This is a basic gui I wrote to unlock my encrypted partitions during boot.
I'm running my /data and /sdcard partitions encrypted, and the "luksunlock" binary is launched from init.rc to read the password and unlock the encrypted partitions.
I have included my somewhat modified init.rc for those interested.
For more information about LUKS on Android see this blogpost, written by shawn (Seems I'm not allowed to have urls in the post, but Google for 'android luks' , first hit)
This works good on Wildfire, altough it should work fine on other phones as well. Just remember that you need to set up your partitions as in the luksunlock.c (or change the defines).
Dont forget to backup before you start playing around!
Good luck!
Thanks! i'll give a try!
Hi,
I tried to use your cryptsetup binary from your blog, but I have some issues that you'll sure have an answer:
I run ./cryptsetup luksFormat -c aes-plain /dev/block/loop2 and after i put the luks password it says 'Command failed', no logs, no other output, even using the -v flag...
Any clue?
Thanks in advance!
PS: the module dm-crypt is necessary for cryptsetup? could be this the error? I don't have it installed on the system because I can't find it for 2.6.35.9-cyanogenmod
tusabe said:
Hi,
I tried to use your cryptsetup binary from your blog, but I have some issues that you'll sure have an answer:
I run ./cryptsetup luksFormat -c aes-plain /dev/block/loop2 and after i put the luks password it says 'Command failed', no logs, no other output, even using the -v flag...
Any clue?
Thanks in advance!
PS: the module dm-crypt is necessary for cryptsetup? could be this the error? I don't have it installed on the system because I can't find it for 2.6.35.9-cyanogenmod
Click to expand...
Click to collapse
CM6.1 for wildfire uses a 2.6.32 kernel (see HCDR.jacob's post about his custom kernel for more info)
tusabe said:
PS: the module dm-crypt is necessary for cryptsetup? could be this the error? I don't have it installed on the system because I can't find it for 2.6.35.9-cyanogenmod
Click to expand...
Click to collapse
Yeah you really need dm-crypt support, either compiled into the kernel or as a module. You also need the AES ciphers support.
sigkill1337 said:
Yeah you really need dm-crypt support, either compiled into the kernel or as a module. You also need the AES ciphers support.
Click to expand...
Click to collapse
Hi! Yeah, that's what I was afraid of.... ok, but the problem is that i'm running CM6.1 with 2.6.35.9 which has no dm-crypt module neither compiled in kernel... where can i find some kernel with this modules included? Is for an HTC Desire (@Sympnotic )
Thanks in advance!
Great work and thanks for sharing @Sigkill. Working on building it here for my NexusOne with CM6.1.
BTW, I’m the lead on a project working on general secure Android distro – we’ve ported Tor, have an OTR IM app, and have supported other projects along those lines. Would love to talk more about supporting anyone working on this specific capability.
wow! awesome work!!! Very exciting news. Gonna give this a go on my MyTouch Slide
NathanFreitas said:
Great work and thanks for sharing @Sigkill. Working on building it here for my NexusOne with CM6.1.
BTW, I’m the lead on a project working on general secure Android distro – we’ve ported Tor, have an OTR IM app, and have supported other projects along those lines. Would love to talk more about supporting anyone working on this specific capability.
Click to expand...
Click to collapse
Seems really nice. I like the secure phone concept.
New Makefile and wiki info up
_hc from the @guardianproject has a new build process up for Crypsetup/LUKS which includes a Makefile compatible with Android NDK r5.
We have new instructions up on our wiki, as well.
I cannot post links under this account, but you can find the info on github if you search "LUKS" or just under our guardianproject account.
How did you create the encrypted partitions? Could you give some pointers for that. I am familiar with using dmcrypt/cryptsetup on desktop linux, I guess this works similar. What are the relevant device names? Did you run into any problems?
Calavera1 said:
How did you create the encrypted partitions? Could you give some pointers for that. I am familiar with using dmcrypt/cryptsetup on desktop linux, I guess this works similar. What are the relevant device names? Did you run into any problems?
Click to expand...
Click to collapse
Hi, sorry for the late answer,
/dev/block/mtdblock5 is the "userdata" partition. I formatted it and mount it to /encrypted-data during init:
mount yaffs2 [email protected] /encrypted-data nosuid nodev
The only file on this partition is "data.encrypted" file, which gets created in init.rc as a loopback device:
exec /system/bin/losetup /dev/block/loop0 /encrypted-data/data.encrypted
I created the "data.encrypted" file on my computer with cryptsetup and losetup, and copied all files from my old unencrypted userdata partition to it and then copied it back as a file to the formated userdata partition.
The sdcard "/dev/block/mmcblk0p2" partition is formated with "cryptsetup luksFormat", I did this also on my computer, saves some time. And then copy everything from the old unencrypted sdcard.
I did run in to one problem recently, my phone hung during boot, about 4 months after I started encrypting my phone.
Had to copy my data.encrypted file to my computer, mount it as a loopback device and do a fsck, and then copy it back to my phone.
I suspect this has to do with the filesystem not being umounted properly. (I have had this on my to do list for a while hehe)
Probably should make a script run during shutdown to cleanly "luksClose" the encrypted partition and then umount them. Not doing this is probably very crazy
I also want to fix it so my "/dev/block/mmcblk0p2" partition gets presented to my computer when i attach my usb cable (as it should do), so i can unlock it in ubuntu and copy images and files. Right now i have to take my memorycard out and put it into the computer.
I hope this post makes sense, it was written in haste =) Good luck!
sigkill1337 said:
Hi, sorry for the late answer,
/dev/block/mtdblock5 is the "userdata" partition. I formatted it and mount it to /encrypted-data during init:
mount yaffs2 [email protected] /encrypted-data nosuid nodev
The only file on this partition is "data.encrypted" file, which gets created in init.rc as a loopback device:
exec /system/bin/losetup /dev/block/loop0 /encrypted-data/data.encrypted
I created the "data.encrypted" file on my computer with cryptsetup and losetup, and copied all files from my old unencrypted userdata partition to it and then copied it back as a file to the formated userdata partition.
The sdcard "/dev/block/mmcblk0p2" partition is formated with "cryptsetup luksFormat", I did this also on my computer, saves some time. And then copy everything from the old unencrypted sdcard.
I did run in to one problem recently, my phone hung during boot, about 4 months after I started encrypting my phone.
Had to copy my data.encrypted file to my computer, mount it as a loopback device and do a fsck, and then copy it back to my phone.
I suspect this has to do with the filesystem not being umounted properly. (I have had this on my to do list for a while hehe)
Probably should make a script run during shutdown to cleanly "luksClose" the encrypted partition and then umount them. Not doing this is probably very crazy
I also want to fix it so my "/dev/block/mmcblk0p2" partition gets presented to my computer when i attach my usb cable (as it should do), so i can unlock it in ubuntu and copy images and files. Right now i have to take my memorycard out and put it into the computer.
I hope this post makes sense, it was written in haste =) Good luck!
Click to expand...
Click to collapse
I figured most of that out without your post and tried it on my desire (I created the luks partitions with adb on the phone though, worked anyway ). Then I couldn't figure out where my regular init.rc is stored (I could only find the one used by Clockwork Recovery), and then I figured I already spent enough time, tried a reboot (which of course didn't work). Then I couldn't even get into recovery (probably because its init.rc tries to mount /data which doesn't work? I didn't investigate any further). Flashed my backup with fastboot and was stuck again with my un-encrypted pre-experiment state
Oddly enough, it was no problem to unlock my encrypted SD-card from my computer (running ubuntu) while in recovery (clockword has an option to present the sd card to a computer connected via usb). Maybe the booted system handles this differently than recovery though? I didn't get a chance to try, as I couldn't boot after my encryption attempt.
I will try again after my algorithm and data structure exam this friday and report back
Is anybody using the UI on another device than the Wildfire? Does it work?
How much is the performance drain when using an encrypted /data partition?
Amazing work!
Did anyone manage to make sigkill1337's luksunlock build from source ?
I would like to change the path of the data/sdcard partitions to match my device but I tried many ways using the NDK and I can't get it to compile properly.
Is there any way to do this ?
I have been trying for days, I am getting literaly insane !
@sigkill1337 : could you give me some pointers ? I would appreciate a lot.
mount manpage said:
The bind mounts.
Since Linux 2.4.0 it is possible to remount part of the file hierarchy somewhere else. The call is
mount --bind olddir newdir
or shortoption
mount -B olddir newdir
or fstab entry is:
/olddir /newdir none bind
After this call the same contents is accessible in two places. One can also remount a single file (on a single file).
This call attaches only (part of) a single filesystem, not possible submounts. The entire file hierarchy including submounts is attached a second place using
mount --rbind olddir newdir
or shortoption
mount -R olddir newdir
Note that the filesystem mount options will remain the same as those on the original mount point, and cannot be changed by passing the -o option along with --bind/--rbind. The mount options can be changed by a separate remount command, for example:
mount --bind olddir newdir
mount -o remount,ro newdir
Click to expand...
Click to collapse
If nothing helps, you should always be able to bindmount it
I'd rather get sigkill1337's UI to compile...
Lots of nice security tweaks and settings could be done with a pre-boot GUI
Anyway, concerning encryption, I'll use the bind option for now, thanks for the tip.
But if anyone here could give me some pointers about compiling this stuff it would be great.
I managed to compile it by integrating luksunlock in Android source externals and main.mk but when I push it to my phone and modify init.rc to call it, it just does not work...
Other modifications are working (mount, mkdir, etc.) but the GUI won't show up
Sorry for the late reply.. But you could try running it from a shell when the phone is booted, just to verify that the binary starts (thats how I tested it without having to reboot my phone all the time)
My environment for building the source was setup using one of the tutorials online, nothing out of the ordinary
Im still running this on my phone, for almost 8 months now, I havent noticed that much in performance problems, the Wildfire was slow before i started using luks.
When i get a new phone (maybe SE Arc) i will be easier to see if performance is affected
There is an Issue for getting CM support for encrypted filesystems during boot:
Issue 2736: support encrypted filesystem from boot
If you want to get that feature, just "star" it, so it may get more attention.
So I've taken to start playing with the JMA image on my Tab, but in the mean while I've also been wanting to make a cleaner (and more AT&T friendly) version of it. What I wanted to know is if the following sounds like a sound method of working with developing a ROM:
Take the factoryfs.rfs file and mount it rw.
Code:
sudo mount -t vfat -o loop,rw,umask=0 factoryfs.rfs /mnt/FactoryFS/
Remove unwanted apk/odex/lib files
Unmount the image
Flash the factoryfs.rfs and do a cache and factory wipe
(Assume that my Tab currently has working JMA on it)
Of course there will probably be other customizations as I learn more, but this is just a starting point for me. (Also, I can't seem to find a complete start to finish guide on deodexing, so if anyone knows one... )
maniac3389 said:
Of course there will probably be other customizations as I learn more, but this is just a starting point for me. (Also, I can't seem to find a complete start to finish guide on deodexing, so if anyone knows one... )
Click to expand...
Click to collapse
I haven't done a full system de-odexing but I have been able to de-odex a single .APK. Maybe it'll help you get started...
Read post #7 here.
After his instructions, you need to reintegrate the classes.dex file back into the .APK and sign it.
Done.
RNGuy said:
I haven't done a full system de-odexing but I have been able to de-odex a single .APK. Maybe it'll help you get started...
Read post #7 here.
After his instructions, you need to reintegrate the classes.dex file back into the .APK and sign it.
Done.
Click to expand...
Click to collapse
I've gotten as far as getting the dex file before, but how do you reintegrate it? I'm guessing insert it into the apk file and resign it?
Sent from my SGH-I987 using XDA App
yes reinsert and resign!
I want to make the main sdcard media partition as ext4.
Means the partition in which we stores song videos etc.
Also it means that one partition only with fs as ext4.
I had seen similar thread for NEXUS
I also tried to manually mount the filesystem as we have suppot of ext4 in MINI CM 7 with nAa kernel.
mount -o rw -t ext4 /dev/block/vold/179:2 /mnt/sdcard2
Result :
No Such file or directory exists.
Device Config.
Sony Ericsson W8
nAa kernel 08b
Mini CM7
I also tried cynaogenmod.com
There i get some files which can do his for us but they are source files and there is a requirement of rebuilding the rom.
Not only nAa kernel but Alfs also has EXT4 support. But is not for main partition its only for the second partition that you have created for APP2sd.
May be someone will do this ( main partition as EXT4 ).
Then we will have super speed as EXT4 is Fastest.(except NTFS which is not supported yet)
Let's request someone please
Requests to the devs
I requests dev to please rebuild Mini CM 7 with these source code files containing codes for mounting ext4 media partition.
These files are for Nexus S.
Zip contains :
1. Volume_new.cpp
2. FAT_new.h
3. FAT_new.cpp
4. EXT4_new.h
5. EXT4_new.cpp
6. sdcard_new.c
Requesting Dev's
I request again and again please rebuild roms with the codes to support ext4 media partition.
If I ain't reaching the developers through this thread please someone refer this thread to the devs.
Or if developers are working on this please notify.
Again Requesting
I'm again requesting devs,
In my opinion it might not difficult for you all to add EXT4 support for media partitions in roms.
I also attached codes ( .c files )
I'm studying engineering and knows small C language and i know that the files i attached are of c language and should be compiled to run .
I also knows that roms you all build are compiled from the sources.
PLEASE also attach these codes.
This is also for some doers ( Not devs but knows a bit or more )
There are also instructions somewhere on a site how to rebuild a rom with these codes.
Hi guys,
I was wondering if someone would be kind enough to zip up the following files/directories from a Telstra Note 3 (or any Australian version) and put it somewhere I could download it.
/system/csc_contents
/system/CSCVersion.txt
/system/SW_Configuration.xml
the entire /system/csc directory
In case you're wondering, the reason I'm after these files is that I purchased a dual SIM N9002 which is configured for Chinese networks and has Chinese pre-canned text messages, caller ID contact matching doesn't work etc. None of the regular methods for changing the CSC work on this handset. (maybe as a result of it having 2 IMEI's?) As I can't just flash a 'normal' ROM without losing the dual SIM functionality, I figured it would be easier to go through the config files and see what I need to change. The number of changes I'll need to make look to be pretty huge so having some 'baseline' files to copy and paste from will make things a lot easier.
PS: If you could also include /system/build.prop that would also be useful for curiosity, but not critical. (I'm trying to figure out what's different about the N9002 build that prevents LTE working on the snapdragon)
Ok, so it looks like I don't have any takers from Australia. What about someone from anywhere else in the world who owns a non-Chinese phone?
Alternatively, if someone can tell me how to mount cache.img.ext4 and hidden.img.ext4 so I can extract the required files myself. I've tried mounting (on Linux) using mount -o loopback -t ext4 but keep getting an error that mount can't find a valid filesystem.
Ok, so it looks like I don't have any takers from Australia. What about someone from anywhere else in the world who owns a non-Chinese phone?
Alternatively, if someone can tell me how to mount cache.img.ext4 and hidden.img.ext4 so I can extract the required files myself. I've tried mounting (on Linux) using mount -o loopback -t ext4 but keep getting an error that mount can't find a valid filesystem.
N9002 Language
Hi,
have you managed to add languages to the system?
Thx in advance
kwyj said:
Ok, so it looks like I don't have any takers from Australia. What about someone from anywhere else in the world who owns a non-Chinese phone?
Alternatively, if someone can tell me how to mount cache.img.ext4 and hidden.img.ext4 so I can extract the required files myself. I've tried mounting (on Linux) using mount -o loopback -t ext4 but keep getting an error that mount can't find a valid filesystem.
Click to expand...
Click to collapse
This is a complete working guide on how to extract the /system partition from a Samsung S7 FW/OTA package using Windows (This is the same package one might flash to their phone with ODIN.) You can get this FW/OTA package from sites like Samsung-Firmware.org & SamMobile.com. It is very likely this works (or parts of it duct-taped together ) on other Phone models,etc, but I vouch that this guide works on the Samsung S7. Please chime in if it works on other models & brands!
Intro:
I found a LOT of guides similar to this, but couldn't get any to work with the Samsung S7 packages! And there are MANY different versions of the tools I mention below, many not working! So be sure to use the tool versions I post below. Over much time, it was a tiny step with each new attempt until I finally got it...& wanted to share!
Purpose:
Why would anyone want to do this? If you're reading this thread and don't know the answer to that, then I'm confused But I'll answer anyway - What is the purpose of this thread?
You would want to do this because you're a ROM Developer and don't want to have to go through the time & trouble of installing an OTA, then do a dd/cat to get the system image, etc. (With this method you don't even need a phone, just a PC!)
You are using a custom ROM, but want a stock app; for example the custom ROM you're using has the Google Dialer/Phone app builtin, but you prefer the stock Samsung Phone. Doing the steps outlined here will yield a "system" folder in Windows that you can simply navigate to /system/app or /system/priv-app and copy over the apk to your phone and install it! (via ADB or phone File manager app, etc). Obviously not all apks will work. Or maybe you want the libraries from another phone OTA package in order for an apk to work, and so on...
You are just curious what's in the /system partition for an OTA package!
Tools:
7-Zip
LZ4
simg2img: "Clone or download"->Download ZIP
Ext2Explore (Same as Ext2Read)
Guide:
Download FW/OTA (TMB-G930TUVU4CRI2.zip) from SamMobile website (or whereever)
Use 7zip to extract TMB-G930TUVU4CRI2.zip to a folder
Use 7zip to extract AP_G930TUVU4CRI2*.tar.md5 to a folder (ignore "There is no correct record at end of archive" error)
Use lz4 to extract system.img.ext4.lz4 -> system.img.ext4
lz4 system.img.ext4.lz4
Extract simg2img_win-master.zip -> \simg2img_win-master\
Copy system.img.ext4 to \simg2img_win-master\ folder
Rename system.img.ext4 -> system.img
Use simg2img_win-master to convert system.img -> system.ext4.img
Double-click convert.bat (or run in cmd prmpt) (This will take a few minutes)
Create new folder to save contents in, eg: "C:\System"
Use ext2explore to mount system.ext4.img: Open ext2explore->File->Open Image->Select system.ext4.img
Click Save icon->Save to your new folder, eg: "C:\System"
Wait for it to extract. Once complete, enjoy!
Links & Useful Resources:
Tmobile Versions: https://support.t-mobile.com/docs/DOC-30276
Search Keywords:
(This section is here so this thread comes up in searches for the many errors I came across while trying to get this to work in both Windows & Linux. That's right! I tried in both OSs and actually got it to work first in Windows... & yet to get it to work in Linux!)
- losetup /dev/loop2 /media/sf_Share/system.img.ext4 ->warning file does not fit into 512-byte sector; the end of the file will be ignored
- mount /dev/loop2 /mnt/mysystem2 -> mount: /mnt/mysystem2: cant read superblock on /dev/loop2
- mount -t ext4 /media/system.img /mnt/mysystem6 -> wrong fs type, bad option, bad superblock on /dev/loop6, missing codepage or helper program, or other error
fsck /media/system.img -> ext2fs_open2: Bad magic number in super-block
fsck.ext2: Superblock invalid, trying backup blocks...
fsck.ext2: Bad magic number in super-block while trying to open ...
The superblock could not be read or does not describe a valid ext2/ext3/ext4 filesystem. If the device is valid and it really contains an ext2/ext3/ext4 filesystem (and not swap or ufs or something else), then the superblock is corrupt, and you might try running e2fsck with an alternate suberblock: ...
Reserved
Just happened to see this thread.
Dropping in the let you know for linux just do this
Code:
simg2img system.img.ext4 system.img
mkdir system
sudo mount -t ext4 system.img system/
Of course all work is done in the current working directory.
You can just copy whatever you want from this mounted loop device of the system.img or whatever.
This is what i do because it seems to be the fastest in terms of work.
Hope it helps. I prefer all android work on linux
kevin71246 said:
Reserved
Click to expand...
Click to collapse
oh man you saved my day thanks man none of the old method worked but this did wonders