn't.
3. want a recovery that can decrypt it.
1. CyanogenMod and aicp works. Need one or two fixes though.
2. /data need to be repartitioned, it does not have space for the encryption footer.
3. twrp(3.0.2) can currently not decrypt the device.
1 and 2 is not hard to do, but you still want the recovery to work for updates and backups. I changed a few things and got aicp running with encryption, but found no way to decrypt data in recovery.
Wait and see if Oppo release mm for r7+f, it might have encryption on it (it should have).
teemo said:
To enable encryption you
1. need a ROM that support it. Oppo does not.
2. need a partitioning that support it, r7plusf's doesn't.
3. want a recovery that can decrypt it.
1. CyanogenMod and aicp works. Need one or two fixes though.
2. /data need to be repartitioned, it does not have space for the encryption footer.
3. twrp(3.0.2) can currently not decrypt the device.
1 and 2 is not hard to do, but you still want the recovery to work for updates and backups. I changed a few things and got aicp running with encryption, but found no way to decrypt data in recovery.
Wait and see if Oppo release mm for r7+f, it might have encryption on it (it should have).
Click to expand...
Click to collapse
Got it ! Thanks for the info !
I've searched but the answers seem mixed.
Does Mate 9/Mate 9 Pro have device encryption out of the box? I'm not talking about the fingerprint or PIN lock but the real device encryption in case you lost your phone and the person picked it up tries to bypass locks to get your data.
Have anyone done some serious science to test or verify this?
supposedly all android >= 6.0 are encrypted. Just trust google & huawei
The german Huawei Support say it isnt. You also cant change the decryption Type in the developer section. There is no Option. Any Experts can answer?
Nexus-Nerd said:
The german Huawei Support say it isnt. You also cant change the decryption Type in the developer section. There is no Option. Any Experts can answer?
Click to expand...
Click to collapse
This made me curious since the device can be used without any password or pattern lock, what would be encryption key it uses if there is any?
It uses file-based encryption on /data by default.
https://source.android.com/security/encryption/file-based.html
However, the flag in Mate 9's kernel is fileencryptioninline.
Might be something Huawei changed.
The other thing protecting the partitions is DM-Verity.
Both encryption and verity can be disabled.
The stock image of huawei doesn't use the default android encryption method. However, if you flash a so-called "decrypted" image from https://forum.xda-developers.com/mate-9/development/boot-force-encryption-boot-images-t3558679 , you get all the standard android encryption tools.
Hi, I am using samsung galaxy s7 delivered with an android version before version 7 nougat.
At first I updated OTA. But yesterday I flashed android 7 (last version) via Odin and repartition option. So it should be a clean installation.
As I understood there is file based encryption instead of full encryption now. Bringing an option called direct boot.
As I read the secure startup option should not be available in android 7 (if updated with full wipe). But I also read that it was added again in a newer version of android 7.
I tought if direct boot (without secure startup option) is enabled the device will boot untill lock screen and some option like calls, notifications.. are available. But for example if there is a call, only the number not the name will be displayed because contacts are still encrypted. But when I tested it, the name is displayed. So I think there is no direct boot encryption in my device? Otherwise when I enable secure boot option I have to type in my password before there are notifications and calls.. available...
I want this: After restarting the galaxy s7 it should boot to lock screen. Some notifications and so on should be available (what I think this is direct boot), but my private datas should still be encrypted in a very secure way. After typing in my password all the other apps should be available. After locking the screen encryption protection should be there..
So how can I check if my galaxy s7 is using file based enryption? and why is there still the option "secure boot"? does it bring any advantage in how secure the encryption is? and why?
I am very confused. I would be so glad if anyone can help me! Thank you so much!
Kind regards alex
(please excuese the bad english, I hope everything is understandable...)
@SkewedZeppelin
Hello, I installed the latest DivestOS version today as I was previosuly pretty dissapointed with standard LineageOS due to the amount of google and propiertry blobs it contained. I have followed divestOS for a while now and when my Lineage boot looped this morning I thought it was a good time to test DivestOS.
First off, I am very impressed with DivestOS, extremely slimmed down OS and I am much more comfortable with the privacy aspects that DivestOS is accomplishing. So thank you for all your efforts with the OS, it really is great and I would without a doubt recommend anyone who hasn't given it a spin to try it asap.
Now, I have a few issues I hoped @SkewedZeppelin or anyone else for that matter might be able to help me with. I have read the DivestOS documentation completely so understand what the recommendations and preferences of the developer is and why. I get it. That being said, we don;t live in an ideal world and unfortunately I do have some specific requirements that I can't go without and so I wanted to see how/if they could be incorporated. First of, which I know is a big no-no for the DivestOS developer, I need to root. I absolutely require call recording and without the native ability to automatically do it I have to really on a very good magisk module. Secondly, I need to be able to use TWRP with the ROM. I know TWRP has not been great with Lineage build but, I was able to unencrypt lineage-20.0-20230105 with the last @Siddk version, which the developer has now discontinued. So https://forum.xda-developers.com/t/recovery-11-12-13-unofficial-twrp-for-oneplus-6-6t.4382121/ is the last version I can use. Unfortunately @Siddk TWRP does not unencrypt the latest DivestOS. I need TWRP for recovery, like this morning when my lineageos boot looped for no apprent reason all my private data was lost, only for @Siddk TWRP saved the day and allowed me to unencrypt and adb pull it all out.
So to overcome these hurdles I would like to install an older version of DivestOS that would allow @Siddk TWRP to work. I had a copy of divested-20.0-20230123 so tried that but it is also too new and not working with TWRP. I would then assume that although the DivestOS is strongly against rooting, I would be able to flash Magisk as normal and then flash TWRP as my recovery. So i end up with an older DivestOS, running TWRP recovery, rooted with Magisk so I can run the call record magisk module. I am aware that rooting will effect future updates however I won't be wanting future updates because I need to stay on the same version to make sure TWRP continues to work.
Sooo, a very long winded way of asking for some links to older DivestOS builds, based on lineage-20.0-20230105 that @Siddk TWRP will work on and also to double check that I can infact still root the OS (even against the advice of the developer) if that is what i need to do.
Many thanks
You don't need an older build.
Just use the latest LineageOS recovery to flash Magisk and then you'll have root for your call recorder app.
Backup your device using Seedvault + copying files over MTP.
Also note there is a known issue recently on these devices where they may appear to bootloop, but it is just a race-condition and you can reboot a few times and they'll work: https://gitlab.com/LineageOS/issues/android/-/issues/5587
Thanks. I prefer a custom receovery (TWRP) that can decrypt the phone so when the phone does crash I have access to my data and it can be saved. If I couldn't use TWRP yesterday then everything since my last backup would have been lost for me. Do you have any links to older builds? Is it something you could possible provide?
Dissapointing that you chose just to ignore my last post. Pretty valid points on my part. Guess you want to keep your build locked down rather than having it open to user. Always a privacy and security concern when developers go down that route.
xs_pam said:
Dissapointing that you chose just to ignore my last post. Pretty valid points on my part. Guess you don't want to keep your build locked down rather than having it open to user. Always a privacy and security concern when developers go down that route.
Click to expand...
Click to collapse
mate the source code is right here, if you don't like my decisions you're welcome to compile with anything you want included: https://github.com/divested-mobile
there is even a written and video version of the build guide to make it very easy: https://divestos.org/pages/build
xs_pam said:
TWRP
Click to expand...
Click to collapse
Is not supported by DivestOS due to the stronger encryption used: https://github.com/Divested-Mobile/...d_system_extras/0001-ext4_pad_filenames.patch
you'd have to compile TWRP with that patch included
I understand, it's your ball, your decisions. Open source developers usually make previous releases available to allow users to snag issues etc, that was all I was asking but I accept your decison.
If TWRP would not work in any event, that means that there is no effective data recovery mechanism for your OS? You are maybe isolating a large part of your market there, I understand there is trade off between security and accesss but I would suggest the option to recover personal data form a bricked/looped OS would be more in demand than having data that absolutely no one can recover, including by the owner. At the end of the day having a recovery option uses the same access decryption method as the general phone access, means the data would still be as secured with a recovery option as it would be on a functioning os. It's the same methos to decrypt.
xs_pam said:
Open source developers usually make previous releases available
Click to expand...
Click to collapse
That is hundreds of gigabytes for each release batch, do you wanna pay that server bill?
That idea of yours wouldn't even work and as noted isn't even neccessary to get Magisk installed.
xs_pam said:
no effective data recovery mechanism for your OS
Click to expand...
Click to collapse
Seedvault is included for app backups.
xs_pam said:
no one can recover
Click to expand...
Click to collapse
it is your responsibility to make backups of your data regardless of what software you use
Fairpoint, I didn't realise the server costs were such an issue.
Your conflating back-up and recovery, they are two seperate things. Backing up is scheduled and planned, recovery is not. Unless you are backing up and then extracting that backup from your phone multiple times per day then you are at risk of losing important data should the unexpected occur. Data recovery is AS important but seperate to backing up. An OS without a data recovery option, or that blocks data recovery options, is significantly lacking. I understand that you use the lineage recovery but that does not provide an option to recover data.
xs_pam said:
Fairpoint, I didn't realise the server costs were such an issue.
Your conflating back-up and recovery, they are two seperate things. Backing up is scheduled and planned, recovery is not. Unless you are backing up and then extracting that backup from your phone multiple times per day then you are at risk of losing important data should the unexpected occur. Data recovery is AS important but seperate to backing up. An OS without a data recovery option, or that blocks data recovery options, is significantly lacking. I understand that you use the lineage recovery but that does not provide an option to recover data.
Click to expand...
Click to collapse
there are workarounds to what you are trying to achieve, i don't own a oneplus but i have achieved it with this OS.