Many corporate IT security policies including mine at work are requiring that all devices used for work, i.e. BYOD, must be encrypted. I prefer my device to be rooted…and control my device to my liking. There’s a problem though… it’s not easy encrypting with root present. I set out on a mission to get it working.
There is very little information about encrypting Galaxy S6 devices (or any Galaxy for that matter) with root. I've tried numerous methods around the web and here on XDA but none worked with any of the current ROMs. I spent several days researching, investigating, and testing various methods before finding a solution that works.
Although not required, I started a fresh start—flashed the official Marshmallow stock ROM for my device (SM-G920i) and in the process wipe my device completely, including formatting the data partition and wiping the internal SD.
I previously had Lollipop installed with custom ROM. A nandroid was performed, ran TiBu then copied all the contents of the internal memory on my laptop prior to going to official stock. Can never be too careful.
The steps outlined below was tested on both ALEXIS ROM 5.0 and XtreStoLite 3.3.1 ROMs using the G920i unlocked variant. It may work on other international variants.
Flash stock Marshmallow ROM through Odin in ‘AP’ with AutoReboot and NAND Erase checked (from Odin v3.11.1 options)
Flash CF-AutoRoot via ODIN [let it auto-reboot when complete]
Flash TWRP 3.0.2-1 via ODIN [disable auto-reboot in ODIN options]
Reboot into TWRP recovery
Perform factory reset then format Data partition
Reboot TWRP recovery so that the Data partition is refreshed
Copy custom ROM and other flash files you’ll be using to /sdcard/ using ADB Push command. For example o adb push Rom.zip /sdcard/tools.
Flash custom ROM then reboot
Be patient—reboot will take about 5 minutes
Power off then boot into TWRP again to perform a factory reset and wipe Delvic cache
Reboot - wait patiently as boot will take several minutes
When the system finally boots up go through the first start wizard then go into setting to set up pin and fingerprints you wish to use
Encrypt phone -- this will take a while before it's complete. Be patient; the device will reboot several times, ask for password at boot-up then boot into the finally into the system.
The phone is now encrypted. Because we performed a factory reset, root and TWRP recovery were removed. We now have to flash CF-autoroot and TWRP recovery via Odin. Again, patience is required--it'll take about 5-10 minutes for the boot to complete.
Note that TWRP does not know how to decrypt Samsung encryption and therefore it can't read the /data/ partition. That partition will either have to be formatted before flashing a new ROM or removing encryption. Now I did not test removing the encryption, but I’d suggest that you have current backups of your device prior to performing that task.
I hope this helps anyone experiencing this issue.
Seems to me, that if they want the device encrypted, they would also prohibit root, it is a security risk.
So is there any chance to update an encrypted Rom via TWRP?
Good walkthrough.
I did also some research and i found on some other forums the opinion, that a full-disk-encryption on a rooted phone make not much sense,
where you can replace/install the custom recovery and decrpt the data with some adb commands? Is that true?
Confusing.
tefole said:
Good walkthrough.
I did also some research and i found on some other forums the opinion, that a full-disk-encryption on a rooted phone make not much sense,
where you can replace/install the custom recovery and decrpt the data with some adb commands? Is that true?
Confusing.
Click to expand...
Click to collapse
twrp do don't support samsung decryption, so encrypted data can be only deleted. but, if you enable reactivation lock, then, you can't flash in recovery, so stolen phone is like brick
BUT with custom rom (TyrannusRom and note 7 port) encrypted phone do not boot (boot loop), so there I finished my work with encryption
paulyz said:
twrp do don't support samsung decryption, so encrypted data can be only deleted. but, if you enable reactivation lock, then, you can't flash in recovery, so stolen phone is like brick
Click to expand...
Click to collapse
I see.
I believe, that i can live without the ability that TWRP doenst decrypt the /data and the /sdcard partition,
if I can run with a CFW, and if the phone is rooted and encrypted.
After i put the CFW on the phone, even I need TWRP anymore. Usually i try to dont change the CFW so frequently.
With reactivation look you mention the "OEM unlock" in the Android\developer settings I guess?
Is the flashing really locked, like brick, really? If you can't flash in recovery, but how to restore a stock firmware with odin? Isnt it the same?
I didnt get that
tefole said:
I see.
I believe, that i can live without the ability that TWRP doenst decrypt the /data and the /sdcard partition,
if I can run with a CFW, and if the phone is rooted and encrypted.
After i put the CFW on the phone, even I need TWRP anymore. Usually i try to dont change the CFW so frequently.
With reactivation look you mention the "OEM unlock" in the Android\developer settings I guess?
Is the flashing really locked, like brick, really? If you can't flash in recovery, but how to restore a stock firmware with odin? Isnt it the same?
I didnt get that
Click to expand...
Click to collapse
"Reactivation lock lets you use your Samsung account to prevent others from activating your device if it's ever lost or stolen. With Reactivation lock turned on, you will be required to enter your Samsung account credentials prior to performing a factory reset on the device. Your Samsung account login should be something you can easily remember."
when RL activated, you can't flash, you always get error.
One big problem, what after encryption you can't update ROM, change or update kernel and etc.
I see., thx for the infos.
I did some research as well. With activated RL you can go only in download mode and install stock with Odin.
But the phone is going to ask you for your samsung account credentials - anyway.
tefole said:
I see., thx for the infos.
I did some research as well. With activated RL you can go only in download mode and install stock with Odin.
But the phone is going to ask you for your samsung account credentials - anyway.
Click to expand...
Click to collapse
if you will find useful information, post, because, I very interested too, just do not have a lot time to play with this.
Hi every one
i recently bought a p9 lite.
I unlocked it and rooted it. I have not set any security measure
After that I did a reset from android and rebooted in some kind of windows
Asking me for a password
When I enter my password I used in my google account, it accept it but cannot continue and reboot. And so it does in an infinity loop.
Then I booted to TRWP recovery
When I try to format or wipe /data it gives me error.
I looked a lot and what I understand is that the data partition is somehow encrypted and TRWP cannot handle that
I did solved this by the following steps:
I installed a stock recovery and booted the phone
When asked for password I gave it and started to do a factory reset. The reset stopped at 10% and a message that reset failed.
However, when the phone rebooted, it miraculously completed the boot and he is live again
*****
What I do not understand is: why and where is the problem
And If it will give me another headache again
You had some strange encryption/security problem, if it happens again you should be able to reset your phone booting to TWRP, click on wipe, select Format Data (Not wipe!), type yes and the data partition will be formatted.
Potato997 said:
You had some strange encryption/security problem, if it happens again you should be able to reset your phone booting to TWRP, click on wipe, select Format Data (Not wipe!), type yes and the data partition will be formatted.
Click to expand...
Click to collapse
thx
I did that and it did not work
and i tried to change the file system and did not work
it show that the size is 0 mb
targat said:
thx
I did that and it did not work
and i tried to change the file system and did not work
it show that the size is 0 mb
Click to expand...
Click to collapse
In the first post you said you did a factory reset and not a Format Data. Anyway if you can flash stock recovery and it boots, it should always able to do a factory reset and allow you to boot up the phone
Potato997 said:
In the first post you said you did a factory reset and not a Format Data. Anyway if you can flash stock recovery and it boots, it should always able to do a factory reset and allow you to boot up the phone
Click to expand...
Click to collapse
yes i said i did a factory reset in the first and this what started the problem
Hi,
I have a galaxy note 4 that isn't rooted but has TWRP 2.8.5 installed. I wanted to factory data reset the device, however, I was getting the error that it was unable to mount /data. I read on XDA that I had to format data. I clicked on format data and typed in yes.
I got the message "Formatting Data using make_ext4fs function. You may need to reboot recovery to be able to use /data again. Updating partition details ... done". I see the status as "Data Format Complete Successful".
I rebooted the device, and I know the OS loaded, but I was greeted with the error "Encryption failed, cannot decrypt your device storage. You need to reset your device to factory default settings". And a reset device button. I click on the reset device button, it boots me to recovery and runs a script and again reboots to the previous error.
I tried to factory data reset it now, although it showed as successful, I was directed to the same error.
Can you please advise what should be done?
Thank you
Any update? Thanks
Bumping
You will need to take your device to a Samsung Service Centre and let them take a look at it. However seeing as you have TWRP 2.8.5 there is a chance that they won't help you. What you should have done is decrypt your device then perform a hard factory.
Are you able to go to download mode and reflash OS?
My device is not rooted. Will I be able to reflash a new OS? Please let me know. Thanks!
abhishek_turbo911 said:
My device is not rooted. Will I be able to reflash a new OS? Please let me know. Thanks!
Click to expand...
Click to collapse
No root required and it will not void your warranty and will not trip knox. You can download the the right version of OS from Sammobile site and flash it via odin in download mode. There are several guides available for it.
Hello
I have recently set a fingerprint backed up with password, which was random that I forgot few minutes later. After rebooting my phone, It asked me for the backup password and I couldn't remember.
I have G935F. Unrooted and I was not successful with rooting it and installing TWRP.
I have been getting an error from Odin saying "Fail" after attempting to flash TWRP Recovery.
I want at the first place remove the password; if possible, else I'd like to hear any suggestions from you to recover the files at least and then reset the phone to factory settings.
Thanks in advance
Hi there,
I got the brillant idea to flash a custom ROM. I needed to update my TWRP to do so. So that's what I did (with the official version for potter)
Fantastic.
I've NEVER been able to decrypt and mount my damned partitions since that. I also tried to downgrade my TWRP, nothing.
I then factory resetted with fastboot, encryption is still there... Waoh amazing.
I really don't know how to get rid of this ****. I just want to wipe everything, including this encryption (I probably don't even remember the password)
Does anyone know how to do that ?
Please.
I got International version by the way.
EDIT : I successfuly went without needed password with this version : http://149.56.164.10:1990/moto/twrp_3.1.1-0_potter.zip
I don't understand why. Like, it's encrypted but this version doesn't care about it ???
Well, it's solved.
After wiping everything with the older version, I flashed the new one using fastboot. Then after it asked me for a password, I went for "Cancel" then "Wipe" then "Format data".
Doesn't need a password anymore. Damn