CM13 encryption is a nightmare.
I've only used CM11 encryption before (use Cryptfs Password Manager to change encryption password).
I installed CM13 on a LG G2 D800. I believe it has hardware-backed storage.
I encrypted my phone using `vdc cryptfs enablecrypto inplace password` as a test. Curious to see what happened when I changed encryption methods, I switched to password encryption with password `password`.
After running `vdc cryptfs changepw password password password password2`. I was able to successfully decrypt with "password2" and unlock with "password". So I assumed the command would work... this assumption would prove my downfall.
I then reenabled pattern unlock. Interestingly, I was able to reboot without so much as a password prompt, despite being "encrypted". So I reentered the pattern, making sure to first enable boot-time pattern prompt. (Really! What's the point of encryption if it doesn't depend on user input?)
Still in pattern mode, I attempted to secure decryption while maintaining convenient unlock pattern. `vdc cryptfs changepw pattern password password password` or `pattern password password` or `password password password password` or `password password password` I actually ran a long command a few times, then a short one repeatedly, then possibly the long one some more. Each time I ran it, I got `200 0 0`, which is supposed to indicate "no error".
Nonetheless, when I reboot, the phone still asks for the pattern (I had tried to add a decryption password), but rejects the unlock pattern I was using previously. It seems like the `changepw` commands did not enable the password, but merely corrupted the pattern.
How do I unlock encryption?
(repost https://www.reddit.com/r/cyanogenmo...3_lg_g2_pattern_encryption_bricked_after_vdc/ )
How did you get vdc cryptfs to work? I've tried adb shell and termux on the device and can't get the system to recognize either.. I've got busybox installed and am running as su, but can't get the command to take..
---------- Post added at 10:56 PM ---------- Previous post was at 10:46 PM ----------
cuhead528 said:
How did you get vdc cryptfs to work? I've tried adb shell and termux on the device and can't get the system to recognize either.. I've got busybox installed and am running as su, but can't get the command to take..
Click to expand...
Click to collapse
Figured this out - downloaded the cryptfs app from the playstore and then was able to use Termux to run the command.
Related
Cryptfs Password Manager
Android device encryption password manager app. Lets you changes the Android disk encryption password. Essentially the same as
Code:
# vdc cryptfs changepw <newpassword>
but easier to use and slightly more foolproof. Requires root access.
WARNING
If you forget the new password after you change it, you will not be able to boot the device. You will have to perform a factory reset, DELETING all your data. Make sure you take a full backup before using this tool, and REMEMBER THE PASSWORD. You have been warned, use at your own risk!
Why and how to use this
Android 3.0 (Honeycomb) introduced disk encryption and it has been available on all subsequent versions. It encrypts the data partition with a key protected by a user-selected password and requires entering the password in order to boot the device. However, Android uses the device unlock password or PIN as the device encryption password, and doesn't allow you to change them independently. This effectively forces you to use a simple password, since you have to enter it each time you unlock your device, usually dozens of times a day. This tool allows you to change the encryption password to a more secure one, without affecting the screen unlock password/PIN. To change the device encryption password simply:
Enter the current password (initially the same as the unlock password/PIN)
Enter and confirm the new password
Hit 'Change password'
The changes take effect immediately, but you will only be required to enter the new password the next time you boot your device. Make sure you choose a good password, not based on a dictionary word, since automated tools can brute force a simple password in minutes. Above all, make sure you REMEMBER the new password.
If you change the device unlock password/PIN, the encryption password will be automatically changed as well. You need to use this tool again to change it back, if required.
Once Android adds an official way (system UI) to change the passwords independently, this tool will no longer be needed. Star this issue if you want this to happen:
code.google.com/p/android/issues/detail?id=29468
How to get it
The app is also available in the Google Play Store:
play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager
And source is on Github, Apache 2.0 licensed:
github.com/nelenkov/cryptfs-password-manager
Acknowledgments
Borrows some code from github.com/project-voodoo/ota-rootkeeper-app, under the WTFPL license
So, I just set a pin lock screen on my Sprint GS5, and I immediately locked it, and went to unlock it (to see what the lock screen looked like), and I entered the pin that I just set on the phone, and it said that it was incorrect. I know what I entered, and the lock screen is not taking it. I have tried multiple combinations involving numbers near the numbers I put in, and nothing has worked. I'd really like to remove the pin lock without erasing anything, as I have things I have not backed up that are not on my SD card. I did not have the device set up with Android Device Manager, nor my Samsung Account. The phone was rooted with Towel Root.
Is there anything I can do other than a factory reset? This is really aggravating me.
Now you know why you should always make a backup first.
You should be able to remove the PIN using Paulyhofman's method.
This requires ADB debugging on or in the alternative, installing a custom recovery.
If the Sprint bootloader is locked and hence you can't do a proper custom recovery, then do a forum search as there are several other PIN bypass methods in existing threads. Actually doing a search should always be the first step before posting any question.
adb shell
# sqlite3 /data/data/com.android.providers.settings/databases/settings.db
sqlite> update secure set value=65536 where name='lockscreen.password_type';
sqlite> .exit
# exit
adb reboot
.
fffft said:
Now you know why you should always make a backup first.
You should be able to remove the PIN using Paulyhofman's method.
This requires ADB debugging on or in the alternative, installing a custom recovery.
If the Sprint bootloader is locked and hence you can't do a proper custom recovery, then do a forum search as there are several other PIN bypass methods in existing threads. Actually doing a search should always be the first step before posting any question.
adb shell
# sqlite3 /data/data/com.android.providers.settings/databases/settings.db
sqlite> update secure set value=65536 where name='lockscreen.password_type';
sqlite> .exit
# exit
adb reboot
.
Click to expand...
Click to collapse
I must not have had usb debugging enabled on my phone because ADB says device not found. I was able to copy the settings.db file to my SD card using aroma, but I try to open it in SQLite reader, and it says it is encrypted. Do you know how to decrypt this file? Or anyone?
Okay, I found a solution. Instead of modifying settings.db, I deleted /data/system/locksettings.db, and the lock screen was removed.
I did this from within the aroma file manager. I finally have my phone back! I will be setting up remote controls, usb debugging, and backing some stuff up now.
First off, relevant Twitter post: https://twitter.com/laginimaineb/status/737051964857561093
posted by /u/sephr on reddit.com/r/android:
So basically, Full Disk Encryption is now much easier to bypass on many devices until this gets fixed. There are a few other things that rely on this, but FDE is the most important.
This is where your encryption key is stored. Your encryption key is itself encrypted by the password you enter to decrypt your device (your password decrypts a bigger more reliable password essentially), so if you don't have a very long and secure password, it is now easy to break FDE, as an attacker won't be limited by a limited number of password attempts.
Attackers can extract your key and brute force your password using it.
First, if this in the wrong section. Please move. Couldn't find a TWRP forum section and i'm using the N6P so decided to post it here.
My N6P is setup with fingerprint for unlock. Apparently this interferes with TWRP being able to mount data. So i went to device & security > set a password > went back to recovery > no dice: "Invalid password". Tried PIN, no dice. Tried the VDC cryptfs method found here https://www.xda-developers.com/how-to-manually-change-your-android-encryption-password/, no dice
22|angler:/ # vdc cryptfs changepw <unlock pin> <new password>
vdc V 02-06 19:49:45 14714 14714 vdc.cpp:50] Waited 0ms for vold
vdc E 02-06 19:49:45 14714 14714 vdc.cpp:109] Raw commands are no longer supported
The only thing that worked was to remove all security (no pin, no print, no password), then TWRP could succesfully mount /data
Now this is a hassle to do everytime i want to take a backup. Used to be able to use chainfire's Flashfire app to do that, but with the N6P no longer getting updates, i flashed "PixelExperience rom (based on AOSP 9) and SuperSU doesn't work anymore, so cant use FF either. Thus i'm "confined" to TWRP.
So the question is, does anyone know a working method to have BOTH fingerprint active AND being able to decrypt /data? IT's a major hassle removing & resetting fingerprint everytime.
Ch3vr0n said:
First, if this in the wrong section. Please move. Couldn't find a TWRP forum section and i'm using the N6P so decided to post it here.
My N6P is setup with fingerprint for unlock. Apparently this interferes with TWRP being able to mount data. So i went to device & security > set a password > went back to recovery > no dice: "Invalid password". Tried PIN, no dice. Tried the VDC cryptfs method found here https://www.xda-developers.com/how-to-manually-change-your-android-encryption-password/, no dice
22|angler:/ # vdc cryptfs changepw <unlock pin> <new password>
vdc V 02-06 19:49:45 14714 14714 vdc.cpp:50] Waited 0ms for vold
vdc E 02-06 19:49:45 14714 14714 vdc.cpp:109] Raw commands are no longer supported
The only thing that worked was to remove all security (no pin, no print, no password), then TWRP could succesfully mount /data
Now this is a hassle to do everytime i want to take a backup. Used to be able to use chainfire's Flashfire app to do that, but with the N6P no longer getting updates, i flashed "PixelExperience rom (based on AOSP 9) and SuperSU doesn't work anymore, so cant use FF either. Thus i'm "confined" to TWRP.
So the question is, does anyone know a working method to have BOTH fingerprint active AND being able to decrypt /data? IT's a major hassle removing & resetting fingerprint everytime.
Click to expand...
Click to collapse
I'm not sure why some people seem to have an issue with twrp requiring a password. Do you also have your security set to require pin on reboot?
I have pin/finger print set for my device and I have no issue with mounting data/ getting into twrp, it does not prompt me for a password anywhere in twrp.
Also, for as long ad the 6p has been around AFAIK, you cannot make a backup when you have any form of security measure enabled and be able to restore it and get into the system. Not sure why they could never find a way around it, but you have to remove pin/pattern/FP whatever security measures you have before making a backup in twrp.
There is a way to get Into it if needed by going in and deleing the lock screen security file via twrps file manager.
Well that clears that up then thanks. Does the pixel 3 XL also suffer from that problem? My N6p recently started getting the dreaded random battery reboot problem (can't complain after 3y I guess) and I'll be swapping to that device
** edit ** and no i don't have it set to require anything on boot. No pin/password/pattern.
Just set device security with fp + pin when os is fully loaded to unlock. That's all
Verstuurd vanaf mijn Nexus 6P met Tapatalk
Hi,
I bought recently a oneplus 6t after four or five years using a nexus6. I am happy with it.
One question nonetheless : is there a possibility to change the encryption password ? Not to use the default password ? Which I do not know ....
On the Nexus 6 I could setup the encryption password to replace default_password - I was asked the chosen password early at boot before the login screen - but now one cannot use :
Code:
vdc cryptfs changepw password default_password <mypassword>
(No more possibility to use raw commands
Regards
You aren't confusing FDE (full disk encryption) with FBE (file based encryption)? The 6T uses FBE, I'm not aware of a way to convert to it to FDE.
Indeed I am confusing ..... What is disturbing me is the fact that there is an encryption password which I do not know ....
Regards