Phone encrypted after flashing rom, cannot decrypt using TWRP. - Nexus 6P Q&A, Help & Troubleshooting

As the title states, I flashed the lastest Cataclysm (stable) and ElementalX kernel(also TWRP asked me that SuperSU wasn't present and to flash it so I did, that might've messed it up), phone booted up fine and set my fingerprint password and everything. I decided to reboot my phone and the phone encrypted itself and now the ROM is force closing and I can't do anything. It asks for a password every time the recovery starts up (I tried default_password, no go) and TWRP won't let me decrypt.
So my question is, is there a way to decrypt without erasing userdata? Would really like to keep my internal storage. I have lots of important pictures and files.

Jimlarck said:
As the title states, I flashed the lastest Cataclysm (stable) and ElementalX kernel(also TWRP asked me that SuperSU wasn't present and to flash it so I did, that might've messed it up), phone booted up fine and set my fingerprint password and everything. I decided to reboot my phone and the phone encrypted itself and now the ROM is force closing and I can't do anything. It asks for a password every time the recovery starts up (I tried default_password, no go) and TWRP won't let me decrypt.
So my question is, is there a way to decrypt without erasing userdata? Would really like to keep my internal storage. I have lots of important pictures and files.
Click to expand...
Click to collapse
Transfer the files to your computer and decrypt properly, either via fastboot line command, or one of the toolkits that will do the fastboot command lines for you...there is no way around nuking your internal memory if you want to decrypt...it's that simple.
Sent from my Nexus 6P, #WhiteUIsMustDie, #EndDarkAppOppression

micmars said:
Transfer the files to your computer and decrypt properly, either via fastboot line command, or one of the toolkits that will do the fastboot command lines for you...there is no way around nuking your internal memory if you want to decrypt...it's that simple.
Sent from my Nexus 6P, #WhiteUIsMustDie, #EndDarkAppOppression
Click to expand...
Click to collapse
Damn, thought there might be a magic guru way of decrypted your storage. Why did it encrypt in the first place? Can ROMs encrypt devices when flashed?
Also, I thought it being encrypted prevented me from moving any of the files out of my phone?

Jimlarck said:
Damn, thought there might be a magic guru way of decrypted your storage. Why did it encrypt in the first place? Can ROMs encrypt devices when flashed?
Also, I thought it being encrypted prevented me from moving any of the files out of my phone?
Click to expand...
Click to collapse
Nope, unfortunately, no magic way around it...
As to whether roms can or cannot encrypt, it is the kernel that either forces encryption or allows for you to remain in your current state (either encrypted or decrypted)...you'd never want a kernel to force decryption, as that rom would erase your entire internal memory.
As to moving files from your phone, here's a very simple way of looking at it that is not too far from the reality of things under the hood...
When you have an encrypted device, and you have a password set, once you enter your password, you can move files freely from your device to your computer, etc, without issue, and they'll be decrypted.
If you are encrypted, do not know your password, and try to move those same files, they'll be encrypted and unreadable to anyone. To many, that's a excellent feature...it's comforting to know that any unsuspecting thief can't get access to your stuff...and it also allows you time to remotely wipe your device using Android Device Manager from your computer.
Finally, as to how it works, it is my understanding that the device stores your password on the same partition from where it decrypts files prior to opening them, making for a very efficient and effective security measure.
I hope this helps.
Sent from my Nexus 6P, #WhiteUIsMustDie, #EndDarkAppOppression

FYI:
- twrp backup data
- copy /sdcard to pc
- fastboot format userdata
- copy from pc to /sdcard
- restore data in twrp
are the needed steps to decrypt without losing any data.

Delete

Related

Flashed TWRP and rooted, now my file system is encrypted?

I somehow got my filesystem encrypted when I flashed TWRP and rooted. When I try to boot into TWRP, I have to enter a password to be able to see anything or do any modifications. What happened?
I didnt have this problem on my Axon but googled.
http://forum.xda-developers.com/google-nexus-5/help/twrp-password-t2511049
I have no idea if this will help you or not but it will wipe data so your phone will be factory reset. Do at your own risk.
Twerkules said:
I somehow got my filesystem encrypted when I flashed TWRP and rooted. When I try to boot into TWRP, I have to enter a password to be able to see anything or do any modifications. What happened?
Click to expand...
Click to collapse
bhint15 said:
I didnt have this problem on my Axon but googled.
http://forum.xda-developers.com/google-nexus-5/help/twrp-password-t2511049
I have no idea if this will help you or not but it will wipe data so your phone will be factory reset. Do at your own risk.
Click to expand...
Click to collapse
This is from the Thread @bhint15 posted ,
Hit cancel at the password screen, then go into Wipe and then do a factory reset by swiping. Then go back into Wipe and press the 'Format data' button. You have to type 'Yes', and it will take a few seconds. After that everything should work normally.
Click to expand...
Click to collapse
and the reason why ask for password is cuz Axon 7 Data/Storage is Automatically encrypted out of the box, that's why you don't or not going to find any sort of encryption data setting under Settings and That's the reason a lot of users here have issues trying to get back to stock or something similar.....
This may give you some insight.
https://youtu.be/y0fHGJY-vFE
For me it's the Axon 7. I like the bigger res screen, the upcoming daydream compatibility and superior audio and non-Apple like OS.
The Honor 8 dies seem to have a better camera, but I can live with that. Plus I have an LG G5 for when I want photos.
You just have to decide witch Frasier is more important to you.
RojasTKD said:
This may give you some insight.
https://youtu.be/y0fHGJY-vFE
For me it's the Axon 7. I like the bigger res screen, the upcoming daydream compatibility and superior audio and non-Apple like OS.
The Honor 8 dies seem to have a better camera, but I can live with that. Plus I have an LG G5 for when I want photos.
You just have to decide witch Frasier is more important to you.
Click to expand...
Click to collapse
Wrong Thread mate LoL,
DrakenFX said:
Wrong Thread mate LoL,
Click to expand...
Click to collapse
What the neck how did u end up here....
Disregard ?
DrakenFX said:
This is from the Thread @bhint15 posted ,
and the reason why ask for password is cuz Axon 7 Data/Storage is Automatically encrypted out of the box, that's why you don't or not going to find any sort of encryption data setting under Settings and That's the reason a lot of users here have issues trying to get back to stock or something similar.....
Click to expand...
Click to collapse
Alright, I managed to be able to write to /system temporarily by formatting the Data partition in TWRP, then rebooting back into TWRP. However, after rebooting into OS and setting up my phone, I rebooted into TWRP and was faced with the encryption password prompt again! Does the filesystem just re-encrypt itself when you start the OS, or am I doing something wrong?
Twerkules said:
Alright, I managed to be able to write to /system temporarily by formatting the Data partition in TWRP, then rebooting back into TWRP. However, after rebooting into OS and setting up my phone, I rebooted into TWRP and was faced with the encryption password prompt again! Does the filesystem just re-encrypt itself when you start the OS, or am I doing something wrong?
Click to expand...
Click to collapse
I gave up for now. I tried for 4 days to fix this. In the end I have 30 days to return the phone. Hopefully someone will figure out a work around for this issue. I really like using twrp. I have not read a comment on here of anyone being able to boot into system then back into twrp with out having to enter a password to decrypt. I hope someone out there can do it and they figure out a way to fix it for the rest of us..
HonestOtter said:
I gave up for now. I tried for 4 days to fix this. In the end I have 30 days to return the phone. Hopefully someone will figure out a work around for this issue. I really like using twrp. I have not read a comment on here of anyone being able to boot into system then back into twrp with out having to enter a password to decrypt. I hope someone out there can do it and they figure out a way to fix it for the rest of us..
Click to expand...
Click to collapse
When does twrp prompt for password? I just booted into TWRP and it didn't prompt me. Then I simply booted back into the rom. Never prompted for a password.
runderekrun said:
When does twrp prompt for password? I just booted into TWRP and it didn't prompt me. Then I simply booted back into the rom. Never prompted for a password.
Click to expand...
Click to collapse
As soon as I get into TWRP it asks me for the password. I can continue into TWRP but I can't mount or modify the /system partition (it reads as 0b in TWRP File Browser). No idea how to fix, but I'm glad it's not just me having this issue.
As of right now, it looks like we are going to have to wait for custom ROMs for a fix, unless TWRP gets an update just for this. I saw a thread here asking users for info for final tweaks on a CM13 port to the Axon 7.
Twerkules said:
As soon as I get into TWRP it asks me for the password. I can continue into TWRP but I can't mount or modify the /system partition (it reads as 0b in TWRP File Browser). No idea how to fix, but I'm glad it's not just me having this issue.
As of right now, it looks like we are going to have to wait for custom ROMs for a fix, unless TWRP gets an update just for this. I saw a thread here asking users for info for final tweaks on a CM13 port to the Axon 7.
Click to expand...
Click to collapse
Which bootloader unlock did you do? I wonder, why would this not happen to me but happen to you? I am willing to test anything that needs to be tested.
You cannot fix that. Like DrakenFX said, the partition encrypts itself in the OS. You cannot disable/bypass this!
XblackdemonX said:
You cannot fix that. Like DrakenFX said, the partition encrypts itself in the OS. You cannot disable/bypass this!
Click to expand...
Click to collapse
Auto-encrypted can be disabled but that's way, way out of my league, need to rebuild boot. Img with that feature disabled.
There are two different scenarios that will be in play here. Is the bootloader unlocked or not. If the bootloader is unlocked then boot.img can be patched with the zip from idlekernle that disables the dm-verity and fstab. You cannot do this if your BL is locked, because it will modify the signed boot.img that that provides root, and will not boot anymore.
After it's patched, the system will not encrypt after /data wipe and TWRP will access it without problem. The downside is no encryption.
For the BL locked crowed, the /data has to be reformatted after flashing new rooted boot.img. This image also enforces encryption so one way to solve this would be for @tenfar to provide us with signed boot.img that set encryption of as well as. Otherwise the TWRP will need a password to decrypt /data if it can't use the default_password. In this case you should be able to enter the same pin you have setup for lock screen to decrypt the main encryption key.
The system re-encrypts itself on every system start after factory reset or /data format because of the forceencrypt flag in fstab, so the pin will be needed as long as that's the case. While TWRP should be able to try to decrypt with "default_password" in case you have not setup any on lockscreen, this sometimes fails, so having a pin on lockscreen usually helps. The cause is most likely that /cryptkey is altered somehow and TWRP can't use it. Wiping /data and rebooting should generate an fresh /cryptkey. I have been able to just flash modded recovery while still on stock boot and backup the /data with no key.
/system should not be encrypted ever since it would make block level OTA impossible to do. Why TWRP is not mounting it or seeing it 0b is a separate question.
Twerkules said:
As soon as I get into TWRP it asks me for the password. I can continue into TWRP but I can't mount or modify the /system partition (it reads as 0b in TWRP File Browser). No idea how to fix, but I'm glad it's not just me having this issue.
As of right now, it looks like we are going to have to wait for custom ROMs for a fix, unless TWRP gets an update just for this. I saw a thread here asking users for info for final tweaks on a CM13 port to the Axon 7.
Click to expand...
Click to collapse
That would be dreamy. I have no issues waiting, fingers crossed.
---------- Post added at 09:53 PM ---------- Previous post was at 09:49 PM ----------
peramikic said:
There are two different scenarios that will be in play here. Is the bootloader unlocked or not. If the bootloader is unlocked then boot.img can be patched with the zip from idlekernle that disables the dm-verity and fstab. You cannot do this if your BL is locked, because it will modify the signed boot.img that that provides root, and will not boot anymore.
After it's patched, the system will not encrypt after /data wipe and TWRP will access it without problem. The downside is no encryption.
For the BL locked crowed, the /data has to be reformatted after flashing new rooted boot.img. This image also enforces encryption so one way to solve this would be for @tenfar to provide us with signed boot.img that set encryption of as well as. Otherwise the TWRP will need a password to decrypt /data if it can't use the default_password. In this case you should be able to enter the same pin you have setup for lock screen to decrypt the main encryption key.
The system re-encrypts itself on every system start after factory reset or /data format because of the forceencrypt flag in fstab, so the pin will be needed as long as that's the case. While TWRP should be able to try to decrypt with "default_password" in case you have not setup any on lockscreen, this sometimes fails, so having a pin on lockscreen usually helps. The cause is most likely that /cryptkey is altered somehow and TWRP can't use it. Wiping /data and rebooting should generate an fresh /cryptkey. I have been able to just flash modded recovery while still on stock boot and backup the /data with no key.
/system should not be encrypted ever since it would make block level OTA impossible to do. Why TWRP is not mounting it or seeing it 0b is a separate question.
Click to expand...
Click to collapse
Well i have formatted my data maybe 30 times with all sorts of different recoveries and boot images. My original boot image is long gone so hopefully that isn't the key. I also don't use a lock screen, I guess I could if it unlocks the data, but I certainly wouldn't want to keep using a lock screen. Anyways I am done with the phone for now, will revisit it when someone fixes posts they had the decrypt PW issue and fixed it.
HonestOtter said:
That would be dreamy. I have no issues waiting, fingers crossed.
---------- Post added at 09:53 PM ---------- Previous post was at 09:49 PM ----------
Well i have formatted my data maybe 30 times with all sorts of different recoveries and boot images. My original boot image is long gone so hopefully that isn't the key. I also don't use a lock screen, I guess I could if it unlocks the data, but I certainly wouldn't want to keep using a lock screen. Anyways I am done with the phone for now, will revisit it when someone fixes posts they had the decrypt PW issue and fixed it.
Click to expand...
Click to collapse
See if you can set the pin, go into TWRP and us it. If it works, go back to OS and remove lockscreen, set to none and then go back to TWRP and see if it still asks for one. Did you run TWRP in read only mode or did you swipe to mount as RW?
peramikic said:
See if you can set the pin, go into TWRP and us it. If it works, go back to OS and remove lockscreen, set to none and then go back to TWRP and see if it still asks for one. Did you run TWRP in read only mode or did you swipe to mount as RW?
Click to expand...
Click to collapse
I assume you mean the lock screen pin? I set a lock screen pin of 1234, but "password failed, please try again". So that didn't work. Is there a different pin for the encryption?
***update
That sucked. I don't use a lock screen but after I tried the pin it won't let be go back to none for the lock screen. I was just starting to use this phone to, now its back to the old phone because I can't use a phone with a lock screen . So sad. Hopefully someone figures out a solution to all this security crap.
I'm having the same issue on B27. Do a factory Reset, then a Format, and after it boots to the OS, the data is encrypted again. I'd be somewhat ok with it but I'm not clear on how to install things like Xposed if the drive is encrypted? I assumed ADB SIDELOAD... but not through encryption.
If the answer is "I don't know" -- then can someone help me restore to stock B27. I have a locked bootloader.
zigzampow said:
I'm having the same issue on B27. Do a factory Reset, then a Format, and after it boots to the OS, the data is encrypted again. I'd be somewhat ok with it but I'm not clear on how to install things like Xposed if the drive is encrypted? I assumed ADB SIDELOAD... but not through encryption.
If the answer is "I don't know" -- then can someone help me restore to stock B27. I have a locked bootloader.
Click to expand...
Click to collapse
Xposed should install just fine if you're getting the message in TWRP. Id you're getting the encryption message after the phone is booted and can't access the phone, then you need to format data, then install Xposed so you can use the phone.
Some zips like SuperSU zip will not be able to be installed when the partition is encrypted. Xposed zip should install just fine
mmamedov said:
Xposed should install just fine if you're getting the message in TWRP. Id you're getting the encryption message after the phone is booted and can't access the phone, then you need to format data, then install Xposed so you can use the phone.
Some zips like SuperSU zip will not be able to be installed when the partition is encrypted. Xposed zip should install just fine
Click to expand...
Click to collapse
But if TWRP cannot access the encrypted data, how can one select and flash the TWRP flashable zip that accompanies the Xposed APK? Is the only solution to sideload? I see the option in TWRP but I am not familiar with how to do it.

Unable to understand decryption

Hi
I am unable to understand the concept of Decryption. I have been rooting my phone since the time of Samsung S3. I currently own a 64gb Nexus 6p with build number N4F26T. I use the sticky guide given here to root my phone and install custom recovery.
Now I want to apply pixel mods, but they demand verity check disabled. When I go in the security of my phone, it says Phone Encrypted in Encryption. I have checked all of the threads and forums regarding this but there is no clear guideline.
Do I have to decrypt my data? If yes, how will I be going on with this process? I see the format user data command but I am on Nougat 7.1.1 so I think this is not applicable to me. But no where has it been mentioned that I have to decrypt any other way.
Any help would be appreciated as I have always received from this community. How will I go on about the decryption? Please help soon as I currently have no data in it so its easier to format it.
You do not have to decrypt your data to use those MOD's. To disable variety check all you need to do is install a custom kernel or rom that does this by default. You will not lose any data by doing this. If you wanted to decrypt your data then you would have to format the data partition on your phone. This would obviously wipe your data so you would need to make a backup first on your PC. Some people think that decrypting your data will give you a slight speed bump but I've tried both ways and haven't noticed any real difference. So far I haven't run into any reason that the data partition would need to be decrypted to install anything.
This is a Question, so you are supposed to post in the Q/A section, not General.
First, you can't just decrypt the existing data on the phone, you'll have to wipe the device first and then NOT allow the encryption to happen on your fresh install. Make sure you already have USB debugging enabled. You need to perform a factory reset to wipe the phone. Then transfer from your PC either SuperSU (zipfile) or a no force-encrypt custom kernel such as EX Kernel or Franco (zipfile) to the root of the phone (or both). You can do this with TWRP's file manager. Before booting for the first time use TWRP's "Install" to flash either SU or your kernel. Now you can boot to system and your device will not be encrypted by default. Going forward with any updates that include flashing a new boot.img you need to reflash SU or the kernel (before booting) to avoid encryption.
First of all apologies about posting in the wrong section. Secondly, I have already rooted with Supersu. So now all I need to do is format the user data and I will have decrypted data right? It won't again get encrypted, right?
Secondly, thanks alot for such prompt responses. I am unable to find the thanks button that used to be there.

Problems with encryption, TWRP and Oxygen OS

Hello.
Today I restarted the phone in TWRP to wipe cache. It did not accepted my password, although I remembered it correctly. I tried to enter the ROM, but it still didn't accept it. After many many tries, I succeeded in entering the rom. Googled about this and someone said
Simply boot into TWRP and enter your PIN (if you've set one) to decrypt the stroage. If you don't have TWRP (for whatever reason) you can do so via ADB too but ONLY if you've connected your phone to your PC beforehand and also accepted it's fingerprint on the phone itself.
Delete (or rename) the following files inside /data/system (note that probably not all of them exist for you, simply delete those you can find):
password.key
pattern.key
locksettings.db-wal
locksettings.db-shm
locksettings.db
Reboot the phone and (if you've set a PIN) enter it to decrypt the storage one more time. After that you can simply unlock your phone with a swipe.
Go into Settings > Security and set your preferred unlock method again, Android will ask you if you want to set a boot-time code too. Select whatever you want here, it's a nice security addition but can be annoying sometimes.
Enjoy your phone again!
Click to expand...
Click to collapse
I did that, but now when I enter the rom, it just shows the wallpaper with nothing on it. If I try to enter TWRP, it asks for a password and my old one does not work. I wanted to flash the rom via TWRP, but everything is encrypted. Tried installing the custom recovery to flash from the sd card, but the files or still encrypted.
What can I try next? I really really dont wan't to format everything, as I have lots of files and photos on the phone. Thanks!!
reneftw said:
Hello.
Today I restarted the phone in TWRP to wipe cache. It did not accepted my password, although I remembered it correctly. I tried to enter the ROM, but it still didn't accept it. After many many tries, I succeeded in entering the rom. Googled about this and someone said
I did that, but now when I enter the rom, it just shows the wallpaper with nothing on it. If I try to enter TWRP, it asks for a password and my old one does not work. I wanted to flash the rom via TWRP, but everything is encrypted. Tried installing the custom recovery to flash from the sd card, but the files or still encrypted.
What can I try next? I really really dont wan't to format everything, as I have lots of files and photos on the phone. Thanks!!
Click to expand...
Click to collapse
If you are able to get into the phone, then go in and remove your security, pin / password etc.
I'm hazarding a guest that you decrypted your device and now you're stuck like this ?
You may have to format data, not a wipe, a format.
Not sure if the OnePlus has a safe mode but that should enable you to get into the OS and make the needed changes in security then go to twrp and you should be good to go.
Are you able to see your data when connected to a computer? IE when your phone boots ? Get your data backed up.
Sent from my ONEPLUS A5000 using XDA-Developers Legacy app

(Yet Another) Question on Encryption

So, I've been reading ad nauseum on this topic with regards to flashing new ROMs on my 6t and getting locked out due to decryption.
Among other threads and places across the interweb, I've read all of these:
https://forum.xda-developers.com/search/forum/8259?query=Encryption
During my travels I've discovered that the s**t doesn't really hit the fan until "data" is wiped via TWRP. I see that the recommend process for flashing new ROMs goes like this:
Boot on twrp
Flash ROM
Flash twrp installer
Reboot to twrp
Factory reset
Reboot to system
Am I understanding this correctly that if I transpose steps 4 and 5, then I shall plan on losing all of my data, but if I reboot from TWRP (right back into TWRP) before step 5 (aka data wipe), I shouldn't loose my data?
Assuming that is correct, does it matter if I leave a lock screen password enabled before rebooting to TWRP from the soon-to-be replaced ROM? I ask this because removing the lock screen password did not seem to reduce my chances of encountering permananly encrypted data.
Thanks!
notorious.dds said:
So, I've been reading ad nauseum on this topic with regards to flashing new ROMs on my 6t and getting locked out due to decryption.
Among other threads and places across the interweb, I've read all of these:
https://forum.xda-developers.com/search/forum/8259?query=Encryption
During my travels I've discovered that the s**t doesn't really hit the fan until "data" is wiped via TWRP. I see that the recommend process for flashing new ROMs goes like this:
Boot on twrp
Flash ROM
Flash twrp installer
Reboot to twrp
Factory reset
Reboot to system
Am I understanding this correctly that if I transpose steps 4 and 5, then I shall plan on losing all of my data, but if I reboot from TWRP (right back into TWRP) before step 5 (aka data wipe), I shouldn't loose my data?
Assuming that is correct, does it matter if I leave a lock screen password enabled before rebooting to TWRP from the soon-to-be replaced ROM? I ask this because removing the lock screen password did not seem to reduce my chances of encountering permananly encrypted data.
Thanks!
Click to expand...
Click to collapse
Yes. For the love of god. Someone please clear up how we can flash on the go. I don't always have access to a computer with Adb/fastboot.
Every time I try to switch roms, upon rebooting to TWRP, my folders encrypt. Then I have to format data and voila, no fricking ROM to flash and I'm stuck
idkwhothatis123 said:
Yes. For the love of god. Someone please clear up how we can flash on the go. I don't always have access to a computer with Adb/fastboot.
Every time I try to switch roms, upon rebooting to TWRP, my folders encrypt. Then I have to format data and voila, no fricking ROM to flash and I'm stuck
Click to expand...
Click to collapse
Yeah A/B partition are a nuisance when it comes to flashing. I'd recommend you to do a clean flash of the ROM. Follow these steps.
1. Download the Latest Stable OOS from OnePlus's Website. Download the ROM ZIP of your Choice as well as the latest TWRP Installer. Transfer these to your phone and also copy them to a Laptop as you might have to Format Data.
2. Now Reboot to Recovery and flash OOS ZIP and TWRP Installer. Let it finish. Once it's done Reboot to Recovery from Within TWRP.
3. Again flash OOS and TWRP Installer. If for some reason your folders are messed up (as you posted in the image earlier) just go to Wipe and Format Data. And transfer the OOS and TWRP Installer to Internal and Flash them. Let it finish.
4. Once that's done, now again Reboot to Recovery and now flash ROM and TWRP Installer. After that's done, again Reboot to Recovery.
5. Again, flash ROM and TWRP Installer. Once done, Reboot to Recovery.
6. Now flash Gapps of your Choice. Stock are Recommend while anything above Nano will work. AROMA won't work. Once Gapps are flashed now go to Wipe and do a Factory Reset (Swipe to Factory Reset). Once that's Done, hit Reboot System and wait for the ROM to Load.
7. After the Initial Setup, Reboot to Recovery and flash Magisk and Custom Kernel if you want.
Personally I Format Data after flashing Gapps to get a "clean install". But that's not necessary. Also if you want to flash ROMs often I'd suggest investing in Swift Backup. It's an excellent app for Backups and can Backup almost Anything. Hope this helps.
This is what I do. Occasionally I get the Encrypted Folders but if followed correctly all is smooth. I can flash any ROM without Encryption. Except maybe stock OOS.
Thanks Mannan.
However, what I'm really looking for is someone to explain the following:
1. Which action or actions is it that triggers the phone to be encypted without a way to decrypt when flashing a new rom? My suspicion is that if the phone was encrypted while having been boot from slot A, then wiping data while in slot A results in data loss. By extension, rebooting into slot B and then wiping data allows slot B to now hold the encryption key. I'm sure this theory has got some errors, but it's the best I can come up with having no intrinsic knowledge on the topic.
2. Are there any means of mitigating data loss should the phone become encrypted? I.e. If possible, can I back up data (minus /data/media) and then restore that when I can't get access to /data/media?
With regards to question #1, I developed my "suspicion" after lossing ambition to test it. When I get my ambition back to fight this issue, I'll try again. I'm just getting sick of transfering 25+ gigs of data via adb every time the data gets encrypted and I can't get it decrypted.
notorious.dds said:
Thanks Mannan.
However, what I'm really looking for is someone to explain the following:
1. Which action or actions is it that triggers the phone to be encypted without a way to decrypt when flashing a new rom? My suspicion is that if the phone was encrypted while having been boot from slot A, then wiping data while in slot A results in data loss. By extension, rebooting into slot B and then wiping data allows slot B to now hold the encryption key. I'm sure this theory has got some errors, but it's the best I can come up with having no intrinsic knowledge on the topic.
2. Are there any means of mitigating data loss should the phone become encrypted? I.e. If possible, can I back up data (minus /data/media) and then restore that when I can't get access to /data/media?
With regards to question #1, I developed my "suspicion" after lossing ambition to test it. When I get my ambition back to fight this issue, I'll try again. I'm just getting sick of transfering 25+ gigs of data via adb every time the data encryption kicks in.
Click to expand...
Click to collapse
You're not that far off, actually. And while I'm no developer I suspect that Encryption kicks in when
a). You flash stock OOS. No matter what ROM you are on, when you flash OOS it's possible you can get encrypted. I'm not sure about this but if a developer could confirm that'd be great. This one time, I flashed OOS Stable while on Beta and it Encrypted my Storage. So I had to retransfer with a computer to flash it the required two times. So basically avoid flashing OOS when on a Custom ROM. Even when switching ROMs.
b). Just as you said, when you Wipe Data within TWRP and then Reboot to TWRP it also Encrypts the Device. So I usually Wipe Data after flashing ROM & Gapps. Otherwise if you Wipe Data after flashing ROM it will Encrypt you.
And to answer that last Question the app I personally use is called Swift Backup. It's an amazing app and although it costs $5.49 it can Backup Apps and Data. It can also backup the Files in Android/obb. Give it a go.
Mannan Qamar said:
You're not that far off, actually. And while I'm no developer I suspect that Encryption kicks in when
a). You flash stock OOS. No matter what ROM you are on, when you flash OOS it's possible you can get encrypted. I'm not sure about this but if a developer could confirm that'd be great. This one time, I flashed OOS Stable while on Beta and it Encrypted my Storage. So I had to retransfer with a computer to flash it the required two times. So basically avoid flashing OOS when on a Custom ROM. Even when switching ROMs.
Click to expand...
Click to collapse
I've been fiddling around with OOS and The Pixel Experience (aka TPE) ROM. I've yet to need to flash OOS in order to loose my ability to decrypt. Flashing TPE screws everything up quite nicely as well. That said, I have gotten into the situation where TWRP (booted from either slot) has got everything encrypted. However, in one case, I was able to get the data back by recreating the boot_a partition as it existed before I wiped data. I think there may be something to be learned here. However, subsequent attempts to use this method have not been successful. In other words, I'm not sure what I actually learned.
Mannan Qamar said:
And to answer that last Question the app I personally use is called Swift Backup. It's an amazing app and although it costs $5.49 it can Backup Apps and Data. It can also backup the Files in Android/obb. Give it a go.
Click to expand...
Click to collapse
I'm still using Titanium Backup (paid version as well). It works quite well and I'm happy with it. That said, it's still a much bigger pain in the butt to restore vs performing a nandroid restore of the data. It's apples and oranges though. In order for the nandroid to provide any real value, you pretty much have to do right before need it... unless you never do anything on your phone. It also only works with the ROM from which it was created... obviously. Since my current nandroid backup of /data is > 22 gb, its fairly cumbersome.
notorious.dds said:
I've been fiddling around with OOS and The Pixel Experience (aka TPE) ROM. I've yet to need to flash OOS in order to loose my ability to decrypt. Flashing TPE screws everything up quite nicely as well. That said, I have gotten into the situation where TWRP (booted from either slot) has got everything encrypted. However, in one case, I was able to get the data back by recreating the boot_a partition as it existed before I wiped data. I think there may be something to be learned here. However, subsequent attempts to use this method have not been successful. In other words, I'm not sure what I actually learned.
I'm still using Titanium Backup (paid version as well). It works quite well and I'm happy with it. That said, it's still a much bigger pain in the butt to restore vs performing a nandroid restore of the data. It's apples and oranges though. In order for the nandroid to provide any real value, you pretty much have to do right before need it... unless you never do anything on your phone. It also only works with the ROM from which it was created... obviously. Since my current nandroid backup of /data is > 22 gb, its fairly cumbersome.
Click to expand...
Click to collapse
I dunno if it will work but when you get Encrypted try booting the TWRP image. Maybe that'll work.
Doesn't this problem occur with backups and restore from twrp as well?.... This A/B stuff I'm not used to but I'll keep reading and hopefully something in my brain will kick in lol...
Mannan Qamar said:
I dunno if it will work but when you get Encrypted try booting the TWRP image. Maybe that'll work.
Click to expand...
Click to collapse
Yeah, that I defintitely tried. No dice. However, I just backed up everthing and I'm about to start blowing the thing up with ROM flashes. Consider it a stress test. I'll report back.
What I've got so far...
Coming from OOS 9.0.14 running on slot B with a lock screen pattern enabled, I boot into TWRP on slot B.
I then flashed The Pixel Experiance ROM via it's .zip file. (The flash is then applied to slot A because it goes to the inactive slot).
Flashed the TWRP install .zip
Changed active slot to A
Reboot to recovery (aka TWRP) ... now in slot A.
wiped data (minus storage)
Flashed magisk
Reboot system
This got me into the new ROM with data intact. However, when rebooting to recovery (still slot A), it would ask for a pattern but yet wouldn't accept the pattern to decrypt. Rebooting back into Pixel Experience the data was decrypted. So, even the data would decrypt when booted into system, I could no longer get to the data from within TWRP. I then changed the lock pattern from within Pixel Experience and reboot to TWRP, it still couldn't decrypt the data. Rebooting back to system succeeded in that it actually boot, but I could no longer unlock the phone (stuck on "phone is starting"). My presumption at this point was that Pixel Experience could no longer decrypt the data.
I then:
Reboot to TWRP (slot A still)
Flashed OOS
Flashed TWRP
Set active slot to B
Reboot to recovery (aka TWRP)
wiped data (minus storage)
reboot to system
At this point OOS failed to boot and I was returned to TWRP. Data was still not able to be decrypted. I then did a factory reset plus wiped storage (aka data, dalvik, and internal storage) and tried to boot to system... still failed and sent me back to TWRP. This time, although data was empty, it was decrypted. I tried to reboot system again. It failed again and sent me back to TWRP.
So, at this point , I've wiped data and internal storage but I cannot get stock OOS to boot. So, I reboot to bootloader and executed:
Code:
fastboot -w
My understanding is that this should do the same this as performing a factory reset from within TWRP. However, rebooting to system succeeded this time.
So, the new questions are:
1. How is it that I can decrypt data when booted into Pixel Experience on slot A, but I cannot decrypt the data via TWRP?
2. If I removed the lock screen pattern from OOS before flashing PixelExperience, would I have been able to decrypt the data in both the ROM and within TWRP?
3. Why is factory resetting via fastboot effective when doing so in TWRP is not?
notorious.dds said:
What I've got so far...
Coming from OOS 9.0.14 running on slot B with a lock screen pattern enabled, I boot into TWRP on slot B.
I then flashed The Pixel Experiance ROM via it's .zip file. (The flash is then applied to slot A because it goes to the inactive slot).
Flashed the TWRP install .zip
Changed active slot to A
Reboot to recovery (aka TWRP) ... now in slot A.
wiped data (minus storage)
Flashed magisk
Reboot system
This got me into the new ROM with data intact. However, when rebooting to recovery (still slot A), it would ask for a pattern but yet wouldn't accept the pattern to decrypt. Rebooting back into Pixel Experience the data was decrypted. So, even the data would decrypt when booted into system, I could no longer get to the data from within TWRP. I then changed the lock pattern from within Pixel Experience and reboot to TWRP, it still couldn't decrypt the data. Rebooting back to system succeeded in that it actually boot, but I could no longer unlock the phone (stuck on "phone is starting"). My presumption at this point was that Pixel Experience could no longer decrypt the data.
I then:
Reboot to TWRP (slot A still)
Flashed OOS
Flashed TWRP
Set active slot to B
Reboot to recovery (aka TWRP)
wiped data (minus storage)
reboot to system
At this point OOS failed to boot and I was returned to TWRP. Data was still not able to be decrypted. I then did a factory reset plus wiped storage (aka data, dalvik, and internal storage) and tried to boot to system... still failed and sent me back to TWRP. This time, although data was empty, it was decrypted. I tried to reboot system again. It failed again and sent me back to TWRP.
So, at this point , I've wiped data and internal storage but I cannot get stock OOS to boot. So, I reboot to bootloader and executed:
My understanding is that this should do the same this as performing a factory reset from within TWRP. However, rebooting to system succeeded this time.
So, the new questions are:
1. How is it that I can decrypt data when booted into Pixel Experience on slot A, but I cannot decrypt the data via TWRP?
2. If I removed the lock screen pattern from OOS before flashing PixelExperience, would I have been able to decrypt the data in both the ROM and within TWRP?
3. Why is factory resetting via fastboot effective when doing so in TWRP is not?
Click to expand...
Click to collapse
Well starting from the way you flashed the ROM, the rule of thumb is that you NEVER manually change slots. Now since you are on stock follow the instructions I posted earlier to flash PE or any other ROM for that matter. I think when you manually set the slot it somehow messed up Decryption. Next, after flashing OOS from TWRP when you are on a Custom ROM, you must always Format Data. The command you ran via Fastboot (fastboot -w) does just that.
So I just flashed Bootleggers from Stock OpenBeta 11. These are the steps I followed. I was successfully able to flash and was able to keep my Data intact. These are the steps I followed.
Starting from OpenBeta 11 I flashed ROM (Bootleggers) and then TWRP Installer. Then go to Reboot and Select Recovery. Once in Recovery, again flash ROM and TWRP Installer. Once done, reboot to Recovery. Flash Gapps and then go to Wipe and do a Swipe to Fa Tory Reset. This will Delete all your Data except Internal Storage. This is a necessary step when flashing a ROM. Once done, reboot to System. After this I was able to boot up Successfully with my Internal Storage as it was before flashing. After that I restored my backup. Everything is working and I can enter and Decrypt TWRP without error.
This thread should be pined as a guide because instalation notes in ROM threads are so basic.
A couple of things come to mind reading this thread in reference to encryption
1) if security patches dont match on A/B, it seems to trigger a lockout with encryption. i may be wrong.
2) if internal storage isnt wiped, i.e.-if you use the "factory reset' option in twrp, your data is still there and that in itself post-flash can trigger encryption error as the data is still there.
I think about it like this, despite it being A/B partitions, the data is like a middle layer that isnt individualized to one partition or the other. so a trigger/failure for secure boot encrypts it all.
kitcostantino said:
A couple of things come to mind reading this thread in reference to encryption
1) if security patches dont match on A/B, it seems to trigger a lockout with encryption. i may be wrong.
2) if internal storage isnt wiped, i.e.-if you use the "factory reset' option in twrp, your data is still there and that in itself post-flash can trigger encryption error as the data is still there.
I think about it like this, despite it being A/B partitions, the data is like a middle layer that isnt individualized to one partition or the other. so a trigger/failure for secure boot encrypts it all.
Click to expand...
Click to collapse
I'm pretty sure, that if you flash anything with a security patch earlier than the one you're currently using your data will get encrypted.
Which is why it happens with going back to OOS from custom, because they're always late with security patches compared to custom roms.
The hardest thing for.me coming from an A only device (Axon 7) has been learning order of operations. as long as one flashes rom followed by twrp and then a reboot into recovery, followed by installing magisk, things usually go okay. Going from aosp to aosp went okay, but like you said moving from OOS to AOSP or vice versa always yielded encryption lock. maybe we could make a merged security patch or something of the sort to bridge the gap. im no dev, so im sure someone who knows more than i can tell us why that wouldnt work. it would be really cool for One Plus to gain a better foothold in custom OS before the majority of crack flashers and devs swear off. Dont get me wrong, OOS is amazing and i feel with the inherent features, is superior to any other stock rom, but android is all about choice.
i really and truly wish someone would make a version of TWRP that had a dual boot set up vs A/B. I have had devices (looking at you, Droid Bionic) that never had proper root/bl unlock and had amazing rom communities bc of safestrap/dual boot/etc. i am more than willing to give up internal storage space to duplicate/clone /data and anything else that is on both systems. i also wish recovery had its own partition again, but that one is beyond our control at this point as it resides in boot now.
Maybe its conceivable. Who knows.
I have no issues. I don't lose anything when I flash ROMs. I boot to twrp, factory reset(not wipe storage), flash ROM, flash twrp installer....boot ROM, reboot twrp, flash gapps, custom kernel. Then I factory reset again (not wipe storage) and then install magisk..done....no issues. It will fail boot once and then boot fine because of this process but only after you do this. So if you reboot later you are fine...I keep all my stuff
First off, I want to thank all of you who contributed to this thread. I'm defintely gaining a better understanding of some of the pitfalls associated with A/B devices and encryption. Thanks!
Mannan Qamar said:
Well starting from the way you flashed the ROM, the rule of thumb is that you NEVER manually change slots. Now since you are on stock follow the instructions I posted earlier to flash PE or any other ROM for that matter. I think when you manually set the slot it somehow messed up Decryption.
Click to expand...
Click to collapse
So, my understand is that flashing a new ROM from within TWRP flashes it to the inactive slot. Therefore, my assumptions as to the reasoning behind rebooting from TWRP back into TWRP before wiping data were that:
Any modifiations made to the boot partition intended to affect the new ROM need to be made to the boot partition that shares the same slot as that of the new ROM, and
Wiping data while booted into image of TWRP which shares the same slot as the new ROM has some magical effect on preserving the ability to decrypt data vs wiping data while booted into the image of TWRP that resides in the slot of the ROM to be replaced.
It is these assumptions (combined with my execution of the basic recipe failing to prevent encryption lock-out) which led me to manually changing slots. I will say this... after flashing PE and TWRP.zip from within TWRP on slot B, simply rebooting to recovery brought me right back to TWRP on slot B. If PE is now on slot A, how does installing magisk, etc. do me any good while in slot B? Also, are my assumptions misguided as to the "why" rebooting to TWRP before installing magisk, wiping data, etc is necessary?
Mannan Qamar said:
Next, after flashing OOS from TWRP when you are on a Custom ROM, you must always Format Data. The command you ran via Fastboot (fastboot -w) does just that.
Click to expand...
Click to collapse
Lightbulb status: on
Thanks!
kitcostantino said:
If security patches dont match on A/B, it seems to trigger a lockout with encryption. i may be wrong.
Click to expand...
Click to collapse
Is this why in Mannan Qamar's earlier post he appears to be flashing the new ROM to BOTH slots before trying to boot into system?
ebproject said:
I'm pretty sure, that if you flash anything with a security patch earlier than the one you're currently using your data will get encrypted.
Which is why it happens with going back to OOS from custom, because they're always late with security patches compared to custom roms.
Click to expand...
Click to collapse
I'm assuming that flashing OOS to BOTH slots as is mentioned earlier with regards to flashing a custom ROM won't help when going back to OOS given the old vs new issue. Has anyone verified that yet?
It's my understanding that the sure security patch is applied to the system partition, correct? Is part of that patch included in boot, or no?
jamescable said:
I have no issues. I don't lose anything when I flash ROMs. I boot to twrp, factory reset(not wipe storage), flash ROM, flash twrp installer....boot ROM, reboot twrp, flash gapps, custom kernel. Then I factory reset again (not wipe storage) and then install magisk..done....no issues. It will fail boot once and then boot fine because of this process but only after you do this. So if you reboot later you are fine...I keep all my stuff
Click to expand...
Click to collapse
I notice that the FIRST thing you do is "factory reset". That's definitely not standard with the install threads I've read. Hmmmmm, interesting.
Also, why do you boot the ROM before flashing gapps, and kernel? It seems unnecessary since you're just factory resetting again. I'm sure I'm missing something on this one.
notorious.dds said:
I notice that the FIRST thing you do is "factory reset". That's definitely not standard with the install threads I've read. Hmmmmm, interesting.
Also, why do you boot the ROM before flashing gapps, and kernel? It seems unnecessary since you're just factory resetting again. I'm sure I'm missing something on this one.
Click to expand...
Click to collapse
Booting to ROM solved the encryption issues
idkwhothatis123 said:
Yes. For the love of god. Someone please clear up how we can flash on the go. I don't always have access to a computer with Adb/fastboot.
Every time I try to switch roms, upon rebooting to TWRP, my folders encrypt. Then I have to format data and voila, no fricking ROM to flash and I'm stuck
Click to expand...
Click to collapse
If you stuck on encrypted storage ever, reboot to system and after you see the setup screen, reboot to recovery again. Voila, your storage is decrypted now.
It happened to me all the time when I flash OOS and this way I am able to decrypt my internal storage.

Decrypting "Internal Storage" aka "/data/media/0" aka "/sdcard"

Hi
I was trying to flash xiaomi.eu (xiaomi.eu_multi_HMK20MI9T_V12.5.2.0.RFJCNXM_v12-11) custom rom to my Mi 9T device via TWRP recovery
I booted into recovery then I noticed TWRP isn't asking for a password for decryption
So dumb me ignored it and "Advance Wiped" all partitions except "Internal Memory" and flashed the rom from "USB OTG"
then problems started to appear
first the rom didn't boot and was stuck in a boot loop
so I wiped and reflashed the original "miui_DAVINCIGlobal_V12.1.4.0.RFJMIXM_e0ac13ed89_11.0" rom via TWRP from "USB OTG" to be able to back up my files and do a proper format/decrypt
but the internal storage is now still encrypted and cannot be accessed
I tried twrp decrypt command with all combinations of passwords pins pattern numbers that I used since first bought the phone but none of them worked
I know I should have backed up my files
Now I want to know how can decrypt /data/media/0 aka /sdcard aka Internal Memory and get my files
like mounting it in windows through some adb and other software and decrypting with known key combinations and passwords
or through twrp or whatever that maybe work
I really can't afford to lose my data AGAIN
yes, that wasn't my first time!!!!!
I promise if this gets right I devote the rest my life to the open-source community
excuse me for my bad English.
When flashing a custom ROM, or going back from, you HAVE to Format (not just Wipe) Data
(And you don't need to wipe System because new ROM will overwrite it anyway, and you better never wipe Persist and so)
Obviously, you must backup your photos, data, etc, before switching the ROM
Data on Internal memory is encrypted, and not by your unlock pin (unlock pin just serves to verify and read the key).
New ROM reinitializes the encryption key
Hence, AFAIK, you cannot decrypt anymore because you don't know the encryption key that was used for data on your Internal memory
Seems you have similar problem as I have
zgfg said:
When flashing a custom ROM, or going back from, you HAVE to Format (not just Wipe) Data
(And you don't need to wipe System because new ROM will overwrite it anyway, and you better never wipe Persist and so)
Obviously, you must backup your photos, data, etc, before switching the ROM
Data on Internal memory is encrypted, and not by your unlock pin (unlock pin just serves to verify and read the key).
New ROM reinitializes the encryption key
Hence, AFAIK, you cannot decrypt anymore because you don't know the encryption key that was used for data on your Internal memory
Click to expand...
Click to collapse
ok
a question
why the twrp was not asking for decryption in first place?
ehsan1326 said:
ok
a question
why the twrp was not asking for decryption in first place?
Click to expand...
Click to collapse
No idea - ask devs of your custom ROM how they implement encryption and what is the proper way to install the ROM

Categories

Resources