Hi,
I bought the Samsung Galaxy S5 and the fingerprint reader works reasonably well (as in it works, nothing in comparison to apple though, so don't buy it for the fingerprint reader ) for unlocking the screen...
However its a work requirement that my phone has full device encryption, as phones are regularly stolen where I travel.... it seems when I enable encryption I lose the ability to use the fingerprint reader to unlock the phone .... I bought this hoping that I could avoid having to type in my complex password just to unlock the screen, as I got so tired of doing that with my S2
Is there any mods to enable finger print reader screen unlock + full device encryption at boot time for the Galaxy S5 yet? ... I saw some references to pattern unlock / pin with device encryption... but I would think the fingerprint reader is different...
Thanks!
S5 Full disk encryption with fingerprint unlock
I also have this question. I believe on the Nexus 5 it at leasts lets you use face unlock with full device encryption. And I read on one article that you should be able to do this but i do not think the author actually tried this. I will say from my own personal experience that you can infact decrypt the device after encrypting it without doing a complete wipe of the device and you can restore the use of fingerprints to unlock your phone. It seems like for security minded people this would be a great feature but if it is unable to be used with full device encryption it seems a little pointless to me. Being forced to use a PIN or password to use encryption is a big pain point for android users who want some type of security.
Yes I can't believe that no one has really complained about this yet - but I guess encryption isn't' that important to people as I imagined
androidpleb said:
Yes I can't believe that no one has really complained about this yet - but I guess encryption isn't' that important to people as I imagined
Click to expand...
Click to collapse
I am having the same pain, as I use my S5 for BYOD.
It makes no sense when you can use fingerprint to make payments with paypal but not unlocking the phone when it is encrypted.
Hope Samsung can enable this feature in next update.
I'd like this too.. as well as, the iPhone has a cydia app (that a friend of mine showed me), that you can basically disable the power button from turning off the phone while it is fingerprint locked. That would definately be nice to have on the S5 (since it's done through an app). That would have stopped the person who stole my wife's S4 from turning it off when it was blasting the locator ring at them!
sorphin said:
I'd like this too.. as well as, the iPhone has a cydia app (that a friend of mine showed me), that you can basically disable the power button from turning off the phone while it is fingerprint locked. That would definately be nice to have on the S5 (since it's done through an app). That would have stopped the person who stole my wife's S4 from turning it off when it was blasting the locator ring at them!
Click to expand...
Click to collapse
I can't believe that the fingerprint sensor can't be used if encryption is enabled whatsoever. I could understand the iPhone model, requiring a pin before a fingerprint can be used, but by disabling fingerprint lockscreen, boot unlock, and SD unlock, the fingerprint sensor is now wholly useless for convenience.
It's too trivial to extract data from an unencrypted Android. By not supporting encryption with a measure of covenieve, I don't see the point in including a fingerprint sensor whatsoever given the current software limitations.
Please, someone, figure out what sqlite/settings need to be changed so we can make decent use of our phones fingerprint sensor.
After some experiments, i found out a procedure to enable FDE and fingerprint lockscreen. Root is required (or at least I guess, I didn't try with a non-rooted system...).
These are the steps:
1) set up fingerprint lockscreen
2) with a root explorer, go to /data/system folder, and backup locksettings.db, locksettings.db-shm and locksettings.db-wal to sd card
3) set up password lockscreen
4) encrypt the device
5) when encryption is done, restore the backed-up files to /data/system: you should have fingerprint lockscreen again (no reboot needed, just turn the screen off, and magically the password should be vanished )
CAVEAT 1: with my system configuration, I wasn't able to encrypt the device directly: the encryption procedure started, but after reboot nothing happened, the device just booted normally. I don't know the exact reason, in some forums they suppose that it happens on kitkat when the device is rooted. I was able to bypass the problem only adding these steps to the procedure:
...
3b) with TWRP, backup the /system partition, and restore the stock non-rooted /system
4) encrypt the device
4b) restore the original rooted /system partition
...
I don't know if steps 3b) and 4b) are always necessary, let me know...
If you need these steps, don't worry if before restoring your custom /system partition the encryption password isn't recognized, just restore the partition and all will work fine
CAVEAT 2: once encrypted, I didn't find a way to unencrypt the device, because the unencrypt ion procedure starts, but after reboot the device is still encrypted, similar to what described in caveat 1. I tried to replace the /system partition with the stock one, but the encryption password was no longer recognized.
CAVEAT 3: the current TWRP (2.7.1) isn't able to mount S5 encrypted data partition, and restoring an image made with online nandroid backup doesn't seem to work either. So, if you want to make an image of your phone (and I suggest to do it ), do it before encryption
Boot Loop
fabiokino said:
After some experiments, i found out a procedure to enable FDE and fingerprint lockscreen. Root is required (or at least I guess, I didn't try with a non-rooted system...).
These are the steps:
1) set up fingerprint lockscreen
2) with a root explorer, go to /data/system folder, and backup locksettings.db, locksettings.db-shm and locksettings.db-wal to sd card
3) set up password lockscreen
4) encrypt the device
5) when encryption is done, restore the backed-up files to /data/system: you should have fingerprint lockscreen again (no reboot needed, just turn the screen off, and magically the password should be vanished )
CAVEAT 1: with my system configuration, I wasn't able to encrypt the device directly: the encryption procedure started, but after reboot nothing happened, the device just booted normally. I don't know the exact reason, in some forums they suppose that it happens on kitkat when the device is rooted. I was able to bypass the problem only adding these steps to the procedure:
...
3b) with TWRP, backup the /system partition, and restore the stock non-rooted /system
4) encrypt the device
4b) restore the original rooted /system partition
...
I don't know if steps 3b) and 4b) are always necessary, let me know...
If you need these steps, don't worry if before restoring your custom /system partition the encryption password isn't recognized, just restore the partition and all will work fine
CAVEAT 2: once encrypted, I didn't find a way to unencrypt the device, because the unencrypt ion procedure starts, but after reboot the device is still encrypted, similar to what described in caveat 1. I tried to replace the /system partition with the stock one, but the encryption password was no longer recognized.
CAVEAT 3: the current TWRP (2.7.1) isn't able to mount S5 encrypted data partition, and restoring an image made with online nandroid backup doesn't seem to work either. So, if you want to make an image of your phone (and I suggest to do it ), do it before encryption
Click to expand...
Click to collapse
I get samsung boot loop using the above instructions
Pierreseoul said:
I get samsung boot loop using the above instructions
Click to expand...
Click to collapse
Hi guys! Did someone try this solution? I unfortunately have the same issue and unlock my device each time make me crazy!
Thanks in advance.
Same problem
I purchased a Galaxy S5 and I have the same problem, unfortunately I cannot root my phone due to security policies in my company. :crying:
I hope Samsung will solve the issue. :fingers-crossed:
Have anyone contacted to Samsung Support Center?
Pierreseoul said:
I get samsung boot loop using the above instructions
Click to expand...
Click to collapse
What is the consequence of boot loop if you are using stock boot loader? Odin mode required to recover? Something less drastic? What device model are you using?
I found a possible solution that involves deactivating SuperSU and running encryption from there. Still investigating. I am thinking that the solution from @fabiokino will work in this case too.
I'm curious about this aswell.
Doesn't anyone know a working solution?...
It is really frustrating the very least. I can't believe there isn't a way (or if there is, a guide) to do this (with or without root access).
I have also heard it is doable on the Note 4. See this post for example http://forum.xda-developers.com/showpost.php?p=57103664&postcount=7.
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
How?
healpowah said:
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
Click to expand...
Click to collapse
Can you explain how please? I'm on stock lollipop as well and cannot use fingerprint scanner with FDE. Wondering if there's a process to it?
Thanks!
healpowah said:
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
Click to expand...
Click to collapse
Nice to see this, hope it will work on my Galaxy tab S too
Did you see this?
https://www.jethrocarr.com/2013/12/29/encrypting-disk-on-android-4/
GermanDoerksen said:
Can you explain how please? I'm on stock lollipop as well and cannot use fingerprint scanner with FDE. Wondering if there's a process to it?
Thanks!
Click to expand...
Click to collapse
Unluckily the trick showed in the previous link only encrytps the main device and not the micro SD
Joker87 said:
Unluckily the trick showed in the previous link only encrytps the main device and not the micro SD
Click to expand...
Click to collapse
Well for me that really wouldn't be a problem. I don't have an SD card so I'm okay with just FDE. Thing is I really really don't want to root my phone... No particular reason other than every older android device I've done it on always ends up slow and buggy after a few months use until I reflash with stock ROM. I would like my phone to stay buttery smooth for once..
GermanDoerksen said:
Well for me that really wouldn't be a problem. I don't have an SD card so I'm okay with just FDE. Thing is I really really don't want to root my phone... No particular reason other than every older android device I've done it on always ends up slow and buggy after a few months use until I reflash with stock ROM. I would like my phone to stay buttery smooth for once..
Click to expand...
Click to collapse
You could root then unroot it after you have encrypted it
Joker87 said:
You could root then unroot it after you have encrypted it
Click to expand...
Click to collapse
you're right... plus it's not really the "rooting" process that makes it slow, it's installing another ROM. Having a rooted phone doesn't necessarily have any performance impact... just opens up a few things for me. Interesting. Thanks! Unfortunately I've already encrypted so now I have to find that thread about how to decrypt lol.
Thanks!
Related
SOLVED.
Greets.
A mate of mine forgot his unlock password the other day. At first I thought it was gonna be the same as with Galaxy S - just flash it or better yet do a wipe/factory reset in recovery and be rid of it - boy was I wrong... I tried everything I could come up with - flashing costum SW, different kernels from xda, older/newer original SW, CMW resets etc. - no luck at all.
So now I turn to you beloved XDA and ur techies - does anyone have any idea how we could reset our SGS2's so that this passwords would be gone aswell?
Solution:
Just spam random passwords (think it was 5 wrong) and then a message appears, that the SD card will be reset and a full wipe will be done - press OK and bang the phone boots normally.
In case anyone finds themselves in the same situation. You lose all your data ofcourse but the password is deleted and bang the phone works.
What password are you talking about, because a factory reset in recovery mode should do it.
I am talking about the screen lock with a password. Like I said nothing works... everytime I turn the phone on I get the "Confirm Password" screen thrown in my face
A ROM flash should definitely get rid of that, but I'm very surprised that a factory reset doesn't do it.
Like I said I tried flashing original roms (older and newer of KE2), costum roms (villian, litenin etc.), different kernels - the password is still here.
I'm stumped then mate. I've never had a lockscreen password persist from one ROM to another. I think household insurance and a brick may be the easiest way to remove it
Hehe ye I was not exactly exstatic about it either... I've been playing with roms etc. since my 1st android Samsung Galaxy (GT-I7500) and the one thing that was always persistant was "Software saves" - and now this with the SGS2...
I just tried the same on mine - set the password and flashed the official KF3 - got welcomed with the "Confirm Password" screen and just input my password that I set before and bang the phone finished with the software update and booted normally...
Thinking this thread would be better off in the development section in case anyone will have the time to look into where this stuff is stored and make a workaround (perhaps similar like the nv_data one for network unlock).
This is purely a guess and I haven't tried it on SGS2, but you could try flashing a ROM via Odin and ticking the option "Phone EFS clear". Not sure but this could wipe also the EMMC partition where I have heard the screen lock data is stored in. I won't take any responsibility on bricked phones or other problems though...
I only did try this on my wife's SGS and for it it did not do any harm.
Nightravenn said:
Thinking this thread would be better off in the development section in case anyone will have the time to look into where this stuff is stored and make a workaround (perhaps similar like the nv_data one for network unlock).
Click to expand...
Click to collapse
Tut tut matey. It's a question - it's already in the wrong forum
Heh my bad about the placement of the topic
@Pume EFS is actually where the calibration is stored aswell (which is different for every phone/IMEI/RF), but yes I did try it aswell heh, also tried the bootloader update option ticked on - same story still the damn PSD (Password screen of death?).
First you can try to disable the password via adb (in recovery) http://forum.xda-developers.com/showthread.php?t=1110307
If its not the right description you could try to format the data partition in recovery and then flash a new rom. No idea how smart that is on the galaxy s II but on the desire it was perfectly save. Last i believe this is a more common problem and there should be other threads around with solutions.
Sent from my Transformer TF101 using XDA Premium App
Nightravenn said:
Heh my bad about the placement of the topic
@Pume EFS is actually where the calibration is stored (which is different for every phone/IMEI/RF), altho yes I did try it aswell heh, also tried the bootloader update option ticked on - same story still the damn PSD (Password screen of death?).
Click to expand...
Click to collapse
Oh, good to know anyway. Damn I'm never gonna put a password on mine as I tend to forget even my own birthday
You could try that again(flash a rom) without your SIM card and maybe without your MicroSD. Maybe it syncs with data and get the password lock from there.
Are you sure the password isn't a PUK lock? Try booting the phone without a sim. If it works, then the password is restricting your use of the service by locking you out of the phone. To solve this you can do one of two things:
1. Get the Sim replaced
2. Call your provider for an unlock code and GET RID OF IT in the security settings under sim-lock
Hope that helped!
Actually I always flash roms without the SD card and SIM as I've come to realise some .pit's acutally repartition your SD card aswell thus erasing it - cheers for the post tho.
@TheGhost1233
You might be on to something with that actually but now I have another problem... for some reason everytime I want to go to recovery it shows that little yellow box (the usual one before going into recovery) and then back to the dumbass PSD. So I can't get ADB working now at all.
I almost don't want to post this hehe...
But ye found a solution - spammed random passwords (think it was 5 wrong) and then a message appeared, that the SD card will be reset and a full wipe will be done - pressed OK and bang the phone boots normally
In case anyone finds themselves in the same situation. You lose all your data ofcourse but the password is deleted and bang the phone works
I think this is anti-theft protection, at least your info is gonna be deleted if someone steals it
Is there any way to secure android like ios7. In case if i loose my phone then no one can use it. Is it true a hard reset will remove my pattern or password? My phone is non rooted. Can someone install custom recovery too?
saudiqbal said:
Is there any way to secure android like ios7. In case if i loose my phone then no one can use it. Is it true a hard reset will remove my pattern or password? My phone is non rooted. Can someone install custom recovery too?
Click to expand...
Click to collapse
There is not fool poof way to prevent this. Even on IOS7 the security can be gotten around. Best advice is to make sure you are backing up your files.
Google does have a remote wipe option built into the Android OS. That is your best bet.
There is no full proof way to make render unusable, but you can call up your carrier and ask them to blacklist the IMEI so they can't use sim cards with it anymore.
You could however, protect your data. Do this by: encrypt your device, stock recovery, disable USB debugging, lock the bootloader. At least with this, if the device is stolen, if they don't know how to flash factory image, they'll need to enter the encrypted password to boot into the phone and can't copy over your datas.
You should also look up the app Cerberus, which with root can survive through factory reset (as long as they don't overwrite or format the "system" partition).
So, I accidentally encrypted my device when I booted a kernel that had "force encryption." Ooops. When I rebooted, it immediately started encrypting. (No prompts.)
I tried to decrpyt, but it kept asking me for a password (which I never set up) and then would say that the password was correct (no matter what I typed), but something is corrupted in my data... and that I had to factory reset.
Sure. Bite me, Google!
Steps to recover:
1. Power off
2. Boot into the bootloader
3. Boot into TWRP recovery. TWRP see's all my data fine and doesn't ask for a pw.
4. Backup the phone.
5. Use adb to pull the backup off the phone.
6. Go back into fastboot and run: fastboot format userdata.
7. Boot the phone normally (with a kernel that doesn't force encryption.)
8. (the only reason to boot here is so that android creates the proper /data directory structure.)
7. Back into TWRP...
8. adb again to push the TWRP backup back to the phone
9. Restore the backup made in step 4.
10. Reboot again. Success. Done. Everything works fine and I'm not encrypted.
So much for security, Google. Pfft...
Forgive my ignorance, I am not yet a n6 owner. What, are the disadvantages of encryption?
almahix said:
Forgive my ignorance, I am not yet a n6 owner. What, are the disadvantages of encryption?
Click to expand...
Click to collapse
Read and write speeds are slower as all data is decrypted and then encrypted as it is used.
Sent from my Nexus 7
EverDawn4 said:
Read and write speeds are slower as all data is decrypted and then encrypted as it is used.
Sent from my Nexus 7
Click to expand...
Click to collapse
Also due to the extra number crunching overhead, more battery burning.
I see how that is a negative. I'm surprised there isn't an easier way to disable encryption. I expect by tbe time I get one early next year some awesome dev will resolve that.
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Sent from my Nexus 6
garyd9 said:
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Click to expand...
Click to collapse
Encryption does have some positives, such as more protection of your data. How you describe and what you didnt doesnt show it as having much positives though
You claim it is worthless, because you could use root access and unlocked fastboot to push and pull data and all that, but can you really do all that so easily and get by the encryption without any root access and a locked bootloader? What about a not yet authorized ADB and you cant get into the device because it is locked and encrypted (in this scenario we are trying to break the encryption, not just go into the ROM and hit accept). I think everything is easier when you already have things unlocked and full system access.
Seems pretty secure to me. By the time you got to where you wanted to be, all data on the device was gone.
Mission: Accomplished.
The ONLY requirement to repeat my steps is either an installed custom recovery or an unlocked boot loader.
I'd agree with your argument if google allowed a non-encrypted fs if/when a boot loader was unlocked (which would be simple as /data is formatted on unlock anyway.)
Instead, google forces the encryption unless you swap boot partitions
Who's to say that the boot loader lock can't be worked around by someone determined? We haven't tried yet for the simple reason that the effort seems futile when we can so easily do it with fastboot. However, boot loader locks HAVE been worked around to boot custom recoveries on other devices such as Samsung and LG phones.
Once your in recovery, as I explained above, all the supposedly encrypted data is accessible.
Sent from my Nexus 6
garyd9 said:
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Sent from my Nexus 6
Click to expand...
Click to collapse
It can be bypassed because you are using the default encryption key. If you set a pin or a password it changes the encryption key and you need to enter that in recovery to access the partition.
No positives... Lol
rbox said:
It can be bypassed because you are using the default encryption key. If you set a pin or a password it changes the encryption key and you need to enter that in recovery to access the partition.
Click to expand...
Click to collapse
How many "typical" users will set a pin or password? Those same users, if they are concerned about data security, would be manually enabling encryption already.
Google (and Apple) came up with this "great" idea to force encryption on by default (and, at least in Google's case, make it the ONLY choice without modifying the system boot partition.) They claim they did this to protect data. What protection is there if Google allows the "typical" user to use the "default encryption key" and it's so easy to get the data even if "encrypted?"
I think what I'm getting at here is that I was extremely disappointed that it was so easy for me to get at my "encrypted" data using back door methods. I suspect that MOST people won't set up any extra keys/pins, and will allow the default key. They'll see that the device is "encrypted" and feel some FALSE sense of security. In fact, those people are facing a performance penalty of some degree in order to have that FALSE security.
Here's how I think Google should have done things:
1. First and foremost, don't use software encryption. Require the encryption system to have some form of hardware acceleration.
2. Instead of 'forceencryption', the fs manager should default to encryption ON if the bootloader is locked, and default to OFF if the bootloader is unlocked. The result would be that unlocking the bootloader (which nukes the /data partition and causes it to be reformatted) would start with an un-encrypted userdata partition. (The user could still enable encryption.)
3. In conjunction with #2, if there's no encryption key provided by the user, then DON'T ENCRYPT. I honestly believe that a false security is WORSE than none at all, and apparently the "default" encryption key is all but useless.
On the other hand, I hope my first post in this thread helps some user (or dev) who accidentally encrypts their filesystem while playing with kernels. Up until then, it was believed that once the userdata became encrypted, there was no way to reverse it.
Keep in mind, we XDA users are not typical users so of course we could figure this out. Secondly anyone even remotely interested in security has a password on their phone. Lastly, a question, does encryption prevent people from plugging your phone into a PC and seeing your data?
SymbioticGenius said:
Keep in mind, we XDA users are not typical users so of course we could figure this out. Secondly anyone even remotely interested in security has a password on their phone. Lastly, a question, does encryption prevent people from plugging your phone into a PC and seeing your data?
Click to expand...
Click to collapse
A counter-question: Who (or what) is google trying to "protect" us from with forcing encryption on?
No, encryption doesn't seem to block normal MTP access. Basically, an "encrypted" device (with no password), once booted, appears the same as a non-encrypted device (just a bit slower on data access.) The portion of /data presented as the "internal sd card" is accessible via MTP regardless of if encryption is on or off. (other portions of /data aren't accessible via MTP.)
With adb functional, unix permissions will block quite a bit, and once you add root to the mix, the entire phone can be accessed. (selinux probably introduces more restrictions, but I'm not familiar with them.)
Again, that leads back to the question of just who google is trying to protect us from. If the phone is encrypted (with no password) by default, and can easily be decrypted if no password was provided, then what good is the encryption? Why suffer the overhead of encryption when it doesn't serve any effective purpose?
TWRP tries the default password. If you had changed it, TWRP wouldn't have worked at all.
That was not a fair assessment of the encryption used on Android.
I actually don't think it's a big deal especially since you didn't have a password. Encryption without a password is like a door without a lock.
Also I'm assuming that once a password is active that MTP will be disabled without said password?
Again.... The point is that android is forcing encryption on even without a password. I KNOW I have no password, but if having no password makes encryption useless, why FORCE it to be on?
Sent from my Nexus 6
I think it's better than the current, if you encrypt you must use a password 24/7 mode. I prefer it this way because it's currently how I use my phone. I have a pin when I feel it's necessary (work sometimes, phone charging on a table, bar hopping, etc.) or basically whenever someone might be able to access my phone without my noticing. Otherwise I have my pin off. This works almost exactly how I've been wanting it for years. As long as when my pin is active people can't plug my phone in and view my stuff.
I've added my lockscreen pattern, but I'm not seeing an option for encrypting the phone anywhere in the settings. I've added the pattern to needed at startup, but again, not seeing anywhere to encrypt the phone, unless it's set that way as default and I'm missing it. Anyone know of a way to find out for sure what the encryption status is?
scottricketts said:
I've added my lockscreen pattern, but I'm not seeing an option for encrypting the phone anywhere in the settings. I've added the pattern to needed at startup, but again, not seeing anywhere to encrypt the phone, unless it's set that way as default and I'm missing it. Anyone know of a way to find out for sure what the encryption status is?
Click to expand...
Click to collapse
I'm fairly sure it's encrypted by default.
Make sure you encrypt your sd card.
Sent from my LG-H872 using Tapatalk
Saythis said:
I'm fairly sure it's encrypted by default.
Click to expand...
Click to collapse
It looks like it.
https://www.reddit.com/r/lgg6/comments/6a0tbb/encryption/
My US997 is not encrypted, I can boot into TWRP and see my files without typing in the PIN like I had to on my Nexus 6P.
No option in settings that I can find besides encrypting the SD Card.
Anyone get this figured out?
Does anyone have the option to encrypt their phone (not sd card)?
cory733 said:
Anyone get this figured out?
Does anyone have the option to encrypt their phone (not sd card)?
Click to expand...
Click to collapse
I just got a used/refurbished US997 the other day. From what I remember, it came with Android 7.0 and the first time I booted it up it asked me to create a pattern to start the phone (encrypt like our old 6Ps). Once setup it downloaded a major system update and restarted, and asked me for the pattern to start the phone. Once it booted up again it installed another major system update and when THAT rebooted it no longer asked for a pattern to start the phone.
I wonder if it is just the most recent version of 7.1.2 that removed the encryption? I'm pretty sure there is a way to unpack the boot images to see (I was doing this trying to revive my 6P bootloop). I too would like to encrypt my phone given that it doesn't seem to impact performance any more. Perhaps once we get Android 8.0 it will be brought back.
How do you like the G6 compared to the 6P? I'm still getting used to a few items but installing the Google Now Launcher really helped. I find the fingerprint scanner/power button combo to be really lacking (ergonomics and usability) compared to the 6P and I really miss the power button short cut to launch the camera.
Also, what's the point of TWRP? When I was trying to revive my 6P everyone kept mentioning it, but I don't quite understand why I should install that.
Thanks for the detailed response, I'll probably just leave it alone then until we get an update.
For TWRP, I installed it flash Magisk, and whatever else I might want to flash later. Always good to have an efs backup somewhere safe also. If you had a complete backup from twrp of your 6p, it may have helped you fix whatever you were having a problem with.
Compared to the 6p I love it because it fits in my pocket and has an sd card slot. The lack of mods/ dev support for this phone amazes me though.
After some more research, trying some more stuff, I came across some more info:
I turned off OEM unlocking in developer options then turned it back on. This message appears when enabling OEM unlocking: "Warning: device protection features will not work on this device while this setting is turned on."
Then I came across this thread about an S7 where someone mentions that if you enable OEM unlocking, you will lose access to Secure Startup:
https://forum.xda-developers.com/galaxy-s7/help/root-secure-startup-t3729184
Edit: looking through the fulmics thread, which i believe currently uses 7.0? There are posts in there about encryption/secure start not working either.
Can someone with a locked bootloader check to see if they have this setting? Should be settings - fingerprints and security - encryption / secure start.
cory733 said:
After some more research, trying some more stuff, I came across some more info:
I turned off OEM unlocking in developer options then turned it back on. This message appears when enabling OEM unlocking: "Warning: device protection features will not work on this device while this setting is turned on."
Then I came across this thread about an S7 where someone mentions that if you enable OEM unlocking, you will lose access to Secure Startup:
https://forum.xda-developers.com/galaxy-s7/help/root-secure-startup-t3729184
Edit: looking through the fulmics thread, which i believe currently uses 7.0? There are posts in there about encryption/secure start not working either.
Can someone with a locked bootloader check to see if they have this setting? Should be settings - fingerprints and security - encryption / secure start.
Click to expand...
Click to collapse
Ah, you may be onto something there. I did enable unlocking in the developer options, but if I remember correctly I need to perform an ABD or Fastboot command to actually unlock it, right?
u.of.ipod said:
Ah, you may be onto something there. I did enable unlocking in the developer options, but if I remember correctly I need to perform an ABD or Fastboot command to actually unlock it, right?
Click to expand...
Click to collapse
Yes, the fastboot command is what unlocks it. I think the oem unlock setting just allows you to be able to unlock it with fastboot.
cory733 said:
Edit: looking through the fulmics thread, which i believe currently uses 7.0? There are posts in there about encryption/secure start not working either.
Can someone with a locked bootloader check to see if they have this setting? Should be settings - fingerprints and security - encryption / secure start.
Click to expand...
Click to collapse
Yes I have and use that option on my stock ROM, it's available with unlocked bootloader as well. I understand that on stock the G6 is encrypted by default.
TWRP cannot mount the encrypted /data or at least couldn't when I last tried. So when you flash TWRP and try to install a custom ROM that currently works only after formatting /data (where you have to confirm with "yes") and that kills the encryption.
The custom ROMs set Force Encryption = off so that the bootloader does not complain.
The combination of an unlocked bootloader and unencrypted /data is a no go for me, because anyone who knows how to boot into recovery can simply use the TWRP file manager to get/reset fingerprint and password data and can turn off the lock screen. Everything is plain open, I've tried.
I was not able to re-enable encryption on either Fulmics or LOS. Fulmics shows the Secure Boot option but on the next start the keyboard to enter the password crashes (loop) and never comes up so I got stuck and had to reinstall. On LOS official the option to encrypt is available but not functional (yet, they say).
So I'm back on stock. My main interest with alternative ROMs is to get security updates where LG fails badly but I hope it gets better once Oreo is out given that the G6 has been registered for Google's business programme. I'd love to use LOS once it encrypts.
It's a bit sad because e.g. LOS encrypts a Samsung I have just fine but there you go - I'm not bright enough to improve LOS for the G6. The Fulmics guys are simply not interested in encryption, never got a reply when I raised the keyboard issue even though I sponsored quite a sum. I assume Fulmics cannot re-enable encryption, because it's based on stock. Stock (contrary to LOS) has no dedicated encryption option for /data and does not need it normally because it comes encrypted. Fulmics install has to format not just wipe the partition so encryption gone and no way back.
I got encryption back by returning to stock using LG Bridge.
Thanks for that reply, that clears things up a lot.
So now that you're on stock, you didn't flash TWRP? You mentioned that formatting data is what kills the encryption, but do we need to format data to flash magisk? Could I flash stock, unlock, flash twrp, leave data encrypted, then flash magisk? Then just install the app manually after booting?
I only need twrp for efs backup, which I now have, and to install magisk.
Rooted/encrypted stock is all I'm looking to achieve right now.
Moldeb said:
Yes I have and use that option on my stock ROM, it's available with unlocked bootloader as well. I understand that on stock the G6 is encrypted by default.
TWRP cannot mount the encrypted /data or at least couldn't when I last tried. So when you flash TWRP and try to install a custom ROM that currently works only after formatting /data (where you have to confirm with "yes") and that kills the encryption.
The custom ROMs set Force Encryption = off so that the bootloader does not complain.
The combination of an unlocked bootloader and unencrypted /data is a no go for me, because anyone who knows how to boot into recovery can simply use the TWRP file manager to get/reset fingerprint and password data and can turn off the lock screen. Everything is plain open, I've tried.
I was not able to re-enable encryption on either Fulmics or LOS. Fulmics shows the Secure Boot option but on the next start the keyboard to enter the password crashes (loop) and never comes up so I got stuck and had to reinstall. On LOS official the option to encrypt is available but not functional (yet, they say).
So I'm back on stock. My main interest with alternative ROMs is to get security updates where LG fails badly but I hope it gets better once Oreo is out given that the G6 has been registered for Google's business programme. I'd love to use LOS once it encrypts.
It's a bit sad because e.g. LOS encrypts a Samsung I have just fine but there you go - I'm not bright enough to improve LOS for the G6. The Fulmics guys are simply not interested in encryption, never got a reply when I raised the keyboard issue even though I sponsored quite a sum. I assume Fulmics cannot re-enable encryption, because it's based on stock. Stock (contrary to LOS) has no dedicated encryption option for /data and does not need it normally because it comes encrypted. Fulmics install has to format not just wipe the partition so encryption gone and no way back.
I got encryption back by returning to stock using LG Bridge.
Click to expand...
Click to collapse
I have my LG G2 encrypted with LineageOS and TWRP can decrypt the data, in fact it asks for password just after entering recovery.
G2? Why should that be relevant for G6? Totally different hardware...
---------- Post added at 07:25 AM ---------- Previous post was at 07:11 AM ----------
cory733 said:
Thanks for that reply, that clears things up a lot.
So now that you're on stock, you didn't flash TWRP? You mentioned that formatting data is what kills the encryption, but do we need to format data to flash magisk? Could I flash stock, unlock, flash twrp, leave data encrypted, then flash magisk? Then just install the app manually after booting?
I only need twrp for efs backup, which I now have, and to install magisk
Click to expand...
Click to collapse
I don't have TWRP right now, used to have it of course. I've not tried to just root but you can try using Zefie's unofficial version (the official can cause corruption). You'll see whether TWRP can mount the required volumes rw. If TWRP cannot mount or asks a password and yours doesn't work, you have run into LG's ex works encryption...
Moldeb said:
G2? Why should that be relevant for G6? Totally different hardware...
Click to expand...
Click to collapse
Maybe you are running a different version of TWRP or unofficial build?
On my LG G2 D802 I've installed twrp-3.2.1-0-d802-bump-blastagator-signed.zip and it prompts for decrypting password. Try this same version in case it helps on your LG G6. It should look something like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I know what it looks like, will certainly not install any G2 (D802) software on a G6 (H870) and don't recommend anyone does unless they want to brick their G6.
Moldeb said:
I know what it looks like, will certainly not install any G2 (D802) software on a G6 (H870) and don't recommend anyone does unless they want to brick their G6.
Click to expand...
Click to collapse
Look for the version for your G6, I'M NOT TELLING YOU TO USE THE G2 VERSION OF COURSE YOU SHOULDN'T DO THAT WHERE DO I SAY SUCH THING.
All the time basically. The positive experience on your G2 is as irrelevant as on my Samsung where encryption also works. Not on the G6 and I've tried the official TWRP as well as Zefie's. The problem is not that the password dialogue is missing but that your password will not work because LG seems to use something else for stock encryption.
Which is why all ROMs ask to format and not just wipe /data.
Moldeb said:
All the time basically. The positive experience on your G2 is as irrelevant as on my Samsung where encryption also works. Not on the G6 and I've tried the official TWRP as well as Zefie's. The problem is not that the password dialogue is missing but that your password will not work because LG seems to use something else for stock encryption.
Which is why all ROMs ask to format and not just wipe /data.
Click to expand...
Click to collapse
I think I have the same problem. So basically, it's not possible to use a custom ROM with encryption? I
Hello there, I'm using OnePlus 6t on OOS 10, somehow my kid changed the lockscreen pin and now forgot.
I've read multiple threads and asked a lot of people, but there seems no method to bypass the lockscreen pin.
I'd some important files which I couldn't backup/ not until my last backup.
Is there any way possible to recover my files after a hard reset as that's the only alternate i can think of without bypassing lockscreen without root.
FYI: Bootloader locked, currently locked, haven't hard reset yet, usb debugging off.
Nope, if you hard reset you lose everything. User storage is encrypted with a per-session key that is wiped when a reset occurs meaning everything on the phone becomes useless garbage the moment that key is lost. If you have adb enabled and have authorized your computer once before you might be able to pull files off using that but otherwise you might be screwed
The lock screen is designed to keep people out, wouldn't be much use if it let people exfiltrate data whenever they wanted
Don't even think you'll be able to get the pin off the phone. When you reset Google asks for the old pin used in the device.
If USB debugging is off, I don't even think you can flash stock firmware onto the device either.
You're pretty much screwed.
The best way to do is MSM tool. If you don't know the password your can't even get in to recovery mode( required password). By doing that all data will be gone.