Now, you can encrypt your device once only and still have the ability to backup/restore, upgrade or change to a different rom without losing encryption or re-encrypting your device. You can also get rid of screen lock pin/password, which is required by Google to have encryption.
As many of us may know, TWRP unlike CWM can deal with encrypted Data partition and internal storage. As such, if you encrypt your custom CM/AOSP based rom and subsequently enter recovery (TWRP only), you are asked for your password and then TWRP decrypts and mounts your encrypted Data, which allows you to upgrade the rom, install a different custom rom or backup your current rom while preserving encryption. What is interesting is that when you install a new rom (or reinstall the old one), you can get rid of screen lock password completely. In other words, your password is used only for encrypting/decrypting.
Now, a word of caution about short passwords. A 4-5 character pin/password defeats the purpose of encryption, since it takes about 4 minutes to break it. There are ways, however, to have separate passwords for encryption and screen lock or, as shown in this guide, get rid of screen lock password completely. Here is what you can do:
1. Have TWRP recovery (CWM does not work)
2. Encrypt your current data and internal storage (go to Security menu and choose encrypt; you will be forced to set encryption password, which will also be your screen lock password).
3. When you are done, turn the phone off and on to check that decryption/encryption works.
4. Next, install encryption password changer from fdroid:
https://f-droid.org/repository/browse/?fdfilter=encrypt&fdid=com.kibab.android.EncPassChanger or this one:
https://f-droid.org/repository/browse/?fdfilter=encrypt&fdid=org.nick.cryptfs.passwdmanager
5. Change your password to a strong and long one. Make a note of it, as if you forget it, you will have to reset your device in flashtool, meaning flashing stock et al, which is pain. You will only need your long password when you are turning your device on. You won't have to enter that or another password, when the device is running.
6. Next, you want to reinstall your current rom or install a new one. For that do:
7. Enter TWRP recovery, enter your password and your system/data/cards will be mounted. Reinstall your rom (install, not restore) or install a new one. Remember, the only thing you need in your new rom is TWRP recovery. Once you are done, reboot the device. You will have your new rom encrypted with no screen password. From that point and on, you can backup your rom (and do other things) that TWRP recovery allows.
Thanks for your guide.
I really tried to follow it to the end, but TWRP will not mount my internal storage. Neither with the original password nor after I changed it to a more complex one.
Unfortunately, I always end up with the "Password Failed, Please Try Again" error message.
Is there any way to make TWRP work with my encrypted internal storage?
I somehow got my filesystem encrypted when I flashed TWRP and rooted. When I try to boot into TWRP, I have to enter a password to be able to see anything or do any modifications. What happened?
I didnt have this problem on my Axon but googled.
http://forum.xda-developers.com/google-nexus-5/help/twrp-password-t2511049
I have no idea if this will help you or not but it will wipe data so your phone will be factory reset. Do at your own risk.
Twerkules said:
I somehow got my filesystem encrypted when I flashed TWRP and rooted. When I try to boot into TWRP, I have to enter a password to be able to see anything or do any modifications. What happened?
Click to expand...
Click to collapse
bhint15 said:
I didnt have this problem on my Axon but googled.
http://forum.xda-developers.com/google-nexus-5/help/twrp-password-t2511049
I have no idea if this will help you or not but it will wipe data so your phone will be factory reset. Do at your own risk.
Click to expand...
Click to collapse
This is from the Thread @bhint15 posted ,
Hit cancel at the password screen, then go into Wipe and then do a factory reset by swiping. Then go back into Wipe and press the 'Format data' button. You have to type 'Yes', and it will take a few seconds. After that everything should work normally.
Click to expand...
Click to collapse
and the reason why ask for password is cuz Axon 7 Data/Storage is Automatically encrypted out of the box, that's why you don't or not going to find any sort of encryption data setting under Settings and That's the reason a lot of users here have issues trying to get back to stock or something similar.....
This may give you some insight.
https://youtu.be/y0fHGJY-vFE
For me it's the Axon 7. I like the bigger res screen, the upcoming daydream compatibility and superior audio and non-Apple like OS.
The Honor 8 dies seem to have a better camera, but I can live with that. Plus I have an LG G5 for when I want photos.
You just have to decide witch Frasier is more important to you.
RojasTKD said:
This may give you some insight.
https://youtu.be/y0fHGJY-vFE
For me it's the Axon 7. I like the bigger res screen, the upcoming daydream compatibility and superior audio and non-Apple like OS.
The Honor 8 dies seem to have a better camera, but I can live with that. Plus I have an LG G5 for when I want photos.
You just have to decide witch Frasier is more important to you.
Click to expand...
Click to collapse
Wrong Thread mate LoL,
DrakenFX said:
Wrong Thread mate LoL,
Click to expand...
Click to collapse
What the neck how did u end up here....
Disregard ?
DrakenFX said:
This is from the Thread @bhint15 posted ,
and the reason why ask for password is cuz Axon 7 Data/Storage is Automatically encrypted out of the box, that's why you don't or not going to find any sort of encryption data setting under Settings and That's the reason a lot of users here have issues trying to get back to stock or something similar.....
Click to expand...
Click to collapse
Alright, I managed to be able to write to /system temporarily by formatting the Data partition in TWRP, then rebooting back into TWRP. However, after rebooting into OS and setting up my phone, I rebooted into TWRP and was faced with the encryption password prompt again! Does the filesystem just re-encrypt itself when you start the OS, or am I doing something wrong?
Twerkules said:
Alright, I managed to be able to write to /system temporarily by formatting the Data partition in TWRP, then rebooting back into TWRP. However, after rebooting into OS and setting up my phone, I rebooted into TWRP and was faced with the encryption password prompt again! Does the filesystem just re-encrypt itself when you start the OS, or am I doing something wrong?
Click to expand...
Click to collapse
I gave up for now. I tried for 4 days to fix this. In the end I have 30 days to return the phone. Hopefully someone will figure out a work around for this issue. I really like using twrp. I have not read a comment on here of anyone being able to boot into system then back into twrp with out having to enter a password to decrypt. I hope someone out there can do it and they figure out a way to fix it for the rest of us..
HonestOtter said:
I gave up for now. I tried for 4 days to fix this. In the end I have 30 days to return the phone. Hopefully someone will figure out a work around for this issue. I really like using twrp. I have not read a comment on here of anyone being able to boot into system then back into twrp with out having to enter a password to decrypt. I hope someone out there can do it and they figure out a way to fix it for the rest of us..
Click to expand...
Click to collapse
When does twrp prompt for password? I just booted into TWRP and it didn't prompt me. Then I simply booted back into the rom. Never prompted for a password.
runderekrun said:
When does twrp prompt for password? I just booted into TWRP and it didn't prompt me. Then I simply booted back into the rom. Never prompted for a password.
Click to expand...
Click to collapse
As soon as I get into TWRP it asks me for the password. I can continue into TWRP but I can't mount or modify the /system partition (it reads as 0b in TWRP File Browser). No idea how to fix, but I'm glad it's not just me having this issue.
As of right now, it looks like we are going to have to wait for custom ROMs for a fix, unless TWRP gets an update just for this. I saw a thread here asking users for info for final tweaks on a CM13 port to the Axon 7.
Twerkules said:
As soon as I get into TWRP it asks me for the password. I can continue into TWRP but I can't mount or modify the /system partition (it reads as 0b in TWRP File Browser). No idea how to fix, but I'm glad it's not just me having this issue.
As of right now, it looks like we are going to have to wait for custom ROMs for a fix, unless TWRP gets an update just for this. I saw a thread here asking users for info for final tweaks on a CM13 port to the Axon 7.
Click to expand...
Click to collapse
Which bootloader unlock did you do? I wonder, why would this not happen to me but happen to you? I am willing to test anything that needs to be tested.
You cannot fix that. Like DrakenFX said, the partition encrypts itself in the OS. You cannot disable/bypass this!
XblackdemonX said:
You cannot fix that. Like DrakenFX said, the partition encrypts itself in the OS. You cannot disable/bypass this!
Click to expand...
Click to collapse
Auto-encrypted can be disabled but that's way, way out of my league, need to rebuild boot. Img with that feature disabled.
There are two different scenarios that will be in play here. Is the bootloader unlocked or not. If the bootloader is unlocked then boot.img can be patched with the zip from idlekernle that disables the dm-verity and fstab. You cannot do this if your BL is locked, because it will modify the signed boot.img that that provides root, and will not boot anymore.
After it's patched, the system will not encrypt after /data wipe and TWRP will access it without problem. The downside is no encryption.
For the BL locked crowed, the /data has to be reformatted after flashing new rooted boot.img. This image also enforces encryption so one way to solve this would be for @tenfar to provide us with signed boot.img that set encryption of as well as. Otherwise the TWRP will need a password to decrypt /data if it can't use the default_password. In this case you should be able to enter the same pin you have setup for lock screen to decrypt the main encryption key.
The system re-encrypts itself on every system start after factory reset or /data format because of the forceencrypt flag in fstab, so the pin will be needed as long as that's the case. While TWRP should be able to try to decrypt with "default_password" in case you have not setup any on lockscreen, this sometimes fails, so having a pin on lockscreen usually helps. The cause is most likely that /cryptkey is altered somehow and TWRP can't use it. Wiping /data and rebooting should generate an fresh /cryptkey. I have been able to just flash modded recovery while still on stock boot and backup the /data with no key.
/system should not be encrypted ever since it would make block level OTA impossible to do. Why TWRP is not mounting it or seeing it 0b is a separate question.
Twerkules said:
As soon as I get into TWRP it asks me for the password. I can continue into TWRP but I can't mount or modify the /system partition (it reads as 0b in TWRP File Browser). No idea how to fix, but I'm glad it's not just me having this issue.
As of right now, it looks like we are going to have to wait for custom ROMs for a fix, unless TWRP gets an update just for this. I saw a thread here asking users for info for final tweaks on a CM13 port to the Axon 7.
Click to expand...
Click to collapse
That would be dreamy. I have no issues waiting, fingers crossed.
---------- Post added at 09:53 PM ---------- Previous post was at 09:49 PM ----------
peramikic said:
There are two different scenarios that will be in play here. Is the bootloader unlocked or not. If the bootloader is unlocked then boot.img can be patched with the zip from idlekernle that disables the dm-verity and fstab. You cannot do this if your BL is locked, because it will modify the signed boot.img that that provides root, and will not boot anymore.
After it's patched, the system will not encrypt after /data wipe and TWRP will access it without problem. The downside is no encryption.
For the BL locked crowed, the /data has to be reformatted after flashing new rooted boot.img. This image also enforces encryption so one way to solve this would be for @tenfar to provide us with signed boot.img that set encryption of as well as. Otherwise the TWRP will need a password to decrypt /data if it can't use the default_password. In this case you should be able to enter the same pin you have setup for lock screen to decrypt the main encryption key.
The system re-encrypts itself on every system start after factory reset or /data format because of the forceencrypt flag in fstab, so the pin will be needed as long as that's the case. While TWRP should be able to try to decrypt with "default_password" in case you have not setup any on lockscreen, this sometimes fails, so having a pin on lockscreen usually helps. The cause is most likely that /cryptkey is altered somehow and TWRP can't use it. Wiping /data and rebooting should generate an fresh /cryptkey. I have been able to just flash modded recovery while still on stock boot and backup the /data with no key.
/system should not be encrypted ever since it would make block level OTA impossible to do. Why TWRP is not mounting it or seeing it 0b is a separate question.
Click to expand...
Click to collapse
Well i have formatted my data maybe 30 times with all sorts of different recoveries and boot images. My original boot image is long gone so hopefully that isn't the key. I also don't use a lock screen, I guess I could if it unlocks the data, but I certainly wouldn't want to keep using a lock screen. Anyways I am done with the phone for now, will revisit it when someone fixes posts they had the decrypt PW issue and fixed it.
HonestOtter said:
That would be dreamy. I have no issues waiting, fingers crossed.
---------- Post added at 09:53 PM ---------- Previous post was at 09:49 PM ----------
Well i have formatted my data maybe 30 times with all sorts of different recoveries and boot images. My original boot image is long gone so hopefully that isn't the key. I also don't use a lock screen, I guess I could if it unlocks the data, but I certainly wouldn't want to keep using a lock screen. Anyways I am done with the phone for now, will revisit it when someone fixes posts they had the decrypt PW issue and fixed it.
Click to expand...
Click to collapse
See if you can set the pin, go into TWRP and us it. If it works, go back to OS and remove lockscreen, set to none and then go back to TWRP and see if it still asks for one. Did you run TWRP in read only mode or did you swipe to mount as RW?
peramikic said:
See if you can set the pin, go into TWRP and us it. If it works, go back to OS and remove lockscreen, set to none and then go back to TWRP and see if it still asks for one. Did you run TWRP in read only mode or did you swipe to mount as RW?
Click to expand...
Click to collapse
I assume you mean the lock screen pin? I set a lock screen pin of 1234, but "password failed, please try again". So that didn't work. Is there a different pin for the encryption?
***update
That sucked. I don't use a lock screen but after I tried the pin it won't let be go back to none for the lock screen. I was just starting to use this phone to, now its back to the old phone because I can't use a phone with a lock screen . So sad. Hopefully someone figures out a solution to all this security crap.
I'm having the same issue on B27. Do a factory Reset, then a Format, and after it boots to the OS, the data is encrypted again. I'd be somewhat ok with it but I'm not clear on how to install things like Xposed if the drive is encrypted? I assumed ADB SIDELOAD... but not through encryption.
If the answer is "I don't know" -- then can someone help me restore to stock B27. I have a locked bootloader.
zigzampow said:
I'm having the same issue on B27. Do a factory Reset, then a Format, and after it boots to the OS, the data is encrypted again. I'd be somewhat ok with it but I'm not clear on how to install things like Xposed if the drive is encrypted? I assumed ADB SIDELOAD... but not through encryption.
If the answer is "I don't know" -- then can someone help me restore to stock B27. I have a locked bootloader.
Click to expand...
Click to collapse
Xposed should install just fine if you're getting the message in TWRP. Id you're getting the encryption message after the phone is booted and can't access the phone, then you need to format data, then install Xposed so you can use the phone.
Some zips like SuperSU zip will not be able to be installed when the partition is encrypted. Xposed zip should install just fine
mmamedov said:
Xposed should install just fine if you're getting the message in TWRP. Id you're getting the encryption message after the phone is booted and can't access the phone, then you need to format data, then install Xposed so you can use the phone.
Some zips like SuperSU zip will not be able to be installed when the partition is encrypted. Xposed zip should install just fine
Click to expand...
Click to collapse
But if TWRP cannot access the encrypted data, how can one select and flash the TWRP flashable zip that accompanies the Xposed APK? Is the only solution to sideload? I see the option in TWRP but I am not familiar with how to do it.
I have a US996 with an unlocked bootloader. I installed TWRP (although I still can't get it to decrypt data). I installed the latest SuperSU - and there were no errors (although without the ability to decrypt, TWRP couldn't wipe Dalvik/cache).
But after rebooting, Root Checker still says I'm not rooted.
What am I doing wrong?
Figured it out. Unless I disable the default encryption to formatting Data, installing SuperSU fails. Once I format Data, the install works properly.
Haphim said:
Figured it out. Unless I disable the default encryption to formatting Data, installing SuperSU fails. Once I format Data, the install works properly.
Click to expand...
Click to collapse
How did you disable default encryption? I flashed twrp but in recovery it always says it had to decrypt in order to mount. I don't know the password twrp is asking for. Thanks
I followed the instructions and flashed TWRP. However it asks for a decrypt password when TWRP loads. How do I get past this? I formatted data twice and I am unable to flash SuperUser since I can't see any mount points. Its read only. Thank you to anyone that can help.
SOLVED:
Here is what I did wrong. After I ran all the dirtycow commands and got permissive root access I rebooted into TWRP. TWRP showed that the sdcard was encrypted. What I kept doing at this step was formatting the sd card which is correct, however I kept rebooting back into system. That was my mistake. I needed to immediately reboot back INTO TWRP RECOVERY instead. Once I rebooted directly back into TWRP recovery after the format I was able to view file system information move su.zip to sd card and install SuperUser.zip from TWRP.
When rooting my H990ds the guide said when TWRP asks for a password just press cancel. It should be the same for you too.
inurb said:
How did you disable default encryption? I flashed twrp but in recovery it always says it had to decrypt in order to mount. I don't know the password twrp is asking for. Thanks
Click to expand...
Click to collapse
Sorry, the text you quoted from me should have read that disabled default encryption *by* formatting Data. Formatting Data is what takes care of it.
i encrypted my phone after i root it. It's running Lineageos. Encryption works, but if i boot in recovery i can enter folders but don't see any data. I can not mount data folder or add/install anything. Looks logic because it's encrypted, but i read somewhere that twrp will ask for a password when system is encrypted. I don't get this message.
Any suggestion how i need to do it correct? that i can enter twrp with pass
whitetornado said:
i encrypted my phone after i root it. It's running Lineageos. Encryption works, but if i boot in recovery i can enter folders but don't see any data. I can not mount data folder or add/install anything. Looks logic because it's encrypted, but i read somewhere that twrp will ask for a password when system is encrypted. I don't get this message.
Any suggestion how i need to do it correct? that i can enter twrp with pass
Click to expand...
Click to collapse
AFAIK you need a recovery that supports encryption.
strongst said:
AFAIK you need a recovery that supports encryption.
Click to expand...
Click to collapse
i have twrp 3.2.1-0, question, how to start the ask password in terminal or recovery mode, if it is possible?
The only recovery i know which does support encryption is the 32 Bit shreps recovery. Do keep in mind that if you encrypt your device and use that recovery you won't be able to flash 64 bit roms since no 64 bit recovery supports encryption
I have a One Plus 6t international version rooted through Magisk. I was debloating some One Plus system apps this morning and removed something I shouldn't have.... now the reboot gets stuck on the loading screen, then boots into TWRP recovery. I'm trying to restore from backup but everything is encrypted and TWRP isn't asking me for a password to decrypt.
I don't have a pin or anything set on the phone at the moment
Tried the twrp decrypt <pin> command with the default password but it just says 'Failed to decrypt data'.
Anything I'm missing here or do I just to reformat and give up on the encrypted data?
devianaviator said:
I have a One Plus 6t international version rooted through Magisk. I was debloating some One Plus system apps this morning and removed something I shouldn't have.... now the reboot gets stuck on the loading screen, then boots into TWRP recovery. I'm trying to restore from backup but everything is encrypted and TWRP isn't asking me for a password to decrypt.
I don't have a pin or anything set on the phone at the moment
Tried the twrp decrypt <pin> command with the default password but it just says 'Failed to decrypt data'.
Anything I'm missing here or do I just to reformat and give up on the encrypted data?
Click to expand...
Click to collapse
Managed to decrypt the files by installing a different version of TWRP: https://forum.xda-developers.com/on...overy-unofficial-twrp-touch-recovery-t3861482
Turns out I did not bother to do any backups...
Can copy all of the pictures and documents out though which was what I was primarily after.