Encryption Questions - Asus Zenfone Max Pro M2 Questions & Answers

In Settings > Security & Location > Encryption & Credentials it says, "Phone not encrypted".
I want to encrypt my phone to protect the data in case I lose the phone, but is it working? Any important things I should know?
My key concerns:
1. Will I still be able to do OTA updates of LineageOS microG after encrypting?
2. Will I be able to backup phone using TWRP?
3. Will I be able to restore backups with TWRP?
4. Can I decrypt backups using TWRP to get my data?
I found a bunch of old threads from 2014 and it sounded unstable to encrypt. I don't see newer threads though.
Thank you for any guidance you may be able to provide as I am a LineageOS noob (less than 1 month experience!) .

Before this official TWRP update it was not working.
I encrypted my phone before one month ago. when i downloaded and installed the OTA update, the decryption pattern did not recognized. I was damn sure about the correct pattern to unlock but it didn't worked. I need to reset my phone to make it working.
I am not sure if its working now after updates from both TWRP and Lineage os.
please reply if any one know about current situation.
[NOTE]: If you are noob and trying to encrypt your phone, then keep backup of your internal storage and all apps, Sms and Contacts etc. because, after encryption, you can not access files and appdata from internal storage.

[email protected] said:
I encrypted my phone before one month ago. when i downloaded and installed the OTA update, the decryption pattern did not recognized. I was damn sure about the correct pattern to unlock but it didn't worked. I need to reset my phone to make it working.
Click to expand...
Click to collapse
Thank you for this! Possibly saved me. I don't care about accessing my encrypted data through TWRP, but I do want to be able to do OTA. I also want my data protected if I lose my phone.
In the latest release of TWRP 3.4.0-0 there seem to have done lots of work on encryption
Encryption
ext4Crypt Wrapped Key Update - Peter Cai
Fix upgrading encryption key if export fails - Peter Cai
Fix wrapped key support for devices without metadata partition - mauronofrio
Don't skip decryption when using block map file in order to write to /data in ORS - CaptainThrowback
FDE - Decrypt master key first - AndroidableDroid
vold_decrypt - set Android version and patch level automatically - CaptainThrowback
Set wrapped decrypt support by twrp flag - Peter Cai
Don't try wrapped support unless needed - mauronofrio
restore ext4 policy on /data/cache - Bigbiff
multiuser decryption - Noah Jacobson
FDE retry - AndroidableDroid
Click to expand...
Click to collapse
So, tell me about encryption. posted on Reddit --> This thread from 2 years ago on reddit has some phones working with encryption and some not working.
So who else is running full disk encryption on their LineageOS install? I guess I have to try it and pray next week.

Related

Bitlocker Encryption Key?

Afternoon,
I'm using Exchange AcitveSync Policies (EAS) to encrypt our new WP8 devices for work. I wanted to know where the Bitlocker encryption is stored once encrypted?
And what is the process of decrypting an encrypted WP8 phone?
thanks
Without the key the phone would not be able to decrypt it's data - so I guess: yes, the key is stored on the device (presumably encrypted itself, using the users password/pin to start decryption).
As for decryption that is an interesting question. Someone will have to try it out. As far as I know there is no switch in the system to do this. One could try to remove the Exchange account from the device although I have no idea on how to even check wether it's decrypting/decrypted.
Settings -> Phone Storage

[Q] Howto decrypt /data and /sdcard after phone was flashed with stock ROM?

It is my first post here so hello. Can you help me?
I broke my phone. Fortunately it was insured. However I haven't been doing backup for a while. Main board remains untouched and so I had been trying to recover my data before sending it to service. Phone was encrypted. I had little time that weak and get little confused with fastboot/odin. Thus, I decided to send it and reconciled with data lost. Phone back to me form service with flashed android 5.0.
I have no experience with android.
I am trying to recover my data. My idea is simple. If disc encryption master key (specifically crypto footer) is untouched I should be able to decrypt data partition (I am thinking about low level decryption, bit by bit) and then use some software to recover files (because directory table was overwritten) that where no overwrite when phone was flashed. Since I was not deleting my files often, the most recent files should be placed at the end of data partition. Whats is more I should be able to decrypt my sdcard which Is also encrypted.
What I determinated for this moment:
1. According to: source.android.com/security/encryption/#storing_the_encrypted_key every android 5.0 is encrypted with default password at first boot. However mine was no. Encryption flags are not set and data are available form TWPR level without decrypting.
2. Here is more how encryption works: (p. 263-266) books.google.pl/books?id=y11NBQAAQBAJ&pg=PA262&lpg=PA262&dq=android+disk+encryption+master+key&source=bl&ots=nUYyBSuT2G&sig=w77YZ9EJValOVoGhGXxbRMgwtmY&hl=pl&sa=X&ved=0ahUKEwi9qMzlgd3MAhUE_ywKHV0sAdwQ6AEISzAF#v=onepage&q=android%20disk%20encryption%20master%20key&f=false
I haven't read everything for now...
It says that crypto footer is written on either end of user data partition, file or dedicated partition. There is a chance that crypto footer remains untouched after flash. Can somebody check what is the the case on s5? I cant do this on my of because If I encrypt phone I erase previous crypto footer.
3. cmds: vdc cryptfs chengepw | checkpw returning -1 and no more and any valuable informations. I did not search in logs, there is noting in dmesg also.
Does anyone have ideas how to do this procedure? Check if master key is still there or any clues?
Thank you in advice

[TWRP] 3.1.1-0 Encrypted device - Password fails but PIN works

I'm using the official version of TWRP flashed to my device.
If I set the device encryption with a password then TWRP is unable to mount the encrypted file system - It fails with 'Incorrect Password'
If I change to use a PIN then TWRP successfully mounts and decrypts the file system.
Is this a known issue, or is there any work round to enable to use of a password rather than a PIN?
Anyone?
iam-q said:
I'm using the official version of TWRP flashed to my device.
If I set the device encryption with a password then TWRP is unable to mount the encrypted file system - It fails with 'Incorrect Password'
If I change to use a PIN then TWRP successfully mounts and decrypts the file system.
Is this a known issue, or is there any work round to enable to use of a password rather than a PIN?
Click to expand...
Click to collapse
iam-q said:
Anyone?
Click to expand...
Click to collapse
Known TWRP issue across multiple device types. Google is your friend.
Alas google hints at a problem with some versions and some phones - there is no actual word from the developer(s) and if you care to check the github site you will find a mass of bugs raised with no replies and missing information. Most of the issues others have raised relate to nothing working at all or patten unlock not working.
iam-q said:
Alas google hints at a problem with some versions and some phones - there is no actual word from the developer(s) and if you care to check the github site you will find a mass of bugs raised with no replies and missing information. Most of the issues others have raised relate to nothing working at all or patten unlock not working.
Click to expand...
Click to collapse
Yes - given the number if independent reports it is reasonable to suspect there is an issue that either can not be replicated or is noting addressed

[URGENT] Need help disabling the forced encryption stuff

Why the [URGENT] you might ask? Well, I just happen to leave to the other side of the world where I won't have access to a PC, so leaving without a propely working phone....well, you get the idea
The person whose post helps me get this sorted out and have properly disabled forceencryption and the likes will get a small donation via PayPal by me - promised!
Hi there,
since yesterday I'm the proud owner of an LG G6 H870.
The only problem I have with it: I can't disable forced encryption no matter what!
Theoretically that's fine, but I am really, really dependant on TWRP backups.
Here is a list of things I have already tried:
• Unlocked bootloader - Works fine
• Flashed TWRP 3.2.1 - Works fine
All of the following are supposed to disable forceencryption, but none of them works for me :crying::
• Flashed some various no-verity-opt-encrypt.zips - Don't work
• Did a full wipe and flashed westwood24's stock 8.0 rom - Doesn't work
• Flashed zefie's anti-root-removal tool - Doesn't work
• Flashed zefie's Melina Kernel - Doesn't work
I really don't know what else to try now and your help will be greatly appreciated!!!
You just have to format data. Not the usual "wipe", but the format option which you have to type "yes" to confirm.
Of course, you will need to make a backup on your external sd because everything on internal storage will get erased
blackhawk_LA said:
You just have to format data. Not the usual "wipe", but the format option which you have to type "yes" to confirm.
Of course, you will need to make a backup on your external sd because everything on internal storage will get erased
Click to expand...
Click to collapse
that i have done, but it turned out that i was using a wrong version of twrp. thank you though!
Closed, per user's request.

Broken black screen - TWRP working but encrypted, & file transfer not enabled default

Broken black screen - TWRP working but encrypted, & file transfer not enabled default
Hi all, novice here
OnePlus 5
OxygenOS (OnePlus5Oxygen_23_OTA_040_all_1811051816_c6670cf.zip) I think.
rooted
twrp-3.2.3-0-20180822-codeworkx-cheeseburger.img
I dropped my phone and I think a car ran over it. Screen is black and touchscreen not functional. At first the screen was fragmented and I could see parts of my home screen, but now it is totally black. So I think the phone itself is functional.
I can boot to TWRP and use ADB. I can navigate through the internal files system. I wish to copy the files to my PC. If I navigate to /sdcard, the folders have names like "wvTioi91z2FNnyelsUoraA" which I assume means they are encrypted. I can researched for 4 days and tried multiple methods. I have tried commands like mount, twrp decrypt 14789 for my lock pattern, to no avail.
I have tried a program called [email protected] to simulate touchscreen movements after booting to the system, but I'm flying blind.
I guess I want to know if this is all futile. I want to get my data off before I send it to OnePlus to get fixed because they will likely wipe it.
If I could somehow swipe down from the top when booted to the system and select MTP mode or whatever, I should be fine. But this is not working. Can I flash a different TWRP without losing data while removing encryption? I am not sure if I have USB debug mode on or off.
Any advice would be highly appreciated.
I had the same problem. But twrp decrypt <lockpattern> was the solution for me.
No idea why it do not work for you.
If you can get it into fastmode you could theoretically flash or just boot any recover you want without wiping anything.
Qnorsten said:
I had the same problem. But twrp decrypt <lockpattern> was the solution for me.
No idea why it do not work for you.
If you can get it into fastmode you could theoretically flash or just boot any recover you want without wiping anything.
Click to expand...
Click to collapse
Thanks. I think Android is having trouble matching the passwords.
Attempting to decrypt data partition via command line.
Iecrypting FBE for user 0
password filename is '/data/system/gatekeeper.pattern.key'
get_ce_key_directory_path 0: /data/misc/vold/user_keys/ce/0
Skipping non-key .Skipping non-key ..get_ce_key_paths adding: /data/misc/vold/user_keys/ce/0/current
Trying user CE key /data/misc/vold/user_keys/ce/0/currentOpenssl error: 0Failed to find working ce key for user 0Couldn't read key for 0e4crypt_unlock_user_key returned fail
I have another OnePlus 5 with Pie installed. After this error, I copied gatekeeper.pattern.key and then all of the contents in /data/system from my other OnePlus 5 to my broken OnePlus 5. It did not work.
I'm trying to make all of the encrypted passwords match somehow.

Categories

Resources