I have a i9505 S4 with OmegaROM 4.3.1 and TWRP v2.6.3.1
Recently I had to encrypt my phone as a work policy and now I am unable to do backups via TWRP.
It keeps failing at trying to mount /data
It is not possible to do backups when encrypted or is there a work around?
You can't do the backups with encryption active. The custom recoveries don't support it, which is one reason the bootloader notifies you about the recovery whenever you boot into it.
Try to flash a different recovery like Philz or try some newer version of TWRP.
Some people claim that it should just work, so it's maybe a bug.
Or maybe you just can't do it like Strephon Alkhalikoi says, i have no idea tbh.
TWRP as of 2.2.0 supports decrypting an encrypted partition on the Galaxy Nexus, but that may well be an experimental thing. You'd need to enter the password used to encrypt the volume in TWRP's terminal window. However, the fact you're not being prompted likely means Android 5.x encryption works in a completely different fashion from the Galaxy Nexus, which is why you're getting an error. Whether the TWRP team is aware of the issues with encryption is something I don't know, but I have found plenty of anecdotes from other Android users regarding encryption issues. The general consensus is that encryption does in fact render the recovery less useful because of the inability to make a nandroid backup.
I don't believe CWM currently supports encrypted volumes. Philz will never support encrypted volumes as it's no longer being maintained.
Related
Many corporate IT security policies including mine at work are requiring that all devices used for work, i.e. BYOD, must be encrypted. I prefer my device to be rooted…and control my device to my liking. There’s a problem though… it’s not easy encrypting with root present. I set out on a mission to get it working.
There is very little information about encrypting Galaxy S6 devices (or any Galaxy for that matter) with root. I've tried numerous methods around the web and here on XDA but none worked with any of the current ROMs. I spent several days researching, investigating, and testing various methods before finding a solution that works.
Although not required, I started a fresh start—flashed the official Marshmallow stock ROM for my device (SM-G920i) and in the process wipe my device completely, including formatting the data partition and wiping the internal SD.
I previously had Lollipop installed with custom ROM. A nandroid was performed, ran TiBu then copied all the contents of the internal memory on my laptop prior to going to official stock. Can never be too careful.
The steps outlined below was tested on both ALEXIS ROM 5.0 and XtreStoLite 3.3.1 ROMs using the G920i unlocked variant. It may work on other international variants.
Flash stock Marshmallow ROM through Odin in ‘AP’ with AutoReboot and NAND Erase checked (from Odin v3.11.1 options)
Flash CF-AutoRoot via ODIN [let it auto-reboot when complete]
Flash TWRP 3.0.2-1 via ODIN [disable auto-reboot in ODIN options]
Reboot into TWRP recovery
Perform factory reset then format Data partition
Reboot TWRP recovery so that the Data partition is refreshed
Copy custom ROM and other flash files you’ll be using to /sdcard/ using ADB Push command. For example o adb push Rom.zip /sdcard/tools.
Flash custom ROM then reboot
Be patient—reboot will take about 5 minutes
Power off then boot into TWRP again to perform a factory reset and wipe Delvic cache
Reboot - wait patiently as boot will take several minutes
When the system finally boots up go through the first start wizard then go into setting to set up pin and fingerprints you wish to use
Encrypt phone -- this will take a while before it's complete. Be patient; the device will reboot several times, ask for password at boot-up then boot into the finally into the system.
The phone is now encrypted. Because we performed a factory reset, root and TWRP recovery were removed. We now have to flash CF-autoroot and TWRP recovery via Odin. Again, patience is required--it'll take about 5-10 minutes for the boot to complete.
Note that TWRP does not know how to decrypt Samsung encryption and therefore it can't read the /data/ partition. That partition will either have to be formatted before flashing a new ROM or removing encryption. Now I did not test removing the encryption, but I’d suggest that you have current backups of your device prior to performing that task.
I hope this helps anyone experiencing this issue.
Seems to me, that if they want the device encrypted, they would also prohibit root, it is a security risk.
So is there any chance to update an encrypted Rom via TWRP?
Good walkthrough.
I did also some research and i found on some other forums the opinion, that a full-disk-encryption on a rooted phone make not much sense,
where you can replace/install the custom recovery and decrpt the data with some adb commands? Is that true?
Confusing.
tefole said:
Good walkthrough.
I did also some research and i found on some other forums the opinion, that a full-disk-encryption on a rooted phone make not much sense,
where you can replace/install the custom recovery and decrpt the data with some adb commands? Is that true?
Confusing.
Click to expand...
Click to collapse
twrp do don't support samsung decryption, so encrypted data can be only deleted. but, if you enable reactivation lock, then, you can't flash in recovery, so stolen phone is like brick
BUT with custom rom (TyrannusRom and note 7 port) encrypted phone do not boot (boot loop), so there I finished my work with encryption
paulyz said:
twrp do don't support samsung decryption, so encrypted data can be only deleted. but, if you enable reactivation lock, then, you can't flash in recovery, so stolen phone is like brick
Click to expand...
Click to collapse
I see.
I believe, that i can live without the ability that TWRP doenst decrypt the /data and the /sdcard partition,
if I can run with a CFW, and if the phone is rooted and encrypted.
After i put the CFW on the phone, even I need TWRP anymore. Usually i try to dont change the CFW so frequently.
With reactivation look you mention the "OEM unlock" in the Android\developer settings I guess?
Is the flashing really locked, like brick, really? If you can't flash in recovery, but how to restore a stock firmware with odin? Isnt it the same?
I didnt get that
tefole said:
I see.
I believe, that i can live without the ability that TWRP doenst decrypt the /data and the /sdcard partition,
if I can run with a CFW, and if the phone is rooted and encrypted.
After i put the CFW on the phone, even I need TWRP anymore. Usually i try to dont change the CFW so frequently.
With reactivation look you mention the "OEM unlock" in the Android\developer settings I guess?
Is the flashing really locked, like brick, really? If you can't flash in recovery, but how to restore a stock firmware with odin? Isnt it the same?
I didnt get that
Click to expand...
Click to collapse
"Reactivation lock lets you use your Samsung account to prevent others from activating your device if it's ever lost or stolen. With Reactivation lock turned on, you will be required to enter your Samsung account credentials prior to performing a factory reset on the device. Your Samsung account login should be something you can easily remember."
when RL activated, you can't flash, you always get error.
One big problem, what after encryption you can't update ROM, change or update kernel and etc.
I see., thx for the infos.
I did some research as well. With activated RL you can go only in download mode and install stock with Odin.
But the phone is going to ask you for your samsung account credentials - anyway.
tefole said:
I see., thx for the infos.
I did some research as well. With activated RL you can go only in download mode and install stock with Odin.
But the phone is going to ask you for your samsung account credentials - anyway.
Click to expand...
Click to collapse
if you will find useful information, post, because, I very interested too, just do not have a lot time to play with this.
I've been running my XT1575 completely stock and have yet to unlock the bootloader. I'm considering enabling full-disk encryption for privacy and security. Will doing so present any complications if I choose to unlock the bootloader and load TWRP in the future?
For example, does having internal memory encrypted present a higher risk of bricking when you're loading or using a custom recovery? I'm picturing a scenario where something goes awry and you need to use ADB on a computer, but can't because of the encryption. Is this a concern, or is there an easy workaround?
I am not aware of any increased risk to the device that comes from encrypting and running a recovery like TWRP. If there is a scenario where you need to push something or execute a command using ADB, the device will need to be booted and therefore decrypted by your entering the FDE password during boot up. If you can't boot the device, I don't thing ADB would be of much help. If you needed to flash your device using fastboot, FDE has no negative effect either. The device will boot into bootloader mode even if it is encrypted. I have run into a few issues, but none that have prevented me from unlocking my bootloader, rooting my device, installing/using TWRP, or flashing custom firmware. The biggest thing to keep in mind is that unlocking your bootloader will wipe your device, removing any encryption that you enact on the device. If you encrypt while your bootloader is locked, you will have to do it again after you unlock. I have run into a problem where certain versions of TWRP cannot decrypt the /data partition due to an 'incorrect' password. This is a known issue, and some of the TWRP builds for the Pure claim to have a fix in place for FDE decryption failure error. However, I had experienced mixed results before flashing the latest TWRP for the Pure. See this thread.
I have also observed that the encryption process doesn't like to begin if Xposed is flashed onto the device. If you choose to flash Xposed, I would do it after you encrypt. If you plan to install a new ROM or need to use fastboot for anything, I would make an unencrypted backup of your encrypted storage. I have lost [encrypted] data before by dirty flashing a system image (/system is not encrypted) and I am not sure if it was my fault or if it was a security feature. Happy flashing/unlocking.
Hi
I am unable to understand the concept of Decryption. I have been rooting my phone since the time of Samsung S3. I currently own a 64gb Nexus 6p with build number N4F26T. I use the sticky guide given here to root my phone and install custom recovery.
Now I want to apply pixel mods, but they demand verity check disabled. When I go in the security of my phone, it says Phone Encrypted in Encryption. I have checked all of the threads and forums regarding this but there is no clear guideline.
Do I have to decrypt my data? If yes, how will I be going on with this process? I see the format user data command but I am on Nougat 7.1.1 so I think this is not applicable to me. But no where has it been mentioned that I have to decrypt any other way.
Any help would be appreciated as I have always received from this community. How will I go on about the decryption? Please help soon as I currently have no data in it so its easier to format it.
You do not have to decrypt your data to use those MOD's. To disable variety check all you need to do is install a custom kernel or rom that does this by default. You will not lose any data by doing this. If you wanted to decrypt your data then you would have to format the data partition on your phone. This would obviously wipe your data so you would need to make a backup first on your PC. Some people think that decrypting your data will give you a slight speed bump but I've tried both ways and haven't noticed any real difference. So far I haven't run into any reason that the data partition would need to be decrypted to install anything.
This is a Question, so you are supposed to post in the Q/A section, not General.
First, you can't just decrypt the existing data on the phone, you'll have to wipe the device first and then NOT allow the encryption to happen on your fresh install. Make sure you already have USB debugging enabled. You need to perform a factory reset to wipe the phone. Then transfer from your PC either SuperSU (zipfile) or a no force-encrypt custom kernel such as EX Kernel or Franco (zipfile) to the root of the phone (or both). You can do this with TWRP's file manager. Before booting for the first time use TWRP's "Install" to flash either SU or your kernel. Now you can boot to system and your device will not be encrypted by default. Going forward with any updates that include flashing a new boot.img you need to reflash SU or the kernel (before booting) to avoid encryption.
First of all apologies about posting in the wrong section. Secondly, I have already rooted with Supersu. So now all I need to do is format the user data and I will have decrypted data right? It won't again get encrypted, right?
Secondly, thanks alot for such prompt responses. I am unable to find the thanks button that used to be there.
Here is a quick review of what happened:
The phone was running well on Lineageos 14.1, encrypted with a pattern, with TWRP 3.1.1 as recovery. I’ve then been notified of an LOS update to 15.1 Oreo and got excited. Booted in recovery, entered my pattern to decrypt, took a full TWRP backup, flashed Oreo modem and firmware and dirty flashed (I know, bad idea) the LOS 15.1 zip.
It got stuck at boot logo. Even if I didn't have high expectations for it to work I just thought I would try the lazy way to see and use my fresh backup to restore in case of failure like I always did successfully since my Nexus One.
This time was different because as I rebooted in TWRP to restore, it didn't ask for my pattern. You guessed it, the data partition is encrypted, no access to my backup or anything on the external storage. I can mount data and see the weird encrypted file names but that's it. I tried different version of TWRP, but it never ask the pattern. Even the terminal command 'twrp decrypt *******' doesn’t work.
I then tried to wipe data and flash LOS 14.1 again but it gets stuck saying that android has no access to data partition because it’s encrypted and that I need to format. I pulled out my sim card and started to use my old oneplus one while waiting for the new version of TWRP 3.2.1.1 with the feb security patch support thinking it might then be able to decrypt but no luck still.
I can go without the phone for a while, I’ll buy another one if I have to because there is some precious data on that phone and I can’t make my mind that the data is there, I know the encryption key but I have no access to it. There must be a way, I just don’t have enough knowledge about how this encryption thing is working.
Any help would be appreciated, Thank you
jpitou said:
Here is a quick review of what happened:
The phone was running well on Lineageos 14.1, encrypted with a pattern, with TWRP 3.1.1 as recovery. I’ve then been notified of an LOS update to 15.1 Oreo and got excited. Booted in recovery, entered my pattern to decrypt, took a full TWRP backup, flashed Oreo modem and firmware and dirty flashed (I know, bad idea) the LOS 15.1 zip.
It got stuck at boot logo. Even if I didn't have high expectations for it to work I just thought I would try the lazy way to see and use my fresh backup to restore in case of failure like I always did successfully since my Nexus One.
This time was different because as I rebooted in TWRP to restore, it didn't ask for my pattern. You guessed it, the data partition is encrypted, no access to my backup or anything on the external storage. I can mount data and see the weird encrypted file names but that's it. I tried different version of TWRP, but it never ask the pattern. Even the terminal command 'twrp decrypt *******' doesn’t work.
I then tried to wipe data and flash LOS 14.1 again but it gets stuck saying that android has no access to data partition because it’s encrypted and that I need to format. I pulled out my sim card and started to use my old oneplus one while waiting for the new version of TWRP 3.2.1.1 with the feb security patch support thinking it might then be able to decrypt but no luck still.
I can go without the phone for a while, I’ll buy another one if I have to because there is some precious data on that phone and I can’t make my mind that the data is there, I know the encryption key but I have no access to it. There must be a way, I just don’t have enough knowledge about how this encryption thing is working.
Any help would be appreciated, Thank you
Click to expand...
Click to collapse
Try flash codeworkx TWRP ...
it should decrypt your data partition ...
https://downloads.sourceforge.net/project/cheeseburgerdumplings/15.1/cheeseburger/recovery/twrp-3.2.1-0-20180309-codeworkx-cheeseburger.img?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fcheeseburgerdumplings%2Ffiles%2F15.1%2Fcheeseburger%2Frecovery%2F&ts=1521806282&use_mirror=netix
PS-DEV said:
Try flash codeworkx TWRP ...
it should decrypt your data partition ...
https://downloads.sourceforge.net/project/cheeseburgerdumplings/15.1/cheeseburger/recovery/twrp-3.2.1-0-20180309-codeworkx-cheeseburger.img?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fcheeseburgerdumplings%2Ffiles%2F15.1%2Fcheeseburger%2Frecovery%2F&ts=1521806282&use_mirror=netix
Click to expand...
Click to collapse
I had tried it when it came out and I just tried it again. No difference!! It looks like twrp doesn't even see that my phone is encrypted. I've read a lot and tried many different things and I'm out of idea. All of the people I've seen with this problem have given up so they could get their phone back and running by formatting the partition, losing their data. This option is not one for me. I'd rather buy a new phone hoping for an eventual possible solution. I know the data is there, and I know the pattern key...... I mean, there's got to be a way......
I've been curious as to whether or not I can use device encryption (root '/' filesystem encryption + SD card encryption via dm / luks / whatever android uses) and still be able to use TWRP, custom ROMs (I am using RR 6 w/ tuned kernel for s5 based on los 15)? When I boot into recovery TWRP, do I just simply enter my passphrase to unlock the partitions on the device such as root and sd card, or is there some other trick to it?
I don't want to encrypt to find out I screwed the pooch. I have searched various forums but for one reason or another been unable to find a good answer.
Thanks in advance,
dataslanger
dataslanger said:
I've been curious as to whether or not I can use device encryption (root '/' filesystem encryption + SD card encryption via dm / luks / whatever android uses) and still be able to use TWRP, custom ROMs (I am using RR 6 w/ tuned kernel for s5 based on los 15)? When I boot into recovery TWRP, do I just simply enter my passphrase to unlock the partitions on the device such as root and sd card, or is there some other trick to it?
I don't want to encrypt to find out I screwed the pooch. I have searched various forums but for one reason or another been unable to find a good answer.
Thanks in advance,
dataslanger
Click to expand...
Click to collapse
Any rom that fully supports selinux is able to use encryption and the latest version of twrp can decrypt it
It will ask for you to enter your decrypt key to decrypt data
Lineage 15.1 (and roms based on it) support encryption
The test versions of lineage 16 currently at time of writing don't support selinux (but will once they become official)
Thanks, I will perform a TWRP full system backup, copy it to computer, and then give the full encryption a try.