I did a couple of searches and came up empty but I am wondering if any ROM developers are working with encryption and root?
When I had my Galaxy S5 (Tmobile) it was first encrypted. I recall then once I rooted it I was no longer able to encrypt the device. I think there may have been some workarounds but they were pretty cumbersome to say they even worked at all.
I'm wondering if any developers are working that angle and if so should my inquiry be presented to developer of said ROM?
I also realize that encrypted devices do tend to read a bit slower than those no encrypted but I think I can live with that.
Please advise.
Best,
Hiatt
cwhiatt said:
I did a couple of searches and came up empty but I am wondering if any ROM developers are working with encryption and root?
When I had my Galaxy S5 (Tmobile) it was first encrypted. I recall then once I rooted it I was no longer able to encrypt the device. I think there may have been some workarounds but they were pretty cumbersome to say they even worked at all.
I'm wondering if any developers are working that angle and if so should my inquiry be presented to developer of said ROM?
I also realize that encrypted devices do tend to read a bit slower than those no encrypted but I think I can live with that.
Please advise.
Best,
Hiatt
Click to expand...
Click to collapse
Hello Hiatt,
Thanks for using XDA Assist. What specific device do you currently have? There are so many devices here and each might deal with your question differently. I moved your other thread to off topic since it was referring to iPhones, but this one seems to have a more specific device in mind.
Thanks,
coal686
I presently have a Tmobile Galaxy S6 which is rooted and running Sick as Hell (version X).
From what I have read and heard it seems as though root and encryption together don't always play well together.
Also, it was the other post of mine that mentioned iPhones (the one about factory resets and eDiscovery).
cwhiatt said:
I presently have a Tmobile Galaxy S6 which is rooted and running Sick as Hell (version X).
From what I have read and heard it seems as though root and encryption together don't always play well together.
Also, it was the other post of mine that mentioned iPhones (the one about factory resets and eDiscovery).
Click to expand...
Click to collapse
Lol, that's what I said. The other post was more about the iPhone issue so I moved it to off-topic. Since you have a Galaxy S6, I'll move this thread there so people with that device can give you a more personalized answer.
I don't think that having root is an issue with encryption. I Had my S5 encrypted only problem was a ui crash when entering the boot password. That was specific to the rom I was using and simply had to enter password 1 or 2 characters at a time between errors.
But I do think there may be a problem with custom recovery and encryption.
My S5 was verizon, thus still locked bootloader and used safestrap to get to a custom recovery which wasn't always active.
I would talk to someone with a lot more knowledge then I about this further. But pretty sure just having root is not a problem the recovery is where you can have issues
cwhiatt said:
I did a couple of searches and came up empty but I am wondering if any ROM developers are working with encryption and root?
When I had my Galaxy S5 (Tmobile) it was first encrypted. I recall then once I rooted it I was no longer able to encrypt the device. I think there may have been some workarounds but they were pretty cumbersome to say they even worked at all.
I'm wondering if any developers are working that angle and if so should my inquiry be presented to developer of said ROM?
I also realize that encrypted devices do tend to read a bit slower than those no encrypted but I think I can live with that.
Please advise.
Best,
Hiatt
Click to expand...
Click to collapse
Hi there,
Root + Encryption can work together as long as no custom recovery involved, so if you get your root by exploit instead of installing custom recovery almost 99% chance you can have your phone encrypted while preserving the root privilege.
My case explained here : http://forum.xda-developers.com/galaxy-note-3/general/success-root-encryption-t3372958
I didn't have a problem with encryption and root. The only problem that I had was that my Galaxy S6 Edge needed to be encrypted before root. I could not encrypt my phone with the "stock" rooted kernel. Once I was encrypted, I could install TWRP and root via supersu systemless root.
Once I had root, I would use flashfire to back up and install because TWRP could not read the DATA partition since it was encrypted. For some reason, it seems once the phone has been decrypted, the data partition could be backed up with flashfire, and I would be able to restore a backup as well.
This is where I ran into issues. If you are flashing a custom rom that will require you to wipe data, your device will lose encryption. Because I can be somewhat of a crack flasher at times, and that I am too lazy to deal with having to re-encrypt and reinstall all my settings, I just opted to stick with an unencrypted phone.
Hopefully at some point, TWRP will be compatible with encryption so that lives will be easy for us crack flashers..until then, I will probably stick with an unencrypted device unless I just want to stick with a stock rom, or a custom rom that I can load up and not have to wipe data every time there is an update.
Related
Has any one worked out a way of encrypting your note and still be able to run a custom ROM? The warning about this on the safestrap thread has been up for a long time (since KitKat?) and I was hoping that someone might have made some headway into this...
If not, how do I re-root post encryption? I don't even really know what limitations to expect after this process either.
Any help, advice, links, karma loans, anything really would be appreciated!
Cheers
brisinger08 said:
Has any one worked out a way of encrypting your note and still be able to run a custom ROM? The warning about this on the safestrap thread has been up for a long time (since KitKat?) and I was hoping that someone might have made some headway into this...
If not, how do I re-root post encryption? I don't even really know what limitations to expect after this process either.
Any help, advice, links, karma loans, anything really would be appreciated!
Cheers
Click to expand...
Click to collapse
This is what worked for me...
I just flashed my NC2 backup to stock slot, uninstalled safestrap, busybox, unrooted with supersu and rebooted. I ran "quick encryption" with no problems (I didn't try full device) and towelroot worked as usual. Full root access probably defeats the purpose of encryption but that wasn't my call
Boot screen is clean, no custom triangle and I did not run triangleaway
I have an ATT S5 (SM-G900A), completely stock, unrooted, updated to the latest 5.0 OTA update. My requirements for my phone are that it be able to pass Airwatch checks and that it be able to be encrypted (Personal device used at work). Some background first:
Last time I tried to play around with rooting, other mods, and whatnot was on my ATT S3 (I think I747?) and I discovered that an unspecified combination of rooting, installing a custom loader (CWM in my case) and installing a custom mod (Cyanogenmod at the time) made my phone unable to encrypt. At the time I was not required to use Airwatch, but encryption was required for my phone to connect to work, so I gave up on the whole lot.
I have now discovered that ATT, in their infinite wisdom, has replaced the S Voice drive mode with their own "ATT Drive Mode", and it's been verified they went so far as to remove the related APKs from the phone entirely. For those unaware, S Voice Drive mode is an feature of S Voice that (when turned on) reads out all callers and text messages, and then verbally prompts you for actions; reply, answer, ignore, etc. It allows fully hands free functionality. ATT Drive Mode, on the other hand, automatically kicks in whenever speeds of 20 MPH are detected (even if you're a passenger), rejects all calls and texts excluding a user-defined 5 person list, and essentially makes your phone useless anytime you're in a car. The goal is to "reduce texting and distracted driving", but as I'm on-call as part of my job and need to at least be aware of texts that come in within 10 minutes of receipt, it actually makes my drive much more dangerous. ATT Drive mode is a good idea for teens, perhaps, but i'm not a teen.
This brings me to my question: What are my options?
--Does rooting break my ability to encrypt? I know airwatch will flag, but I'm thinking there's a possibility of being able to root, put a custom loader on my phone, and then restore stock with that custom loader, whereupon I can try to install the drive mode APK...which leads me to my next question:
--Does having a custom loader (like safestrap or CWM or whatever is in use nowadays) break my ability to encrypt?
--Does anyone know of a way to install the S Voice drive mode in the G900A? I tried searching, but the only references involved being rooted, or ended with something vague like "download a stock rom and find the apk using root explorer" as the solution (which is vague to me because I don't know which stock rom to use, what apk to look for, and last time I used root explorer on my s3, it needed root...)
Honestly, the ideal solution would be something like the stock rom from the international version that would run on my ATT version...but I don't know if such a thing exists or is possible. I don't mind Samsung's cruft, but I do dislike ATT's lobotomizing of my phone to push their own little product that treats me like a kid. I know that I am less safe as a driver without the S Voice drive mode than I was with it.
I take it I have no options? And that no one knows how rooting affects encryption?
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
sheaiden said:
I take it I have no options? And that no one knows how rooting affects encryption?
Sent from my SAMSUNG-SM-G900A using XDA Free mobile app
Click to expand...
Click to collapse
I will make it easy for you. Since you took the 5.0 OTA update rooting is not possible anymore. Also there is no way to downgrade to KitKat which was rootable. Sorry. Not much you can do until someone finds a way to root 5.0. If you find the S Voice Drive app, you can side load it and see if it works.
Waiting4MyAndroid said:
I will make it easy for you. Since you took the 5.0 OTA update rooting is not possible anymore. Also there is no way to downgrade to KitKat which was rootable. Sorry. Not much you can do until someone finds a way to root 5.0. If you find the S Voice Drive app, you can side load it and see if it works.
Click to expand...
Click to collapse
Actually, while I greatly appreciate the fact that you took the time to reply (seriously! at least you took the time!), this is neither easy nor related to the questions I asked. If you look at my post, I'm not asking "how can I root", I'm asking three rather different questions:
--Does rooting break my ability to encrypt? I know airwatch will flag, but I'm thinking there's a possibility of being able to root, put a custom loader on my phone, and then restore stock with that custom loader, whereupon I can try to install the drive mode APK...which leads me to my next question:
--Does having a custom loader (like safestrap or CWM or whatever is in use nowadays) break my ability to encrypt?
--Does anyone know of a way to install the S Voice drive mode in the G900A? I tried searching, but the only references involved being rooted, or ended with something vague like "download a stock rom and find the apk using root explorer" as the solution (which is vague to me because I don't know which stock rom to use, what apk to look for, and last time I used root explorer on my s3, it needed root...)
In fact, I am unable to remain rooted (Airwatch; it's part of the post title), and the whole point and thrust of my question lies in the fact that I am looking to find out what affects encryption and what options I have as far as getting S Voice Drive mode on my phone while staying Airwatch compliant (not rooted). In addition, "if you can find the s voice drive app" is part of the problem too, as evidenced by the third question I asked above; I don't know where to find said app.
Does anyone know anything regarding what I was actually asking?
Everything that you want to do requires ROOT! Safstrap needs root, CWM will brick you phone since the bootloader is locked. Again, there is no way as of now to root the S5 with 5.0 att OTA.
Here is the link to download the GS4 S Voice app. You can try and side load it,
https://www.dropbox.com/s/oe7i2g81iuhjv38/S-Voice_Android_phone_J.apk?dl=0
Waiting4MyAndroid said:
Everything that you want to do requires ROOT! Safstrap needs root, CWM will brick you phone since the bootloader is locked. Again, there is no way as of now to root the S5 with 5.0 att OTA.
Here is the link to download the GS4 S Voice app. You can try and side load it,
Click to expand...
Click to collapse
Awesome, I'll start with that sideloading, and test it out. Thanks! As far as the rest, I suppose that does clarify some things (that I admittedly already knew), so I do appreciate it, but it still does leave the answers to the other questions. I can infer, of course, that the answer to whether having a custom bootloader on the Galaxy S5 breaks encryption will be dependent on whether root breaks the encryption, since as you pointed out custom bootloaders need root to install, but the fantasy I entertained for a little while was rooting when there's a method (hope springs eternal, so I'm hoping it will eventually be possible), installing a custom bootloader so I can do things like backups and sideload, getting the proper apk's installed for the drive app, and then unrooting it so I can connect it via airwatch to my work's network. Perhaps I should have marked this as a solidly theoretical question, since as you said, there currently exists no root. I just want to know, with the unique way that Samsung implemented Knox and the encryption on the S5, what will break encryption and what won't?
Of course, there is a side question brought up by all this...how possible is it to load another firmware on my phone? as in, use Odin to put the tmobile image on my phone. That is likely a bad example, since I'm fairly certain there are actual hardware differences between the ATT and the tmobile models, but the concept still stands. At what level are the hardware configurations different between phone companies?
sheaiden said:
Awesome, I'll start with that sideloading, and test it out. Thanks! As far as the rest, I suppose that does clarify some things (that I admittedly already knew), so I do appreciate it, but it still does leave the answers to the other questions. I can infer, of course, that the answer to whether having a custom bootloader on the Galaxy S5 breaks encryption will be dependent on whether root breaks the encryption, since as you pointed out custom bootloaders need root to install, but the fantasy I entertained for a little while was rooting when there's a method (hope springs eternal, so I'm hoping it will eventually be possible), installing a custom bootloader so I can do things like backups and sideload, getting the proper apk's installed for the drive app, and then unrooting it so I can connect it via airwatch to my work's network. Perhaps I should have marked this as a solidly theoretical question, since as you said, there currently exists no root. I just want to know, with the unique way that Samsung implemented Knox and the encryption on the S5, what will break encryption and what won't?
Of course, there is a side question brought up by all this...how possible is it to load another firmware on my phone? as in, use Odin to put the tmobile image on my phone. That is likely a bad example, since I'm fairly certain there are actual hardware differences between the ATT and the tmobile models, but the concept still stands. At what level are the hardware configurations different between phone companies?
Click to expand...
Click to collapse
You will not be able to change your bootloader period... At this point the locked bootloader is unbreakable. That leads to your next question about tmobile and that's a no as well due to the locked down bootloader.
Even with root you won't be able to do anything you've suggested due to the locked bootloader.
OPOfreak said:
You will not be able to change your bootloader period... At this point the locked bootloader is unbreakable. That leads to your next question about tmobile and that's a no as well due to the locked down bootloader.
Even with root you won't be able to do anything you've suggested due to the locked bootloader.
Click to expand...
Click to collapse
Interesting. I had been under the impression that I had seen people referring to installing clockworkmod or some similar thing on an S5, but I think I may be getting caught up in terminology; those are recoveries, aren't they? not bootloaders? Or perhaps people were posting about the other S5s with unlocked bootloaders. 15 different versions of S5, and I get stuck with the most apple-like of all the carriers....(in the sense of "you take what we give you and don't play with it!")
So, assuming I don't manage to get it installed via the link Waiting4MyAndroid was kind enough to post, I think that rules out anything other than the method of:
--wait for a root method to be established for the new OTA
--root, install the drive apk
--unroot, so I can encrypt and pass airwatch
Does anyone know if the old method of rooting broke encryption? and whether encryption was able to be performed after unrooting again?
Edit: Attempted to Sideload. Sadly, it is telling me "App not installed" (other sideloads do work; it's not the unknown sources setting). I'm thinking either the apk is marked for s4, and it's not compatible, or it's trying to overwrite files from the established svoice system, and that's not allowed. I suppose if someone has the drive apks from a tmobile S5 image or some such thing (same model, different carrier), then I could try again, but unfortunately this apk doesn't work. Thanks for the attempt, Waiting4MyAndroid!
I have a 1st gen motoX that I rooted ages ago with slapmymoto/pwnmymoto. It's stock, never messed with the bootloader. Never changed the ROM, it's running stock android 4.4.
Got a new job and requires encryption. If I try to encrypt it, will I break my phone? Alternatively, will it even work to encrypt it?
I've searched and see some details for other phones, but couldn't find this in my situation. If it's been asked/answered, my apologies.
Thanks so much for the help!:good:
You should be fine. It only really encrypts /data, anyway.
So I actually don't have the S5, or any Samsung device for that matter, but a friend of mine does, and really wants to root their phone. I had no idea the AT&T S5 was so secure, but it's pretty interesting too. I've been researching for over 15 hours. I may not have been able to root his phone, but I think I have learned a couple things and maybe some possible root methods.
1.) Since using ODIN to downgrade would soft brick the phone, would it be possible to download the stock Lollipop update onto a computer, give the update super user access, replace the recovery with a custom one, or unlock the bootloader from the computer, then flash it through ODIN?
2.) Intercept any sort of OTA update, then alter it to flash a custom recovery or unlock bootloader? I don't know how you would go around this though.
3.) If someone hasn't taken the OTA update that patched the Stagefright exploit, could someone purposely use the exploit to allow installation of a custom recovery or even to unlock the bootloader since the Stagefright bug has super user access (or so I've heard).
Also, I'm sorry if these are stupid ideas. I know close to nothing about Samsung so everything I'm basing this off of is what I've read in the past 15 hours.
jsmithfms said:
So I actually don't have the S5, or any Samsung device for that matter, but a friend of mine does, and really wants to root their phone. I had no idea the AT&T S5 was so secure, but it's pretty interesting too. I've been researching for over 15 hours. I may not have been able to root his phone, but I think I have learned a couple things and maybe some possible root methods.
1.) Since using ODIN to downgrade would soft brick the phone, would it be possible to download the stock Lollipop update onto a computer, give the update super user access, replace the recovery with a custom one, or unlock the bootloader from the computer, then flash it through ODIN?
2.) Intercept any sort of OTA update, then alter it to flash a custom recovery or unlock bootloader? I don't know how you would go around this though.
3.) If someone hasn't taken the OTA update that patched the Stagefright exploit, could someone purposely use the exploit to allow installation of a custom recovery or even to unlock the bootloader since the Stagefright bug has super user access (or so I've heard).
Also, I'm sorry if these are stupid ideas. I know close to nothing about Samsung so everything I'm basing this off of is what I've read in the past 15 hours.
Click to expand...
Click to collapse
The issue is that AT&T (and Verizon) use an encrypted signature key to verify they are the correct unaltered files as well as the means to unlock the bootloader to allow the OTA. Without that key, the tasks you mention are near impossible. They are not stupid ideas at all..just very difficult with all the security checks included.
KennyG123 said:
The issue is that AT&T (and Verizon) use an encrypted signature key to verify they are the correct unaltered files as well as the means to unlock the bootloader to allow the OTA. Without that key, the tasks you mention are near impossible. They are not stupid ideas at all..just very difficult with all the security checks included.
Click to expand...
Click to collapse
Crap... well does anyone know how that encyption key is generated? Like, could I theoretically get an algorithm from a ROM?
Honestly for the time being I wouldn't bother with ROMS for that Device and carrier at the moment. Especially being that its someone elses device. Towelroot should be a good start. If Im not mistaken I don't think its supposed to trip knox.
Sent from my HTCEVODesign4G using XDA Free mobile app
jsmithfms said:
Crap... well does anyone know how that encyption key is generated? Like, could I theoretically get an algorithm from a ROM?
Click to expand...
Click to collapse
This is the riddle of the Sphinx my friend. I am sure the super devs have tried their best so far to crack it. It has been an ongoing effort to make phones more and more secure, not against the amateur developers and rooters, but against the hackers. These smartphones are now our personal computers, diaries, personal assistants, financial operator, and more. They basically are a person's (and business's) life. AT&T and Verizon have taken the big steps to appeal to the Exchange clients, corporate, government and military contracts. Even the general public want to know their phone is secure. This is what keeps me stuck on the Sprint network.
Have you tried Kingroot?
I successfully rooted my wife's AT&T S4 on OC3 lollipop (supposedly unrootable) with the desktop version. Mobile version didn't work but desktop did without a hiccup. Maybe it'll work on the S5.
http://forum.xda-developers.com/android/apps-games/one-click-root-tool-android-2-x-5-0-t3107461
Rockin' a l337 with Goldeneye v49.1 + Wanam Xposed and loving life on AT&T's 4G LTE network
S5 on lollipop has a new nasty boot loader.... it was a miracle on its own that they ever came up with safestrap to duck the boot loader on earlier versions of android
I usually root every phone, but since this is something I do once a year, I tend to forget some basics (so bear with me). Other things, I actually never really knew.
Until now, rooting a phone and flashing a custom rom (or the factory image) were "one and done" things and I simply never updated my phone ever again, since OTA no longer works once the bootloader is unlocked, and installing a newer image forced me to wipe everything in TWRP or else I could no longer read the encrypted memory. Of course, that also forced me to re-root my phone and reinstall everything. A bit too much of a hassle for monthly security updates...
Nowadays, however, updates and security patches are more important than ever. And since I just received my rootable SD N9600, I want to do it correctly this time and stay up do date.
This begs the question: How *do* I stay up to date without basically factory-resetting, re-formatting and re-rooting my phone every month for every security update?
Google showed me a few solutions.
Pixel phones apparently have A/B partitions and a TWRP script. Not an option for the Note 9, though.
Flashfire apparently was the perfect solution that did exactly what I was looking for, but it has been abandoned by Chainfire and unfortunately it no longer works with newer Magisk versions. Even when I downgraded to a super old Magisk version, it would ultimately crash when starting the app (after receiving root permissions). So it doesn't seem to work, although staying on an old version of Magisk forever would not be an ideal solution anyway.
Is there anything like Flashfire or a simpler approach that I am missing?
Surely, I can't be the only rooted user who wants to install monthly security patches without wiping the entire phone.
Spaced Invader said:
I usually root every phone, but since this is something I do once a year, I tend to forget some basics (so bear with me). Other things, I actually never really knew.
Until now, rooting a phone and flashing a custom rom (or the factory image) were "one and done" things and I simply never updated my phone ever again, since OTA no longer works once the bootloader is unlocked, and installing a newer image forced me to wipe everything in TWRP or else I could no longer read the encrypted memory. Of course, that also forced me to re-root my phone and reinstall everything. A bit too much of a hassle for monthly security updates...
Nowadays, however, updates and security patches are more important than ever. And since I just received my rootable SD N9600, I want to do it correctly this time and stay up do date.
This begs the question: How *do* I stay up to date without basically factory-resetting, re-formatting and re-rooting my phone every month for every security update?
Google showed me a few solutions.
Pixel phones apparently have A/B partitions and a TWRP script. Not an option for the Note 9, though.
Flashfire apparently was the perfect solution that did exactly what I was looking for, but it has been abandoned by Chainfire and unfortunately it no longer works with newer Magisk versions. Even when I downgraded to a super old Magisk version, it would ultimately crash when starting the app (after receiving root permissions). So it doesn't seem to work, although staying on an old version of Magisk forever would not be an ideal solution anyway.
Is there anything like Flashfire or a simpler approach that I am missing?
Surely, I can't be the only rooted user who wants to install monthly security patches without wiping the entire phone.
Click to expand...
Click to collapse
n9600 has limited development from the community. so if you are not going to flash a custom rom( usually thats how people stay up to date) then you will have to go through the rooting procedure each time.
bober10113 said:
n9600 has limited development from the community. so if you are not going to flash a custom rom( usually thats how people stay up to date) then you will have to go through the rooting procedure each time.
Click to expand...
Click to collapse
So every solution that makes this easier is strictly device-specific and nothing like Flashfire (which would have worked regardless of community activity for the N9600) exists anymore?
Dark times indeed, almost makes me question if I should keep rooting my devices...
I have rooted note8 with decrypted data partition (no-verity... something script). I updated recently to newest firmware simply through odin. I flashed firmware preserving data (home csc file?). There was bootloop but after i flashed twrp and rooted with magisk phone started without problem and all settings and data was there. So this is solution for me, maybe it will work on note 9 too.
Spaced Invader said:
So every solution that makes this easier is strictly device-specific and nothing like Flashfire (which would have worked regardless of community activity for the N9600) exists anymore?
Dark times indeed, almost makes me question if I should keep rooting my devices...
Click to expand...
Click to collapse
Personally I'm sticking with phones officially supported by lineageOs (formerly cynogenmod) from now on.
Kriomag said:
I have rooted note8 with decrypted data partition (no-verity... something script). I updated recently to newest firmware simply through odin. I flashed firmware preserving data (home csc file?). There was bootloop but after i flashed twrp and rooted with magisk phone started without problem and all settings and data was there. So this is solution for me, maybe it will work on note 9 too.
Click to expand...
Click to collapse
Hi, I have a Note 9 that was rooted with Magisk and running on Oreo 8. I updated it via Odin to Android 10. I have a bootloop. What should I do? Please help me