Hi all,
Just ordered my OnePlus 5 and doing a little research whilst waiting for it to reply.
I'm struggling to understand why people would choose to disable encryption - have I missed something?
The only 'downside' to having it (that I can see) is having to unlock with a pattern/PIN at first boot (and when entering TWPR etc). I guess there will also be a slight performance hit, but shouldn't be noticeable.
The 'upsides' to having it are the added security if you loose your phone (and maybe Magisk needs it).
Removing encryption needs an extra file to flash after installing TWRP, and then having to format the user partition / sd card.
Any thoughts?
Cheers,
phoenix1589 said:
Hi all,
Just ordered my OnePlus 5 and doing a little research whilst waiting for it to reply.
I'm struggling to understand why people would choose to disable encryption - have I missed something?
The only 'downside' to having it (that I can see) is having to unlock with a pattern/PIN at first boot (and when entering TWPR etc). I guess there will also be a slight performance hit, but shouldn't be noticeable.
The 'upsides' to having it are the added security if you loose your phone (and maybe Magisk needs it).
Removing encryption needs an extra file to flash after installing TWRP, and then having to format the user partition / sd card.
Any thoughts?
Cheers,
Click to expand...
Click to collapse
I second this opinion, I'd like to know before my device arrives tomorrow.
I did find a thread on the OP3 forums earlier, the read/write speed difference is negligible... So performance wise it doesn't make much difference.
My university requires an encrypted phone for Outlook though... Not a big deal as there are plenty of other alternate email apps available but it'd be nice to use for a change.
Alex Charles said:
I second this opinion, I'd like to know before my device arrives tomorrow.
I did find a thread on the OP3 forums earlier, the read/write speed difference is negligible... So performance wise it doesn't make much difference.
My university requires an encrypted phone for Outlook though... Not a big deal as there are plenty of other alternate email apps available but it'd be nice to use for a change.
Click to expand...
Click to collapse
my 1+3 was always encrypted, never had to wait for anything.
Gesendet von meinem Lenovo YT3-X50F mit Tapatalk
I remember reading something about not being able to restore data partition from a nandroid backup as it leads to bootloop and something about not being able to make a backup with security such as PIN, is this the case or an i mistaken?
AllEyezOnMe said:
I remember reading something about not being able to restore data partition from a nandroid backup as it leads to bootloop and something about not being able to make a backup with security such as PIN, is this the case or an i mistaken?
Click to expand...
Click to collapse
As far as nandroid backups and the data partition restore causing bootloops, there is a TWRP beta version released where the dev is asking for someone to test if it is fixed. As of that threads current posts no one has stepped up and confirmed if its fixed one way or the other.
You are correct that it is recommend that before you take a nandroid backup that you need to change your lock screen security to swipe or none. Otherwise a restore causes bootloops but there is a documented workaround using TWRP.
The workaround results in your lock screen security being removed (specific files are deleted). What I don't like about being forced to remove the lock screen security to do a nandroid backup is that it also wipes all your finger print input. Re-entering a pin number or swipe, is not much of a bother but doing four fingerprint training each time I want to take a safe nandroid backup is a pain. Previously I liked doing a nandroid backup at least once a week now I'll only do it when I feel any system changes (e.g. OTA, ROM flash), will put my phone at risk. With that being written I will still remain encrypted at least for the foreseeable future.
What I don't like about being forced to remove the lock screen security to do a nandroid backup is that it also wipes all your finger print input. Re-entering a pin number or swipe, is not much of a bother but doing four fingerprint training each time I want to take a safe nandroid backup is a pain.
Click to expand...
Click to collapse
Is there not some kind of system-app that holds this info, that we could back-up with Titanium, and restore after taking the Nandroid? Still a bit of work, but at least you'll be consequent.
Encryption is automatically enabled if you set up any sort of screen lock (PIN, etc). Booting into recovery gives you a password prompt by which the PIN does not work as a decryption password.
gdanko said:
Encryption is automatically enabled if you set up any sort of screen lock (PIN, etc). Booting into recovery gives you a password prompt by which the PIN does not work as a decryption password.
Click to expand...
Click to collapse
So how do you decrypt to access files from within TWRP recovery? Given this is needed to do backups (which are working, according to the TWRP 3.1.1 thread) there must be a way.
gdanko said:
Encryption is automatically enabled if you set up any sort of screen lock (PIN, etc). Booting into recovery gives you a password prompt by which the PIN does not work as a decryption password.
Click to expand...
Click to collapse
In my case the PIN I've set up works perfectly as decryption password.
phoenix1589 said:
So how do you decrypt to access files from within TWRP recovery? Given this is needed to do backups (which are working, according to the TWRP 3.1.1 thread) there must be a way.
Click to expand...
Click to collapse
depends on the right twrp version. dont look for the original one yet, look for the right one for the op5.
halfblack said:
In my case the PIN I've set up works perfectly as decryption password.
Click to expand...
Click to collapse
I've tried both PIN and password with zero success.
---------- Post added at 11:46 PM ---------- Previous post was at 11:44 PM ----------
halfblack said:
In my case the PIN I've set up works perfectly as decryption password.
Click to expand...
Click to collapse
What version of OxygenOS do you have?
gdanko said:
I've tried both PIN and password with zero success.
---------- Post added at 11:46 PM ---------- Previous post was at 11:44 PM ----------
What version of OxygenOS do you have?
Click to expand...
Click to collapse
I went from 4.5.0 to 4.5.3. I don't know what makes it work for me (I remember that I had issues just like you did on 3T).
From what I've gathered, you must remove pattern/PIN protection (I'm assuming this disables encryption?) before creating a backup via TWRP or else it will be impossible to decrypt (even with the right pattern/PIN), requiring a factory reset, which kinda negates the whole point of a backup. As long as you remember to do that (or TWRP for the OP5 matures a little more, it is after all only a few days old at this point), there isn't really a reason to disable it.
Also, any non OxygenOS based ROM will need the data to be decrypted for it to boot.
There are a few reasons to decrypt, but if you have to ask why you should or shouldn't, then you probably don't need to decrypt if the first place, so don't.
So I need to decrypt in order to flash roms?
Not, there is no reason to. Bare in mind I always decrypted my phone's
The trade off just isn't worth it.
Run a script is enter a password, either way you have work to do.
Sent from my ONEPLUS A5000 using XDA-Developers Legacy app
gursimar said:
So I need to decrypt in order to flash roms?
Click to expand...
Click to collapse
For the oreo Rom yes
Padres_1984 said:
For the oreo Rom yes
Click to expand...
Click to collapse
When it's completely released this should not be the case.
How I decrypt my phone. There is something called no verity, but I can't find it.
Odoslané z ONEPLUS A5000 pomocou Tapatalku
chlap said:
How I decrypt my phone. There is something called no verity, but I can't find it.
Odoslané z ONEPLUS A5000 pomocou Tapatalku
Click to expand...
Click to collapse
To decrypt your phone you need to back it up and format data..if you check my signature you'll see the method I used for no limits Oreo (decrypted) from nougat (encrypted)
Related
Yo. I got my Nexus 6P the other day and immediately flashed CM13 on it, and came across a couple of problems. I used the following guide, step by step: (Can't post links. but it's on Devs-Lab)
So, first off, after finishing everything (Unlocking the bootloader, Rooting & Installing Recovery and finally installing CM13) I came across a couple of problems. Firstly, my phone refused to start as it couldn't be decrypted even though I never encrypted it or set a password for the encryption (which it asked me for, to decrypt) so I tried to factory reset the phone. Didn't work, formated the phone which did work and now it launches / works with no issues. However, every time I start the phone it tells me that the device is corrupted and can't be trusted. What's up with this?
Thanks in advance,
Alex.
I don't have CM installed but what you are describing is normal. Read this:
https://support.google.com/nexus/answer/6185381?p=verified_boot&rd=1
Ah yeah, you're right.
But what about the encryption thing? It's sketchy as ****, I know for sure I didn't encrypt the phone myself / set a password to decrypt it.
zixti said:
Ah yeah, you're right.
But what about the encryption thing? It's sketchy as ****, I know for sure I didn't encrypt the phone myself / set a password to decrypt it.
Click to expand...
Click to collapse
The device comes encrypted out the box.
If you look at the article by Heisenberg
http://forum.xda-developers.com/nexus-6p/general/guides-how-to-guides-beginners-t3206928
3. How To Decrypt Your Data Partition
This is no longer necessary as long as you use TWRP 2.8.7.1 or newer
Click to expand...
Click to collapse
And according to that thread, formatting your phone will remove the encryption. Which it did. Gotcha.
Last thing, why did it ask me for a password to decrypt? Or, why didn't I have that password? Mostly out of curiosity.
I need to recover data from a samsung galaxy s7 edge, but I don't know the code for unlocking the screen. There's a way to bypass this?
1. How could You forget a 4 digit pin code? Seriously.
2. Is it rooted? Any custom rom on it? Encryption?
ProtoDeVNan0 said:
1. How could You forget a 4 digit pin code? Seriously.
2. Is it rooted? Any custom rom on it? Encryption?
Click to expand...
Click to collapse
It isn't mine, it was of a dead person and the family asks me to recover data but they don't know the pin.
It's fully original.
Then I'm not sure if it's possible.
If it didn't have encryption enabled (it's enabled by default by samsung) then You could flash TWRP and then flash a zip file which removes certain files in Data partition and well, unlocks the device (I've done it before when I broke my lock screen buttons). But with Encryption being enabled TWRP won't be able to read Data partition and yeah. I'm not sure if You can even access internal storage through TWRP.
Maybe try all possible combinations? Or the most popular ones.
Try this:
Flash TWRP(a detailed instruction is on XDA)
Tap on advanced and then file manager.
You should be able to see internal storage if it's not encrypted, and then just copy all files that You want to sd card or just mount usb storage.
But if the encryption covers Data and internal storage then I don't think You can do anything.
Like I said, in the worst case try using most popular code combinations and maybe one will work. But try that before flashing TWRP, cause TWRP might soft brick the device.
No. Who knows what you're really after? I'm totally against questions like these and would urge people not to answer. If it's really your own device, you have to deal with the consequences of forgetting a 4 digit number.
Not possible with encryption, only way is brute forcing it and it might auto wipe after 15 attempts
Really??? Xda is the first place someone with this situation would ask for help? First post? I'm calling BS.
If - hah - you are legit, the "dead" person's phone is still under warranty, therefore the "family" can take the phone to the dealer/network provider and get help there.
sounds very suspicious
Hey guys , Since I upgraded to Nougat, my phone is pre-encrypted and why can't I decrypt it? Why is it like this? I want to decrypt it so that my phone will be a little faster. So how can I decrypt it?
Unlock, install twrp and format data.
lafester said:
Unlock, install twrp and format data.
Click to expand...
Click to collapse
Can't I just do it without unlocking? I can encrypt and unencrypt the phone easily(factory rest) on all my other devices?And any clues why is it pre-encrypted?
I suppose you could try a factory reset in stock recovery.
lafester said:
I suppose you could try a factory reset in stock recovery.
Click to expand...
Click to collapse
I've reset factory a couple times but that option is not choosable and it is written encrypted.
I mean I haven't even encrypted my phone ever , so why is it encrypted?Is it done automatically? What about yours?Is it pre-encrypted too?
It was...
lafester said:
It was...
Click to expand...
Click to collapse
I guess you've got the G or U model?right?(mine is A2017)
Boot into TWRP and change the data partition type from f2s to EXT4.
Double tap screen awake
My phone double tap screen awake doesn't work since these updates what can I do.It's a axon 7 2016 model..
Paulkdixon96 said:
My phone double tap screen awake doesn't work since these updates what can I do.It's a axon 7 2016 model..
Click to expand...
Click to collapse
I think you are in the wrong thread.
Aj-jss said:
I mean I haven't even encrypted my phone ever , so why is it encrypted?Is it done automatically? What about yours?Is it pre-encrypted too?
Click to expand...
Click to collapse
Zte stock rom comes pre-encrypted on every new install. The only way to bypass it is to edl flash a stock rom with twrp. Boot right into twrp after the flash. Find a modded stock boot.img that has a modded fstab, flash it, then boot and your phone will be unencrypted with the stock rom.
Thank you all. I'll do as you said and unencrypt it.
DEAR ZTE CUSTOMER,
Pls describe clearly about the situation of your encrypted phone, because our developer confused about such encrypted issues. BTW, please provide your phone'IMEI.
Thank you!
William Guo said:
DEAR ZTE CUSTOMER,
Pls describe clearly about the situation of your encrypted phone, because our developer confused about such encrypted issues. BTW, please provide your phone'IMEI.
Thank you!
Click to expand...
Click to collapse
No issues. It is encrypted by default in stock ROM.
This guy seems to be spamming and looking for imei info.
Mine is encrypted. Brand new out of box, updated to B10 MM then to B04 Nougat 7.1.1
What are the implications of it being encrypted? Mine is remaining stock, not even TWRP recovery or root. I'm happy if it's secure as I have personal and work SIM in it and will be using a couple of apps that look for root. Kind of tired of modding phones, just want life to be simple and reliable, able to take updates when I like. The work Nexus 5X was a ****ty phone but I got used to it being updated. It's a rare one that doesn't bootloop and is on Oreo but I hate carrying two phones thus the reason for buying the Axon 7 for dual SIM.
RobboW said:
Mine is encrypted. Brand new out of box, updated to B10 MM then to Nougat.
What are the implications of it being encrypted? Mine is remaining stock, not even TWRP recovery or root. I'm happy if it's secure as I have personal and work SIM in it and will be using a couple of apps that look for root.
Click to expand...
Click to collapse
I don't believe you'll get more performance out of an unencrypted phone, or not enough to justify it for that matter. also, on some phones you need it not to be encrypted if you want to see the internal storage in TWRP, but on this phone it doesn't happen.
You can fix it in your settings--hand design(sort of, I guess),or you can update the latest version from ZTE office website. Good luck!
Hello,
I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...
From me the problem is to protect MY data if I loss the phone...
If my phone is password protected (and bootloader locked), a person that found the device can't use it directly.
It can unlock the bootloader (more or less easily) but the phone data is removed by the unlock process.
My data is sure!
But if the bootloader is unlocked the person that has found my phone can acess to the custom recovery (or load a custom recovery if I'm on stock recovery) then force a wipe of the device.
Due to that, all my security (fingerprint and lock code) was erased and the user can access to my phone and also to all the data stored in /sdcard.
My data isn't sure!
It exists any mode to use a custom ROM but maintaining my data sure?
(I'm not confidence with the Google remote device access)
Thanks in advance!
I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!
I'll be honest and I mean no offense but your data is worthless. If someone steals your device the first things done are Sim removed and devices reset or powered off. Data thieves don't get the data from stolen devices. They get it from the places we give it freely. Like shopping stores and on line accounts.
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
jhs39 said:
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
Click to expand...
Click to collapse
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
bartito said:
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
Click to expand...
Click to collapse
Yep, like any other android, the oneplus 5 has full disk encryption enabled by default:
http://www.androidpolice.com/2015/1...ll-disk-encryption-by-default-on-new-devices/
bartito said:
Hello,
I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...
...........................................
Click to expand...
Click to collapse
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.
In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.
In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.
In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.
So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.
But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
Hello,
Absolutelly appreciate your anwer.
I'm a common man, but I'm a bit worried due to 2 points:
1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,
2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it
EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts
Thanks!
sikander3786 said:
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.
In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.
In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.
In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.
So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.
But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
Click to expand...
Click to collapse
jhs39 said:
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
Click to expand...
Click to collapse
Black listing the imei doesn't work everywhere. Plus while banned on xda so I can't say how. But the imei is not that hard to change.
bartito said:
Hello,
Absolutelly appreciate your anwer.
I'm a common man, but I'm a bit worried due to 2 points:
1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,
2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it
EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts
Thanks!
Click to expand...
Click to collapse
Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks
sikander3786 said:
Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
Click to expand...
Click to collapse
bartito said:
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks
Click to expand...
Click to collapse
I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.
If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.
Also, you will need to turn off "oem unlock" option from developer options.
sikander3786 said:
I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.
If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.
Also, you will need to turn off "oem unlock" option from developer options.
Click to expand...
Click to collapse
I think in the end I will stay as I am: bootloader unlocked and TWRP instead of the original recovery.
After all... I've never lost a phone...
bartito said:
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
Click to expand...
Click to collapse
I haven't checked, but I believe it should.
nxss4 said:
Yep, like any other android, the oneplus 5 has full disk encryption enabled by default:
http://www.androidpolice.com/2015/1...ll-disk-encryption-by-default-on-new-devices/
Click to expand...
Click to collapse
Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477
sikander3786 said:
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
Click to expand...
Click to collapse
Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.
sikander3786 said:
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Click to expand...
Click to collapse
This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
Hello,
Thanks for your anwer. I appreciate the time that have you spend on my question
I need to go to the FDE thread to learn a bit more about the process and results.
Now, I have 2 more questions...
1) If the phone is encrypted with FBE a user can remove user passwords using "adb shell rm /data/system/*.key
&& adb reboot" commands, like @sikander3786 has explained but, due to the device is encripted, it can't access to my data
and the device will require for the decrypt password when booting in normal mode or recovery. I'm correct?
2) If the device is encrypted with FBE a user can access to /sdcard even without the decrypt password in recovery (TWRP) mode but not if encrypted with FDE?
Thanks again!
Fif_ said:
I haven't checked, but I believe it should.
Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477
Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.
This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
Click to expand...
Click to collapse
nxss4 said:
I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!
Click to expand...
Click to collapse
Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?
Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?
anuragm13 said:
Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?
Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?
Click to expand...
Click to collapse
You can't, but your data isn't accessible without the password
bartito said:
You can't, but your data isn't accessible without the password
Click to expand...
Click to collapse
But one can flash custom recovery from fastboot and subsequently use it to flash custom roms.
Am i right?
anuragm13 said:
But one can flash custom recovery from fastboot and subsequently use it to flash custom roms.
Am i right?
Click to expand...
Click to collapse
Yes, you can flash any recovery and any rom, but phone data can't be accessible if you don't have the password.
To use the device you need to know the password or do a data format
Isn't your phone technically always safe as long as you keep it encrypt it?
Only thing a thief could do would be a reset in both cases, isn't it?
Ok it doesn't matter what I do I end up with a decrypted phone it doesn't matter what ROM I use or if I go stock rom.......
The moment I reboot or swap Sim card it instantly boot loop and I go in to recovery and it asks me for a password to decrypt it and when I flash it back to stock with stock bootloader and lock the bootloader up it doesn't play the video property and no sound........ZTE is not a good product.
stinka318 said:
Ok it doesn't matter what I do I end up with a decrypted phone it doesn't matter what ROM I use or if I go stock rom.......
The moment I reboot or swap Sim card it instantly boot loop and I go in to recovery and it asks me for a password to decrypt it and when I flash it back to stock with stock bootloader and lock the bootloader up it doesn't play the video property and no sound........ZTE is not a good product.
Click to expand...
Click to collapse
Pretty sure that's not ZTE's fault entirely
troy5890 said:
Pretty sure that's not ZTE's fault entirely
Click to expand...
Click to collapse
I have followed every thing that I was told to do to unlock the bootloader if I didn't it would have never been unlocked so saying that the encryption by automatically generated is the problem even when I flash stock rom back and don't use any password the thing is still encrypted that is the problem.
The AXON 7 is a very good smartphone until people try to put custom Rom on it. I have never tried and I will not to do it.... Don't complain about a product you've decided to modify by yourself. The problem is not the smartphone.
Envoyé de mon ZTE A2017G en utilisant Tapatalk
JLLE said:
The AXON 7 is a very good smartphone until people try to put stock Rom on it. I have never tried and I will not to do it.... Don't complain about a product you've decided to modify by yourself. The problem is not the smartphone.
Envoyé de mon ZTE A2017G en utilisant Tapatalk
Click to expand...
Click to collapse
But it is when they removed the options for me to encrypt the device and allow it by default........this is the problem I am having.....
Do a full wipe, format data and or internal storage maybe.
After flashing ROM also flash root. Doing the latter kept encryption from happening for me (a long time ago though).
Moto G5S Plus XT1806, GZOSP_PixelExperience, MultiROM, Tapatalk 4.9.3
Just flash with EDL
---------- Post added at 10:22 AM ---------- Previous post was at 10:22 AM ----------
Just fully flash phone to stock with edl
stinka318 said:
But it is when they removed the options for me to encrypt the device and allow it by default........this is the problem I am having.....
Click to expand...
Click to collapse
I think Axon 7 is encrypted by default on stock ROM (it says encrypted in settings/security) and can not be changed as it is fot me.
I also noticed that a newly flashed recovery asks you for a password, even thought I haven't encrypted the phone at that point, but do you know how I got past this? I clicked cancel... Atleast on TWRP this worked every time... Moreover if you correctly install LineageOS for example, you can encrypt your phone. I did it once after a complete wipe (because I soft bricked the phone), and it stayed encrypted ever since.
However if you try to modify your phone for the first time, I'm pretty sure you have to flash via EDL/Fastboot/ADB. EDL is the easiest way since there are tools for getting SU access and unlocking the bootloader I think. ADB works too but it's a little more complicated. This is because (like almost (is there even one?) every other manufacturer) ZTE doesn't allow flashing or getting SU access by default, so customers don't brick their phone
User unlocks bootloader (which ZTE does not officially support), starts flashing things (again not supported by ZTE) and then blames ZTE as if its their fault!?!?!?!?!
Can we say...dunce....
stinka318 said:
Ok it doesn't matter what I do I end up with a decrypted phone it doesn't matter what ROM I use or if I go stock rom.......
The moment I reboot or swap Sim card it instantly boot loop and I go in to recovery and it asks me for a password to decrypt it and when I flash it back to stock with stock bootloader and lock the bootloader up it doesn't play the video property and no sound........ZTE is not a good product.
Click to expand...
Click to collapse
-ZTE is not a product
-You want your phone to be encrypted? Flash the stock ROM, then start the phone. If you want root install it AFTER the ROM boots for the first time, because Magisk or SuperSU turns encryption off.
If the recovery asks you for a password then your phone is ENcrypted, not decrypted. If you want DEcryption, FORMAT the internal storage and then flash Magisk Then you can reboot.
stinka318 said:
Ok it doesn't matter what I do I end up with a decrypted phone it doesn't matter what ROM I use or if I go stock rom.......
The moment I reboot or swap Sim card it instantly boot loop and I go in to recovery and it asks me for a password to decrypt it and when I flash it back to stock with stock bootloader and lock the bootloader up it doesn't play the video property and no sound........ZTE is not a good product.
Click to expand...
Click to collapse
It's not the phone fault when you are not smart enough to unlock bootloader. ) Victims blame?
tamahouse said:
It's not the phone fault when you are not smart enough to unlock bootloader. ) Victims blame?
Click to expand...
Click to collapse
But I have unlocked the bootloader you have to do that to get custom recovery in it.......then it asks me for a password that I didn't even make......by the way I was able to get it all sorted.....
stinka318 said:
But I have unlocked the bootloader you have to do that to get custom recovery in it.......then it asks me for a password that I didn't even make......by the way I was able to get it all sorted.....
Click to expand...
Click to collapse
Yeah, that's your fault for not knowing that it is completely normal. After unlocking the phone, you have to format your data...
stinka318 said:
But I have unlocked the bootloader you have to do that to get custom recovery in it.......then it asks me for a password that I didn't even make......by the way I was able to get it all sorted.....
Click to expand...
Click to collapse
Use the security code you setup for Android.
Sent from my Moto Z (2) using Tapatalk
xRogerxC said:
Use the security code you setup for Android.
Sent from my Moto Z (2) using Tapatalk
Click to expand...
Click to collapse
Didn't set up encryption or password.......but it still asking for it in recovery......
Choose an username... said:
Yeah, that's your fault for not knowing that it is completely normal. After unlocking the phone, you have to format your data...
Click to expand...
Click to collapse
I had the same thing happen to me as well. I just had to format data and it fixed the problem.
xRogerxC said:
Use the security code you setup for Android.
Click to expand...
Click to collapse
again, nope, format data
stinka318 said:
But I have unlocked the bootloader you have to do that to get custom recovery in it.......then it asks me for a password that I didn't even make......by the way I was able to get it all sorted.....
Click to expand...
Click to collapse
The password is not by ZTE, it belong to android 7 or above by default. There no valid password, so you have to bypass it somehow. I not quite remember because I have to use so many methods, I wiped the phone up or miflashing or using axon tools.
The most easy way may be you have to miflash to an old version stock firmware, unlock the phone, install twpr, and flash the latest rom.