My device: HTC One M7 Android 4.2.2, S-ON, Root, CWM recovery (years old version)
My ultimate goal was: Get xposed framework. Install via app failed after rebooting due to S-ON, so I wanted to install through recovery. (this is irrelevant to the issue IMO)
What I tried to get there: Decrypting my /data partition in adb (because CWM doesn't support it)
What I found: https : // forumDOTfairphoneDOTcom/t/how-to-mount-encrypted-data-in-recovery/25724
Everything(!) I actually did: (commands after $ means executed on host machine (ubuntu), prefixed by ~ # means run on phone in adb shell)
$ adb shell
~ # setprop ro.crypto.state encrypted
~ # vdc cryptfs checkpw "<wrong password>"
200 0 1
~ # mount /dev/block/dm-0 /data
mount: mounting /dev/block/dm-0 on /data failed: no such file or directory
(( a couple commands like ls and cat to find out what my /data partition should be ))
(( ended up finding out in fstab that it's mmcblk0p37 ))
~ # mount /dev/block/mmcblk0p27 ((accidentally wrong one))
mount: mounting /dev/block/mmcblk0p27 on /data failed: Invalid argument
~ # mount /dev/block/mmcblk0p37
mount: mounting /dev/block/mmcblk0p37 on /data failed: Invalid argument
(( notice i entered wrong password ))
~ # vdc cryptfs checkpw "<right password>"
200 0 2
~ # mount /dev/block/mmcblk0p37
mount: mounting /dev/block/mmcblk0p37 on /data failed: Invalid argument
(( a couple more tried of the previous two commands for no legit reason ))
~ # mount -o rw,remount /dev/block/mmcblk0p37
mount: mounting /dev/block/mmcblk0p37 on /data failed: Invalid argument
(( exit adb shell ))
(( execute $ adb remount )) (( as google suggested (on host machine, not in adb shell obv) ))
$ adb shell
~ # mount -t ext2 /dev/block/mmcblk0p37 (( accidentally wrong fstype ))
mount: mounting /dev/block/mmcblk0p37 on /data failed: Invalid argument
~ # mount -t ext4 /dev/block/mmcblk0p37
mount: mounting /dev/block/mmcblk0p37 on /data failed: Invalid argument
~ # mount -t ext4 /dev/block/mmcblk0p27 (( why not? ))
mount: mounting /dev/block/mmcblk0p37 on /data failed: Invalid argument
~ # exit (( i got frustrated ))
Before I did all this the phone was working normally (after install xposed via app (which gave me xposed version 3x because I had that one previously installed via receovery. But I wanted the newest (5x) so I went all that way)). After I did all these steps - which to me are readonly things which shouldn't brick anything - I got frustrated and wanted to give up, so I rebooted. Now everytime I enter the - 100% correct - password, it tells me to "try again" (guessing it means wrong password? idk).
The whole xposed stuff is irrelevant in my opinion, because after I've installed it using the xposed installer (APK) I rebooted twice and decryption worked fine both times.
What the hell have I done (I'd say I'm a linux expert and I honestly don't see how I could've possible broken anything by what I did) and how can I fix it?
UPDATE: I got myself the cryptheader from the "extra" partition using the read_emmc vulnerability. That way I got the encrypted key and salt. (cryptheader)
I then used this and a modified bruteforce script to check if my right password is still right. Result: It doesn't seem so.
My password contained special characters and was 15 chars long, bruteforce is not an option.
Is there anyway what I did could've changed the password? If so, can I reproduce and get the new key somehow? The cryptheader is not corrupted and still intact. The /data partition (encrypted) is not corrupted and still intact. (I assume this because the encrypted partition's hexdump starts with "This is an encrypted partition", which is a HTC easter egg.)
htcuser311 said:
UPDATE: I got myself the cryptheader from the "extra" partition using the read_emmc vulnerability. That way I got the encrypted key and salt. (cryptheader)
I then used this and a modified bruteforce script to check if my right password is still right. Result: It doesn't seem so.
My password contained special characters and was 15 chars long, bruteforce is not an option.
Is there anyway what I did could've changed the password? If so, can I reproduce and get the new key somehow? The cryptheader is not corrupted and still intact. The /data partition (encrypted) is not corrupted and still intact. (I assume this because the encrypted partition's hexdump starts with "This is an encrypted partition", which is a HTC easter egg.)
Click to expand...
Click to collapse
I'm far from being a linux expert but the simplest would be to factory reset using htc's recovery to remove /data encryption and start from scratch (unless you have some really important data that must be saved from your /data partition)
alray said:
I'm far from being a linux expert but the simplest would be to factory reset using htc's recovery to remove /data encryption and start from scratch (unless you have some really important data that must be saved from your /data partition)
Click to expand...
Click to collapse
I have decided to give up on trying and did a "factory reset" (formatted /data and /data/sdcard through CWM, rebooted, set up device for first use, formatted /data again through CWM to result in clean system).
Fun-fact: Before I did what bricked the system I actually made a backup. The device (µSD-Card) decided to go corrupted filesystem though. I managed to recover most of the files but the /system partition backup (which might have saved me) remained corrupted. I was able to restore all my personal data though, so doing a factory reset wasn't that bad for me.
Related
I am pretty sure my factory.zip is corrupt or nonexistant from my mmcblk0p3. How do i move the factory.zip file over there from this thread http://forum.xda-developers.com/showthread.php?t=919353
Thanks
I just did this last night. First I booted into clockwork recovery and hooked up the nook to my computer and started up adb. I tried doing this when it was booted normally but I could not mount mmcblk0p3. Anyways once you are in recovery mode go to where adb is installed. Then these were the commands I did
Code:
adb shell mount /dev/block/mmcblk0p3 /emmc
adb pull /emmc/factory.zip factory-1.0.0.zip
adb push factory.zip /emmc/
The second line is me backing up my old 1.0.0 factory zip, just in case things went bad. Then I did the 8 failed boot reset and then reset /data
Thank You! I had something like that except i was missing emmc in the first line and i couldn't figure out why i couldnt mount mmcblk0p3. I want to make a how to once i reach 10 posts on this.
Hate to bring back an old thread, but, no matter how I have tried, I cannot mount /dev/block/mmcblk0p3... I always get invalid argument error... any help is appreciated.
>adb shell mount /dev/block/mmcblk0p3 /emmc
mount: mounting /dev/block/mmcblk0p3 on /emmc failed: Invalid argument
I have yet to be able to mount mmcblk0p3 to copy factory.zip to it.... hoping this would fix my install failed error on the 8 failed boot install.
NM.... fixed it... had to mke2fs /dev/block/mmcblk0p3 before I could mount it... got it fixed... the 8 failed boots works as it should again.
Hi,
I'll try and give as many details as possible. between me trying to get a root method to pass safteynet and updating to Nougat.
I manually updated to nougat as to not lose my data... ie: flashed radio, firmware, system, etc. First oddity was that twrp (twrp-3.0.2-0-shamu.img) would not stick unless i was rooted....weird. I also read I needed to rename recovery-from-boot.p to recovery-from-boot.bak and it would stick, though this made no difference, which i figured out why (coming up later). Ok, so i'm now rooted twrp and twrp is sticking. This is where i went to install the new pixel launcher as i was using nexus launcher before the update and was quite fond of it. I would flash the zip through twrp, but it would never show up as a system app. i tried and tried to get it there, to no avail. Ok, so i need to boot to recovery to access /system... sure, lets try that. I mount /system in twrp, flash the zip, use the file manager to check it out. It is showing in /system/priv-app. Cool. Boot phone, not there. Some weirdness is happening....
Twrp and /system are doing strange things...
While booted (truncated):
Code:
shamu:/ $ mount
/dev/block/dm-0 on /system type ext4 (ro,seclabel,relatime,data=ordered)
While in twrp:
Code:
~ # mount
/dev/block/mmcblk0p41 on /system type ext4 (rw,seclabel,relatime,data=ordered)
Why is one dm-0 and the other mmcblk0p41? Lets keep looking...
While booted:
Code:
shamu:/ $ ls /system/
app build.prop fake-libs framework lost+found priv-app usr xbin
bin etc fonts lib media recovery-from-boot.p vendor
While in twrp:
Code:
~ # ls /system/
app fonts priv-app
bin framework recovery-from-boot.bak
build.prop lib usr
etc lost+found vendor
fake-libs media xbin
Ah! i knew i changed the recovery-from-boot.p file! But.... why is it changed in the twrp /system and not the booted /system? That would explain why twrp kept getting overwritten. But whats going on here? Its like twrp is not mounting the right /system.... yet i can figure out how to mount the proper one.
While booted:
Code:
shamu:/data/data # mount -o rw,remount,rw /system
mount: '/dev/block/dm-0'->'/system': Device or resource busy
While in twrp:
Code:
~ # mount -o rw,remount,rw /system
mount: can't find /system in /proc/mounts
~ # mount /system
~ # mount
rootfs on / type rootfs (rw,seclabel)
tmpfs on /dev type tmpfs (rw,seclabel,nosuid,relatime,size=1506976k,nr_inodes=172637,mode=755)
devpts on /dev/pts type devpts (rw,seclabel,relatime,mode=600)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,seclabel,relatime)
selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime)
tmpfs on /tmp type tmpfs (rw,seclabel,relatime,size=1506976k,nr_inodes=172637)
pstore on /sys/fs/pstore type pstore (rw,relatime)
adb on /dev/usb-ffs/adb type functionfs (rw,relatime)
/dev/block/mmcblk0p38 on /cache type ext4 (rw,seclabel,relatime,data=ordered)
/dev/block/dm-0 on /data type ext4 (rw,seclabel,relatime,data=ordered)
/dev/block/dm-0 on /sdcard type ext4 (rw,seclabel,relatime,data=ordered)
/dev/block/mmcblk0p41 on /system type ext4 (rw,seclabel,relatime,data=ordered)
I'm at a loss about what to do. I thought twrp was not decrypting properly, so i removed exchange and removed my pin code in case that was causing it. No change. Any help or advice would be appreciated. I really would like Pixel launcher and tethering
Specs:
Nexus 6 32gb
Android 7.0, Oct 5,2016
twrp-3.0.2-0-shamu.img
Phone is encrypted, no pin code to boot.
rooted with superuser-r266-hidesu, systemless with phh superuser gui
Bump. No one?
have you changed the option in twrp, to mount system? and the file recovery-from-boot i delete right away, after first boot, so its never an issue, ever.
Subscribed. I have the same problem since I flashed Nougat and so I cannot flash lights-shamu-so-cm13.zip. Well, it flashed, but not to the "right" /system partition...
@simms22 Read over my problem again. There were two seperate /system partitions. One mounted by twrp and one mounted by the actual system. So any changes made to the twrp system had no effect on the actual booted /system.
@dcoulombe I finally gave up... I installed this rom: [ROM][Stock+][NBD90Z]Prerooted-Debloated-Deoxeded-Busybox-Fast & Stable . I pulled the root stuff out of the zip before flashing as to not trip safetynet. With root taken out, it passes. And now i can mount /system as expected. Tethering works and pixel launcher installed. I can help with removing root if you need me to.
Phone is snappy now too.
extremx said:
@simms22 Read over my problem again. There were two seperate /system partitions. One mounted by twrp and one mounted by the actual system. So any changes made to the twrp system had no effect on the actual booted /system.
@dcoulombe I finally gave up... I installed this rom: [ROM][Stock+][NBD90Z]Prerooted-Debloated-Deoxeded-Busybox-Fast & Stable . I pulled the root stuff out of the zip before flashing as to not trip safetynet. With root taken out, it passes. And now i can mount /system as expected. Tethering works and pixel launcher installed. I can help with removing root if you need me to.
Phone is snappy now too.
Click to expand...
Click to collapse
Hi , I have exact same issue with my honor 8...
twrp /system is not the same as nougat /system
when nougat boot up I cannot remount Read write FS.
I believe dm0-5 are lvm and not physical partition but no proof.
if someone have a solution I would be very interested.
Thanks
I found this thread by google searching my phone's problem.
My phone is Honor 8 lite ( PRA series), with exactly the same problem,
bloatware deleted from cust partition at TWRP mode still show up when system boots.
I solved my problem by rooting according to :
https://forum.xda-developers.com/p8...-to-root-huawei-p8-lite-2017-android-t3582179
I guess (not sure) DM is the culprit, the rooting modifies boot image, and disabled dm-verity.
Hi:
I've messed up my Note 9 pretty bad, such that no partitions mount in TWRP except cache - I'll need to do a data wipe, but I need to save data that I have in the Internal SD.
I've discovered via fdisk in TWRP that the media part - the Internal SD is partition sda25 - however can
t mount it in the terminal through a simple: mount /dev/block/sda25 /mnt
I get an error: mount failed: Invalid argument
I've tried: mount -t sdcardfs /dev/block/sda25 /mnt
This gives me also an error: mount failed: Not a directory
Mounting with -t vfat or exfat gives the Invalid argument error.
Anyone can help me with how to mount it, so that I may copy data off of it manually? I don't want to lose it. Many thanks.
白い熊 said:
Hi:
I've messed up my Note 9 pretty bad, such that no partitions mount in TWRP except cache - I'll need to do a data wipe, but I need to save data that I have in the Internal SD.
I've discovered via fdisk in TWRP that the media part - the Internal SD is partition sda25 - however can
t mount it in the terminal through a simple: mount /dev/block/sda25 /mnt
I get an error: mount failed: Invalid argument
I've tried: mount -t sdcardfs /dev/block/sda25 /mnt
This gives me also an error: mount failed: Not a directory
Mounting with -t vfat or exfat gives the Invalid argument error.
Anyone can help me with how to mount it, so that I may copy data off of it manually? I don't want to lose it. Many thanks.
Click to expand...
Click to collapse
cant you simply wipe the affected partitions(except data of course)? then flash a rom?
have you tried;
mount /sys/block/sda25 /mydata
or
mount /dev/block/sda25 /mydata
or
adb
mount -o rw /dev/block/sda25/data /mydata
in both cases /mydata is just the mount point so I believe it can simply be called what ever you want including just /data
have you read:
https://android.stackexchange.com/q...data-partitions-in-recovery-mode-in-adb-shell
edit:
by any chance when you first flashed twrp, did you forget to format data?
if yes then flash back stock AP file(original phone's firmware) in Odin AP slot only and you should be good to go.( you shouldn't loose any files in internal storage)
I setup Lineage 16 on my Xperia X and encrypted the phone. Now whenever I try other ROMS (installed from twrp) it always asks for my encryption password in TWRP and on bootup. I've already tried wiping all of the partitions, I've tried changing the filesystems, I've tried the ADB command ./adb shell recovery --wipe_data --set_filesystem_encryption=off
Encryption is still intact. What can I do to nuke the phone?
I experienced something similar a while ago and if I recall correctly then played around in TWRP with "repair filesystem", and finally I got it working unencrypted again
I was in the same situation. The only way for me was to install a stock fw with Flashtools (while in bootloader mode)...and start again from zero.
Connect to PC and enter recovery
Then type following commands
Caution!!
You will lose all data!!
$ adb shell
# umount /data
# umount /sdcard
# make_ext4fs /dev/block/platform/msm_sdcc.1/by-name/userdata
Click to expand...
Click to collapse
This is pure format command. Encryption will be removed.
But only these commands we loose crypt footer. (We can never re-encrypt)
You had better add these commands also.
$ adb shell
# umount /data
# umount /sdcard
# make_ext4fs /dev/block/platform/msm_sdcc.1/by-name/userdata
(Upper section commands)
# e2fsck -f /dev/block/platform/msm_sdcc.1/by-name/userdata
(You should check "Block count" section)
# resize2fs -f /dev/block/platform/msm_sdcc.1/by-name/userdata xxxxxxxx
Click to expand...
Click to collapse
If "Block count" equals 2991611, type like this (subtract 4 from block count... 2991611-4=2991607)
# resize2fs -f /dev/block/platform/msm_sdcc.1/by-name/userdata 2991607
Click to expand...
Click to collapse
I have a rooted Pixel 7 and It was suggested that I rename a system file to prevent the system from updating itself (despite my having turned off all such options). My first attempt was to merely try renaming the file, but that didn’t work because the file systems in mounted RO.
I did some looking around, and the common approach to dealing with this issue is to remount the file system. Following is a ‘screen grab’ of my abd session:
Code:
cheetah:/ $ su
cheetah:/ $ ls /product
app etc fonts framework lib lib64 lost+found media overlay priv-app tts usr wallpaper
(this has the directory I want, so this file system)
cheetah:/ $ mount | grep product
/dev/block/dm-15 on /product type ext4 (ro,seclabel,relatime)
(this is a mounted file system)
cheetah:/ # mount -o rw,remount /product
'/dev/block/dm-15' is read-only
cheetah:/ # mount -o rw,remount -t ext4 /product
'/dev/block/dm-15' is read-only
cheetah:/ # mount -o rw,remount /dev/block/dm-15 /product
'/dev/block/dm-15' is read-only
(three attempts to remount – all failed)
So, now what should I try?
groston said:
I have a rooted Pixel 7 and It was suggested that I rename a system file to prevent the system from updating itself (despite my having turned off all such options). My first attempt was to merely try renaming the file, but that didn’t work because the file systems in mounted RO.
I did some looking around, and the common approach to dealing with this issue is to remount the file system. Following is a ‘screen grab’ of my abd session:
Code:
cheetah:/ $ su
cheetah:/ $ ls /product
app etc fonts framework lib lib64 lost+found media overlay priv-app tts usr wallpaper
(this has the directory I want, so this file system)
cheetah:/ $ mount | grep product
/dev/block/dm-15 on /product type ext4 (ro,seclabel,relatime)
(this is a mounted file system)
cheetah:/ # mount -o rw,remount /product
'/dev/block/dm-15' is read-only
cheetah:/ # mount -o rw,remount -t ext4 /product
'/dev/block/dm-15' is read-only
cheetah:/ # mount -o rw,remount /dev/block/dm-15 /product
'/dev/block/dm-15' is read-only
(three attempts to remount – all failed)
So, now what should I try?
Click to expand...
Click to collapse
I haven't used this, but maybe it can help you.
Lughnasadh said:
I haven't used this, but maybe it can help you.
Click to expand...
Click to collapse
Thank you. Seems like this might work, but after reading several pages, I am not sure how to install/use overlayfs. I have a Windows system - any chance you could point me to something that provides some guidance?
groston said:
Thank you. Seems like this might work, but after reading several pages, I am not sure how to install/use overlayfs. I have a Windows system - any chance you could point me to something that provides some guidance?
Click to expand...
Click to collapse
I've never used this before but I believe once you flash the module it makes the /system RW so you can start making modifications. There's a README that provides some information. I don't know of any other guides besides the information on that Github page.
Checking out the thread below might reveal a solution and/or give a clue or hint...
Pixel 7 Pro Stuck in read only mode (rooted with magisk 26.1) Am I missing something? HELP
Everything ive tried in FX Explorer fails. No matter what I try, for example editing build.prop or anything else, it constantly says read only. i cannot use any method to allow write access. Did i miss something when i rooted with Magisk? I dont...
forum.xda-developers.com
simplepinoi177 said:
Checking out the thread below might reveal a solution and/or give a clue or hint...
Pixel 7 Pro Stuck in read only mode (rooted with magisk 26.1) Am I missing something? HELP
Everything ive tried in FX Explorer fails. No matter what I try, for example editing build.prop or anything else, it constantly says read only. i cannot use any method to allow write access. Did i miss something when i rooted with Magisk? I dont...
forum.xda-developers.com
Click to expand...
Click to collapse
Good suggestion. I installed FX File Explorer, gave it the appropriate permissions, but was unable to change the /product filesystem to read/write.
groston said:
Good suggestion. I installed FX File Explorer, gave it the appropriate permissions, but was unable to change the /product filesystem to read/write.
Click to expand...
Click to collapse
When you say "gave it the appropriate permissions", just to confirm -- that doesn't mean that you changed the security permissions on the folder & files, correct? I hope it means you did not do what the OP in that thread had done and actually did enable root access particularly (hoping that's what you meant on "gave it appropriate permissions").
Because, in certain cases, I've changed permissions on files/folders vs. simply enabling root access mode....
Apologies in advanced if my inquiry seems fairly obvious (to the point of insulting maybe; it is not meant to be), but you never know and many foolish things has been done/assumed on this site that missed many (obvious) things because it wasn't confirmed....