Related
Hi
The first thing I did after rooting my device was encrypting it for maximum security etc..
Afterwars I wanted to change some things like flashing a update.zip eg. for Cerberus oder Avast Anti-Theft. For this, I had to decrypt my device. Otherwise CWM would not be able mounting the needed paths. But that feature is greyed out in settings and refering to the device help or google help, it's not possible decrypting a device once it's crypted.
I can't understand that..
On my Samsung S3 I'm able to en- and decrypt the device at anytime. Why not on my Nexus 7? I think, when Google releases a new firmware update there is also decryption needed. Otherwise I had to reset it to factory settings until I could update it with new firmware, in my understanding.
Any hints and tricks available?
Thanks in advance!
*push*
I'm not sure if this is what you need, but TWRP 2.2.2.0 supports Nexus 7 encryption. Only way to "decrypt" is Factory Reset from the device, or ADB, Tool Kit, etc...
RF
Hi,
I bought the Samsung Galaxy S5 and the fingerprint reader works reasonably well (as in it works, nothing in comparison to apple though, so don't buy it for the fingerprint reader ) for unlocking the screen...
However its a work requirement that my phone has full device encryption, as phones are regularly stolen where I travel.... it seems when I enable encryption I lose the ability to use the fingerprint reader to unlock the phone .... I bought this hoping that I could avoid having to type in my complex password just to unlock the screen, as I got so tired of doing that with my S2
Is there any mods to enable finger print reader screen unlock + full device encryption at boot time for the Galaxy S5 yet? ... I saw some references to pattern unlock / pin with device encryption... but I would think the fingerprint reader is different...
Thanks!
S5 Full disk encryption with fingerprint unlock
I also have this question. I believe on the Nexus 5 it at leasts lets you use face unlock with full device encryption. And I read on one article that you should be able to do this but i do not think the author actually tried this. I will say from my own personal experience that you can infact decrypt the device after encrypting it without doing a complete wipe of the device and you can restore the use of fingerprints to unlock your phone. It seems like for security minded people this would be a great feature but if it is unable to be used with full device encryption it seems a little pointless to me. Being forced to use a PIN or password to use encryption is a big pain point for android users who want some type of security.
Yes I can't believe that no one has really complained about this yet - but I guess encryption isn't' that important to people as I imagined
androidpleb said:
Yes I can't believe that no one has really complained about this yet - but I guess encryption isn't' that important to people as I imagined
Click to expand...
Click to collapse
I am having the same pain, as I use my S5 for BYOD.
It makes no sense when you can use fingerprint to make payments with paypal but not unlocking the phone when it is encrypted.
Hope Samsung can enable this feature in next update.
I'd like this too.. as well as, the iPhone has a cydia app (that a friend of mine showed me), that you can basically disable the power button from turning off the phone while it is fingerprint locked. That would definately be nice to have on the S5 (since it's done through an app). That would have stopped the person who stole my wife's S4 from turning it off when it was blasting the locator ring at them!
sorphin said:
I'd like this too.. as well as, the iPhone has a cydia app (that a friend of mine showed me), that you can basically disable the power button from turning off the phone while it is fingerprint locked. That would definately be nice to have on the S5 (since it's done through an app). That would have stopped the person who stole my wife's S4 from turning it off when it was blasting the locator ring at them!
Click to expand...
Click to collapse
I can't believe that the fingerprint sensor can't be used if encryption is enabled whatsoever. I could understand the iPhone model, requiring a pin before a fingerprint can be used, but by disabling fingerprint lockscreen, boot unlock, and SD unlock, the fingerprint sensor is now wholly useless for convenience.
It's too trivial to extract data from an unencrypted Android. By not supporting encryption with a measure of covenieve, I don't see the point in including a fingerprint sensor whatsoever given the current software limitations.
Please, someone, figure out what sqlite/settings need to be changed so we can make decent use of our phones fingerprint sensor.
After some experiments, i found out a procedure to enable FDE and fingerprint lockscreen. Root is required (or at least I guess, I didn't try with a non-rooted system...).
These are the steps:
1) set up fingerprint lockscreen
2) with a root explorer, go to /data/system folder, and backup locksettings.db, locksettings.db-shm and locksettings.db-wal to sd card
3) set up password lockscreen
4) encrypt the device
5) when encryption is done, restore the backed-up files to /data/system: you should have fingerprint lockscreen again (no reboot needed, just turn the screen off, and magically the password should be vanished )
CAVEAT 1: with my system configuration, I wasn't able to encrypt the device directly: the encryption procedure started, but after reboot nothing happened, the device just booted normally. I don't know the exact reason, in some forums they suppose that it happens on kitkat when the device is rooted. I was able to bypass the problem only adding these steps to the procedure:
...
3b) with TWRP, backup the /system partition, and restore the stock non-rooted /system
4) encrypt the device
4b) restore the original rooted /system partition
...
I don't know if steps 3b) and 4b) are always necessary, let me know...
If you need these steps, don't worry if before restoring your custom /system partition the encryption password isn't recognized, just restore the partition and all will work fine
CAVEAT 2: once encrypted, I didn't find a way to unencrypt the device, because the unencrypt ion procedure starts, but after reboot the device is still encrypted, similar to what described in caveat 1. I tried to replace the /system partition with the stock one, but the encryption password was no longer recognized.
CAVEAT 3: the current TWRP (2.7.1) isn't able to mount S5 encrypted data partition, and restoring an image made with online nandroid backup doesn't seem to work either. So, if you want to make an image of your phone (and I suggest to do it ), do it before encryption
Boot Loop
fabiokino said:
After some experiments, i found out a procedure to enable FDE and fingerprint lockscreen. Root is required (or at least I guess, I didn't try with a non-rooted system...).
These are the steps:
1) set up fingerprint lockscreen
2) with a root explorer, go to /data/system folder, and backup locksettings.db, locksettings.db-shm and locksettings.db-wal to sd card
3) set up password lockscreen
4) encrypt the device
5) when encryption is done, restore the backed-up files to /data/system: you should have fingerprint lockscreen again (no reboot needed, just turn the screen off, and magically the password should be vanished )
CAVEAT 1: with my system configuration, I wasn't able to encrypt the device directly: the encryption procedure started, but after reboot nothing happened, the device just booted normally. I don't know the exact reason, in some forums they suppose that it happens on kitkat when the device is rooted. I was able to bypass the problem only adding these steps to the procedure:
...
3b) with TWRP, backup the /system partition, and restore the stock non-rooted /system
4) encrypt the device
4b) restore the original rooted /system partition
...
I don't know if steps 3b) and 4b) are always necessary, let me know...
If you need these steps, don't worry if before restoring your custom /system partition the encryption password isn't recognized, just restore the partition and all will work fine
CAVEAT 2: once encrypted, I didn't find a way to unencrypt the device, because the unencrypt ion procedure starts, but after reboot the device is still encrypted, similar to what described in caveat 1. I tried to replace the /system partition with the stock one, but the encryption password was no longer recognized.
CAVEAT 3: the current TWRP (2.7.1) isn't able to mount S5 encrypted data partition, and restoring an image made with online nandroid backup doesn't seem to work either. So, if you want to make an image of your phone (and I suggest to do it ), do it before encryption
Click to expand...
Click to collapse
I get samsung boot loop using the above instructions
Pierreseoul said:
I get samsung boot loop using the above instructions
Click to expand...
Click to collapse
Hi guys! Did someone try this solution? I unfortunately have the same issue and unlock my device each time make me crazy!
Thanks in advance.
Same problem
I purchased a Galaxy S5 and I have the same problem, unfortunately I cannot root my phone due to security policies in my company. :crying:
I hope Samsung will solve the issue. :fingers-crossed:
Have anyone contacted to Samsung Support Center?
Pierreseoul said:
I get samsung boot loop using the above instructions
Click to expand...
Click to collapse
What is the consequence of boot loop if you are using stock boot loader? Odin mode required to recover? Something less drastic? What device model are you using?
I found a possible solution that involves deactivating SuperSU and running encryption from there. Still investigating. I am thinking that the solution from @fabiokino will work in this case too.
I'm curious about this aswell.
Doesn't anyone know a working solution?...
It is really frustrating the very least. I can't believe there isn't a way (or if there is, a guide) to do this (with or without root access).
I have also heard it is doable on the Note 4. See this post for example http://forum.xda-developers.com/showpost.php?p=57103664&postcount=7.
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
How?
healpowah said:
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
Click to expand...
Click to collapse
Can you explain how please? I'm on stock lollipop as well and cannot use fingerprint scanner with FDE. Wondering if there's a process to it?
Thanks!
healpowah said:
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
Click to expand...
Click to collapse
Nice to see this, hope it will work on my Galaxy tab S too
Did you see this?
https://www.jethrocarr.com/2013/12/29/encrypting-disk-on-android-4/
GermanDoerksen said:
Can you explain how please? I'm on stock lollipop as well and cannot use fingerprint scanner with FDE. Wondering if there's a process to it?
Thanks!
Click to expand...
Click to collapse
Unluckily the trick showed in the previous link only encrytps the main device and not the micro SD
Joker87 said:
Unluckily the trick showed in the previous link only encrytps the main device and not the micro SD
Click to expand...
Click to collapse
Well for me that really wouldn't be a problem. I don't have an SD card so I'm okay with just FDE. Thing is I really really don't want to root my phone... No particular reason other than every older android device I've done it on always ends up slow and buggy after a few months use until I reflash with stock ROM. I would like my phone to stay buttery smooth for once..
GermanDoerksen said:
Well for me that really wouldn't be a problem. I don't have an SD card so I'm okay with just FDE. Thing is I really really don't want to root my phone... No particular reason other than every older android device I've done it on always ends up slow and buggy after a few months use until I reflash with stock ROM. I would like my phone to stay buttery smooth for once..
Click to expand...
Click to collapse
You could root then unroot it after you have encrypted it
Joker87 said:
You could root then unroot it after you have encrypted it
Click to expand...
Click to collapse
you're right... plus it's not really the "rooting" process that makes it slow, it's installing another ROM. Having a rooted phone doesn't necessarily have any performance impact... just opens up a few things for me. Interesting. Thanks! Unfortunately I've already encrypted so now I have to find that thread about how to decrypt lol.
Thanks!
So, I accidentally encrypted my device when I booted a kernel that had "force encryption." Ooops. When I rebooted, it immediately started encrypting. (No prompts.)
I tried to decrpyt, but it kept asking me for a password (which I never set up) and then would say that the password was correct (no matter what I typed), but something is corrupted in my data... and that I had to factory reset.
Sure. Bite me, Google!
Steps to recover:
1. Power off
2. Boot into the bootloader
3. Boot into TWRP recovery. TWRP see's all my data fine and doesn't ask for a pw.
4. Backup the phone.
5. Use adb to pull the backup off the phone.
6. Go back into fastboot and run: fastboot format userdata.
7. Boot the phone normally (with a kernel that doesn't force encryption.)
8. (the only reason to boot here is so that android creates the proper /data directory structure.)
7. Back into TWRP...
8. adb again to push the TWRP backup back to the phone
9. Restore the backup made in step 4.
10. Reboot again. Success. Done. Everything works fine and I'm not encrypted.
So much for security, Google. Pfft...
Forgive my ignorance, I am not yet a n6 owner. What, are the disadvantages of encryption?
almahix said:
Forgive my ignorance, I am not yet a n6 owner. What, are the disadvantages of encryption?
Click to expand...
Click to collapse
Read and write speeds are slower as all data is decrypted and then encrypted as it is used.
Sent from my Nexus 7
EverDawn4 said:
Read and write speeds are slower as all data is decrypted and then encrypted as it is used.
Sent from my Nexus 7
Click to expand...
Click to collapse
Also due to the extra number crunching overhead, more battery burning.
I see how that is a negative. I'm surprised there isn't an easier way to disable encryption. I expect by tbe time I get one early next year some awesome dev will resolve that.
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Sent from my Nexus 6
garyd9 said:
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Click to expand...
Click to collapse
Encryption does have some positives, such as more protection of your data. How you describe and what you didnt doesnt show it as having much positives though
You claim it is worthless, because you could use root access and unlocked fastboot to push and pull data and all that, but can you really do all that so easily and get by the encryption without any root access and a locked bootloader? What about a not yet authorized ADB and you cant get into the device because it is locked and encrypted (in this scenario we are trying to break the encryption, not just go into the ROM and hit accept). I think everything is easier when you already have things unlocked and full system access.
Seems pretty secure to me. By the time you got to where you wanted to be, all data on the device was gone.
Mission: Accomplished.
The ONLY requirement to repeat my steps is either an installed custom recovery or an unlocked boot loader.
I'd agree with your argument if google allowed a non-encrypted fs if/when a boot loader was unlocked (which would be simple as /data is formatted on unlock anyway.)
Instead, google forces the encryption unless you swap boot partitions
Who's to say that the boot loader lock can't be worked around by someone determined? We haven't tried yet for the simple reason that the effort seems futile when we can so easily do it with fastboot. However, boot loader locks HAVE been worked around to boot custom recoveries on other devices such as Samsung and LG phones.
Once your in recovery, as I explained above, all the supposedly encrypted data is accessible.
Sent from my Nexus 6
garyd9 said:
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Sent from my Nexus 6
Click to expand...
Click to collapse
It can be bypassed because you are using the default encryption key. If you set a pin or a password it changes the encryption key and you need to enter that in recovery to access the partition.
No positives... Lol
rbox said:
It can be bypassed because you are using the default encryption key. If you set a pin or a password it changes the encryption key and you need to enter that in recovery to access the partition.
Click to expand...
Click to collapse
How many "typical" users will set a pin or password? Those same users, if they are concerned about data security, would be manually enabling encryption already.
Google (and Apple) came up with this "great" idea to force encryption on by default (and, at least in Google's case, make it the ONLY choice without modifying the system boot partition.) They claim they did this to protect data. What protection is there if Google allows the "typical" user to use the "default encryption key" and it's so easy to get the data even if "encrypted?"
I think what I'm getting at here is that I was extremely disappointed that it was so easy for me to get at my "encrypted" data using back door methods. I suspect that MOST people won't set up any extra keys/pins, and will allow the default key. They'll see that the device is "encrypted" and feel some FALSE sense of security. In fact, those people are facing a performance penalty of some degree in order to have that FALSE security.
Here's how I think Google should have done things:
1. First and foremost, don't use software encryption. Require the encryption system to have some form of hardware acceleration.
2. Instead of 'forceencryption', the fs manager should default to encryption ON if the bootloader is locked, and default to OFF if the bootloader is unlocked. The result would be that unlocking the bootloader (which nukes the /data partition and causes it to be reformatted) would start with an un-encrypted userdata partition. (The user could still enable encryption.)
3. In conjunction with #2, if there's no encryption key provided by the user, then DON'T ENCRYPT. I honestly believe that a false security is WORSE than none at all, and apparently the "default" encryption key is all but useless.
On the other hand, I hope my first post in this thread helps some user (or dev) who accidentally encrypts their filesystem while playing with kernels. Up until then, it was believed that once the userdata became encrypted, there was no way to reverse it.
Keep in mind, we XDA users are not typical users so of course we could figure this out. Secondly anyone even remotely interested in security has a password on their phone. Lastly, a question, does encryption prevent people from plugging your phone into a PC and seeing your data?
SymbioticGenius said:
Keep in mind, we XDA users are not typical users so of course we could figure this out. Secondly anyone even remotely interested in security has a password on their phone. Lastly, a question, does encryption prevent people from plugging your phone into a PC and seeing your data?
Click to expand...
Click to collapse
A counter-question: Who (or what) is google trying to "protect" us from with forcing encryption on?
No, encryption doesn't seem to block normal MTP access. Basically, an "encrypted" device (with no password), once booted, appears the same as a non-encrypted device (just a bit slower on data access.) The portion of /data presented as the "internal sd card" is accessible via MTP regardless of if encryption is on or off. (other portions of /data aren't accessible via MTP.)
With adb functional, unix permissions will block quite a bit, and once you add root to the mix, the entire phone can be accessed. (selinux probably introduces more restrictions, but I'm not familiar with them.)
Again, that leads back to the question of just who google is trying to protect us from. If the phone is encrypted (with no password) by default, and can easily be decrypted if no password was provided, then what good is the encryption? Why suffer the overhead of encryption when it doesn't serve any effective purpose?
TWRP tries the default password. If you had changed it, TWRP wouldn't have worked at all.
That was not a fair assessment of the encryption used on Android.
I actually don't think it's a big deal especially since you didn't have a password. Encryption without a password is like a door without a lock.
Also I'm assuming that once a password is active that MTP will be disabled without said password?
Again.... The point is that android is forcing encryption on even without a password. I KNOW I have no password, but if having no password makes encryption useless, why FORCE it to be on?
Sent from my Nexus 6
I think it's better than the current, if you encrypt you must use a password 24/7 mode. I prefer it this way because it's currently how I use my phone. I have a pin when I feel it's necessary (work sometimes, phone charging on a table, bar hopping, etc.) or basically whenever someone might be able to access my phone without my noticing. Otherwise I have my pin off. This works almost exactly how I've been wanting it for years. As long as when my pin is active people can't plug my phone in and view my stuff.
Can I recover data from my own encrypted s5 Verizon phone (not rooted) w/password?
My s5 Verizon phone could not boot well recently so today I intended to clear system cache. I hold power + volume up+home buttons, maybe somehow it entered into download mode, so it warned me that install a custom os is risky and asked me to volume up to continue, or down to cancel(restart). I volumed down and now it rebooted, but all of sudden, my data is gone! It did not ask me for screen pin/password either as previously my phone was encrypted. (Or did I held power+volumn down to factory reset the phone? But I did not get a warning for that.
This factory reset was a surprise to me as I was not warned or told that they will wipe out the data.
Anyhow, my data is gone. Now I wanted to get it back.
Can I recover data from my own encrypted s5 Verizon phone (not rooted) w/password?
I know It's not difficult if it was not encrypted, as many third party tools can recover most of the data if the phone was not used much after reset.
I am wondering if anyone has any experience recovering data for an *encrypted* phone (with right encryption password though). Which tool can do that by prompting you the password for the encrypted data?
Here is the link regarding recovering data from factory reset: http://forum.xda-developers.com/showthread.php?t=2143188 However, I did not find a solution: what if the phone was encrypted and you do have the correct encryption password (if not I know it's almost impossible)?
Thank you in advance for your help!
J
Any thoughts, suggestions?
My phone was encrypted but not rooted. I have the encryption password. Any chance to get the data back from the phone?
I powered down my phone now and will see how to proceed after I get experts opinion on this...
My question basically is, can I recover data from an encrypted phone after factory reset if I have the encryption password? Anyone can help?
Thank you guys in advance.
Anyone?
I understand this is difficult, but I wanted to try before I give up.
I need experts here to shed some lights: is it still possible to recover the data from my encrypted phone after accidental factory reset, as I still have the screen PIN?
I know how to recover the data if the phone was not encrypted/not factory reset. I also somehow know how to decrypt the data inside the encrypted phone, but no way so far do I know if we can recover the deleted data from the encrypted phone if the files were deleted or the phone was factory reset, provided I still have the screen lock pin.
What I have done so far:
I rooted my sm-n900v
I also created a raw image in my pc using dd command
Next questions are,
where can I find the crypt footer (which partition), and how can I decrypt the deleted data after the factory reset?
Can I recover the deleted data from the encrypted phone first, but it looks like no tools can do that. All data recover tools like Recuva can only recover unencrrypted data.
Or should I first find the cryptor footer, figure out encryption key, but where should I find the deleted files first to decrypt from the encrypted phone?
I just came to realize what I was got into... This is the most difficult scenario to decrpt the deleted files from an encrypted phone. I do want to recover some very important files from the phone's internal/encrypted storage, regardless how stupid I look not backing up those very important data.
But if experts here say I am doing almost impossible thing... I will stop.
Thank you all for your attention.
J
BTW, my s5 ran Android 4.4 before, later upgraded to Android 5.0, a while ago before I recently accidentally factory reset. I just rooted it days ago after accidental factory reset.
...... If the above info will make a difference in solving my issues below.
Thank you.
J
ljxd01 said:
I understand this is difficult, but I wanted to try before I give up.
I need experts here to shed some lights: is it still possible to recover the data from my encrypted phone after accidental factory reset, as I still have the screen PIN?
I know how to recover the data if the phone was not encrypted/not factory reset. I also somehow know how to decrypt the data inside the encrypted phone, but no way so far do I know if we can recover the deleted data from the encrypted phone if the files were deleted or the phone was factory reset, provided I still have the screen lock pin.
What I have done so far:
I rooted my sm-n900v
I also created a raw image in my pc using dd command
Next questions are,
where can I find the crypt footer (which partition), and how can I decrypt the deleted data after the factory reset?
Can I recover the deleted data from the encrypted phone first, but it looks like no tools can do that. All data recover tools like Recuva can only recover unencrrypted data.
Or should I first find the cryptor footer, figure out encryption key, but where should I find the deleted files first to decrypt from the encrypted phone?
I just came to realize what I was got into... This is the most difficult scenario to decrpt the deleted files from an encrypted phone. I do want to recover some very important files from the phone's internal/encrypted storage, regardless how stupid I look not backing up those very important data.
But if experts here say I am doing almost impossible thing... I will stop.
Thank you all for your attention.
J
Click to expand...
Click to collapse
Any help from this forum appreciated...
ljxd01 said:
Any help from this forum appreciated...
Click to expand...
Click to collapse
Hi I am in the same position as you - have you had any luck at all?
danielleb21 said:
Hi I am in the same position as you - have you had any luck at all?
Click to expand...
Click to collapse
ljxd01 said:
Any help from this forum appreciated...
Click to expand...
Click to collapse
From what I have read, the device encryption key is tied to the device Serial Number or Burned-In-ROM-Key. Meaning when you encrypt your device data, it encrypts the password in much the same way the device encrypts its "Verity Hash".
So from what I've gathered it is possible to do a factory data reset, encrypt your empty device using the same password as before, decrypt the empty device, and during that encryption/decryption phase:
Pull out the common denominator between the encrypted data you want to recover and the encrypted empty device, thus enabling you to derive the decryption key used for the data you'd like to recover.
Trying to determine whether I should decrypt. Encrypted phone requires re-entering the password twice.
Encryption has nothing to do with requiring pin at start up. You can turn it off. And turning off encryption is not something you should do. Anyways to turn start up pin just remove the pin pass or pattern you have currently and then when you add again the first screen that pops up is the confirmation screen asking whether you want startup pin enabled. Select no and you are done..
The only real benefit to decrypting your device is if you use a custom recovery like TWRP--especially if it's not an official build of TWRP.
On some devices (especially those from One Plus) there are issues where TWRP either can't decrypt the data partition or stops being able to decrypt the data partition after an OTA.
On some phones you can just boot back up if that happens but on others you are locked out and need to reformat and reflash just so you can use the device again and if that can't be done which has been the case on some treble phones like the MI-A1 and the Essential PH-1 then your device is permanently bricked and is pretty much just an expensive paperweight.