I have a verizon dev edition Moto X running 4.4.2 and I can't encrypt it. I want to keep it rooted, but encrypted. How can I encrypt it?
Thanks
I encrypted first then rooted and it worked (then wiped to stock and unencrypted since twrp can't see the encrypted space).
Are you trying to add work email with a security policy? If so Exchange Bypass for xposed (1.6) works great to bypass the encryption.
Restola said:
I encrypted first then rooted and it worked (then wiped to stock and unencrypted since twrp can't see the encrypted space).
Are you trying to add work email with a security policy? If so Exchange Bypass for xposed (1.6) works great to bypass the encryption.
Click to expand...
Click to collapse
That seems to have worked. I restored the system partition and it looks like android stores all apps and settings on /data (yay!). However now that I am encrypted, how do I root the device? I can no longer flash zips.
Thanks
Edit: Also the reason I want the phone encrypted is because I just like knowing my personal data is relatively safe if the phone is stolen.
Check out this link for the twrp recovery file http://www.elementalxdesigns.com/ec...our-Moto-X-Developer-Edition-and-install-TWRP
Also I have concerns about being unencrypted as well. Especially since ADM can't remote wipe a device with TWRP.
Restola said:
Check out this link for the twrp recovery file http://www.elementalxdesigns.com/ec...our-Moto-X-Developer-Edition-and-install-TWRP
Also I have concerns about being unencrypted as well. Especially since ADM can't remote wipe a device with TWRP.
Click to expand...
Click to collapse
Interesting. I managed to get it to work mounting /sdcard and /data as a tmpfs.
ADM never worked for me stock or not. I just use cerberus but I don't trust the remote wipe to function after having this much trouble with the encryption.
Doesn't the encryption slow your phone down a decent amount?
Sent from my SCH-I605 using Tapatalk
hopesrequiem said:
Doesn't the encryption slow your phone down a decent amount?
Sent from my SCH-I605 using Tapatalk
Click to expand...
Click to collapse
I haven't noticed a slow down on it yet. Full disclaimer: I don't play games though on my phone. It's possible they could be affected.
Related
4.4 KitKat still has the same bug as previous releases as far as encrypting the phone goes. I had to attempt the process 4 times before the phone would actually encrypt. The first 3 times the Green Android popped up, but the phone didn't reboot to the "Encrypting Phone..." progress screen, it just went back to the lock screen. 4th time was a charm, so keep trying if it doesn't work for you.
Ronaldo Forenucci said:
4.4 KitKat still has the same bug as previous releases as far as encrypting the phone goes. I had to attempt the process 4 times before the phone would actually encrypt. The first 3 times the Green Android popped up, but the phone didn't reboot to the "Encrypting Phone..." progress screen, it just went back to the lock screen. 4th time was a charm, so keep trying if it doesn't work for you.
Click to expand...
Click to collapse
You using a custom recovery or stock?
Mine encrypted on the first try ...
Encrypting naturally makes the phone a tad bit slow though no? And to decrypt you have to do factory reset
Sent from my Nexus 5 using xda app-developers app
secondclaw said:
Mine encrypted on the first try ...
Click to expand...
Click to collapse
Stock recovery?
Sent from my Nexus 5 using Tapatalk
uh60james said:
Stock recovery?
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Yes, rooted only, but no other changes.
I've never had a problem encrypting with any recovery (CWM, TWRP, or stock), probably because it never boots to recovery while encrypting. It's probably a ROM issue.
Hey guys,
did you notice any significant performance impact after encrypting your N5?
How does an (stock) update work on encrypted N5? Do I have to wipe the phone prior to any update?
Just so you guys know there is a bug with kitkat encryption that will wipe your entire phone. Make backups of all the data you're keeping on your phone if you're going to encrypt. There's been a few users that have reported loosing everything due to encryption wiping out their phones. Just a friendly warning to whoever wants to encrypt.
Encryption does not slow down the performance. Only boots up slightly slower. Once you go through the password or pin, everything is decrypted until you lock your phone again.
I remember once you encrypt though...can't decrypt or need to reinstall stock.
Sent from my SM-T320 using xda app-developers app
my n5 was very picky about which cable and charger I was using before it would start the encryption process, with a N7 and a asus T100, it was hard to figure out which charger goes with which device.
Haven't noticed any particular slowdown since encrypting, except at boot.
The only thing I hated was not being able to use pattern unlock, using a PIN sucks. I worked around that by making a twrp backup right before the encryption process, change the security to PIN so encryption will work, then once it's done, boot into TWRP (which makes you enter the PIN to read inside the encrypted container), then restore the backup without wiping. So now I have a good length pin at bootup or entering twrp, pattern unlock for daily use. Maybe trading a little bit of security for convenience, but entering a 10+ character pin multiple times per day just isn't very usable.
I think it's the battery. The os shows another percentage than the recovery calculates. After some additional minutes of charging i hadn't that problem anymore. Thats just my opinion
I know that it is not possible to decrypt the data and that a factory reset is necessary to remove encryption.
I am just wondering if I can still update my system if I encrypt my phone?
What exactly is encrypted? Only /data?
Sent from my Nexus 5 using xda app-developers app
Encryption does not affect the OTA update or any kind of updates that push out offically. Phone itself decrypts once you go through personal lock screen. Since you can only update during unlocked stage, you won't have problem updating. It does encrypt everything except the media files such as videos, music's and etc. Correct me if I'm wrong though...
Sent from my SM-T320 using xda app-developers app
How long do you use the encryption now?
Do OTA updates still work?
Does adb work from TWRP recovery?
Sent from my Nexus 5 using XDA Free mobile app
FuMMoD said:
Just so you guys know there is a bug with kitkat encryption that will wipe your entire phone. Make backups of all the data you're keeping on your phone if you're going to encrypt. There's been a few users that have reported loosing everything due to encryption wiping out their phones. Just a friendly warning to whoever wants to encrypt.
Click to expand...
Click to collapse
Wish I had seen this!
[email protected] POS wiped EVERYTHING on my phone when I tried to encrypt.....EVERYTHING.
Was on latest TWRP, KangaKat and ElementalX
FAck U GOOGLE!
Globespy said:
Wish I had seen this!
[email protected] POS wiped EVERYTHING on my phone when I tried to encrypt.....EVERYTHING.
Was on latest TWRP, KangaKat and ElementalX
FAck U GOOGLE!
Click to expand...
Click to collapse
Ye when your phone running custom recovery, rom and kernel doesn't behave as intended, it's obviously Google's fault...
Seriously, if you change anything software related, you lose the right to blame the manufacturer.
I've heard of random passwords being generated so the user has to factory reset. Is this true????
# 47386
Dev edition. Unlocked and rooted with TWRP.
Put the 4.4.2 exchange apk's in /system then found out my company requires full device encryption on phones without an SD card.
I want to stay stock. Only reason I rooted was to get the new exchange apks.
If I encrypt everything will I still be able to:
-Use adb to go back to stock recovery
-use root explorer to restore the stock system apps
-take an OTA while maintaining unlock and root?
Sorry for the dumb questions. Every phone I've used had an SD card and I never had to deal with this.
Sent from my XT1060 using Tapatalk
Prior to posting this I read about 50 google results and learned that Google sucks.
So I'm slowly figuring out these answers as I go since no one else knows.
First I unlocked and rooted my device using this guide:
http://www.elementalxdesigns.com/ec...our-Moto-X-Developer-Edition-and-install-TWRP
Immediately after installing TWRP reboot into recovery and then tell TWRP to reboot. It will ask if you want to root, say yes. Install Super su from play store.
Next I used root explorer to get the 4.4.2 exchange and exchange services into /system/app then disabled the old ones in the normal settings/apps menu.
Then I set up my phone and configured my work exchange account and let it encrypt my device.
Here is what I have discovered:
- TWRP still can be booted into, but it can't see the /data partition. So you cant make a full nandroid or flash any files you saved to your phone.
- You can still use adb to flash TWRP or the stock recovery
Unknown:
-If I wasn't already rooted would TWRP have been able to root the device after unlocking and flashing TWRP earlier? It can't see the data partition, does it need to?
I don't have time right now to "start fresh" and see, but when I do I will update this thread.
I wish I could be of assistance, but I would love for you to keep us posted. I thought about encrypting my phones many times but I didn't know if/what that would prevent me from doing.
MotoX Developer Edition, Bootloader Unlocked, Rooted, Stock with tweaks!
You don't need to install a custom recovery to root. I have a Verizon Moto X which I used the "SlapMyMoto" method. After rooting I was able to encrypt the phone just fine without any issues to my root. I don't have an unlocked bootloader (don't see a point personally, since I don't plan to install another ROM).
If you intent to install another ROM then you'll want to not have the phone encrypted unless TWRP can access encrypted files on your device.
If you don't want to install a custom ROM then I recommend using the SlapMyMoto method, which works very well though it is a bit cumbersome to get done, once it is done you shouldn't need to redo it unless you accept an OTA.
The basic process is to root it using methods for 4.2 (you have to restore to 4.2 prior to rooting), then disable write protection using the appropriate tool, I think it is calle MotoWPNoNo or something along those lines. After that, accept the OTA to 4.4 and run SlapMyMoto to get root back.
Thanks titan. I think my biggest question right now is "can you root a phone that is already encrypted?"
I know I can unlock (dev edition) and install TWRP (abd) but can I root if TWRP can't see the /data partition meaning I can't flash the supersu zip.
If you root *then * encrypt it works fine. But since un-encrypting requires a wipe it would be nice to avoid having to go though that.
Sent from my XT1060 using Tapatalk
Restola said:
Thanks titan. I think my biggest question right now is "can you root a phone that is already encrypted?"
I know I can unlock (dev edition) and install TWRP (abd) but can I root if TWRP can't see the /data partition meaning I can't flash the supersu zip.
If you root *then * encrypt it works fine. But since un-encrypting requires a wipe it would be nice to avoid having to go though that.
Sent from my XT1060 using Tapatalk
Click to expand...
Click to collapse
Well, you don't actually need to see the /data partition to flash, if you have the ZIp somewhere else, or use ADB + TWRP (I think you can do that? I know you can with CWM). When you encrypt the OS isn't encrypted so /system isn't touched. The short answer is, yes, you can. TWRP should be able to read the encryption - in fact it should ask you for a password to decrypt when you boot into recovery.
I would still recommend using SlapMyMoto as it leave stock recovery in place, the reason this is good is because TWRP won't respond to an automatic wipe request from Android Device Manager or similar service. If you leave the stock recovery in place then you can still remote-wipe the device if you need to.
If you've already got TWRP in place it is simple... Does TWRP ask you to decrypt the phone before it goes in? If it does, can you see your internal SD Card and select a ZIP from it? If those are YES then, it'll work fine. TWRP can see the entire phone and thus you can install a zip without problem. If i can't, you'll need to get more creative, but I still would suggest seeing you can use ADB while you're booted into TWRP to push the SuperSU ZIP to the device to flash.
Here is a link from last year from Stack Exchange about TWRP and an encrypted device. I know that when I had my S3 running CyanogenMod TWRP would decrypt it just fine.
https://android.stackexchange.com/q...custom-recovery-work-with-an-encrypted-device
Should you need to do it, here is the link for using ADB with TWRP... (it is called Sideloading, forgot that)
http://teamw.in/ADBSideload
Thanks the side loading may be what I'm looking for If I ever go back to square one and want to root while encrypted. TWRP didn't ask to decrypt so no luck there.
Sent from my XT1060 using Tapatalk
Did you ever get this working? I just put TWRP on my MotoX DE, and I encrypted my phone (Exchange requirement). Anyway to have TWRP decrypt so i can sideload or root?
So I just got N6 that asurion sent me to replace N5. Now I am rooted and xposed installed. I'm trying to get rid of encryption but am not clear how it works. One the file needed I have not been able to find for my build (LMY48I) Will I have to roll back to previous version of lollipop to accomplish to remove the encryption? Also since im rooted and unlocked will my date need to be erased, if so if I do a nandroid backup will I be able to restore from it or will that return the encryption. Thinks or the help.
thisguy159 said:
So I just got N6 that asurion sent me to replace N5. Now I am rooted and xposed installed. I'm trying to get rid of encryption but am not clear how it works. One the file needed I have not been able to find for my build (LMY48I) Will I have to roll back to previous version of lollipop to accomplish to remove the encryption? Also since im rooted and unlocked will my date need to be erased, if so if I do a nandroid backup will I be able to restore from it or will that return the encryption. Thinks or the help.
Click to expand...
Click to collapse
all you need to do is flaah a cystom kernel that allows for decryption, then you have to format your storage. when you boot, youll be decrypted.
thisguy159 said:
So I just got N6 that asurion sent me to replace N5. Now I am rooted and xposed installed. I'm trying to get rid of encryption but am not clear how it works. One the file needed I have not been able to find for my build (LMY48I) Will I have to roll back to previous version of lollipop to accomplish to remove the encryption? Also since im rooted and unlocked will my date need to be erased, if so if I do a nandroid backup will I be able to restore from it or will that return the encryption. Thinks or the help.
Click to expand...
Click to collapse
You can find several unencrypted kernel options for 48I in Android Development. No, you do not need to roll back. Yes, your the contents of your SDcard will be wiped when you do "fastboot format userdata" to enable unecrtyptable kernal.
Thank you both for the quick response. So after I remove the encryption and am completely wiped...would i then be able to do a nandroid restore, or will that result in me being encrypted again or create other issues?
thisguy159 said:
Thank you both for the quick response. So after I remove the encryption and am completely wiped...would i then be able to do a nandroid restore, or will that result in me being encrypted again or create other issues?
Click to expand...
Click to collapse
Not wiped, formatted.. And no...
I thought that while encrypting my phone, the result would be that my data is preserved, just encrypted. So I went through the encryption process only to find that all my data is wiped, so that I have to restore everything from backups, as far as I have them.
Did I overlook something, or is this a bug? I have LineageOS 14.1, installed yesterday, official.
Found that after a reboot, the data was again gone. (after I spent considerable time setting the phone up yet again), now factory reset, running unencrypted, until I know what has been going wrong here. Sigh. Custom roms and encryption continue to be a toxic mix for me.
yahya69 said:
Found that after a reboot, the data was again gone. (after I spent considerable time setting the phone up yet again), now factory reset, running unencrypted, until I know what has been going wrong here. Sigh. Custom roms and encryption continue to be a toxic mix for me.
Click to expand...
Click to collapse
When I first started playing around with encryption (Samsung Note 3) I discovered that to get encryption to work properly I had to format /data (you lose everything, including internal shared storage) and that it worked better on stock ROM rather than custom ROMs.
Sent from my OnePlus3T using XDA Labs
BillGoss said:
When I first started playing around with encryption (Samsung Note 3) I discovered that to get encryption to work properly I had to format /data (you lose everything, including internal shared storage) and that it worked better on stock ROM rather than custom ROMs.
Sent from my OnePlus3T using XDA Labs
Click to expand...
Click to collapse
which I kind of accepted after learning it the hard way, but the problem was that after encrypting the device, all data was wiped each time the phone was rebooted, so something is buggy here.
yahya69 said:
which I kind of accepted after learning it the hard way, but the problem was that after encrypting the device, all data was wiped each time the phone was rebooted, so something is buggy here.
Click to expand...
Click to collapse
I resolve this problem using latest official twrp.
dimon2242 said:
I resolve this problem using latest official twrp.
Click to expand...
Click to collapse
How did you? (What version of TWRP did you install) After all, it is not TWRP that does the encryption, or is it? So I don't see how this could be the cause.
With TWRP, I had the additional issue that it kept asking me for a password to mount /data, but it wouldn't accept the PIN that I had set in Android. I have no idea what other password it might want.
Oh, well, there is just too much fumbling in the dark in this whole mobile devices business. I have been a Linux user for some 20 years, and there, if things go wrong, you can actually view what is happening. On android, this is so much more difficult, even with logcat.
yahya69 said:
How did you? (What version of TWRP did you install) After all, it is not TWRP that does the encryption, or is it? So I don't see how this could be the cause.
With TWRP, I had the additional issue that it kept asking me for a password to mount /data, but it wouldn't accept the PIN that I had set in Android. I have no idea what other password it might want.
Oh, well, there is just too much fumbling in the dark in this whole mobile devices business. I have been a Linux user for some 20 years, and there, if things go wrong, you can actually view what is happening. On android, this is so much more difficult, even with logcat.
Click to expand...
Click to collapse
Have you tried default_password as the password in TWRP?
Also, if you can actual log into your system normally, then you can set the password again and require it on boot.
BillGoss said:
Have you tried default_password as the password in TWRP?
Click to expand...
Click to collapse
What "default password"? You mean, literally typing "default_password"? No I did not. What would that have done?
After all, again, it required a password for the /data partition, hence a password with whom it is encrypted. But I had used no password other than the PIN. And again, I can't see how my problem of data disappearing on each boot would be caused by TWRP.
Also, if you can actual log into your system normally, then you can set the password again and require it on boot.
Click to expand...
Click to collapse
Again, what password do you have in mind? The PIN? Yes, the system asked for the PIN at boot, but nonetheless, all data was wiped on each boot.
For the time being,I run the system without encryption, because I have had enough of setting is up again and again anew (had to do this three or four times.)
Again, it looks like this is a bug. Because after initially encrypting the phone, my data should still have been there. But it was gone. The phone was now encrypted, but there was nothing on it. That's something that I am pretty sure is not supposed to happen.
just had the same using Samsung S5 Duos with latest lineage-os (20180427): this is a cluster-f**k, I cannot believe it. I advocate using Lineage-OS whereever I go. Of course, it's my fault, I did trust Lineage-OS too much so I didn't think of backing-up. I didn't believe something like this could happen.
chaos_prevails said:
I did trust Lineage-OS too much so I didn't think of backing-up. I didn't believe something like this could happen.
Click to expand...
Click to collapse
You probably already realize this, at this point. But there is no such thing as an OS (on any device) that is so secure or stable, that backing up your data is not necessary. Even regardless of OS, memory corruption and data loss can happen for any number of reasons. Golden rule: If your data is important to you, back it up.
Of course, I know.
I took the loss of all data as opportunity to flash newest modem, CSC, and PDA firmware via latest stock-rom, and then re-flashed latest Lineage OS again. This time, it didn't factory reset my phone with encryption. Don't know if that had anything to do with my old firmware (I had G900FDXXS1CPK2 installed when factory reset-with-encryption happened).
Beside, I was lucky as no other migration method to my new phone worked out except going via a old-school micro-sd card copy. I could undelete almost all pictures on it
Title says it all. Is there any known way to have root and device encryption still possible?
Thanks a lot.
plop12345 said:
Title says it all. Is there any known way to have root and device encryption still possible?
Thanks a lot.
Click to expand...
Click to collapse
Not currently. Unless you can trick the device into thinking it's fully charged and plugged in at the same time??
Jammol said:
Not currently. Unless you can trick the device into thinking it's fully charged and plugged in at the same time??
Click to expand...
Click to collapse
I never thought of this question, but good question. So root trips knox to stop encryption? Kinda lame if so.
Jammol said:
Not currently. Unless you can trick the device into thinking it's fully charged and plugged in at the same time??
Click to expand...
Click to collapse
Got it working with the stock ROM in the mean time. Just don't use TWRP to flash Magisk. Keep the stock recovery, Use Magisk Manager to patch boot.img (check tar format in settings) , then flash back via Odin, boot and factory reset. Done.
No luck with any custom ROM yet. Desperately looking for help. Would also pay quite a bit to have someone skilled looking into this. I don't want to keep the Korean ROM of my N950N
Nick216ohio said:
I never thought of this question, but good question. So root trips knox to stop encryption? Kinda lame if so.
Click to expand...
Click to collapse
No, flashing with TWRP requires to format data. That step loses encryption.
For some reason it's then impossible with Magisk or pph root to just reencrypt the phone from a custom ROM. It dies with invalid encryption and looses all your data when you try.
It's a bit different with SuperSU. Here it thinks encryption went well and tries to mount it on next boot, but then fails.
From my current knowledge it seems it needs stock recovery to recreate an encrypted data partition that actually works. That's the bit I'm stuck now...
plop12345 said:
No, flashing with TWRP requires to format data. That step loses encryption.
For some reason it's then impossible with Magisk or pph root to just reencrypt the phone from a custom ROM. It dies with invalid encryption and looses all your data when you try.
It's a bit different with SuperSU. Here it thinks encryption went well and tries to mount it on next boot, but then fails.
From my current knowledge it seems it needs stock recovery to recreate an encrypted data partition that actually works. That's the bit I'm stuck now...
Click to expand...
Click to collapse
On the Snap version, using SamFail gets rid of encryption. There's no way to encrypt for us with root because of the 80% short coming.
Jammol said:
On the Snap version, using SamFail gets rid of encryption. There's no way to encrypt for us with root because of the 80% short coming.
Click to expand...
Click to collapse
Ah crap, didn't even think of that issue
Anyway, at least to me a phone without reliable encryption is not usable as daily driver. I wonder why this gets so little attention. I spend some days now trying to resolve this, but there is not much information out there or I'm not capable to dig it up.
I couldn't even find a clear statement, what it actually is that prevents TWRP to mount encrypted /data on modern Samsung phones.
I known they do their own SOC based hardware encryption, but what is it that TWRP can't get? Does the trusted zone not release the key if a custom binary boots? I really like to understand a bit more on how this actually works.
Thanks
Figured it out: https://forum.xda-developers.com/galaxy-note-8/how-to/guide-how-to-root-device-encryption-t3742493