I was wondering if how to go about encrypting our phones on CM 12.1. For me all it does is restart the phone and boot to lock screen.
BEDickey said:
I was wondering if how to go about encrypting our phones on CM 12.1. For me all it does is restart the phone and boot to lock screen.
Click to expand...
Click to collapse
Settings --> Security - First thing listed should be encrypt phone.
I know that. I'm saying all that does is restart it to the lock screen, as I said. The phone is not actually encrypted in the process like it should, it just restarts.
With Mofo root, you had to encrypt on an unrooted stock ROM, then flash the rooted ROM after. Are similar also required with CM?
I'm not sure but you can temp disable root in CM by A) Disbaling it in SuperSU app - Uncheck "Enable Superuser" or B) In the settings under developer options - Change "root access" to "disabled". Try that and encrypt then re-enable after
Thanks! I will check it out and report back.
I'm having the exact same problem. I was never able to encrypt running total stock, computerfreek rom, or rremix rom. Device briefly shows the green android, then begins a soft reboot and then a full reboot. I have tried disabling root (both ways) as suggested above. It makes no difference.
Same here, I have the same situation. It seems as though either CM itself or the act of unlocking to bootloader has removed the ability to encrypt your phone. Any advice from people more in the know would be helpful.
In my case, I have never been able to encrypt... even with a totally stock, unmodified, unrooted, unmofo'd, bootloader locked device. Googling around, it seems like a problem where the disk is partitioned in such a way that there isn't the required space left for encryption to initiate. Anything looking like a solution was way over my comfort level (manual repartitioning via terminal), or in the case of some flashable scripts, was outdated.
Question: Did either of you change the format of your /data partition in TWRP to maybe ExFAT or F2FS?
I have never formatted anything.
I think it's one of things you cannot do, since the bootloader is unlocked. IIRC, it must be locked, regardless of the manufacturer. That's why we have the bootloader toggle in dev options.
Sent from my DROID Turbo using Tapatalk
Any updates on this... I have to believe there is some way to encrypt these devices, even if rooted with a custom rom. Rooting and installing a ROM in and of themselves do not diminish the added security provided by full device encryption.
P_6 said:
Any updates on this... I have to believe there is some way to encrypt these devices, even if rooted with a custom rom. Rooting and installing a ROM in and of themselves do not diminish the added security provided by full device encryption.
Click to expand...
Click to collapse
This worked for me:
1. Flash back to 100% stock.
2. Encrypt through security settings.
3. Flash whatever you want afterwards. The encryption will be preserved.
I'm currently encrypted and running CF's rom with no issues. A bootloader unlock does not prevent encryption from working.
Thanks for your response to this... I'm at Step 3, and using TWRP (Tried both 2.8 and 3.0) to flash CF 1.2.8. However, it will not successfully decrypt, regardless of what password I provide it (have tried complex & simple passwords, and the defaults listed out there, etc)
P_6 said:
Thanks for your response to this... I'm at Step 3, and using TWRP (Tried both 2.8 and 3.0) to flash CF 1.2.8. However, it will not successfully decrypt, regardless of what password I provide it (have tried complex & simple passwords, and the defaults listed out there, etc)
Click to expand...
Click to collapse
That's weird. The password should be the same as your lockscreen password. If you used a pattern lock, each dot on the pattern corresponds to a number, although I'm not sure which dot is which number. If your lockscreen password doesn't work, something went wrong and you'll probably have to wipe your phone to fix it.
TheSt33v said:
That's weird. The password should be the same as your lockscreen password. If you used a pattern lock, each dot on the pattern corresponds to a number, although I'm not sure which dot is which number. If your lockscreen password doesn't work, something went wrong and you'll probably have to wipe your phone to fix it.
Click to expand...
Click to collapse
That's what I figured. From what I've been reading, it should work just fine. I used an alphanumeric password to secure the phone, could that be part of the issue?
P_6 said:
That's what I figured. From what I've been reading, it should work just fine. I used an alphanumeric password to secure the phone, could that be part of the issue?
Click to expand...
Click to collapse
I doubt it. I used Cerberus to remotely change my pin to an alphanumeric password and then I forgot about it. When I rebooted the phone, I had to enter that password to decrypt the phone. It worked fine.
TheSt33v said:
I doubt it. I used Cerberus to remotely change my pin to an alphanumeric password and then I forgot about it. When I rebooted the phone, I had to enter that password to decrypt the phone. It worked fine.
Click to expand...
Click to collapse
So, using a simple 4 digit pin, I got TWRP to decrypt data. I installed CF 1.2.8 and changed my password to something more secure. I rebooted and got stuck in a bootloop. I've tried just about everything since, multiple wipes, reinstalls via TWRP, no dice. The encryption is still intact, but I can't get CF to boot.
P_6 said:
So, using a simple 4 digit pin, I got TWRP to decrypt data. I installed CF 1.2.8 and changed my password to something more secure. I rebooted and got stuck in a bootloop. I've tried just about everything since, multiple wipes, reinstalls via TWRP, no dice. The encryption is still intact, but I can't get CF to boot.
Click to expand...
Click to collapse
Weird. You might have to start all over again by going back to stock, and this time either keep the pin or just not deal with encryption.
Related
And this morning the phone was acting weird. I rebooted the phone and did not get the screen to unlock before the phone boots. Now I see the phone is no longer encrypted. Anybody else have this happen?
I'm stock with with faux kernal.
Larzzzz82 said:
And this morning the phone was acting weird. I rebooted the phone and did not get the screen to unlock before the phone boots. Now I see the phone is no longer encrypted. Anybody else have this happen?
I'm stock with with faux kernal.
Click to expand...
Click to collapse
mines encrypted, and mine doesn't have an unlock code, as i didnt set one up. how do you know your device in unencrypted? or are you just assuming it is? you have to format your data before ypu can decrypt it btw. if you gobinto your main settings, security, itll tell you if your phone is encrypted or decrypted.
I looked in the settings/security and saw this... If I'm reading this correctly, the phone is no longer encrypted.
Larzzzz82 said:
I looked in the settings/security and saw this... If I'm reading this correctly, the phone is no longer encrypted.
Click to expand...
Click to collapse
yup, looks like its decrypted. as heres my encryoted n6..
and how does a phone decrypt itself?
Larzzzz82 said:
and how does a phone decrypt itself?
Click to expand...
Click to collapse
good question! maybe a derp somewhere.. have you rebooted since?
I did reboot because chrome and messaging would not open up. The icon would get a white halo around them yet nothing would happen. Upon rebooting I was not asked for my pattern lock before Android fully booted
Larzzzz82 said:
I did reboot because chrome and messaging would not open up. The icon would get a white halo around them yet nothing would happen. Upon rebooting I was not asked for my pattern lock before Android fully booted
Click to expand...
Click to collapse
did u factory reset the phone from recovery?
Nikos2k said:
did u factory reset the phone from recovery?
Click to expand...
Click to collapse
Through twrp, yes, last night. Just what was recommended. I did not do anything in the advanced settings
Larzzzz82 said:
Through twrp, yes, last night. Just what was recommended. I did not do anything in the advanced settings
Click to expand...
Click to collapse
The reset probably disabled the encryption
Re-encrypt it through Security settings
Nikos2k said:
The reset probably disabled the encryption
Re-encrypt it through Security settings
Click to expand...
Click to collapse
The phone was decrypted before I reset. It was never decrypted to begin with until yesterday when I was having issues with a couple of apps. I rebooted and I decided to check if it was because it didn't ask for my pattern lock as it used to when booting up.
Larzzzz82 said:
The phone was decrypted before I reset. It was never decrypted to begin with until yesterday when I was having issues with a couple of apps. I rebooted and I decided to check if it was because it didn't ask for my pattern lock as it used to when booting up.
Click to expand...
Click to collapse
As far as I know, there is no way to decrypt the contents of an encrypted nexus6 (which is not the same as disabling encryption, as an actual decryption of the device would preserve the contents of the device)
Since you now have an unencrypted device, the contents of your device must have been erased during the disabling of the encryption
Nikos2k said:
Since you now have an unencrypted device, the contents of your device must have been erased during the disabling of the encryption
Click to expand...
Click to collapse
No, they weren't. Everything was intact.
Larzzzz82 said:
No, they weren't. Everything was intact.
Click to expand...
Click to collapse
I don't think that android5 has a function to decrypt the whole content of the device.
In this page about how encryption works its says "New Android 5.0 devices encrypted at first boot cannot be returned to an unencrypted state."
And obviously it should be so.
Anyway, maybe it's better that you factory reset the device and encrypt it afterwards so that you set a pin yourserf
(android5 devices are encrypted on first boot, and there is no password)
When you had the pattern security option set, did TWRP ask for any password?
And if yes, how did you input the pattern?
TWRP does not ask me for a password. I broke the seal on the box of this phone came in. It was set up before I had a sim card in it.the phone was encrypted. I did look within the first week or two of my owning it. aside from unlocking, rooting, and a couple of mods, it is stock. I am NOT using a custom ROM. I have installed faux kernel within the last couple of weeks and the request for a pattern unlock in the middle of booting Android remained until the other day. To say I am perplexed as an understatement.
Larzzzz82 said:
And this morning the phone was acting weird. I rebooted the phone and did not get the screen to unlock before the phone boots. Now I see the phone is no longer encrypted. Anybody else have this happen?
I'm stock with with faux kernal.
Click to expand...
Click to collapse
When did you install the kernel and had you done a TWRP factory wipe prior to the install?
Your post made me double check my phone - I am now unencrypted
Earlier this week I had had done a TWRP (2.8.4.0) factory wipe to do a clean install of CleanROM 1.4 and I think TWRP did a full decrypt wipe without me wanting to do so when it was supposed to do a simple reset
SP_Kenny said:
When did you install the kernel and had you done a TWRP factory wipe prior to the install?
Your post made me double check my phone - I am now unencrypted
Earlier this week I had had done a TWRP (2.8.4.0) factory wipe to do a clean install of CleanROM 1.4 and I think TWRP did a full decrypt wipe without me wanting to do so when it was supposed to do a simple reset
Click to expand...
Click to collapse
The factory wipe in TWRP, besides wiping everything, it disabled the forced encryption, so you have to select encrypt yourself if you want it to be encrypted.
And "CleanROM is decrypted by default. This means if you are encrypted or are decrypted you will stay that way! It wont change you crypto settings!"
---------- Post added at 02:27 AM ---------- Previous post was at 02:24 AM ----------
Larzzzz82 said:
TWRP does not ask me for a password. I broke the seal on the box of this phone came in. It was set up before I had a sim card in it.the phone was encrypted. I did look within the first week or two of my owning it. aside from unlocking, rooting, and a couple of mods, it is stock. I am NOT using a custom ROM. I have installed faux kernel within the last couple of weeks and the request for a pattern unlock in the middle of booting Android remained until the other day. To say I am perplexed as an understatement.
Click to expand...
Click to collapse
Anyway, you can encrypt it yourself, but if you select a pattern instead of pin/password in the security settings, i do not think that you will be able to access the data in TWRP as it seems there is no way to input the pattern in TWRP
So b4 entering recovery, u will have to change the security setting
In the past when I had done a factory rest / wipe via TWRP it had not changed my encryption. This only happened with the current version and gave no indication that it was going to be in an unencrypted state
Sent from my Nexus 6 using XDA Free mobile app
I like my security so I guess I'll just leave my device encrypted. I believe if I decrypted, it wouldn't really make it that much faster than this?
Apologies if this was suggested further in the thread, and that I'm replying to an old post. But I recently had this problem and figured out a solution.
- Accessibility was enabled and for some reason this cached the boot password. So- when I removed the app (rights) and turned off accessibility, and changed (reset/reentered) the password in security settings... On next boot the phone correctly asked me for password.
Couldn't find much about this varient just wanted to ask a few questions.
1. Do I treat it like every other google play nexus? Unlock boot loader, flash twrp, boot, backup, reboot, wipe, install ROM? No different partition weirdness?
2. Cm12, are the hotspot checks removed? Fiance is limited data plan I'm not so while out she normally uses my data via hotspot.
3. Cm12 have notification light activated and customizable?
Don't really care about the Sim lock honestly. Been with ATT forever and poor so not leaving the country anytime soon.
Thanks, sorry for repeat questions just didn't get solid answers from things I found.
No partition weirdness. Root as normal. It does have its own boot logo-thing though, which is lame.
Unfortunately I don't know about CM12. Sorry
squattingdonkey said:
No partition weirdness. Root as normal. It does have its own boot logo-thing though, which is lame.
Unfortunately I don't know about CM12. Sorry
Click to expand...
Click to collapse
At least you answered my bricking level question! Thanks!
CM 12 does have working hot spot on AT&T and customizable notification light. And, boot logo is easily removed after root.
Somehow I soft bricked my n6. I unlocked boot loader, installed twrp, went to backup and it couldn't find any partitions. Tried the flash all script from google factory image and that failed as well. Had to flash boot radio recovery etc images each manually to get back to a booting phone. Then installed twrp again and backup and flashing worked.
It was an adventure but I'm good now. Weird not sure why it did that. Must have been an encryption issue.
On the stock ROM you have to tick a box in developer options to enable OEM unlock. I forgot to mention that earlier. That may have been the issue.
ajjames01 said:
On the stock ROM you have to tick a box in developer options to enable OEM unlock. I forgot to mention that earlier. That may have been the issue.
Click to expand...
Click to collapse
Oops yeah that may have been it. I just did the usual fastboot OEM unlock code. Mild panic attack but when I saw I could get to the bootloader I knew I could save it.
My last phone (Nexus 4) was stolen. My new device, the Nexus 6, as you all know comes with enhanced security measures, requiring authentication even after a factory reset. Now, I had grown accustomed to playing around with wiping, rooting, custom roms, kernels, radios, etc with my Nexus 4. Now that I have had my Nexus 6 for a bunch of months, I am starting to think about rooting my device (so I can install an SSH server and have my phone automatically open a tunnel back to my server). My only hesitation is turning the OEM unlocking switch to on. See, I am a big fan of the new security measures that require authentication after a device reset, and would much prefer to keep that feature enabled. I've searched around on Google and XDA, and I haven't been able to find any definitive answers on how unlocking the bootloader in order to root the device will affect these security mechanisms.
My understanding is this: in order to root the Nexus 6, you need to enable OEM unlocking, which allows flashing pretty much any image onto the phone. If any image can be flashed to the phone, this security mechanism can be circumvented.
Two questions:
1. (pretty sure the answer to this is no) Can I root my phone and prevent flashing of images that would circumvent the security feature
2. Will rooting my phone make it easier for an unknown party to gain access to the device via another route
Unlocking the bootloader really only allows you to flash unsigned images, and root provides you with the option to grant administrative access to applications.
Neither one of those has anything to do with encrypted data, or in any way makes encrypted data readable without the key.
The bootloader unlock will make it easier for a thief to wipe all the data on the device without reading it, so he can use the device or sell it as functioning... Even then, you may be able to factory reset an encrypted device without the key anyways... At which point I would think they could make a new key for the freshly wiped partition?
Anything that is going to run unauthorised code at root level is likely going to use other exploits to achieve root on their own, like users do to gain root on devices that are locked down. You having root access doesn't give the right for anything to run as root unless you approve it (or if someone managed to find some exploit in the version of supersu your running, but this is not likely... and if we are assuming any code may have holes in it you're not safe no matter what you do). It does give you the possibility of being tricked into running malicious code that is disguised as some utility... But that is a risk your going to take running any software that isn't from a stable corperation you can take legal action against. Trust who wrote the code or don't use it.
If in question number 1 "the security feature" is encryption, then yes having and unlocked bootloader means if someone takes your phone they can flash a kernel that does not force encryption, they would then have to format the userdata partition to encrypt the phone. Without luck, guessing the password, or discovering some amazing undocumented flaw in the encryption algorithm they will not being able to read your data with out having the key, or guessing it.
@scryan
If you have unlocked the bootloader and have installed a custom recovery (TWRP), are you able to see the list of files in the file manager of TWRP, if the device is encrypted?
Nikos2k said:
@scryan
If you have unlocked the bootloader and have installed a custom recovery (TWRP), are you able to see the list of files in the file manager of TWRP, if the device is encrypted?
Click to expand...
Click to collapse
Yes. Otherwise couldn't pick a file to flash. It actually only encrypts user data. Apps, zips ect are not encrypted or we couldn't pull and modify them.
prdog1 said:
Yes. Otherwise couldn't pick a file to flash. It actually only encrypts user data. Apps, zips ect are not encrypted or we couldn't pull and modify them.
Click to expand...
Click to collapse
the user data that are encrypted include files on the sdcard folder? (e.g. pdfs, images in DCIM folder etc)
i am asking because in my device in Settings -> Security -> Encryption it shows that it is encrypted, in TWRP however i can see all the files
Can i make the custom recovery to ask for the pin? do I have to enable PIN as a screen lock?
What happens if i use an unlock pattern or just swipe for unlock?
Nikos2k said:
the user data that are encrypted include files on the sdcard folder? (e.g. pdfs, images in DCIM folder etc)
i am asking because in my device in Settings -> Security -> Encryption it shows that it is encrypted, in TWRP however i can see all the files
Can i make the custom recovery to ask for the pin? do I have to enable PIN as a screen lock?
What happens if i use an unlock pattern or just swipe for unlock?
Click to expand...
Click to collapse
TWRP will use same pin as Device lock. Only thing I have seen if you use pinlock have to convert 5x5 to 4x4. There's a way to convert it located in this forum somewhere. Swipe to unlock has no pin so TWRP is open. Unlock pattern works also. Either pin or swipe has to be converted don't remember which. I run wide open encrypted so have never played with it.
prdog1 said:
TWRP will use same pin as Device lock. Only thing I have seen if you use pinlock have to convert 5x5 to 4x4. There's a way to convert it located in this forum somewhere.
Click to expand...
Click to collapse
By pinlock you mean the pattern screen lock?
I think it is 3 x 3, not 4x4 or 5x5
And since I use this pattern screen lock, which cannot be input in TWRP, this means that I have to disable it b4 I need to enter recovery?
This makes me a bit uncomfortable since I may need to enter recovery because of a problem with the system
Nikos2k said:
By pinlock you mean the pattern screen lock?
I think it is 3 x 3, not 4x4 or 5x5
And since I use this pattern screen lock, which cannot be input in TWRP, this means that I have to disable it b4 I need to enter recovery?
This makes me a bit uncomfortable since I may need to enter recovery because of a problem with the system
Click to expand...
Click to collapse
Start with this thread. It explains TWRP.
http://forum.xda-developers.com/nexus-6/help/twrp-2-8-5-0-password-help-t3046630
prdog1 said:
Start with this thread. It explains TWRP.
http://forum.xda-developers.com/nexus-6/help/twrp-2-8-5-0-password-help-t3046630
Click to expand...
Click to collapse
thank you it worked!
scryan said:
Unlocking the bootloader really only allows you to flash unsigned images, and root provides you with the option to grant administrative access to applications.
Neither one of those has anything to do with encrypted data, or in any way makes encrypted data readable without the key.
The bootloader unlock will make it easier for a thief to wipe all the data on the device without reading it, so he can use the device or sell it as functioning... Even then, you may be able to factory reset an encrypted device without the key anyways... At which point I would think they could make a new key for the freshly wiped partition?
Anything that is going to run unauthorised code at root level is likely going to use other exploits to achieve root on their own, like users do to gain root on devices that are locked down. You having root access doesn't give the right for anything to run as root unless you approve it (or if someone managed to find some exploit in the version of supersu your running, but this is not likely... and if we are assuming any code may have holes in it you're not safe no matter what you do). It does give you the possibility of being tricked into running malicious code that is disguised as some utility... But that is a risk your going to take running any software that isn't from a stable corperation you can take legal action against. Trust who wrote the code or don't use it.
If in question number 1 "the security feature" is encryption, then yes having and unlocked bootloader means if someone takes your phone they can flash a kernel that does not force encryption, they would then have to format the userdata partition to encrypt the phone. Without luck, guessing the password, or discovering some amazing undocumented flaw in the encryption algorithm they will not being able to read your data with out having the key, or guessing it.
Click to expand...
Click to collapse
Ok, so for encryption, "Allow OEM Unlocking" allows flashing of unsigned images (such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
quickdry21 said:
Ok, so for encryption, "Allow OEM Unlocking"
encryption and oem unlock ar 2 entirely different things
allows flashing of unsigned images
allows you to unlock the boottloader, which allows you to flash unsigned img's. the setting itself does nothing but enable the ability. to unlock
(such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
yes
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
i think if someone were to completely wipe the phone, use a different gmail and sim, the google protection would be gone, but i could be wrong. im not positive on that one.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
some extremely savvy person "may" be able to make a rom without the google protection, but i have never seen it tried.it may be a core feature that cant be removed.
i really wouldnt worry about that. the likelihood that someone would steal or find your device and have the skills to do all you asked above, is very remote.
Click to expand...
Click to collapse
in red above.
bweN diorD said:
in red above.
Click to expand...
Click to collapse
protection will be gone if you flash android 5.0.1. if you wipe and flash android 5.1.1, the protection will still be there and will ask for your password first.
bweN diorD said:
in red above.
Click to expand...
Click to collapse
Thanks, that does seem to make sense.
I know this comes across as overly paranoid, but I ask also because I'm a curious developer. I'm interested in understanding how android's insides work in general as well as how the new device protection fits in with rooting, custom roms, unlocking the bootloader, etc. (just how well does it prevent unauthorized use of devices)
Interesting, that says to me there is a relatively easy way to get around the reset protection if a phone has an unlocked bootloader. Albeit, relatively easy is relative.
quickdry21 said:
Interesting, that says to me there is a relatively easy way to get around the reset protection if a phone has an unlocked bootloader. Albeit, relatively easy is relative.
Click to expand...
Click to collapse
easy, yes, for one of us. but for a typical user, very hard. anyways, i dont like letting out the secret of how to bypass it, so keep it quiet please
simms22 said:
easy, yes, for one of us. but for a typical user, very hard. anyways, i dont like letting out the secret of how to bypass it, so keep it quiet please
Click to expand...
Click to collapse
Yes, agreed. I'm going to edit out that quote.
quickdry21 said:
Ok, so for encryption, "Allow OEM Unlocking" allows flashing of unsigned images (such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
Click to expand...
Click to collapse
Maybe someone could figure out something?
But if your device is wiped, and basically all the partitions are re-written.... Where do you want to store the last google account information to check against?
No one is going to plan on stealing your phone, ask you if the bootloader is unlocked, then decide not to if they say no. None of the security really prevents your phone from being stolen. Nothing just looking at your phone lets a would be thief know that its encrypted and not unlocked...
The encryption and locked bootloader will not prevent your phone from being stolen. The encryption will protect your data, and the locked booloader will make it harder to reset the device (though does factory recovery have a factory reset option? I would think this would allow the device to be wiped and encryption key to be reset anyways?)
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
Click to expand...
Click to collapse
What? You keep talking about this single security device? What are you talking about?
Do you mean encryption?
encryption is just how the data is stored on the device.
Say you have the word "Duck"
And we want to store that word in a safe way. As a VERY VERY basic method, we will encrypt this by shifting each letter of the alphabet a certain number of letters. This number will be something YOU give, so that others do not know how many letters we have shifted over.
So lets say you give us "5" as your key.
so the alphabet
abcdefghijklmnopqrstuvwxyz we will shift 5 letters over, starting on the fifth letter and wrapping around...
fghijklmnopqrstuvwxyzabcde so each letter matches up with a new letter.
D is the 4th letter of the alphabet, so we will use the 4th letter of of shifted alphabet, i
u is the 21st letter of the alphabet so we will use the 21st letter of our shifted alphabet, z
ect, ect... so Duck becomes Izho, and with out knowing how many letters to shift over, know one will know what that means (ok, obviously due to the simplicity of our encryption algorithm, anyone who is smart and cares can likely try different numbers until the output is a coherent word. the actual method of encryption is significantly more complex, and the key is more then one characters
See here for more intellegent details: https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
quickdry21 said:
Yes, agreed. I'm going to edit out that quote.
Click to expand...
Click to collapse
na, it ok, you can leave it here. that way if someone really needs to, theyll find the answer here. just dont go around spreading it around i meant
scryan said:
Maybe someone could figure out something?
But if your device is wiped, and basically all the partitions are re-written.... Where do you want to store the last google account information to check against?
No one is going to plan on stealing your phone, ask you if the bootloader is unlocked, then decide not to if they say no. None of the security really prevents your phone from being stolen. Nothing just looking at your phone lets a would be thief know that its encrypted and not unlocked...
The encryption and locked bootloader will not prevent your phone from being stolen. The encryption will protect your data, and the locked booloader will make it harder to reset the device (though does factory recovery have a factory reset option? I would think this would allow the device to be wiped and encryption key to be reset anyways?)
Click to expand...
Click to collapse
I'm not expecting this "Device Protection" feature to prevent my phone from being stolen, I'm more interested in the **** you aspect to someone who tries, and maybe them returning it to me for some money.
scryan said:
What? You keep talking about this single security device? What are you talking about?
Do you mean encryption?
Click to expand...
Click to collapse
I'm not sure if you are aware, but with the release of 5.1, there is a new security feature (think it's called Device Protection, but that seems to encompass some other things) that requires you to login to the last Google account attached to the phone after a factory reset (whether done from the settings UI, or from recovery mode). If you are unable to login to a Google account that was attached to the phone, the phone becomes worthless (there have been some posts on xda about people "acquiring" a Nexus 6 and being unable to use it), some details here: https://support.google.com/nexus/answer/6172890
A quote from that link sums it up:
Important: You can enter information for any Google account that has been added to the device. If you can't provide this information during the setup process, you won't be able to use the device at all after the factory reset.
Click to expand...
Click to collapse
Now, this security feature is only available on new phones that are released with 5.1 (with the exception of the newest round of Nexus devices, which received it with the update to 5.1). This leads me to believe that some aspect is baked into the device. Separate encrypted partition maybe? Part of the bootloader software? I don't know, that's what I'm curious about.
scryan said:
encryption is just how the data is stored on the device.
Say you have the word "Duck"
And we want to store that word in a safe way. As a VERY VERY basic method, we will encrypt this by shifting each letter of the alphabet a certain number of letters. This number will be something YOU give, so that others do not know how many letters we have shifted over.
So lets say you give us "5" as your key.
so the alphabet
abcdefghijklmnopqrstuvwxyz we will shift 5 letters over, starting on the fifth letter and wrapping around...
fghijklmnopqrstuvwxyzabcde so each letter matches up with a new letter.
D is the 4th letter of the alphabet, so we will use the 4th letter of of shifted alphabet, i
u is the 21st letter of the alphabet so we will use the 21st letter of our shifted alphabet, z
ect, ect... so Duck becomes Izho, and with out knowing how many letters to shift over, know one will know what that means (ok, obviously due to the simplicity of our encryption algorithm, anyone who is smart and cares can likely try different numbers until the output is a coherent word. the actual method of encryption is significantly more complex, and the key is more then one characters
See here for more intellegent details: https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
Click to expand...
Click to collapse
Yes, I was not very clear in my original post about what security feature I was inquiring about. I'm aware of what encryption is. Part of the reason I am interested in rooting my phone is to reverse tunnel a SSH server on the phone, or possibly netcat, via SSH to my server, so I will be able to open up a shell on my phone from anywhere I desire.
Ahh yes, apologies, was unaware they implemented that feature. A bit dense this morning.
I would imagine unlocked bootloader/custom recovery would DEFINITELY negate this feature.
No one gonna give your phone back, particularly after you use this as a "**** you" While its just IMO, its better to enjoy your phone now. Screwing yourself out of features only to attempt to limit the phone once you don't have anything to do with it anymore does not seem to be particularly productive.
Hello all.
I always keep a pass code on my phone and use smart devices and locations to keep it unlocked in trusted places. I am thinking of turning on encryption to keep the data secure if the phone is ever truly lost.
I am running CF's rom on an unlocked bootloader. If I backup in TWRP and store that backup on my PC, what would be the best method of restoring it if I find the encryption to be too much of a burden?
Also, is the recovery partition encrypted when this is done? If so, how would I actually factory reset to remove the encryption before a restore?
Thanks!
I'm not an expert on using encryption on an unlocked bootloader, but from what little I've read and tried, it can be tricky. I am also using CF's rom, and whenever I try to encrypt the device, the screen goes black and won't respond until I hold down the power button for a pretty long time. I've read that you need to be on a 100% stock rom if you want to encrypt the device, and then after that you can modify it as you please. The recovery partition is not encrypted. That's about all I know.
I have always had my device encrypted. I can't recall a single issue. BL unlocked. CF 1.2.7.
Wynnded said:
I have always had my device encrypted. I can't recall a single issue. BL unlocked. CF 1.2.7.
Click to expand...
Click to collapse
Had you encrypted before installing the rom then?
Coronado is dead said:
Had you encrypted before installing the rom then?
Click to expand...
Click to collapse
I don't recall precisely, but I strongly suspect so.
I was bored, so I reflashed the stock rom and encrypted the phone. Took only a few minutes. I don't really see what the point is though, since it doesn't ask for a password at boot like it's supposed to.
Also, as long as you have TWRP installed, anyone who is even slightly knowledgeable can have 100% access to all of your files, no password required.
TheSt33v said:
I was bored, so I reflashed the stock rom and encrypted the phone. Took only a few minutes. I don't really see what the point is though, since it doesn't ask for a password at boot like it's supposed to.
Also, as long as you have TWRP installed, anyone who is even slightly knowledgeable can have 100% access to all of your files, no password required.
Click to expand...
Click to collapse
Interesting....mine requires a PW at boot....
Additionally, I have to type my PW when booting into TWRP.
Wynnded said:
Interesting....mine requires a PW at boot....
Additionally, I have to type my PW when booting into TWRP.
Click to expand...
Click to collapse
Oops. I figured it out. No lock screen password, no boot password.
It appears you have had success where others have not. Were you successful in having TWRP decrypt your data, in order to load CF's ROM?
I've downgraded to 4.4.4 stock, encrypted the phone, loaded TWRP through ADB, and cannot get TWRP to decrypt, no matter the password I use.
Any help would be appreciated.
can you give downgraded 4.4.4 file for my turbo
P_6 said:
It appears you have had success where others have not. Were you successful in having TWRP decrypt your data, in order to load CF's ROM?
I've downgraded to 4.4.4 stock, encrypted the phone, loaded TWRP through ADB, and cannot get TWRP to decrypt, no matter the password I use.
Any help would be appreciated.
Click to expand...
Click to collapse
Yes, I was. See this thread for details: http://forum.xda-developers.com/droid-turbo/help/cm-encryption-t3263971/page3
---------- Post added at 10:43 AM ---------- Previous post was at 10:42 AM ----------
fidi7861 said:
can you give downgraded 4.4.4 file for my turbo
Click to expand...
Click to collapse
http://rootjunkysdl.com/getdownload.php?file=Droid Turbo/Firmware/VRZ_XT1254_SU2-12_12_CFC.xml.zip
I thought that while encrypting my phone, the result would be that my data is preserved, just encrypted. So I went through the encryption process only to find that all my data is wiped, so that I have to restore everything from backups, as far as I have them.
Did I overlook something, or is this a bug? I have LineageOS 14.1, installed yesterday, official.
Found that after a reboot, the data was again gone. (after I spent considerable time setting the phone up yet again), now factory reset, running unencrypted, until I know what has been going wrong here. Sigh. Custom roms and encryption continue to be a toxic mix for me.
yahya69 said:
Found that after a reboot, the data was again gone. (after I spent considerable time setting the phone up yet again), now factory reset, running unencrypted, until I know what has been going wrong here. Sigh. Custom roms and encryption continue to be a toxic mix for me.
Click to expand...
Click to collapse
When I first started playing around with encryption (Samsung Note 3) I discovered that to get encryption to work properly I had to format /data (you lose everything, including internal shared storage) and that it worked better on stock ROM rather than custom ROMs.
Sent from my OnePlus3T using XDA Labs
BillGoss said:
When I first started playing around with encryption (Samsung Note 3) I discovered that to get encryption to work properly I had to format /data (you lose everything, including internal shared storage) and that it worked better on stock ROM rather than custom ROMs.
Sent from my OnePlus3T using XDA Labs
Click to expand...
Click to collapse
which I kind of accepted after learning it the hard way, but the problem was that after encrypting the device, all data was wiped each time the phone was rebooted, so something is buggy here.
yahya69 said:
which I kind of accepted after learning it the hard way, but the problem was that after encrypting the device, all data was wiped each time the phone was rebooted, so something is buggy here.
Click to expand...
Click to collapse
I resolve this problem using latest official twrp.
dimon2242 said:
I resolve this problem using latest official twrp.
Click to expand...
Click to collapse
How did you? (What version of TWRP did you install) After all, it is not TWRP that does the encryption, or is it? So I don't see how this could be the cause.
With TWRP, I had the additional issue that it kept asking me for a password to mount /data, but it wouldn't accept the PIN that I had set in Android. I have no idea what other password it might want.
Oh, well, there is just too much fumbling in the dark in this whole mobile devices business. I have been a Linux user for some 20 years, and there, if things go wrong, you can actually view what is happening. On android, this is so much more difficult, even with logcat.
yahya69 said:
How did you? (What version of TWRP did you install) After all, it is not TWRP that does the encryption, or is it? So I don't see how this could be the cause.
With TWRP, I had the additional issue that it kept asking me for a password to mount /data, but it wouldn't accept the PIN that I had set in Android. I have no idea what other password it might want.
Oh, well, there is just too much fumbling in the dark in this whole mobile devices business. I have been a Linux user for some 20 years, and there, if things go wrong, you can actually view what is happening. On android, this is so much more difficult, even with logcat.
Click to expand...
Click to collapse
Have you tried default_password as the password in TWRP?
Also, if you can actual log into your system normally, then you can set the password again and require it on boot.
BillGoss said:
Have you tried default_password as the password in TWRP?
Click to expand...
Click to collapse
What "default password"? You mean, literally typing "default_password"? No I did not. What would that have done?
After all, again, it required a password for the /data partition, hence a password with whom it is encrypted. But I had used no password other than the PIN. And again, I can't see how my problem of data disappearing on each boot would be caused by TWRP.
Also, if you can actual log into your system normally, then you can set the password again and require it on boot.
Click to expand...
Click to collapse
Again, what password do you have in mind? The PIN? Yes, the system asked for the PIN at boot, but nonetheless, all data was wiped on each boot.
For the time being,I run the system without encryption, because I have had enough of setting is up again and again anew (had to do this three or four times.)
Again, it looks like this is a bug. Because after initially encrypting the phone, my data should still have been there. But it was gone. The phone was now encrypted, but there was nothing on it. That's something that I am pretty sure is not supposed to happen.
just had the same using Samsung S5 Duos with latest lineage-os (20180427): this is a cluster-f**k, I cannot believe it. I advocate using Lineage-OS whereever I go. Of course, it's my fault, I did trust Lineage-OS too much so I didn't think of backing-up. I didn't believe something like this could happen.
chaos_prevails said:
I did trust Lineage-OS too much so I didn't think of backing-up. I didn't believe something like this could happen.
Click to expand...
Click to collapse
You probably already realize this, at this point. But there is no such thing as an OS (on any device) that is so secure or stable, that backing up your data is not necessary. Even regardless of OS, memory corruption and data loss can happen for any number of reasons. Golden rule: If your data is important to you, back it up.
Of course, I know.
I took the loss of all data as opportunity to flash newest modem, CSC, and PDA firmware via latest stock-rom, and then re-flashed latest Lineage OS again. This time, it didn't factory reset my phone with encryption. Don't know if that had anything to do with my old firmware (I had G900FDXXS1CPK2 installed when factory reset-with-encryption happened).
Beside, I was lucky as no other migration method to my new phone worked out except going via a old-school micro-sd card copy. I could undelete almost all pictures on it