[APP][ICS] EncPassChanger -- set different device encryption and lock screen password - Android Software Development

Android 3+ has a nice feature -- device encryption. You can encrypt the contents of your device with a password, and after that this password must be entered during device boot, otherwise the data is permanently lost.
The bad thing is that this password is set to the screen lock PIN / password. So you either set a short password or PIN, that you can enter quickly each time you unlock your phone from sleep (but this provides weak encryption), or set a long password and have to type it 20-30 times during the day.
This stupid behavior may be fixed easily. Android provides command-line tool called 'vdc', an interface to Android Volume Manager. As written in "Notes on the implementation of encryption in Android 3.0" [1], it has a command 'cryptfs changepw', that allows changing encryption password. Of course this command must be executed as root.
vdc has some other commands related to encryption, one of them is 'cryptfs verifypw', that allows to validate the supplied password.
I'm currently writing an application that will assist user with changing encryption password. This is my first public application for Android. You can find a source code on GitHub [2]. It is very simple, but maybe android gurus here may find what to make better.
Comments and pull requests are welcome
Thanks!
[1] http source.android.com/tech/encryption/android_crypto_implementation.html
[2] https github.com/kibab/encpasschanger

Updated 30.06.2012: Added APK file!

Kibab said:
Android 3+ has a nice feature -- device encryption. You can encrypt the contents of your device with a password, and after that this password must be entered during device boot, otherwise the data is permanently lost.
The bad thing is that this password is set to the screen lock PIN / password. So you either set a short password or PIN, that you can enter quickly each time you unlock your phone from sleep (but this provides weak encryption), or set a long password and have to type it 20-30 times during the day.
This stupid behavior may be fixed easily. Android provides command-line tool called 'vdc', an interface to Android Volume Manager. As written in "Notes on the implementation of encryption in Android 3.0" [1], it has a command 'cryptfs changepw', that allows changing encryption password. Of course this command must be executed as root.
vdc has some other commands related to encryption, one of them is 'cryptfs verifypw', that allows to validate the supplied password.
I'm currently writing an application that will assist user with changing encryption password. This is my first public application for Android. You can find a source code on GitHub [2]. It is very simple, but maybe android gurus here may find what to make better.
Comments and pull requests are welcome
Thanks!
[1] http source.android.com/tech/encryption/android_crypto_implementation.html
[2] https github.com/kibab/encpasschanger
Click to expand...
Click to collapse
Sorry im noob
What will change visualy?
Or screenshot?
Sent from my LT26i using XDA Premium HD app

Thank you for this. I wanted a more simple password for the unlock, but a longer more complicated password for the decryption. You should put it on the market and charge $.99USD (or equivalent in your currency) as it's quite useful. I'd buy it

Thank you!
Actually I have registered myself as Google Play Developer, now I'm waiting for approval. As soon as my registration is approved, I will update this thread
Although I'm going to make a free and donate versions, because I believe that will help to make Android better, and people who want to say "Thank you" will buy Donate version anyway

uDroid said:
Sorry im noob
What will change visualy?
Or screenshot?
Sent from my LT26i using XDA Premium HD app
Click to expand...
Click to collapse
Nothing will change visually, hence no screenshot. What's important is that you may set strong password for decrypting the internal storage, but keep using simple password (or PIN) to unlock the screen.
P.S. I have verified that my app works on Jelly Bean too.

I have finally published an application on Google Play! Currently there is a free version, Donate version will come a bit later
The link is: https:// play.google.com/store/apps/details?id=com.kibab.android.EncPassChanger
Enjoy!

Thanks for that app, that is also what annoyed me

Thanks for this. I've been trying to work out why encryption wont work on any ROM on my HOX (dies with unable to get size of block device cryptfs), and you have given me a good lead to investigate with vdc. Information on encryption in android is sparse, and almost all threads here on XDA get no replies.
Thanks again.

I've been tempted to use device encryption recently, but there is a distinct lack of information about it, particularly on custom ROMs...
Might need to give it a go, just the lack of backup abilities might be an issue...

pulser_g2 said:
I've been tempted to use device encryption recently, but there is a distinct lack of information about it, particularly on custom ROMs...
Might need to give it a go, just the lack of backup abilities might be an issue...
Click to expand...
Click to collapse
I use CM10 on the Galaxy Nexus (maguro). Encrypted. Actually, only /data is encrypted. /system stays unencrypted. And this App works as described.
For Backup use TWRP. It asks for your password to decrypt storage.
You can then backup, restore, flash, install whole ROMs, wipe and what not.
>> I would like to see this app in Play Store <<
I should read before I post:
Kibab said:
I have finally published an application on Google Play! Currently there is a free version, Donate version will come a bit later
The link is: https://play.google.com/store/apps/details?id=com.kibab.android.EncPassChanger
Enjoy!
Click to expand...
Click to collapse
Thanks for that
btw. The encrypted /data partition lets you have two boot animations, one that is shown before code has been entered (the one in /system/media) and one after the correct code entry (the one in /data/local).

zurchpet said:
I use CM10 on the Galaxy Nexus (maguro). Encrypted. Actually, only /data is encrypted. /system stays unencrypted. And this App works as described.
For Backup use TWRP. It asks for your password to decrypt storage.
You can then backup, restore, flash, install whole ROMs, wipe and what not.
>> I would like to see this app in Play Store <<
btw. The encrypted /data partition lets you have two boot animations, one that is shown before code has been entered (the one in /system/media) and one after the correct code entry (the one in /data/local).
Click to expand...
Click to collapse
Hmm... I have i9100 (S2), so I would need to see about putting TWRP onto it...
Yeah, only data and SD are encrypted... Can TWRP cope with encrypted SD btw?

Great, it's easier than to change on command line
This should just be default android behavior

pulser_g2 said:
Hmm... I have i9100 (S2), so I would need to see about putting TWRP onto it...
Yeah, only data and SD are encrypted... Can TWRP cope with encrypted SD btw?
Click to expand...
Click to collapse
Yes, SD is encrypted too. And TWRP can only read from it after correct code entry. Don't know about the external SD though (since the Galaxy Nexus doesn0t have one).

zurchpet said:
Yes, SD is encrypted too. And TWRP can only read from it after correct code entry. Don't know about the external SD though (since the Galaxy Nexus doesn0t have one).
Click to expand...
Click to collapse
Wish I had a second phone, then I could just research this

Quite awesome. Now, can I use a strong password for encryption and then pattern lock for normal day to day use? That would be my ideal situation. I heart pattern lock!

Just trying to clarify how this works... so you keep your normal 'short' pin unlock code for unlocking the screen, but set a long code for decryption, and this code will only be requested once per boot, during bootup? Is this correct?
Thanks

How it works
Yes Sir. You are correct.

adrianblack said:
Quite awesome. Now, can I use a strong password for encryption and then pattern lock for normal day to day use? That would be my ideal situation. I heart pattern lock!
Click to expand...
Click to collapse
Unfortunately it's not possible to use pattern lock while using device encryption, Android forbids it. Patching Android framework will help, but this is completely another story and possible suggestion for ROM makers such as Cyanogenmod.

Is the 16 character Android limitation present, when using this tool? I currently use a 16 character device encryption/unlock pass phrase. I'd like to strengthen the device pass phrase some more.
I don't know if this is even possible during the device boot sequence, but being able to use a Yubikey with an OTG cable would be awesome!
RF

Related

Please help :(

Guys i know this is not the correct place but someone can please tell me "what to do if i have lost my password" ??
I am using Windows 7
Laptop of Sony Vaio
Please someone help
I know that this could possibly be used malicously but if you can access another computer, download OphCrack and burn it to a CD or write it to a USB drive and you can use that to recover your password. I've used it multiple times on Windows Installations for friends who forgot their passwords on their home computers, it does work. xD
ShadowEO said:
I know that this could possibly be used malicously but if you can access another computer, download OphCrack and burn it to a CD or write it to a USB drive and you can use that to recover your password. I've used it multiple times on Windows Installations for friends who forgot their passwords on their home computers, it does work. xD
Click to expand...
Click to collapse
Bro then will it tell me the password ??
please tell me the process.
avilove4u said:
please tell me the process.
Click to expand...
Click to collapse
simply download the ISO, burn it to disc and then boot it, it will have the utility for recovering the password. Three are hundreds of tutorials on how to recover your password with OphCrack
Sent from my LS-LS670 using XDA
ShadowEO said:
simply download the ISO, burn it to disc and then boot it, it will have the utility for recovering the password. Three are hundreds of tutorials on how to recover your password with OphCrack
Sent from my LS-LS670 using XDA
Click to expand...
Click to collapse
I use a program called Kon-Boot, its good enough for most tasks, it wont help if your part of a domain, it also wont help if you have encrypted any drives or folders.
it wont tell you the password
so how does it work?
well, the short answer is that it hijacks the boot sequence and bypasses the password check, you just click on the user and ignore the password, once your in you can change your password or a safer option is to add another admin account, then log in to that and change your password. The problem is if you encrypted anything, then im afraid to say your ****ed!
you see the encryption key is part made up by your actual password, so by using my method to change the password, what you will end up with is data still encrypted on your old password.
the ethical uses of this are limited, but there are uses which is why im happy to share it, just don't **** around if for any reason some data is encrypted and the password is likely to "turn up" again because once you've opened this bag of worms you cant go back so essentially the data will "vanish"
dazza9075 said:
I use a program called Kon-Boot, its good enough for most tasks, it wont help if your part of a domain, it also wont help if you have encrypted any drives or folders.
it wont tell you the password
so how does it work?
well, the short answer is that it hijacks the boot sequence and bypasses the password check, you just click on the user and ignore the password, once your in you can change your password or a safer option is to add another admin account, then log in to that and change your password. The problem is if you encrypted anything, then im afraid to say your ****ed!
you see the encryption key is part made up by your actual password, so by using my method to change the password, what you will end up with is data still encrypted on your old password.
the ethical uses of this are limited, but there are uses which is why im happy to share it, just don't **** around if for any reason some data is encrypted and the password is likely to "turn up" again because once you've opened this bag of worms you cant go back so essentially the data will "vanish"
Click to expand...
Click to collapse
I will try and let you know
Btw Thanks
ShadowEO said:
simply download the ISO, burn it to disc and then boot it, it will have the utility for recovering the password. Three are hundreds of tutorials on how to recover your password with OphCrack
Sent from my LS-LS670 using XDA
Click to expand...
Click to collapse
I have a pen drive!
Dnt want to burn a disc
If i wll format the system and add a new OS then what will happen?
avilove4u said:
I have a pen drive!
Dnt want to burn a disc
If i wll format the system and add a new OS then what will happen?
Click to expand...
Click to collapse
Password would be gone, but so would days. http://unetbootin.sourceforge.com use that to copy the ISO to your flash drive.
Sent from my LS-LS670 using XDA

[FIX]Enable encryption - Check&Shrink ext4 filesystem

If you ever used CWM, CWMT or other non factory recoveries to wipe your data, you probably noticed that you lost the ability to encrypt your phone. Or maybe you did not even realize this is why encryption does not work.
For the Android phone encryption to work, it needs the /data (usrdata) partition to have a little bit of unused space between the end of the filesystem and the end of the partition. And as soon as you use CWM to wipe, it actually reformats using all space, and encryption does not work anymore.
User lolo250612 brought this to my attention, and together we created a update.zip that shrinks the /data filesystem by 1MB
In fact, we created 2 patches: One to shrink, and one to first repair the filesystem. The first will refuse to shrink if the file system is not clean and healthy. They will automatically find the correct usrdata partition device and its size. The shrink will then resize to 1MB less then the partition size (which means it could also be used to grow if you somehow had a filesystem a lot smaller, for example because you restored an smaller image from somewhere).
Both patches are created with statically linked e2fsprogs binaries and its own static copy of busybox shell interpreter. So they should work on all Android devices that use ext file system (probably all V2.3.1 Gingerbread and higher androids), and you should not lose any data because of this. But it is always good to make a backup.
We tested this on 2 phones, both ICS phones, and with both CWM and TWRP type recoveries, and are fairly certain it is safe to use. But to repeat, you should always take a backup of your phone.
Both patches can be found on my shared drive:
ICS_usrdata_fix-fs.zip
ICS_usrdata_shrink.zip
Procedure:
- Make backup of your phone
- Place files on SD card
- Boot into recovery
- Apply the shrink update
- If it tells you the filesystem is damaged apply the fix-fs update first
The patch only shrinks the filesystem, nothing is actually installed or removed on the phone. But if you use encryption, you could leave this patch on your SD card so that every time you wipe data, you can run the shrink patch again afterward to enable encryption again.
If you do use this, please report back in this thread, possibly mentioning your phone model and ROM you are using.
Quick encryption guide (and more)
I won't go deep into useless details as everything has already been described about Android phone protection somewhere on the internet. I will just give some meaningful links and tips by illustrating how I have protected my phone. Really nothing new or innovative, just a compilation of a few hints that I have put in practice to protect the numerous pieces of information that are on my phone.
Step 0: awareness
----------------------------
Why bother with phone security?
In short, I am clearly paranoid. Well, in fact, I don’t really feel at ease when I know all the information, both personal and professional I have on my phone. Over the month, my Androphone has become a real digital Swiss-knife and personal secretary. This includes:
Personal and professional contacts
Personal and professional agendas
Personal and professional digital exchanges (SMS and email)
Personal and professional photos
Banking account information
Trails where I run
Etc… etc…
Don't want someone looks at them. Not you?
Fist step: on-line protection
----------------------------------------
The first step in protecting your data consists in making hard to access indirectly the data that lay on your phone memory. This access consists in using the system when the phone is on, either via the GUI and the phone controls, or remotely (essentially by network connections, or phone basic functionalities like sms). So, basically, you need to lock efficiently your phone from preventing someone else to unlock the user interface that allows interactions with the system, and protect all communication channels.
To lock efficiently your phone, you must use a pin code of at least 4 digits (6 is better) or a pass-phrase. The latter is much less practical without improving online security that much. Above all, you must avoid those silly locking solutions like face recognition unlocking, or pattern lock. Those are toys for naive young boys. Not for those concerned seriously by security.
For protecting remote access to your phone, I would suggest:
1) Double check that USB debugging is disabled. This a major security hole.
2) Turn on data connections (bluetooth, wifi and 2/G/3G/4G) only when required (email checking, web-surfing session, data synchronising), and off rest of the time.
3) Avoid install cracked unofficial apks, or applications that asks for permission far beyond their obvious and principal utility
4) Install a software security app, if possible, open source and recognised by xda members. Once an adept of Droiwall, I have switched to Avast mobile security because of its extra features. But it is not opensource and it is a question of taste. But do this carefully, see that for instance before making a choice: http://download.cnet.com/8301-2007_4-57391170-12/dont-get-faked-by-android-antivirus-apps/ and http://www.av-test.org/fileadmin/pdf/avtest_2012-02_android_anti-malware_report_english.pdf.
But, you must be rooted (which is in itself a security hole if not mastered) and one must have a kernel with netfilter functionalities activated. This is the case with the stock kernel of the phone I use at the present time (Lenovo A789). But was not the case of 2 Samsung phones I used before. You have to either install a custom kernel adapted to your phone, or make your own if you have access to its sources (see tutorials as: http://forum.xda-developers.com/showpost.php?p=22941057&postcount=1)
5) Personally, I would feel more at ease if I could find an easy to use firewall solution that could close, and better, make stealth all the local ports of my phone, especially when I am not behind a wifi router. But I haven’t found one yet. Droidwall, nor Avast, addresses this functionality, whereas it would be fairly easy to implement it with the netfilter system layer underneath.
Second step: offline protection
-------------------------------------------
Here we are. Now your phone is protected when it is on. But, what if you switch it off, or remove its sdcard? The data lay on the internal memory, unprotected (at best obfuscated). Really easy to find a custom recovery for almost all phones, write a script to dump /data on a sdcard and then make whatever you want with the copy.
Don’t like that? The only solution to prevent /data from being read by someone else is to encrypt the /data partition. To do that, your phone or tablet internal storage partitions must be seen by your system as block devices. This is the case with eMMC but not with Yaffs. So beware, if you want encryption you need to buy a device that answers this requirement. This is not always true and almost never documented. Notes on the implementation of Android encryption are there: http://source.android.com/tech/encryption/android_crypto_implementation.html
Now, as me, if you are reading these lines, you are certainly looking for extra information about your Android device and probably extra functionalities.
Certainly, the most frequent way to install extra functionalities and custom ROMs to your phone is to use an update zip file. With stock recovery, this zip file needs to be signed, otherwise it is rejected. For maximum flexibility and ease of use, alternative boot recovery have been developed, of which CWRP is certainly the most famous.
Usually, for 99% of users and operations, CWRP operates great. Sometimes, as nothing is perfect, a bug may occur. This is the case for built in ICS encryption process. As Cybermaus indicates in the first post, to be able to perform this encryption the /data filesystem must be slightly smaller than the underlying partition. But CWRP, at least up to the version 5.5, formats all the corresponding partition leaving no place for Android to store the required information to be able to start the encryption process. This is clearly described in the following links: http://forum.xda-developers.com/showthread.php?t=1792101 and http://rootzwiki.com/topic/25652-fixing-galaxy-tab-2-encryption/
I have discovered that by using aLogcat to track down the origin of the failure. The interesting part revealed to be: E/Cryptfs ( 87): Orig filesystem overlaps crypto footer region. Cannot encrypt in place.
To circumvent this problem, you will find in Cybermaus first post, two CWM update zip files that will do the trick in a simple and secure way. After flashing your ROM and wiping data with CWM, apply them, go to system encryption as described here:http://support.google.com/android/bin/answer.py?hl=en&answer=1663755, and after waiting one or two minutes (not more), the system should restart automagically to encrypt your /data partition.
Third step: making your phone even more secure and practical at the same time
-------------------------------------------------------------------------------------------------------------------
Android built-in encryption is in fact more or less Linux LUKS (http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup). Plus, it is open-source so that everyone with the required skills can make an audit of the code to see if no security hole is present in the Android implementation. The underlying mechanism is strong and secure, as long as you use a strong password. I mean by strong, at least 12 characters that includes at the same time lower-case letters, upper-case letters, numbers and symbols. And it must be something impossible to guess for others while easy to remember for yourself. You will find a lot of resources on the internet on how to create such a password. For instance: https://help.ubuntu.com/community/StrongPasswords .
The problem with Android, in its attempt to keep the system not too complicated to use, is that the GUI (I insist: only the GUI, not the system) does not distinguish between the PIN or passphrase that you use to lock your phone when it is on, and the password used to encrypt the data that lay physically on your phone storage. So the casual user is in front of a paradigm: either he chooses a strong password for its data, but this will rapidly become tedious to type at least 12 characters to unlock his device several times a day; or he decides to use a PIN code, which is more practical to unlock the phone, and consequently uses a really weak password to encrypt its data which contains only digits, and thus may be cracked in a breath by any PC.
Fortunately, this paradigm is addressed and solved by small tools like EncPassChanger or Cryptfs Password (both requiring that your phone be rooted, which is by the way, paradoxically, a security hole if not used with caution ). See: http://nelenkov.blogspot.fr/2012/08/changing-androids-disk-encryption.html for complete notes about that. So for me, the only way, both secure and practical, to secure your phone is by using a PIN code of at least 4 numbers (6 is better). Then use a handy tool like EncPassChanger to have a true complex password for decryption at boot time.
Fourth step: increase security, without sacrifying practicability
-----------------------------------------------------------------------------------------
As I am paranoid, but at the same time don’t want my phone to become a source of annoyances, the previous “basic” steps were not enough for me.
So I decided to improve security in two ways:
1) By following the following tip, which I find great and is itself self-explaining: http://forum.xda-developers.com/showpost.php?p=26730989&postcount=2
2) By encrypting the photos I take with my phone, because these are linked with my private life and I won’t like that somebody gain access to them.
3) By encrypting documents I scan with CamScanner, for home and work, which may be sensitive.
4) By automating the action that disables USB debugging in case I forget to put it off after using it .
For point 2 and 3, documents lay on your sd card uncrypted. Android built-in encryption does not deal with both internal and external sdcard (just to be clear, by sdcards I mean partitions mounted as /mnt/scard or /mnt/scard2). To encrypt them you have to use once again an external tool. As I am an opensource fanatic for all that deal with security, I would recommend to use LUKS Manager (https://play.google.com/store/apps/details?id=com.nemesis2.luksmanager&feature=search_result and http://forum.xda-developers.com/showthread.php?t=1141467) which is based on dm-crypt module (yes, the same that Android uses for its build-in encryption), or Cryptonite (https://play.google.com/store/apps/details?id=csh.cryptonite&feature=search_result) which is completely open-source and implements the rock-solid Linux encfs on Android.
The latter is my personal choice. I do not use Crytonite in itself, except for creating the initial .encfs6.xml file. For everyday use, I use directly the Android port of the binary file encfs that comes with Cryptonite, and embed it into shell scripts. Up to now, no flaw, no problem. The password to open my encfs encrypted volumes is stored in a text file located on the /data partition. It is thus encrypted by Android and made accessible on boot when you decrypt this partition. So nothing more to remember.
To make things usable and practical, I use Tasker to automate the following things:
- Mount encfs volumes on start-up, by reading directly the password in the file located on /data
- Umount encfs volumes when usb is plugged
- Copy photos on a regular basis from the unencrypted /mnt/sdcard/DCIM to the safe place I created with encfs, delete AND wipe the original ones
Fifth step: be coherent about security
-----------------------------------------------------
Some people, torn apart by the paradigm described in Third step, by negligence or by lack of knowledge, strongly secure one part of the system, but make other parts big security holes.
Concretely, I am thinking about two examples: mixing encryption with pattern lock (or, even worse, with face unlock), or mixing encryption with usb debugging. Face recognition is just a jock. It is not reliable and fails very often. Moreover it is really easy to crack, with a photo for example. One of my colleague even achieved to unlock my phone with its own face, just because we are morphologically close enough. Pattern lock is not much better. (See: http://forum.xda-developers.com/showpost.php?p=37649447&postcount=6 and https://www.google.fr/search?q=smudge+attack).
So always ponder over (two times rather than one) each action you take that may touch system security.
Thanks lolo
I'm trying to use this on my VZW Galaxy S3 16Gb and this is what I'm seeing in TWRP v2.2.0:
Mounting System
Extracting system fixes
Update script starting...
Update script started
Disk /dev/block/mmcblk0p15: 13.1GB, 13140754432
4 heads, 10 sectors/track, 401024 cylinders
Units = cylinders of 64 * 512 = 32768 bytes
ERROR: unlikely size of KB
aborting operation!
Update script ended
Unmounting system...
Update Complete
Click to expand...
Click to collapse
edit: The same thing happens with both scripts.
I need to enable device encryption because my employer requires it for email and other Google Apps for Business apps. Thank you for your help!
Anyone know why full disk encryption isn't available on some (if not most roms)? Is it something that needs to be added with intent aside in the building process, or dependent on how the stock rom was set-up to work with?
I was hoping this would help get encryption working on an EVO ics rom which has encryption available, but when you click "encrypt phone" it just hangs on an android screen and doesn't actually do anything.
i was really happy to find your solution to enable encryption on my HTC desire S (ICS, rooted), but unfotunately it doesn't work. the same thing happen to me as it happened to mushu13, only different numbers in lines 5 and 6. same result whichever script i choose. please help, i really need system encryption.
thanky you very much!
First thing you should know, I am not an Android Guru. And unfortunately, if your phone is not an A789, I won't be able to help you deep in technical details. Cybermaus is the most skilled of the two of us, technically speaking, and he may lack time to answer correctly every request he is regurlarly faced with.
Okay, I do not know your phones and don't own them. So, distant debugging is much harder in these conditions. But the first things you should check, before applying Cybermaus' patches, are :
1) if encryption works with stock rom
2) follow thoroughly all steps I described in "Second step: offline protection" of the second post of this thread :
- your phone or tablet internal storage partitions must be seen by your system as block devices. This is the case with eMMC but not with Yaffs. If you don't have this information from the manufacturer, install Terminal Emulator from the Play Store and type 'mount' in it. You should see lines beginning with /[email protected] and /[email protected] If this is not the case, I fear encryption won't be able to work on your device.
- use aLogcat to track down the origin of the failure (see resources on the internet to learn how to use it, and links I have put in the second post)
3) Be sure that required modules are built into the kernel you use, especially dm-crypt
4) Post your results and cross your fingers that either this is a problem I have already encountered (in this case I may help you further), or Cybermaus see your posts.
While this script did allow me to encrypt my phone, it also shrunk my /data partition to roughly 1.1 GB.
Any ideas on how to expand it back to a reasonable size? I supposedly have 4 GB of ROM, and I assume more than 1 GB ought to be available for data.
Sent from my HTC Sensation using xda app-developers app
Thank you for your nice guide.
Only one thing is missing: baseband security.
Attacks on the baseband system requires very skilled people. Such as government agencies. It is believed they use baseband attacks to break into almost every mobile device. And there is only little you can do. Some vendors like Cryptophone have mobile devices with a hardened Android system. All others have no way to protect their device against baseband attacks.
Is this patch and reasoning still valid for newer android releases.
I am running a custom kitkat rom and twrp on a note 3 and can't encrypt so im looking for a fix.
I have been looking around for fixes but different posts blame different things.
Sometimes its the fact its a custom recovery, sometimes its that root is on the device and then there is this reasoning
Is there a way to find out the cause and fix for kitkat?
Virus
Hi, i tried to download your files
ICS_usrdata_fix-fs.zip
ICS_usrdata_shrink.zip
But the file are exe files with viruses.
Any ideas?
u2funker said:
Hi, i tried to download your files
ICS_usrdata_fix-fs.zip
ICS_usrdata_shrink.zip
But the file are exe files with viruses.
Any ideas?
Click to expand...
Click to collapse
Maybe false alarm.
Lossyx said:
Maybe false alarm.
Click to expand...
Click to collapse
no, but if you search for these file, you will find some which work and which are without viruses. Check the link..it is not an zip file..it is an exe file
@cybermaus: just tried flashing the two *.zips on my Galaxy S 4 Mini running CM 12 (Android Lollipop) because my logcat tells me I'm getting the described cryptfs error. It seems my /data partition doesn't have that 1 MB of unused space needed for encryption. Now I would love to encrypt my phone using CM's integrated function without having to completely format the internal storage (because that's the other workaround I found: flash stock rom, wipe data (factory reset), flash Custom Recovery, flash CM again)
Do you have the time and device to update your script so it works with Android Lollipop as well? I see a lot of people come across this issue recently so there would be definetly use for such a nice script like yours!
Thanks for sharing this with us!
-Teutone
no available for download any mirror ?
Or write the script on the thread.
Thanks
Can you post the scripts? links are dead!
---------- Post added at 16:33 ---------- Previous post was at 16:32 ----------
cybermaus said:
If you ever used CWM, CWMT or other non factory recoveries to wipe your data, you probably noticed that you lost the ability to encrypt your phone. Or maybe you did not even realize this is why encryption does not work.
For the Android phone encryption to work, it needs the /data (usrdata) partition to have a little bit of unused space between the end of the filesystem and the end of the partition. And as soon as you use CWM to wipe, it actually reformats using all space, and encryption does not work anymore.
User lolo250612 brought this to my attention, and together we created a update.zip that shrinks the /data filesystem by 1MB
In fact, we created 2 patches: One to shrink, and one to first repair the filesystem. The first will refuse to shrink if the file system is not clean and healthy. They will automatically find the correct usrdata partition device and its size. The shrink will then resize to 1MB less then the partition size (which means it could also be used to grow if you somehow had a filesystem a lot smaller, for example because you restored an smaller image from somewhere).
Both patches are created with statically linked e2fsprogs binaries and its own static copy of busybox shell interpreter. So they should work on all Android devices that use ext file system (probably all V2.3.1 Gingerbread and higher androids), and you should not lose any data because of this. But it is always good to make a backup.
We tested this on 2 phones, both ICS phones, and with both CWM and TWRP type recoveries, and are fairly certain it is safe to use. But to repeat, you should always take a backup of your phone.
Both patches can be found on my shared drive:
ICS_usrdata_fix-fs.zip
ICS_usrdata_shrink.zip
Procedure:
- Make backup of your phone
- Place files on SD card
- Boot into recovery
- Apply the shrink update
- If it tells you the filesystem is damaged apply the fix-fs update first
The patch only shrinks the filesystem, nothing is actually installed or removed on the phone. But if you use encryption, you could leave this patch on your SD card so that every time you wipe data, you can run the shrink patch again afterward to enable encryption again.
If you do use this, please report back in this thread, possibly mentioning your phone model and ROM you are using.
Click to expand...
Click to collapse
links are dead. Can you post the scripts?

Samsung tablet 500t, reset, and loss of password

Hi everyone,
A friend of mine got a second-hand tablet Samsung 500t from one of her relatives.
She set her password, but she forgot it after a while. She asked me to help her to sort the problem out but I don't know windows RT and I don't know exactly what to do. In addition, we don't have any cd or user's manual. I tried to reset and I launched the procedure which always ended up with this message:
"Insert your windows installation or recovery media to continue".
I don't know what to do now, and, unfortunately, she hasn't got any back up.
Can anyone help me? Thank you.
Is she using a local account or a Microsoft account? If the latter, you can just reset your password the same way you would if you forgot, say, your Hotmail password. Go to https://login.live.com and follow the "forgot password" steps.
If it's a local account, that's more awkward. There are various steps (short of a full wipe) that you can do, but if you don't know the Admin password then most of the non-wipe options require things like Linux liveCD (or live flashdrive) images and forcibly resetting the password.
GoodDayToDie said:
Is she using a local account or a Microsoft account? If the latter, you can just reset your password the same way you would if you forgot, say, your Hotmail password. Go to login.live and follow the "forgot password" steps.
If it's a local account, that's more awkward. There are various steps (short of a full wipe) that you can do, but if you don't know the Admin password then most of the non-wipe options require things like Linux liveCD (or live flashdrive) images and forcibly resetting the password.
Click to expand...
Click to collapse
She is using a local account. We asked her relative, the former owner, about a Microsoft account, but he didn't know and remember anything about that.
Can you explain me more about using a Distro Linux to reset the password on the tablet?
I used a linux live many times, and I can manage it for easy tasks, but I have never used it to reset or to recover a password on a Window OS.
Thank you, Bob.
If you boot a Linux live image - probably off a flashdrive, unless you have a handy USB optical drive - it can mount the internal NTFS file system and find Security Account Manager (SAM). There are tools that will modify a SAM file to overwrite the password for a user. It's also possible for some tools to brute-force the password, though this can take a long time, or to look it up in a "rainbow table" of pre-computed password hashes (won't work for really complex passwords, though). Forcibly resetting the password will cause you to lose any data encrypted with it, which may include things like passwords the OS was storing for you.
Some stuff that can be used to try and recover passwords (or reset them): http://smallvoid.com/article/winnt-password-recovery.html
There's a bunch of others out there too. Here's another link: http://www.mydigitallife.info/reset...trator-or-user-password-with-chntpw-in-linux/
GoodDayToDie said:
If you boot a Linux live image - probably off a flashdrive, unless you have a handy USB optical drive - it can mount the internal NTFS file system and find Security Account Manager (SAM). There are tools that will modify a SAM file to overwrite the password for a user. It's also possible for some tools to brute-force the password, though this can take a long time, or to look it up in a "rainbow table" of pre-computed password hashes (won't work for really complex passwords, though). Forcibly resetting the password will cause you to lose any data encrypted with it, which may include things like passwords the OS was storing for you.
Some stuff that can be used to try and recover passwords (or reset them):smallvoid
There's a bunch of others out there too. Here's another link: mydigitallife.info/reset-and-change-windows-nt2000-administrator-or-user-password-
Click to expand...
Click to collapse
Can I simply delete the SAM file? I don't think she cares to lose any data so much.
Ok. I was wondering how I can run the usb drive on a windows rt tablet. Is there a "boot device option" like on an ordinary pc/notebook?
Thanks again?:
PS: By the way, where can I find an image of Window 8 rt if I want to totally reset the tablet and install a clear OS?
Aw crap, I can't believe this but I forgot you were talking about an RT device. Forget everything I just said; Secure Boot won't allow it to run a Linux image even if you had an ARM-based one.
Deleting the entire SAM will render the device unbootable. It's not just user account logon details stored there; every account (including the various system ones) are there. On the other hand, if you can extract the SAM somehow, another computer will be able to edit it just fine even though it comes from RT; it's a registry hive and is architecture-independent.
Total reset is probably the easiest option, if she doesn't mind the risk of losing data. It requires a device-specific image though; there should be one (recovery partition) on the tablet, but if that was removed you'll need to find one for download or get Samsung to handle it for you. The Surface RT / 2 images are available here on XDA but I don't know about any of the Samsung tablets.
Go look on the support website (or call support) for instructions on performing a factory reset of the tablet under normal circumstances. That will work if the recovery partition wasn't removed.
GoodDayToDie said:
Aw crap, I can't believe this but I forgot you were talking about an RT device. Forget everything I just said; Secure Boot won't allow it to run a Linux image even if you had an ARM-based one.
Deleting the entire SAM will render the device unbootable. It's not just user account logon details stored there; every account (including the various system ones) are there. On the other hand, if you can extract the SAM somehow, another computer will be able to edit it just fine even though it comes from RT; it's a registry hive and is architecture-independent.
Total reset is probably the easiest option, if she doesn't mind the risk of losing data. It requires a device-specific image though; there should be one (recovery partition) on the tablet, but if that was removed you'll need to find one for download or get Samsung to handle it for you. The Surface RT / 2 images are available here on XDA but I don't know about any of the Samsung tablets.
Go look on the support website (or call support) for instructions on performing a factory reset of the tablet under normal circumstances. That will work if the recovery partition wasn't removed.
Click to expand...
Click to collapse
Ok, I understood.
Can I somehow install a Window 8.1 pro x86 on this device? It has got an Intel Atom processor, after all.
I need drivers, though.
Thanks again.
Now you say it's a x86 device while earlier it was ARM (Windows RT). Make up your mind, it can't be both!
Amax said:
Now you say it's a x86 device while earlier it was ARM (Windows RT). Make up your mind, it can't be both!
Click to expand...
Click to collapse
...hmm actually I'm not sure. The tablet is not mine. I thought it had a Windows Rt OS. But since you say that it can't be an x86 device with an RT OS at same time...I need to find out what it really is. Thanks.
OK
I've finally found out what the OS is?
It's window 8 32bit.
The complete name of the tablet is:
samsung ativ smart xe500t1c-a01it
More, I have it at my home now.
Can we continue the topic?
Thanks
Then the methods GoodDayToDie mentioned in post #4 should work
ok
I fixed it by using Lazesoft recovery.
Thanks
Loss Password? All is not loss, even with the fact you can not boot from a USB stick drive with a password reset tool on it. The answer is actually quite simple with local access to the device Windows 8 is installed on. As long as you can get into recovery by using the "hold volume up" and pushing "Power" button method. You then simply picked Advance Recovery Options till you see Command Prompt in the menu and here's the link that'll take you the rest of the way below. What this does is replace Access Tools (for blind, etc) in Login Screen (lower left corner) with a Command Prompt window. Since it's in with the Root C drive, it makes it quite simple to merely change the password right there and be able to use it to log in immediately.
Thought your computer was safe from hackers locally? Think again (can only be run locally though, not remotely), but if you didn't have this option none of the free or pay4 password reset tools would work either. This is what they are actually doing and then they remove the Command Prompt window when done. Just like you will after using this very simple method. Or you need to use Windows Password Key to reset Samsung password.

[TWRP] 3.1.1-0 Encrypted device - Password fails but PIN works

I'm using the official version of TWRP flashed to my device.
If I set the device encryption with a password then TWRP is unable to mount the encrypted file system - It fails with 'Incorrect Password'
If I change to use a PIN then TWRP successfully mounts and decrypts the file system.
Is this a known issue, or is there any work round to enable to use of a password rather than a PIN?
Anyone?
iam-q said:
I'm using the official version of TWRP flashed to my device.
If I set the device encryption with a password then TWRP is unable to mount the encrypted file system - It fails with 'Incorrect Password'
If I change to use a PIN then TWRP successfully mounts and decrypts the file system.
Is this a known issue, or is there any work round to enable to use of a password rather than a PIN?
Click to expand...
Click to collapse
iam-q said:
Anyone?
Click to expand...
Click to collapse
Known TWRP issue across multiple device types. Google is your friend.
Alas google hints at a problem with some versions and some phones - there is no actual word from the developer(s) and if you care to check the github site you will find a mass of bugs raised with no replies and missing information. Most of the issues others have raised relate to nothing working at all or patten unlock not working.
iam-q said:
Alas google hints at a problem with some versions and some phones - there is no actual word from the developer(s) and if you care to check the github site you will find a mass of bugs raised with no replies and missing information. Most of the issues others have raised relate to nothing working at all or patten unlock not working.
Click to expand...
Click to collapse
Yes - given the number if independent reports it is reasonable to suspect there is an issue that either can not be replicated or is noting addressed

pattern-locked p9-lite, how to recover at least the photos?

The phone is fully working and connected on the Internet with the google account and everything, but who set the pattern to unlock the screen also forgot it
Apparently Google remove the option to set a temporary password using the Android Device Manager to unlock the device and the USB debugging is disable on the phone (so I guess no abd).... any ideas on how to recover the photos stored on the internal memory?
First of all, we need to know if it is yours. There are thiefs that steal phones and try to access personal data for their pleasure.
Hisuite for photos.
Johnny TDN said:
First of all, we need to know if it is yours. There are thiefs that steal phones and try to access personal data for their pleasure.
Click to expand...
Click to collapse
I'm actually trying to help the owner of the phone, no thief involved here
Since the google account is setup and the device has also internet connection, I was thinking about installing an app remotely from the play store website... but which one? I need one that installs, spawns a service and automatically exposes the content of the internal storage without touching it (wifi, ftp, ...). Any ideas?
I remember that recovery factor reset didn't remove the internal storage (in my case)
Johnny TDN said:
I remember that recovery factor reset didn't remove the internal storage (in my case)
Click to expand...
Click to collapse
The official Huawei customer support answered saying that for android >5.1.1 the procedure is to take a backup and disconnect the account before firing the "Wipe Data Factory Reset" from the recovery, if not all the user's data will be lost.
mrfree2ita said:
The official Huawei customer support answered saying that for android >5.1.1 the procedure is to take a backup and disconnect the account before firing the "Wipe Data Factory Reset" from the recovery, if not all the user's data will be lost.
Click to expand...
Click to collapse
Then the last method is this :
If you still have the warranty, make sure it has the same IMEI as the one written on the warranty (you can check what imei you have by removing the sim tray and look at the IMEI written on it), then go to HUAWEI and tell them that you forgotten your password and you need your files. They will ask you for the warranty and some security questions.(maybe, idk)
If you don't have warranty, then sorry, you are screwed.
mrfree2ita said:
The phone is fully working and connected on the Internet with the google account and everything, but who set the pattern to unlock the screen also forgot it
Apparently Google remove the option to set a temporary password using the Android Device Manager to unlock the device and the USB debugging is disable on the phone (so I guess no abd).... any ideas on how to recover the photos stored on the internal memory?
Click to expand...
Click to collapse
Does the device have a stock or custom recovery installed? In the case of a custom one, you don't need to enable USB debugging in the actual system; you can just boot into the recovery and go to town with ADB.
In the case of a stock ROM, try installing fastboot and ADB drivers, and booting into fastboot mode. I can't remember the exact key combination, but once you're booted into fastboot and connected to your PC via USB you should be able to flash TWRP or CWM without enabling debugging, I think. Guides to do this can be googled. Make sure to use the right .img for your phone though, or you'll brick it.
Once that's done and you're able to boot into a custom recovery, do so, connect to your PC via USB, fire up ADB, and use one of the following commands:
su
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
.quit
or
su
adb shell rm /data/system/gesture.key
The first of these will nullify the order in which the pattern or PIN is supposed to be inserted, meaning you can do whatever and unlock the phone. The second removes the PIN or pattern entirely.
Let me know how this went, and if you need any help, feel free to reply here or PM me. I'll get back at you as soon as I can.
mrfree2ita said:
The phone is fully working and connected on the Internet with the google account and everything, but who set the pattern to unlock the screen also forgot it
Apparently Google remove the option to set a temporary password using the Android Device Manager to unlock the device and the USB debugging is disable on the phone (so I guess no abd).... any ideas on how to recover the photos stored on the internal memory?
Click to expand...
Click to collapse
Easy..But I won't help you cause I don't know if it's your phone or not sorry

Categories

Resources