Make Encryption work with Root - Samsung Galaxy S8 Questions and Answers

Hello,
I have very important security needs and I'm forced to have my data encrypted everywhere.
However on all my old androids phone encryption work perfectly with custom recovery and root.
How can I enable both encryption and root on my brand new SM-G950F ???
I have look everywhere, impossible to find anybody who have an encrypted S8 running with Magisk and a custom recovery
I have experience with Android and Linux and I am willing to try everything to avoid reselling a phone that I love and that I bought just today...

I have the very same problem. Did you find a solution for having both, root and encryption?

i would like to know also

https://forum.xda-developers.com/ga...a2-devbase-v5-0-encryption-t3752964?nocache=1

Related

[Q] How to enable Fingerprint Scanner with full device encryption??

Hi,
I bought the Samsung Galaxy S5 and the fingerprint reader works reasonably well (as in it works, nothing in comparison to apple though, so don't buy it for the fingerprint reader ) for unlocking the screen...
However its a work requirement that my phone has full device encryption, as phones are regularly stolen where I travel.... it seems when I enable encryption I lose the ability to use the fingerprint reader to unlock the phone .... I bought this hoping that I could avoid having to type in my complex password just to unlock the screen, as I got so tired of doing that with my S2
Is there any mods to enable finger print reader screen unlock + full device encryption at boot time for the Galaxy S5 yet? ... I saw some references to pattern unlock / pin with device encryption... but I would think the fingerprint reader is different...
Thanks!
S5 Full disk encryption with fingerprint unlock
I also have this question. I believe on the Nexus 5 it at leasts lets you use face unlock with full device encryption. And I read on one article that you should be able to do this but i do not think the author actually tried this. I will say from my own personal experience that you can infact decrypt the device after encrypting it without doing a complete wipe of the device and you can restore the use of fingerprints to unlock your phone. It seems like for security minded people this would be a great feature but if it is unable to be used with full device encryption it seems a little pointless to me. Being forced to use a PIN or password to use encryption is a big pain point for android users who want some type of security.
Yes I can't believe that no one has really complained about this yet - but I guess encryption isn't' that important to people as I imagined
androidpleb said:
Yes I can't believe that no one has really complained about this yet - but I guess encryption isn't' that important to people as I imagined
Click to expand...
Click to collapse
I am having the same pain, as I use my S5 for BYOD.
It makes no sense when you can use fingerprint to make payments with paypal but not unlocking the phone when it is encrypted.
Hope Samsung can enable this feature in next update.
I'd like this too.. as well as, the iPhone has a cydia app (that a friend of mine showed me), that you can basically disable the power button from turning off the phone while it is fingerprint locked. That would definately be nice to have on the S5 (since it's done through an app). That would have stopped the person who stole my wife's S4 from turning it off when it was blasting the locator ring at them!
sorphin said:
I'd like this too.. as well as, the iPhone has a cydia app (that a friend of mine showed me), that you can basically disable the power button from turning off the phone while it is fingerprint locked. That would definately be nice to have on the S5 (since it's done through an app). That would have stopped the person who stole my wife's S4 from turning it off when it was blasting the locator ring at them!
Click to expand...
Click to collapse
I can't believe that the fingerprint sensor can't be used if encryption is enabled whatsoever. I could understand the iPhone model, requiring a pin before a fingerprint can be used, but by disabling fingerprint lockscreen, boot unlock, and SD unlock, the fingerprint sensor is now wholly useless for convenience.
It's too trivial to extract data from an unencrypted Android. By not supporting encryption with a measure of covenieve, I don't see the point in including a fingerprint sensor whatsoever given the current software limitations.
Please, someone, figure out what sqlite/settings need to be changed so we can make decent use of our phones fingerprint sensor.
After some experiments, i found out a procedure to enable FDE and fingerprint lockscreen. Root is required (or at least I guess, I didn't try with a non-rooted system...).
These are the steps:
1) set up fingerprint lockscreen
2) with a root explorer, go to /data/system folder, and backup locksettings.db, locksettings.db-shm and locksettings.db-wal to sd card
3) set up password lockscreen
4) encrypt the device
5) when encryption is done, restore the backed-up files to /data/system: you should have fingerprint lockscreen again (no reboot needed, just turn the screen off, and magically the password should be vanished )
CAVEAT 1: with my system configuration, I wasn't able to encrypt the device directly: the encryption procedure started, but after reboot nothing happened, the device just booted normally. I don't know the exact reason, in some forums they suppose that it happens on kitkat when the device is rooted. I was able to bypass the problem only adding these steps to the procedure:
...
3b) with TWRP, backup the /system partition, and restore the stock non-rooted /system
4) encrypt the device
4b) restore the original rooted /system partition
...
I don't know if steps 3b) and 4b) are always necessary, let me know...
If you need these steps, don't worry if before restoring your custom /system partition the encryption password isn't recognized, just restore the partition and all will work fine
CAVEAT 2: once encrypted, I didn't find a way to unencrypt the device, because the unencrypt ion procedure starts, but after reboot the device is still encrypted, similar to what described in caveat 1. I tried to replace the /system partition with the stock one, but the encryption password was no longer recognized.
CAVEAT 3: the current TWRP (2.7.1) isn't able to mount S5 encrypted data partition, and restoring an image made with online nandroid backup doesn't seem to work either. So, if you want to make an image of your phone (and I suggest to do it ), do it before encryption
Boot Loop
fabiokino said:
After some experiments, i found out a procedure to enable FDE and fingerprint lockscreen. Root is required (or at least I guess, I didn't try with a non-rooted system...).
These are the steps:
1) set up fingerprint lockscreen
2) with a root explorer, go to /data/system folder, and backup locksettings.db, locksettings.db-shm and locksettings.db-wal to sd card
3) set up password lockscreen
4) encrypt the device
5) when encryption is done, restore the backed-up files to /data/system: you should have fingerprint lockscreen again (no reboot needed, just turn the screen off, and magically the password should be vanished )
CAVEAT 1: with my system configuration, I wasn't able to encrypt the device directly: the encryption procedure started, but after reboot nothing happened, the device just booted normally. I don't know the exact reason, in some forums they suppose that it happens on kitkat when the device is rooted. I was able to bypass the problem only adding these steps to the procedure:
...
3b) with TWRP, backup the /system partition, and restore the stock non-rooted /system
4) encrypt the device
4b) restore the original rooted /system partition
...
I don't know if steps 3b) and 4b) are always necessary, let me know...
If you need these steps, don't worry if before restoring your custom /system partition the encryption password isn't recognized, just restore the partition and all will work fine
CAVEAT 2: once encrypted, I didn't find a way to unencrypt the device, because the unencrypt ion procedure starts, but after reboot the device is still encrypted, similar to what described in caveat 1. I tried to replace the /system partition with the stock one, but the encryption password was no longer recognized.
CAVEAT 3: the current TWRP (2.7.1) isn't able to mount S5 encrypted data partition, and restoring an image made with online nandroid backup doesn't seem to work either. So, if you want to make an image of your phone (and I suggest to do it ), do it before encryption
Click to expand...
Click to collapse
I get samsung boot loop using the above instructions
Pierreseoul said:
I get samsung boot loop using the above instructions
Click to expand...
Click to collapse
Hi guys! Did someone try this solution? I unfortunately have the same issue and unlock my device each time make me crazy!
Thanks in advance.
Same problem
I purchased a Galaxy S5 and I have the same problem, unfortunately I cannot root my phone due to security policies in my company. :crying:
I hope Samsung will solve the issue. :fingers-crossed:
Have anyone contacted to Samsung Support Center?
Pierreseoul said:
I get samsung boot loop using the above instructions
Click to expand...
Click to collapse
What is the consequence of boot loop if you are using stock boot loader? Odin mode required to recover? Something less drastic? What device model are you using?
I found a possible solution that involves deactivating SuperSU and running encryption from there. Still investigating. I am thinking that the solution from @fabiokino will work in this case too.
I'm curious about this aswell.
Doesn't anyone know a working solution?...
It is really frustrating the very least. I can't believe there isn't a way (or if there is, a guide) to do this (with or without root access).
I have also heard it is doable on the Note 4. See this post for example http://forum.xda-developers.com/showpost.php?p=57103664&postcount=7.
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
How?
healpowah said:
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
Click to expand...
Click to collapse
Can you explain how please? I'm on stock lollipop as well and cannot use fingerprint scanner with FDE. Wondering if there's a process to it?
Thanks!
healpowah said:
I just flashed the stock Lollipop ROM and guess what: It works!!
Samsung finally did it. No tweaking needed and it also works without root access.
Click to expand...
Click to collapse
Nice to see this, hope it will work on my Galaxy tab S too
Did you see this?
https://www.jethrocarr.com/2013/12/29/encrypting-disk-on-android-4/
GermanDoerksen said:
Can you explain how please? I'm on stock lollipop as well and cannot use fingerprint scanner with FDE. Wondering if there's a process to it?
Thanks!
Click to expand...
Click to collapse
Unluckily the trick showed in the previous link only encrytps the main device and not the micro SD
Joker87 said:
Unluckily the trick showed in the previous link only encrytps the main device and not the micro SD
Click to expand...
Click to collapse
Well for me that really wouldn't be a problem. I don't have an SD card so I'm okay with just FDE. Thing is I really really don't want to root my phone... No particular reason other than every older android device I've done it on always ends up slow and buggy after a few months use until I reflash with stock ROM. I would like my phone to stay buttery smooth for once..
GermanDoerksen said:
Well for me that really wouldn't be a problem. I don't have an SD card so I'm okay with just FDE. Thing is I really really don't want to root my phone... No particular reason other than every older android device I've done it on always ends up slow and buggy after a few months use until I reflash with stock ROM. I would like my phone to stay buttery smooth for once..
Click to expand...
Click to collapse
You could root then unroot it after you have encrypted it
Joker87 said:
You could root then unroot it after you have encrypted it
Click to expand...
Click to collapse
you're right... plus it's not really the "rooting" process that makes it slow, it's installing another ROM. Having a rooted phone doesn't necessarily have any performance impact... just opens up a few things for me. Interesting. Thanks! Unfortunately I've already encrypted so now I have to find that thread about how to decrypt lol.
Thanks!

H918 Encryption with root

Hi folks,
Is there any way to get device encryption with root for the H918? I need encryption for work (and also would like it in case I lose the phone). I can live with stock root or a custom rom, as long as device encryption works.
Thanks!

Help bypassing lockscreen; unfamiliar with device

Hello,
I am trying to work around/bypass the password lockscreen for a friend that accidentally set it (I think her kid did) and doesn't know what the actual password is. I've already tried ADM and Samsung's "Find My Mobile" service but neither were helpful.
So I'm pretty sure my only two options now are to backup the existing data to my PC (though I'm not sure how given that I don't have access to important functions like ADB, custom recovery, etc.) and then factory reset the phone, OR just deal with the KNOX/warranty flag being tripped and delete the necessary files from /data/system using a custom recovery. If there's another alternative I'm missing, I would love to hear it.
Excuse me for already jumping ahead, but assuming I go the latter route, what would be the easiest way to flash a custom recovery? I've already looked at various other posts on this phone's board regarding rooting and everything looked quite involved.
The phone says it's a G935PVPS4BQE1, if that helps.
Thanks in advance.
P. S. I currently come from a OnePlus One, though I previously had a Galaxy S3 and remember quite vividly how much of a huge pain it was to properly root the device and deal with KNOX. I imagine the rooting process is even more of a pain with more recent Samsung phones.

PreUnlock Questions. Keeping DRM keys? Root implications? Restrictions?

Hi, after over a year without unlocking my Moto G 5 Plus I'm eager to make the move to unlock and root it. But I've seen that things have changed quite a bit since the last time I rooted my old phone.
As far as I know unlocking the bootloader wipes the DRM keys for ever. What implications does that have? Is there any way to back them up before unlocking to restore them later? What won't work without them?
Will it influence Netflix and Banking apps like Mobilepay (Denmark)? From what I could find out Magisk can help to patch the system without being detected. How does Safety net detect system changes? How to prevent an accidental system change that would break SafetyNet? What about future updates to SaftyNet?
I'm mainly planning to unlock Camera2 API and Miracast. And also install XPosed and some audio enhancement mod if possible. Would any of these break SafetyNet? Would a 64bit ROM break SafetyNet?
Any information is highly appreciated.

Need help with app that is demanding unrooting.

Hi!
I have issue with app on my S7 Edge that demands me to unroot. I rooted my phone 5 years ago or more and I don't remember a thing about it. I did this to permanently remove bloatware. Only way I know to unroot is to flash stock-rom again but I don't want to loose my hard effort on debloating + data and so on. Is there any tricks for that? Like hide/remove su binary? I really don't remember where to start. Also with factory reset or something I cant remember I lost root access partially - that is apps can still tell that phone is rooted (root checker tells that root access is available but then also orange warning that root access is not properly installed on this device). But they can't request root privilege for some reason. But I still have this custom recovery rom installed where I have basically root access to phone - do you think I could use this to somehow hide temporarily root from my app that is complaining about it and then later restore root to the full - that is to make apps able to request root access again? I would like to keep my apps/data and I remember them getting lost in process of rooting due to some samsung encryption crap - not sure how to check data/app loss would be case now since I did it so long time ago. Could anyone help me out?
For documentation purposes. So in my case I had lost root with factory reset. I had to boot into TWRP and re-flash super su. Difference from official tutorial: https://forum.xda-developers.com/t/...ial-twrp-for-galaxy-s7-edge-hero2lte.3334084/ was that in step 9 my phone did not complain about dm-verity,. I did not have to disable encryption and I did not loose my data. Someone may correct me but it was because I had already rooted in past and the most likely cause for "loosing" root was doing factory reset. PS I have european model so I am not sure how much it makes this tutorial different.
Now what is left to do is come up with ideas how to hide root from 1 specific app in Android 7.

Resources