Related
Good morning droids,
I was looking around for info on the "phone storage encryption" option which requires a PIN when the phone is first powered on. This sounds nice conseridering the amount of information contained on our devices these days.
I think this is a stock HTC feature but I wasn't finding much in other forums. I'm currently running viper rom which has me wondering a few things:
Where in the boot process does it prompt for decrypt? Would you still be able to mount images from storage-- like does it prompt before the bootloader starts? would you still be able to use/nandroid/mount roms in a custom bootloader? Are there any recovery options? if it all goes to hell would I still beable to flash back to stock? Can encryption be undone after? My main concern has to do with when in the boot the storage is decrypted and how it affects the use/flashing of roms.
With all these questions I think the resounding common sense answer is "its just not worth the potential fallout." but I'll ask anyway...
Thoughts?
CarbolDroid said:
Good morning droids,
I was looking around for info on the "phone storage encryption" option which requires a PIN when the phone is first powered on. This sounds nice conseridering the amount of information contained on our devices these days.
I think this is a stock HTC feature but I wasn't finding much in other forums. I'm currently running viper rom which has me wondering a few things:
Where in the boot process does it prompt for decrypt? Would you still be able to mount images from storage-- like does it prompt before the bootloader starts? would you still be able to use/nandroid/mount roms in a custom bootloader? Are there any recovery options? if it all goes to hell would I still beable to flash back to stock? Can encryption be undone after? My main concern has to do with when in the boot the storage is decrypted and how it affects the use/flashing of roms.
With all these questions I think the resounding common sense answer is "its just not worth the potential fallout." but I'll ask anyway...
Thoughts?
Click to expand...
Click to collapse
I don't believe that recoveries are able to update a phone with an encrypted data partition unless you're using stock. I do believe you can flash back to stock if something goes wrong, although you would certainly have to format /data to get back into it. However, the actual login process (if I remember correctly, it's been a while) is that the bootloader starts you in a "dummy" environment of sorts that just asks you for your password. If it checks out, the system reboots, passing that key on to the "real" operating system which decrypts the data volume.
I'd echo though that it's really not something you should fool around with.
As we know google is going to pre enable the Data encryption on Android L and we already have it as an optional extra security ..
So before anyone rushes to enable it to feel more Secured . First let's learn about it ..
As this option is available in Security .
If you enable it you have to enter password/PIN(compulsory) ..
80% minimum battery + plugged in for charging is necessary .
Once the encryption starts it will take about 15 minutes to complete the process ..
Once it's complete , it will automatically reboot the phone . booting will be in 2 stages.. On first stage it will ask for password/PIN to decrypt the phone/phone storage
And then the second boot process will be the normal one ..
And now comes the warning part ..
Once you encrypt the data , you have to decrypt it on every boot and you can't disable this .. You have to factory reset the phone to remove this .
And here at XDA we flash mods and zips etc almost every day/week ..
So if you encrypt your phone and then you flash anything via bootloader ..IT WILL FORMAT EVERYTHING ..(including internal storage, basically factory reset)
So if you are an advanced user with custom rom/recovery etc i suggest you to first do a complete backup If you really want to try the data encryption .
So i hope this information be helpful for those who are unaware and don't know what can happen , and i suggest you to read about it before you enable it ..
For most of us, we already know that encryption causes issues, always. Maybe not immediately, but always at some point.
Its the new people that go "oh encryption, sounds good, must use", when they don't have any data that's actually important enough to justify the need for encryption.
Lethargy said:
For most of us, we already know that encryption causes issues, always. Maybe not immediately, but always at some point.
Its the new people that go "oh encryption, sounds good, must use", when they don't have any data that's actually important enough to justify the need for encryption.
Click to expand...
Click to collapse
That's why i created a new thread specially for those who are inexperienced .
Not everyone are born developers/pro
Everyone learns with making mistakes
And our Job is to help them at XDA .
IMO this is what XDA is for at the first place ..
I'll rely on custom ROMs as always, that certainly have it disabled by default.
I think it's insane google would try to force this on us. Shame on them. ?
How does android L handle staying unlocked in trusted areas if encryption is enabled?
Despite the warning, we will see how the encryption will work in Android L. It might not be the same process as described from Kitkat/JB of encryption.
Who know if the process of encryption will be changed in Android L, so that you don't have to do each step to encrypt/decry pt and the flashing/modding issues.
I see many bricks coming from this as well, from unknowing flashers.
inferol said:
Despite the warning, we will see how the encryption will work in Android L. It might not be the same process as described from Kitkat/JB of encryption.
Who know if the process of encryption will be changed in Android L, so that you don't have to do each step to encrypt/decry pt and the flashing/modding issues.
Click to expand...
Click to collapse
Probably they are going to change the way it works .. , because they haven't updated it since it first came out with ICS ..
The inability to use pattern lock is enough to turn me off Android encryption. All the other problems just makes it a no brainer.
May be they have overcome these issues and thus made it default....
I find no sense in making some hectic procedure as default
wow. wonder who will have access to the encryption keys.. or more likely supplied the encryption technique in the first place?
cough... nsa, feds, gchq, ect...... cough
don't believe the security services fake crying about encrytion... just a fairy story to pacify the sheep
meangreenie said:
wow. wonder who will have access to the encryption keys.. or more likely supplied the encryption technique in the first place?
cough... nsa, feds, gchq, ect...... cough
don't believe the security services fake crying about encrytion... just a fairy story to pacify the sheep
Click to expand...
Click to collapse
When NSA forced TrueCrypt to hand over their keys, they essentially and purposely updated their product to be broken to ensure no one used it. Wonder what Google would do?
Sent from my Nexus 5 using Tapatalk
Wakamatsu said:
The inability to use pattern lock is enough to turn me off Android encryption. All the other problems just makes it a no brainer.
Click to expand...
Click to collapse
You can't do it out of the box, but you can make it work fairly easy with twrp and a backup. The quick version is:
before encryption, setup your pattern lock, do a nandroid backup in twrp. Reboot, change to a PIN/password to allow encryption, perform encryption process. Boot back into twrp, it will prompt you to enter your pin/password, since it can decrypt and then function inside of the encrypted volume (and therefore restore an unencrypted backup inside of the encrypted envelope in essence). Restore your backup that has pattern unlock and reboot. It should prompt you for your strong pin/password on each initial boot, but once booted, it will use your pattern unlock. Downside is you can't change your pattern after that, so pick what you want the first time. You can change your pin/password if you want, I use EncPassChanger myself. I also use bootunlocker to relock the bootloader after I'm done, just have to make sure to unlock before flashing any updates.
I use this process on both my N5 and 2013 N7.
rootSU said:
When NSA forced TrueCrypt to hand over their keys, they essentially and purposely updated their product to be broken to ensure no one used it. Wonder what Google would do?
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Source for this?
markassbuster said:
Source for this?
Click to expand...
Click to collapse
Action speaks louder than words sometimes all u need is to observe
markassbuster said:
Source for this?
Click to expand...
Click to collapse
They can't really openly say that buy the industry "knows".
But the opening paragraph of this page hints at it.
http://truecrypt.sourceforge.net
rootSU said:
They can't really openly say that buy the industry "knows".
But the opening paragraph of this page hints at it.
http://truecrypt.sourceforge.net
Click to expand...
Click to collapse
AH OK thanks. I thought there was some recent, concrete news about what went down.
Thing is, now what will we gotta do to still be able to flash zips with encrypted device? XD
So I recently encrypted my phone....because I read it only encrypts the data partition...so if I wanted to update my CM11 version (m9 to m10 for example) I wouldn't be able to?
I should have read into it more I guess...
edit: TWRP saved my ass. Just looked at it and it decrypts the data partition.
I encrypted my phone, but now wish I hadn't. I'm pretty sure it is the cause of some small issues I have had flashing different ROMs.
fml :crying:
Hello!
I have a question, I tried too much ROMs, and now I decide to keep my Stock ROM with a Custom Kernel, like:
Stock ROM: http://forum.xda-developers.com/moto-x/development/rom-firmware-stock-brasil-4-4-4-zip-t2873516
Kernel: http://forum.xda-developers.com/moto-x/development/kernel-zwliew-kernel-r1-t2926315
And for security things, I have bought a Kaspersky Licence to track, block and wipe data, with SMS or WEB commands. But if I got stoled, and the thief knows how to get in the Recovery Mode, he will wipe the ROM and get access to my data in the same way, without the Kaspersky tool.
So I have a question, is there any way to block the bootloader and block the recovery?
I don't have the answers but I can probably give you some good questions to ask.
I don't imagine there's any way to "block the bootloader" if that's what you really meant to type.
First thing you might want to do is flash the stock recovery. You won't be able to flash custom things with it but you can't do much else in stock recovery like you can in a custom one.
If you did want to make changes which required a custom recovery you could already just flash one. Granted, a tech savvy thief could always do the same if they realized that you're unlocked but that would probably weed out the average opportunistic pretty thief.
### There may be risks to this that I don't know but if you wanted to take it a step further I WOULD THINK you could even relock the bootloader. I unlocked via the China middleman so I have my unlock code to use/reuse whenever I want. I think I recall hearing that sunshine will also relock and reunlock the same phone once purchased for that phone? What I don't know is if there's any risk to locking a bootloader with a non stock system.
###
marcelorepavan said:
Hello!
I have a question, I tried too much ROMs, and now I decide to keep my Stock ROM with a Custom Kernel, like:
Stock ROM: http://forum.xda-developers.com/moto-x/development/rom-firmware-stock-brasil-4-4-4-zip-t2873516
Kernel: http://forum.xda-developers.com/moto-x/development/kernel-zwliew-kernel-r1-t2926315
And for security things, I have bought a Kaspersky Licence to track, block and wipe data, with SMS or WEB commands. But if I got stoled, and the thief knows how to get in the Recovery Mode, he will wipe the ROM and get access to my data in the same way, without the Kaspersky tool.
So I have a question, is there any way to block the bootloader and block the recovery?
Click to expand...
Click to collapse
No.
There is no security with an unlocked boot!
One reason THEM don't want it.
See the Philz dev thread (search) for a discussion on this issue.
If you are concerned about security, then flashing a custom ROM/Kernel is the wrong thing to do. You should leave the phone stock, enable device encryption, and also have stock recovery and a locked bootloader.
aviwdoowks said:
No.
There is no security with an unlocked boot!
One reason THEM don't want it.
See the Philz dev thread (search) for a discussion on this issue.
Click to expand...
Click to collapse
But is there any way to lock again my phone? Before a custom ROM/Kernel installed?
Thanks!
marcelorepavan said:
But is there any way to lock again my phone? Before a custom ROM/Kernel installed?
Thanks!
Click to expand...
Click to collapse
No. Because recovery is always accessible.
You can lock your phone at any point, but that isn't going to make it any more secure if you are rooted and/or have a custom recovery installed.
Sent from my Moto X
imnuts said:
You can lock your phone at any point, but that isn't going to make it any more secure if you are rooted and/or have a custom recovery installed.
Sent from my Moto X
Click to expand...
Click to collapse
Hello! Another question!
If a thieft with experience in ROMs/Root and this things get a Normal Moto X Unrooted and Original and Stock. Its is possible he wipe the data, of course...but Its possible to him, get the phone rooted and wipe the data too.
I'm trying to say, a phone with root and unrooted is the same thing about security, because if the Thief have experience, he will do the same thing...a unrooted phone wipe will lost all the datas, a rooted wipe will keep photos and files, right?
Factory reset doesn't care if you're rooted or not. If the phone is locked, unlocking will wipe data. Rooted or not, a factory reset deletes everything. Stock recovery will wipe the emulated SD card as well, where custom recovery doesn't by default, though it still can if you want.
Being rooted makes it easier to pull the data off the phone, but just because one isn't rooted doesn't mean your data is safe.
Sent from my Moto X
My last phone (Nexus 4) was stolen. My new device, the Nexus 6, as you all know comes with enhanced security measures, requiring authentication even after a factory reset. Now, I had grown accustomed to playing around with wiping, rooting, custom roms, kernels, radios, etc with my Nexus 4. Now that I have had my Nexus 6 for a bunch of months, I am starting to think about rooting my device (so I can install an SSH server and have my phone automatically open a tunnel back to my server). My only hesitation is turning the OEM unlocking switch to on. See, I am a big fan of the new security measures that require authentication after a device reset, and would much prefer to keep that feature enabled. I've searched around on Google and XDA, and I haven't been able to find any definitive answers on how unlocking the bootloader in order to root the device will affect these security mechanisms.
My understanding is this: in order to root the Nexus 6, you need to enable OEM unlocking, which allows flashing pretty much any image onto the phone. If any image can be flashed to the phone, this security mechanism can be circumvented.
Two questions:
1. (pretty sure the answer to this is no) Can I root my phone and prevent flashing of images that would circumvent the security feature
2. Will rooting my phone make it easier for an unknown party to gain access to the device via another route
Unlocking the bootloader really only allows you to flash unsigned images, and root provides you with the option to grant administrative access to applications.
Neither one of those has anything to do with encrypted data, or in any way makes encrypted data readable without the key.
The bootloader unlock will make it easier for a thief to wipe all the data on the device without reading it, so he can use the device or sell it as functioning... Even then, you may be able to factory reset an encrypted device without the key anyways... At which point I would think they could make a new key for the freshly wiped partition?
Anything that is going to run unauthorised code at root level is likely going to use other exploits to achieve root on their own, like users do to gain root on devices that are locked down. You having root access doesn't give the right for anything to run as root unless you approve it (or if someone managed to find some exploit in the version of supersu your running, but this is not likely... and if we are assuming any code may have holes in it you're not safe no matter what you do). It does give you the possibility of being tricked into running malicious code that is disguised as some utility... But that is a risk your going to take running any software that isn't from a stable corperation you can take legal action against. Trust who wrote the code or don't use it.
If in question number 1 "the security feature" is encryption, then yes having and unlocked bootloader means if someone takes your phone they can flash a kernel that does not force encryption, they would then have to format the userdata partition to encrypt the phone. Without luck, guessing the password, or discovering some amazing undocumented flaw in the encryption algorithm they will not being able to read your data with out having the key, or guessing it.
@scryan
If you have unlocked the bootloader and have installed a custom recovery (TWRP), are you able to see the list of files in the file manager of TWRP, if the device is encrypted?
Nikos2k said:
@scryan
If you have unlocked the bootloader and have installed a custom recovery (TWRP), are you able to see the list of files in the file manager of TWRP, if the device is encrypted?
Click to expand...
Click to collapse
Yes. Otherwise couldn't pick a file to flash. It actually only encrypts user data. Apps, zips ect are not encrypted or we couldn't pull and modify them.
prdog1 said:
Yes. Otherwise couldn't pick a file to flash. It actually only encrypts user data. Apps, zips ect are not encrypted or we couldn't pull and modify them.
Click to expand...
Click to collapse
the user data that are encrypted include files on the sdcard folder? (e.g. pdfs, images in DCIM folder etc)
i am asking because in my device in Settings -> Security -> Encryption it shows that it is encrypted, in TWRP however i can see all the files
Can i make the custom recovery to ask for the pin? do I have to enable PIN as a screen lock?
What happens if i use an unlock pattern or just swipe for unlock?
Nikos2k said:
the user data that are encrypted include files on the sdcard folder? (e.g. pdfs, images in DCIM folder etc)
i am asking because in my device in Settings -> Security -> Encryption it shows that it is encrypted, in TWRP however i can see all the files
Can i make the custom recovery to ask for the pin? do I have to enable PIN as a screen lock?
What happens if i use an unlock pattern or just swipe for unlock?
Click to expand...
Click to collapse
TWRP will use same pin as Device lock. Only thing I have seen if you use pinlock have to convert 5x5 to 4x4. There's a way to convert it located in this forum somewhere. Swipe to unlock has no pin so TWRP is open. Unlock pattern works also. Either pin or swipe has to be converted don't remember which. I run wide open encrypted so have never played with it.
prdog1 said:
TWRP will use same pin as Device lock. Only thing I have seen if you use pinlock have to convert 5x5 to 4x4. There's a way to convert it located in this forum somewhere.
Click to expand...
Click to collapse
By pinlock you mean the pattern screen lock?
I think it is 3 x 3, not 4x4 or 5x5
And since I use this pattern screen lock, which cannot be input in TWRP, this means that I have to disable it b4 I need to enter recovery?
This makes me a bit uncomfortable since I may need to enter recovery because of a problem with the system
Nikos2k said:
By pinlock you mean the pattern screen lock?
I think it is 3 x 3, not 4x4 or 5x5
And since I use this pattern screen lock, which cannot be input in TWRP, this means that I have to disable it b4 I need to enter recovery?
This makes me a bit uncomfortable since I may need to enter recovery because of a problem with the system
Click to expand...
Click to collapse
Start with this thread. It explains TWRP.
http://forum.xda-developers.com/nexus-6/help/twrp-2-8-5-0-password-help-t3046630
prdog1 said:
Start with this thread. It explains TWRP.
http://forum.xda-developers.com/nexus-6/help/twrp-2-8-5-0-password-help-t3046630
Click to expand...
Click to collapse
thank you it worked!
scryan said:
Unlocking the bootloader really only allows you to flash unsigned images, and root provides you with the option to grant administrative access to applications.
Neither one of those has anything to do with encrypted data, or in any way makes encrypted data readable without the key.
The bootloader unlock will make it easier for a thief to wipe all the data on the device without reading it, so he can use the device or sell it as functioning... Even then, you may be able to factory reset an encrypted device without the key anyways... At which point I would think they could make a new key for the freshly wiped partition?
Anything that is going to run unauthorised code at root level is likely going to use other exploits to achieve root on their own, like users do to gain root on devices that are locked down. You having root access doesn't give the right for anything to run as root unless you approve it (or if someone managed to find some exploit in the version of supersu your running, but this is not likely... and if we are assuming any code may have holes in it you're not safe no matter what you do). It does give you the possibility of being tricked into running malicious code that is disguised as some utility... But that is a risk your going to take running any software that isn't from a stable corperation you can take legal action against. Trust who wrote the code or don't use it.
If in question number 1 "the security feature" is encryption, then yes having and unlocked bootloader means if someone takes your phone they can flash a kernel that does not force encryption, they would then have to format the userdata partition to encrypt the phone. Without luck, guessing the password, or discovering some amazing undocumented flaw in the encryption algorithm they will not being able to read your data with out having the key, or guessing it.
Click to expand...
Click to collapse
Ok, so for encryption, "Allow OEM Unlocking" allows flashing of unsigned images (such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
quickdry21 said:
Ok, so for encryption, "Allow OEM Unlocking"
encryption and oem unlock ar 2 entirely different things
allows flashing of unsigned images
allows you to unlock the boottloader, which allows you to flash unsigned img's. the setting itself does nothing but enable the ability. to unlock
(such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
yes
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
i think if someone were to completely wipe the phone, use a different gmail and sim, the google protection would be gone, but i could be wrong. im not positive on that one.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
some extremely savvy person "may" be able to make a rom without the google protection, but i have never seen it tried.it may be a core feature that cant be removed.
i really wouldnt worry about that. the likelihood that someone would steal or find your device and have the skills to do all you asked above, is very remote.
Click to expand...
Click to collapse
in red above.
bweN diorD said:
in red above.
Click to expand...
Click to collapse
protection will be gone if you flash android 5.0.1. if you wipe and flash android 5.1.1, the protection will still be there and will ask for your password first.
bweN diorD said:
in red above.
Click to expand...
Click to collapse
Thanks, that does seem to make sense.
I know this comes across as overly paranoid, but I ask also because I'm a curious developer. I'm interested in understanding how android's insides work in general as well as how the new device protection fits in with rooting, custom roms, unlocking the bootloader, etc. (just how well does it prevent unauthorized use of devices)
Interesting, that says to me there is a relatively easy way to get around the reset protection if a phone has an unlocked bootloader. Albeit, relatively easy is relative.
quickdry21 said:
Interesting, that says to me there is a relatively easy way to get around the reset protection if a phone has an unlocked bootloader. Albeit, relatively easy is relative.
Click to expand...
Click to collapse
easy, yes, for one of us. but for a typical user, very hard. anyways, i dont like letting out the secret of how to bypass it, so keep it quiet please
simms22 said:
easy, yes, for one of us. but for a typical user, very hard. anyways, i dont like letting out the secret of how to bypass it, so keep it quiet please
Click to expand...
Click to collapse
Yes, agreed. I'm going to edit out that quote.
quickdry21 said:
Ok, so for encryption, "Allow OEM Unlocking" allows flashing of unsigned images (such as the one used for root), which means if someone gets a hold of my phone, they can put whatever they want on it, including flashing a custom rom.
So my next question is, what about being required to sign into the last Google account used on the phone even after a factory reset (device protection / factory reset protection / not sure what it's called exactly)? Is that area of the bootloader / rom / memory / wherever it lives flashable? If you have an unlocked bootloader, is it possible to flash some image to the device that disables this? Hah, that sounds bad. Really, I want to root my Nexus 6, but I haven't decided if it would be worth giving up the anti-theft required login after reset.
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
Click to expand...
Click to collapse
Maybe someone could figure out something?
But if your device is wiped, and basically all the partitions are re-written.... Where do you want to store the last google account information to check against?
No one is going to plan on stealing your phone, ask you if the bootloader is unlocked, then decide not to if they say no. None of the security really prevents your phone from being stolen. Nothing just looking at your phone lets a would be thief know that its encrypted and not unlocked...
The encryption and locked bootloader will not prevent your phone from being stolen. The encryption will protect your data, and the locked booloader will make it harder to reset the device (though does factory recovery have a factory reset option? I would think this would allow the device to be wiped and encryption key to be reset anyways?)
I guess really, I'm curious about how it works, is it part of the Android image delivered by Google? Is it part of the bootloader? Is it possible to release a rom without this feature? I'm not a thief, I swear I'm just curious.
Click to expand...
Click to collapse
What? You keep talking about this single security device? What are you talking about?
Do you mean encryption?
encryption is just how the data is stored on the device.
Say you have the word "Duck"
And we want to store that word in a safe way. As a VERY VERY basic method, we will encrypt this by shifting each letter of the alphabet a certain number of letters. This number will be something YOU give, so that others do not know how many letters we have shifted over.
So lets say you give us "5" as your key.
so the alphabet
abcdefghijklmnopqrstuvwxyz we will shift 5 letters over, starting on the fifth letter and wrapping around...
fghijklmnopqrstuvwxyzabcde so each letter matches up with a new letter.
D is the 4th letter of the alphabet, so we will use the 4th letter of of shifted alphabet, i
u is the 21st letter of the alphabet so we will use the 21st letter of our shifted alphabet, z
ect, ect... so Duck becomes Izho, and with out knowing how many letters to shift over, know one will know what that means (ok, obviously due to the simplicity of our encryption algorithm, anyone who is smart and cares can likely try different numbers until the output is a coherent word. the actual method of encryption is significantly more complex, and the key is more then one characters
See here for more intellegent details: https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
quickdry21 said:
Yes, agreed. I'm going to edit out that quote.
Click to expand...
Click to collapse
na, it ok, you can leave it here. that way if someone really needs to, theyll find the answer here. just dont go around spreading it around i meant
scryan said:
Maybe someone could figure out something?
But if your device is wiped, and basically all the partitions are re-written.... Where do you want to store the last google account information to check against?
No one is going to plan on stealing your phone, ask you if the bootloader is unlocked, then decide not to if they say no. None of the security really prevents your phone from being stolen. Nothing just looking at your phone lets a would be thief know that its encrypted and not unlocked...
The encryption and locked bootloader will not prevent your phone from being stolen. The encryption will protect your data, and the locked booloader will make it harder to reset the device (though does factory recovery have a factory reset option? I would think this would allow the device to be wiped and encryption key to be reset anyways?)
Click to expand...
Click to collapse
I'm not expecting this "Device Protection" feature to prevent my phone from being stolen, I'm more interested in the **** you aspect to someone who tries, and maybe them returning it to me for some money.
scryan said:
What? You keep talking about this single security device? What are you talking about?
Do you mean encryption?
Click to expand...
Click to collapse
I'm not sure if you are aware, but with the release of 5.1, there is a new security feature (think it's called Device Protection, but that seems to encompass some other things) that requires you to login to the last Google account attached to the phone after a factory reset (whether done from the settings UI, or from recovery mode). If you are unable to login to a Google account that was attached to the phone, the phone becomes worthless (there have been some posts on xda about people "acquiring" a Nexus 6 and being unable to use it), some details here: https://support.google.com/nexus/answer/6172890
A quote from that link sums it up:
Important: You can enter information for any Google account that has been added to the device. If you can't provide this information during the setup process, you won't be able to use the device at all after the factory reset.
Click to expand...
Click to collapse
Now, this security feature is only available on new phones that are released with 5.1 (with the exception of the newest round of Nexus devices, which received it with the update to 5.1). This leads me to believe that some aspect is baked into the device. Separate encrypted partition maybe? Part of the bootloader software? I don't know, that's what I'm curious about.
scryan said:
encryption is just how the data is stored on the device.
Say you have the word "Duck"
And we want to store that word in a safe way. As a VERY VERY basic method, we will encrypt this by shifting each letter of the alphabet a certain number of letters. This number will be something YOU give, so that others do not know how many letters we have shifted over.
So lets say you give us "5" as your key.
so the alphabet
abcdefghijklmnopqrstuvwxyz we will shift 5 letters over, starting on the fifth letter and wrapping around...
fghijklmnopqrstuvwxyzabcde so each letter matches up with a new letter.
D is the 4th letter of the alphabet, so we will use the 4th letter of of shifted alphabet, i
u is the 21st letter of the alphabet so we will use the 21st letter of our shifted alphabet, z
ect, ect... so Duck becomes Izho, and with out knowing how many letters to shift over, know one will know what that means (ok, obviously due to the simplicity of our encryption algorithm, anyone who is smart and cares can likely try different numbers until the output is a coherent word. the actual method of encryption is significantly more complex, and the key is more then one characters
See here for more intellegent details: https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
Click to expand...
Click to collapse
Yes, I was not very clear in my original post about what security feature I was inquiring about. I'm aware of what encryption is. Part of the reason I am interested in rooting my phone is to reverse tunnel a SSH server on the phone, or possibly netcat, via SSH to my server, so I will be able to open up a shell on my phone from anywhere I desire.
Ahh yes, apologies, was unaware they implemented that feature. A bit dense this morning.
I would imagine unlocked bootloader/custom recovery would DEFINITELY negate this feature.
No one gonna give your phone back, particularly after you use this as a "**** you" While its just IMO, its better to enjoy your phone now. Screwing yourself out of features only to attempt to limit the phone once you don't have anything to do with it anymore does not seem to be particularly productive.
Hi,
I have a Nexus 6 with a shattered screen, and just bought another one to replace it (exact same model, XT1103 32GB).
I want to make a Nandroid dump of the old device by booting into TWRP temporarily, then restoring the backup to the new phone using the same method. Both phones are bootloader unlocked and totally stock (latest Android update).
Is there anything in particular that I should watch out for? Which partitions should I not touch - a friend on another forum suggested that I should not touch EFS?
Cheers,
Su
If you restore the efs from one to the other you'll loose your imei number on the second one
needleyepoke
---------- Post added at 07:49 PM ---------- Previous post was at 07:47 PM ----------
I've cloned a Nexus 5 but I'm not sure if it's the same way.... P.S. of course your not supposed to do it unless you own both phones... From what I've been told
needleyepoke
Hi,
I don't want to mess about with the IMEI etc - I just want the same system settings, apps etc.
What partitions should I backup/restore? I guess just System, Data, Cache, Boot & Recovery should be enough?
Thanks,
Su
[edit] This seems to suggest just System, Data and Boot is ok - but is that all I need if I am restoring to another device?
Sumanji said:
Hi,
I don't want to mess about with the IMEI etc - I just want the same system settings, apps etc.
What partitions should I backup/restore? I guess just System, Data, Cache, Boot & Recovery should be enough?
Thanks,
Su
[edit] This seems to suggest just System, Data and Boot is ok - but is that all I need if I am restoring to another device?
Click to expand...
Click to collapse
Yes if they're on the same version. I cloned a 32 into a 64.
Ok I just tried this now, and it is not working...
The restore to the new device worked fine, but when I power up I get the "your device is corrupt screen" (which I think is normal if you use TWRP), but then after that it's just a blank screen...
The phone is still able to boot into bootloader and recovery (stock).
Any ideas what could have gone wrong please?
Thanks,
Suman
I think this might be something to do with encryption... when booting into TWRP the new phone still requires the encryption pin I set up from its original software....
Do I need to start again?
Ok, I flashed the new phone with the factory image and started again... this time, when I restore the backup it just hangs on the white Google logo screen...
Any help appreciated please!
Thanks,
Su
If your firs N6 was encrpted (default) there's no way to clone it. Android will generate different encryption keys etc.
Secure lockscreen is a big no-no too. With it, you can't even properly restore backup on the same device!
Trying to take the lazy way out is just asking for trouble. There are many things that can go wrong.
Also just a side note. Cloning devices is illegal, even if you own both devices. The was set by the cell phone cloning laws set up by the FCC.
Your best bet is just to reset it up from scratch.
zelendel said:
Trying to take the lazy way out is just asking for trouble. There are many things that can go wrong.
Also just a side note. Cloning devices is illegal, even if you own both devices. The was set by the cell phone cloning laws set up by the FCC.
Your best bet is just to reset it up from scratch.
Click to expand...
Click to collapse
Oh well,
I'm remembering what I did and I did not restore the Nandroid from Device A to Device B, I titanium Backup'd all the apps and moved them to TitaniumBackup folder on the new phone, restored from there.
For /sdcard/ I had to copy and paste it from one phone to the other...
I'm going to reply this to your reddit thread also.
Lawstorant said:
If your firs N6 was encrpted (default) there's no way to clone it. Android will generate different encryption keys etc.
Secure lockscreen is a big no-no too. With it, you can't even properly restore backup on the same device!
Click to expand...
Click to collapse
Ah dang, so there is no way for me to do what I want then... that's annoying, I would have bought a different phone in that case!
I believe Google requires encryption to be active in all devices with Android 6.0.1 installed, so any new device you purchase will have this (non-) issue.
Think of the alternative however. You could always be dealing with Samsung and Knox.
Strephon Alkhalikoi said:
I believe Google requires encryption to be active in all devices with Android 6.0.1 installed, so any new device you purchase will have this (non-) issue.
Think of the alternative however. You could always be dealing with Samsung and Knox.
Click to expand...
Click to collapse
I believe that is correct. All Nexus devices going forward will have the kernel force encryption. The only way around it is to format data in TWRP (completely wipe the phone) and then when you re setup your ROM (or even the stock image) just make sure you flash a custom kernel that doesn't force encryption (which pretty much all custom kernels don't) before booting into OS for the first time. I run mine unencrypted because nandroid backups are wayyyyy quicker without encryption. I know the security isn't as good but not a deal breaker for me.
I asked this question a while back when I was in the same situation, and was told that it's a bad idea.
TriguyRN said:
I asked this question a while back when I was in the same situation, and was told that it's a bad idea.
Click to expand...
Click to collapse
It is a bad idea. Restoring any system files from one device to another is a risky game. I wouldn't even recommend restoring data from one device to another.
Start fresh, clean. No need to bring junk over, or risk issues. Takes 15 minutes to setup a phone how I like it after a clean rom flash. That's not a long time.
Last year I returned my N6 because of the peeling-back problem. I had a full TWRP backup on my laptop. I loaded it on to the replacement N6, renamed the backup folder to the new device id, and restored it. Worked perfectly, no problems.