Hallo.
I had unlock bootloader, install twrp and supersu: my honor 8 is rooted, but why i don't have encryption on it? When i enter in twrp, i can see all file of device.. i don't understand why.
Thank you all
djhuzi said:
Hallo.
I had unlock bootloader, install twrp and supersu: my honor 8 is rooted, but why i don't have encryption on it? When i enter in twrp, i can see all file of device.. i don't understand why.
Thank you all
Click to expand...
Click to collapse
Because either TWRP decrypts it, or because it isn't really encrypted.
I'd say it's still encrypted.
When i power on the h8, a message appears for restore the device: if i Press vol UP, i enter in a HUAWEI (special) recovery: it tell me to download last update and restore all. But this, lock the bootloader too?
Inviato dal mio FRD-L09 utilizzando Tapatalk
djhuzi said:
When i power on the h8, a message appears for restore the device: if i Press vol UP, i enter in a HUAWEI (special) recovery: it tell me to download last update and restore all. But this, lock the bootloader too?
Inviato dal mio FRD-L09 utilizzando Tapatalk
Click to expand...
Click to collapse
If you flash a stock rom on a Nexus it doesn`t lock the bootloader, so my guess with Honor is that it doesn`t lock the bootloader either unless you lock it yourself in fastboot.
djhuzi said:
When i power on the h8, a message appears for restore the device: if i Press vol UP, i enter in a HUAWEI (special) recovery: it tell me to download last update and restore all. But this, lock the bootloader too?
Inviato dal mio FRD-L09 utilizzando Tapatalk
Click to expand...
Click to collapse
Probably won't lock it
XePeleato said:
Because either TWRP decrypts it, or because it isn't really encrypted.
I'd say it's still encrypted.
Click to expand...
Click to collapse
TWRP can not decrypt your internal storage unless you give it the correct password. That means, if you can browse your /data directory in TWRP without having to enter your PIN/password, then your device is definitely not encrypted. The whole point of encryption is that you can not just boot into TWRP and look at your data!
I have the same issue on my Honor 8 and have tried a lot to get the device to encrypt the internal storage. No luck so far, unfortunately.
I don't know if the Honor 8's internal storage was decrypted before unlocking, and I don't see how one could test this (without unlocking
xor2000 said:
TWRP can not decrypt your internal storage unless you give it the correct password. That means, if you can browse your /data directory in TWRP without having to enter your PIN/password, then your device is definitely not encrypted. The whole point of encryption is that you can not just boot into TWRP and look at your data!
I have the same issue on my Honor 8 and have tried a lot to get the device to encrypt the internal storage. No luck so far, unfortunately.
I don't know if the Honor 8's internal storage was decrypted before unlocking, and I don't see how one could test this (without unlocking
Click to expand...
Click to collapse
That's the #1 mistake that people usually make. The device is encrypted, and the password is secret to you, I recommend you not to post such statements without researching a bit into Android's encryption.
Even after unlocking the bootloader, the device remains encrypted because there's a flag at the Fstab that tells vold that the data partition is encrypted, so that has nothing to do with unlocking the bootloader.
For obvious reasons, encryption is handled in such a way that the end user would never realize that it's encrypted.
I don't understand very well english, so Sorry if i reply mistake. After one full update, the smartphone wipe all and lock the bootloader. This because It enable the encryption, and is full stock with recovery stock too. When we go to made root, we need to unlock bootloader: It wipe all and don't enable encryption. For this motivazion, we can install twrp and see all file of primary Memory.
We need to by-pass the wipe when lock-unlock bootloader
Inviato dal mio FRD-L09 utilizzando Tapatalk
XePeleato said:
That's the #1 mistake that people usually make. The device is encrypted, and the password is secret to you, I recommend you not to post such statements without researching a bit into Android's encryption.
Even after unlocking the bootloader, the device remains encrypted because there's a flag at the Fstab that tells vold that the data partition is encrypted, so that has nothing to do with unlocking the bootloader.
For obvious reasons, encryption is handled in such a way that the end user would never realize that it's encrypted.
Click to expand...
Click to collapse
I am not sure I understand what you are trying to say, but if the /data partition is encrypted, the user must enter the password, otherwise it can not be decrypted. The password is either entered during a normal boot (and is usually the same as your lock code, so you will not get prompted twice), or, if you boot into TWRP recovery, you must enter the password in TWRP. I have seen this myself on a Nexus 7.
What I found out meanwhile is that SuperSU is in fact patching the /fstab so that encryption is no longer enforced after a wipe of the /data partiton. I am still struggling to re-enable it.
---------- Post added at 01:14 AM ---------- Previous post was at 01:09 AM ----------
djhuzi said:
I don't understand very well english, so Sorry if i reply mistake. After one full update, the smartphone wipe all and lock the bootloader. This because It enable the encryption, and is full stock with recovery stock too. When we go to made root, we need to unlock bootloader: It wipe all and don't enable encryption. For this motivazion, we can install twrp and see all file of primary Memory.
We need to by-pass the wipe when lock-unlock bootloader
Inviato dal mio FRD-L09 utilizzando Tapatalk
Click to expand...
Click to collapse
In fact, I found that SuperSU is patching the /fstab to remove forced encryption.
What I am currently trying is: to change the "encryptable" flag in /fstab back to "forceencrypt", then wipe /data in the hope that Android will again encrypt the /data partition. It does not work on my Honor 8 though.
aah, ok.. So we need other support about.. Thank you anyway for the work you made If there are news, post here!!
djhuzi said:
aah, ok.. So we need other support about.. Thank you anyway for the work you made If there are news, post here!!
Click to expand...
Click to collapse
If you are interested, I have posted my findings here: http://forum.xda-developers.com/honor-8/help/internal-storage-encryption-t3452737/post69689317#post69689317
Related
Hi everyone. As an obsessed flasher from my old HTC one 7 i couldnt wait much longer to unlock and root my beloved Nexus 6P.
I have a few questions as i keep seeing the words encrypted and decrypted flying around alot. I understand what encryption is, and what it is there for. What i don't understand is how to know when my phone is encrypted or not. For example, i have unlocked, flashed mod boot img. and then had to factory reset my phone to flash TWRP 2.7.8.1 ( which said decryption not needed) i then installed SuperSU for root. I have read that factory reset can remove decryption... but i have no idea how to check.
Do i need to re-encrypt my device, if so, how do i do this? Will encryption stop root or make TWRP not work properly in regards to flashing and backups.? Can i install custom kernels with a decrypted device or again shall i re-encrypt it?
I also see a screen when entering recovery and rebooting phone "Your device software cannot be checked for corruption, please lock bootloader". Is this normal or have i done something wrong?
Thanks in advance for your help!
so ive managed to find out that the message when in recovery or rebooting is normal for marshmallow. Can anyone help me in terms of the encyrption/decryption issue please?
Disclaimer: I have done these steps multiple times and haven't come across any issues
Read All Step carefully. Any issues or damage to your phone that occurs while doing this I am not responsible.
If TWRP asks you for Password to decrypt data & maybe you have important data in you device, So you can't format data.
Follow these steps:
1. Download the OxygenOS full zip file (tested on 4.0.1 & above)
2. Open TWRP.
3. When It asks for password, cancel it.
4. Click "Read Only" button.
5. Install the OxygenOS zip file.
6. Reboot.
7. The OS may misbehave.
8. Open TWRP again. & Boom! No encryption password.
9. Connect to PC and copy the Important data.
10. Flash Any ROM now.
Thanks!
Recently I had to type in the password but I didn't know that it is possible to bypass it with this...
svandasek said:
Thanks!
Recently I had to type in the password but I didn't know that it is possible to bypass it with this...
Click to expand...
Click to collapse
Glad it helped you
ah.... if i only knew :crying:
That's good from a data recovery point of view... but it just sucks from a security point of view.
Not sure if I should be happy or concerned
TWRP Encryption ByPass
maddler said:
That's good from a data recovery point of view... but it just sucks from a security point of view.
Not sure if I should be happy or concerned
Click to expand...
Click to collapse
Agree .... that seems like a gaping security vulnerability. :-/
maddler said:
That's good from a data recovery point of view... but it just sucks from a security point of view.
Not sure if I should be happy or concerned
Click to expand...
Click to collapse
There's no need to be concerned (about this, specifically).
tk8lm6 said:
Agree .... that seems like a gaping security vulnerability. :-/
Click to expand...
Click to collapse
Actually, this is a case where this device is more secure than previous devices. The encryption key for your user data is divided into two parts. First is the part you type in when booting. The other half is stored in the "secure element" (TrustZone) inside the processor, and is unique to your phone. How the OP3 improves this is that it actually stores two versions of the device-specific key. One is used when the system is trusted (the kernel is signed and dm-verity passes), and the other is used when it is untrusted. This is part of what wipes your data when you unlock the bootloader. The security benefit comes from the SoC locking down the encryption keys when verification fails. Going back to the stock ROM causes all of the verification to pass, and the keys stored in the TrustZone are allowed to unlock your data partition.
On the other hand, if this allows you to bypass manually-enabled encryption, that would be a major security problem.
What interests me is that installing OOS should replace TWRP with the stock recovery image, but this appears not to have happened. Or did you have to flash TWRP again from fastboot after booting into OOS?
smaeul said:
There's no need to be concerned (about this, specifically).
Actually, this is a case where this device is more secure than previous devices. The encryption key for your user data is divided into two parts. First is the part you type in when booting. The other half is stored in the "secure element" (TrustZone) inside the processor, and is unique to your phone. How the OP3 improves this is that it actually stores two versions of the device-specific key. One is used when the system is trusted (the kernel is signed and dm-verity passes), and the other is used when it is untrusted. This is part of what wipes your data when you unlock the bootloader. The security benefit comes from the SoC locking down the encryption keys when verification fails. Going back to the stock ROM causes all of the verification to pass, and the keys stored in the TrustZone are allowed to unlock your data partition.
On the other hand, if this allows you to bypass manually-enabled encryption, that would be a major security problem.
What interests me is that installing OOS should replace TWRP with the stock recovery image, but this appears not to have happened. Or did you have to flash TWRP again from fastboot after booting into OOS?
Click to expand...
Click to collapse
No arguing that previous versions were less secure. But, still, as long as there's a way to bypass encryption that's a security failure.
Encrypted data shouldn't be made available unless proper key(s) or passwords have been provided.
If that's the way that's meant to work, then that's flawed by design.
smaeul said:
There's no need to be concerned (about this, specifically).
Actually, this is a case where this device is more secure than previous devices. The encryption key for your user data is divided into two parts. First is the part you type in when booting. The other half is stored in the "secure element" (TrustZone) inside the processor, and is unique to your phone. How the OP3 improves this is that it actually stores two versions of the device-specific key. One is used when the system is trusted (the kernel is signed and dm-verity passes), and the other is used when it is untrusted. This is part of what wipes your data when you unlock the bootloader. The security benefit comes from the SoC locking down the encryption keys when verification fails. Going back to the stock ROM causes all of the verification to pass, and the keys stored in the TrustZone are allowed to unlock your data partition.
On the other hand, if this allows you to bypass manually-enabled encryption, that would be a major security problem.
What interests me is that installing OOS should replace TWRP with the stock recovery image, but this appears not to have happened. Or did you have to flash TWRP again from fastboot after booting into OOS?
Click to expand...
Click to collapse
I've tried many times. OOS replaces TWRP only on CLEAN Instal for me.
hey guys, i tried to flash oos 5.0 zip, before that i was on another rom. wiped data, system, cache and flashed oos 5.0. and now internal storage is encrypted. how do i flash the zip in twrp now?
manchitro said:
hey guys, i tried to flash oos 5.0 zip, before that i was on another rom. wiped data, system, cache and flashed oos 5.0. and now internal storage is encrypted. how do i flash the zip in twrp now?
Click to expand...
Click to collapse
Just flash it.
Wait, are you saying by just installing a zip, the encrypion hardware pass is gone? WTF.. Is such "hack" available on other devices? Xiaomi redmi(s) for example?
hey i am not able to see any of my files or the zip itself within? is there anything to resolve that?
i can boot into os but for whatever reason cant get to twrp. i have the backup .imgs on my pc now too can i sideload a restore?
im stuck not able to get twrp to see any of my storage and i cant get into twrp twice in a row, so if i fastboot and flash twrp thru adb and then boot into twrp, it asks me for the password, if i hit cancel it just shows 0 storage. ive tried to go to adb sideload but it just sits there. I have the backup i made thru twrp before trying to update.
SourPower said:
hey i am not able to see any of my files or the zip itself within? is there anything to resolve that?
i can boot into os but for whatever reason cant get to twrp. i have the backup .imgs on my pc now too can i sideload a restore?
im stuck not able to get twrp to see any of my storage and i cant get into twrp twice in a row, so if i fastboot and flash twrp thru adb and then boot into twrp, it asks me for the password, if i hit cancel it just shows 0 storage. ive tried to go to adb sideload but it just sits there. I have the backup i made thru twrp before trying to update.
Click to expand...
Click to collapse
Yeah same issue here, as soon as I go in twrp and can't type the password, I can't access my files which is expected behavior, so I don't understand how you can access the file to flash from twrp.
Can someone detail please?
---------- Post added at 07:06 PM ---------- Previous post was at 06:40 PM ----------
Actually I just found a way out to get to previous twrp version, and all is back to normal
From your running ROM, you can download the application twrp (root needed oc)
Then you can use it to flash recovery.
I always keep former version file so I could revert to bluspark twrp that was working before. All worked as expected!
Still not solving the encryption password issue when flashing new recent twrp..
Android 10 Encryption / Security Issue - ADB Encryption Bypass?
rahulrs0029 said:
Disclaimer: I have done these steps multiple times and haven't come across any issues
Read All Step carefully. Any issues or damage to your phone that occurs while doing this I am not responsible.
If TWRP asks you for Password to decrypt data & maybe you have important data in you device, So you can't format data.
Follow these steps:
1. Download the OxygenOS full zip file (tested on 4.0.1 & above)
2. Open TWRP.
3. When It asks for password, cancel it.
4. Click "Read Only" button.
5. Install the OxygenOS zip file.
6. Reboot.
7. The OS may misbehave.
8. Open TWRP again. & Boom! No encryption password.
9. Connect to PC and copy the Important data.
10. Flash Any ROM now.
Click to expand...
Click to collapse
Does this only affect the TWRP -encryption, because when you set your lockscreen password (for the auto-encrypted userdata partition in Android 10, for example) the data can't be decrypted without this password..?
I have discovered another security issue however on a rooted device:
On my Magisk-rooted and encrypted Note 10+/Exynos (Android 10) I just found out, that the userdata (data/data ) partition is UNENCRYPTED and fully readable when viewed with an ADB viewer from my PC although the device is in lockscreen mode / locked!
This doesn't happen after reboot before the first unlock! After the device has been unlocked, accessed via ADB and re-locked (but not rebooted) it is (still) unencrypted, even after rebooting the PC!
Here the lockscreen password would not make much sense at every screenlock - it just unlocks the screen which can be bypassed and all data can be read via ADB anyway - it would only make sense once at boot. Is there a way to have two passwords (1 at boot and an easier one at screenlock) for example?
Is this issue related to Magisk? And can it be fixed?
monicaONxda said:
Does this only affect the TWRP -encryption, because when you set your lockscreen password (for the auto-encrypted userdata partition in Android 10, for example) the data can't be decrypted without this password..?
I have discovered another security issue however on a rooted device:
On my Magisk-rooted and encrypted Note 10+/Exynos (Android 10) I just found out, that the userdata (data/data ) partition is UNENCRYPTED and fully readable when viewed with an ADB viewer from my PC although the device is in lockscreen mode / locked!
This doesn't happen after reboot before the first unlock! After the device has been unlocked, accessed via ADB and re-locked (but not rebooted) it is (still) unencrypted, even after rebooting the PC!
Here the lockscreen password would not make much sense at every screenlock - it just unlocks the screen which can be bypassed and all data can be read via ADB anyway - it would only make sense once at boot. Is there a way to have two passwords (1 at boot and an easier one at screenlock) for example?
Is this issue related to Magisk? And can it be fixed?
Click to expand...
Click to collapse
Anyone with thoughts on this...?
monicaONxda said:
Anyone with thoughts on this...?
Click to expand...
Click to collapse
There are two, separate passwords. One for the encryption and one for the lock screen. And they don't have to be the same.
If you remove the encryption by formatting /data and then boot up on stock OOS, it will encrypt /data with a default password. TWRP can decrypt /data because it knows the default password that's used.
When you set the lock screen password you have the option to set the encryption password to be the same or not.
So, you could set the lock screen and encryption password to be something and then change the lock screen password only to be something different.
ADB can only access /data after it has been decrypted, ie the phone has booted up. But only if: 1. ADB is enabled, 2. You have given permission on your phone to trust the PC connecting to the phone.
So, there's no back doors here. If you have set an encryption password, you can't access the data without having entered the password. And you can't access the phone data without entering the lock screen password. And you can't access the data via ADB unless you have given the specific PC permission from your phone.
Of course, if you use the default encryption password and have TWRP installed, you might just as well not have a password at all. But that's up too you.
Sent from my OnePlus 3T using XDA Labs
BillGoss said:
When you set the lock screen password you have the option to set the encryption password to be the same or not.
So, you could set the lock screen and encryption password to be something and then change the lock screen password only to be something different.
Click to expand...
Click to collapse
For which roms is this working? I guess this behaviour is rom spefic. E.g. for all lineageos 15.1 and 16.0 roms and all roms based on tje same code base, the above procedure (setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password".
The only way I know of to get a seperate passphrase for boot and lockscreen on los15, los16 and roms based on these is this:
https://forum.xda-developers.com/on...eplus-3-3t-t3866517/post80390263#post80390263
nvertigo67 said:
For which roms is this working? I guess this behaviour is rom spefic. E.g. for all lineageos 15.1 and 16.0 roms and all roms based on tje same code base, the above procedure (setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password".
The only way I know of to get a seperate passphrase for boot and lockscreen on los15, los16 and roms based on these is this:
https://forum.xda-developers.com/on...eplus-3-3t-t3866517/post80390263#post80390263
Click to expand...
Click to collapse
'setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password"' - Ah, sorry, I didn't realise that. I was saying this based on what I had done on another phone.
Sent from my OnePlus 3T using XDA Labs
BillGoss said:
'setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password"' - Ah, sorry, I didn't realise that. I was saying this based on what I had done on another phone.
Sent from my OnePlus 3T using XDA Labs
Click to expand...
Click to collapse
I'm pretty sure this behavior is rom dependent and not device dependent. E.g.: in los14 and early los15 builds the user was able to set lockscreen passphrase and boot passphrase seperately from rom's settings. This has been removed from aosp (officially because of "security concerns"; but I guess these "concerns" has been too many users with too less knowledge have locked up the boot process).
For me the cryptfs cli is perfectly ok, for the average user the behaviour you've expirienced may feel more comfortable. But the longer I think about, the more I like the seperate setting... YMMV.
Good evening,
I have the following situation in TWRP:
1. I have waited 7 days to release the OEM.
2. After that I installed TWRP via ODIN, and logged into Recovery.
3. As usual the DATA folder was unavailable (Encrypted) and had to do FORMAT DATA, placing yes, etc ....
4. After that I was able to access, I installed Magisk and RMM STATE.
*********I also tested using SuperSu, NO-VERITY, and RMM STATE, and the same thing happened.
5. Everything wonderful, I accessed the system, the OEM remains unlocked, in the download mode has no PRE NORMAL, I can access ROOT softwares a marvel.
6. But here comes the problem, whenever I enter the TWRP it is with the DATA folder unavailable, that is, I have to redo FORMAT DATA.
7. If you do FORMAT, it restarts the procedure from the beginning.
The version of TWRP that I use is correct, the ROM is last STOCK Brazil ZTO.
I have no idea what to do.
Link to TWRP I'm downloading
https://twrp.me/samsung/samsunggalaxys8.html
I read the link below the information below, it would have some connection with the problem:
This device uses dm-verity!
This means that if you allow the system to be modified, it will prevent you from being able to boot if you are using the kernel stock. In order to bypass dm-verity's boot prevention, you will have to install a kernel that has disabled dm-verity in the fstab.
Problem solved through link:
https://forum.xda-developers.com/ga...-twrp-oreo-t3769254/post76036701#post76036701
You are asking for help, and it just so happens that there is a forum meant specifically for that.
SirSoviet said:
You are asking for help, and it just so happens that there is a forum meant specifically for that.
Click to expand...
Click to collapse
Good afternoon.
Would you link to it?
'Cause I thought I'd go in with recovery.
I have tested everything I read in the forum and it is not right.
Problem solved through link:
https://forum.xda-developers.com/ga...-twrp-oreo-t3769254/post76036701#post76036701
Just bought a new Xiaomi mi 6T device. My previous phone was a Sony Xperia m6. To unlock the bootloader and get root access was a bit of a pain on the latter. I remember having to backup a ta-partition to secure my DRM-keys.
Wanting to unlock the bootloader on this device I couldn't find any information about backing up and restoring a certain partition to secure the DRM-keys. What I did find was this post on the mi community forum about how unlocking the bootloader results in the widevine beïng downgraded from L1 to L3 (read the post for further details. The only way to reverse that process is to relock the bootloader again according to the the information I found.
So this is my question: Is there a way to keep the widevine L1 version, with better HDR performances, with an unlocked bootloader by backing up and restoring any data or partition on the phone that is responsible for widevine or other DRM content?
Medeon said:
Just bought a new Xiaomi mi 6T device. My previous phone was a Sony Xperia m6. To unlock the bootloader and get root access was a bit of a pain on the latter. I remember having to backup a ta-partition to secure my DRM-keys.
Wanting to unlock the bootloader on this device I couldn't find any information about backing up and restoring a certain partition to secure the DRM-keys. What I did find was this post on the mi community forum about how unlocking the bootloader results in the widevine beïng downgraded from L1 to L3 (read the post for further details. The only way to reverse that process is to relock the bootloader again according to the the information I found.
So this is my question: Is there a way to keep the widevine L1 version, with better HDR performances, with an unlocked bootloader by backing up and restoring any data or partition on the phone that is responsible for widevine or other DRM content?
Click to expand...
Click to collapse
No, you don't loose L1. You don't need to backup anything. You will allways have L1 with the official roms (global/eea) and L3 with all other at the moment including china official, xiaomi.eu and all forks.
e.g:
I have L1 with global rom, unlocked BL and magisk.
fabsen said:
No, you don't loose L1. You don't need to backup anything. You will allways have L1 with the official roms (global/eea) and L3 with all other at the moment including china official, xiaomi.eu and all forks.
e.g:
I have L1 with global rom, unlocked BL and magisk.
Click to expand...
Click to collapse
Thank you very much for confirming this, that's a huge relief! I also just found out about it reading this article.
Medeon said:
Thank you very much for confirming this, that's a huge relief! I also just found out about it reading this article.
Click to expand...
Click to collapse
I'm unlock and rooted, on L1, but u can't install Netflix from play store, so no full HD
I kinda anticipated that, since when you root your device with magisk, Android prevents you from installing Netflix. Which is no problem in my case, since I only watch Netflix on my television or Pc. You can watch Netflix though on an unlocked device if don't root your devices, isn't it?
I just installed magisk and remains L1. Just that the app doesn't appear on play store. Sideloeaded and got hdr working just fine.
i think only SONY has this problem with drm keys and widevine l1..if you unlock the bootloader of any SONY mobile said goodbye to this keys.And the hdr of the camera i think..
I only recommend that you back up the persist partition with TWRP if you are going to change the ROM on the Mi 9T. Some ROMs try to damage this partition and if it does you will Widevine L1 forever as I lost it
LeonardoBordin said:
I only recommend that you back up the persist partition with TWRP if you are going to change the ROM on the Mi 9T. Some ROMs try to damage this partition and if it does you will Widevine L1 forever as I lost it
Click to expand...
Click to collapse
Using OrangeFox and there is no checkmark to include Persist to Backup - screenshot attached.
I think it was the same with the official TWRP.
Which TWRP offers to backup Persist?
Btw, I was able to disk-dump Persist:
https://forum.xda-developers.com/mi-9t/how-to/to-extract-stock-boot-recovery-images-t4058447
But read somewhere (cannot find now and didn't try) that Persist.img cannot be flashed through Fastboot (?)
Medeon said:
Just bought a new Xiaomi mi 6T device. My previous phone was a Sony Xperia m6. To unlock the bootloader and get root access was a bit of a pain on the latter. I remember having to backup a ta-partition to secure my DRM-keys.
Wanting to unlock the bootloader on this device I couldn't find any information about backing up and restoring a certain partition to secure the DRM-keys. What I did find was this post on the mi community forum about how unlocking the bootloader results in the widevine beïng downgraded from L1 to L3 (read the post for further details. The only way to reverse that process is to relock the bootloader again according to the the information I found.
So this is my question: Is there a way to keep the widevine L1 version, with better HDR performances, with an unlocked bootloader by backing up and restoring any data or partition on the phone that is responsible for widevine or other DRM content?
Click to expand...
Click to collapse
No, but you will lose the safeties that could lead in to a persist partition corrupted.
Backup your persist partition and store this backup OUT of the phone, on a cloud or a PC.
Pupet_Master said:
No, but you will lose the safeties that could lead in to a persist partition corrupted.
Backup your persist partition and store this backup OUT of the phone, on a cloud or a PC.
Click to expand...
Click to collapse
The same question that was in the preceeding post:
Using OrangeFox and there is no checkmark to include Persist to Backup .
I think it was the same with the official TWRP
Which TWRP offers to backup Persist?
Btw, I was able to disk-dump Persist:
https://forum.xda-developers.com/mi-9t/how-to/to-extract-stock-boot-recovery-images-t4058447
But read somewhere (cannot find now and didn't try) that Persist.img cannot be flashed through Fastboot (?)
zgfg said:
The same question that was in the preceeding post:
Using OrangeFox and there is no checkmark to include Persist to Backup .
I think it was the same with the official TWRP
Which TWRP offers to backup Persist?
Btw, I was able to disk-dump Persist:
https://forum.xda-developers.com/mi-9t/how-to/to-extract-stock-boot-recovery-images-t4058447
But read somewhere (cannot find now and didn't try) that Persist.img cannot be flashed through Fastboot (?)
Click to expand...
Click to collapse
The chinese team TWRP
Pupet_Master said:
The chinese team TWRP
Click to expand...
Click to collapse
Pls link for that TWRP
Andd a question, official TWRP and OtangeFox properly support encryption - it is not needed to format Data, jus each time on booting to TWRPt to enter the current Android screen unlock pin/pass and they rrad/write to Internal storage
Is it also the case with the Chineer TWRP?
zgfg said:
Pls link for that TWRP
Andd a question, official TWRP and OtangeFox properly support encryption - it is not needed to format Data, jus each time on booting to TWRPt to enter the current Android screen unlock pin/pass and they rrad/write to Internal storage
Is it also the case with the Chineer TWRP?
Click to expand...
Click to collapse
If you will flash ANY different ROM, you NEED to format. since the ROM wont be able to access a encrypted data partition from another ROM/Encryption key.
Also, you can do a forum search for the chinese TWRP, i don't have the link
Good luck.
Pupet_Master said:
If you will flash ANY different ROM, you NEED to format. since the ROM wont be able to access a encrypted data partition from another ROM/Encryption key.
Also, you can do a forum search for the chinese TWRP, i don't have the link
Good luck.
Click to expand...
Click to collapse
Im absolutely not interested in custom ROMs (I only do rooting of the stock, and for that, as well as for official TWRP ahd OrangeFox, no kind of forkatting any partition is needed)
However, I have asked about Persist partitions just in case
Good luck
zgfg said:
Im absolutely not interested in custom ROMs (I only do rooting of the stock, and for that, as well as for official TWRP ahd OrangeFox, no kind of forkatting any partition is needed)
However, I have asked about Persist partitions just in case
Good luck
Click to expand...
Click to collapse
If you install stock MIUI but from a zip, such as xiaomi.eu is is a custom rom..
Stock is just what come with the phone.
Pupet_Master said:
If you install stock MIUI but from a zip, such as xiaomi.eu is is a custom rom..
Stock is just what come with the phone.
Click to expand...
Click to collapse
Tthank for teaching but I know what the stockk means
My Mi 9T came with v10.3.12 PFJEUXM, updated by OTA to v11.0.3 PFJEUXM and then again by OTA to v11.0.4 QFJEUXM.
Alll syock firmwares, no eu weekly ROMs and no AOSP ROMs (only debloating by ADB, twrp.me davincii TWRP, OranfeFox, Canary Magisk root and modules)
Instead of this OT discussion, I still did not get answers for sone originally asked questions but please nwm(for example about flashing from Fastboot the disk-dumped Persist.img)
Good luck and goodbye
zgfg said:
Tthank for teaching but I know what the stockk means
My Mi 9T came with v10.3.12 PFJEUXM, updated by OTA to v11.0.3 PFJEUXM and then again by OTA to v11.0.4 QFJEUXM.
Alll syock firmwares, no eu weekly ROMs and no AOSP ROMs (only debloating by ADB, twrp.me davincii TWRP, OranfeFox, Canary Magisk root and modules)
Instead of this OT discussion, I still did not get answers for sone originally asked questions but please nwm(for example about flashing from Fastboot the disk-dumped Persist.img)
Good luck and goodbye
Click to expand...
Click to collapse
fastboot a disk dump persist.img will cause you to lose DRM, i did it my self and i lost.
Pupet_Master said:
fastboot a disk dump persist.img will cause you to lose DRM, i did it my self and i lost.
Click to expand...
Click to collapse
What about
Code:
dd if=/dev/block/bootdevice/by-name/persist of=/sdcard/persist.img
to backup and
Code:
dd if=/sdcard/persist.img of=/dev/block/bootdevice/by-name/persist
to restore?
That's how I did it with my Moto G5+. Later the official TWRP recovery for that device had checkmarks for persist and efs too.
Edit: Sorry,I've seen that @zgfg posted that method so follow his steps:
https://forum.xda-developers.com/mi...ck-boot-recovery-images-t4058447/post81871363
Sent from my Moto G5 Plus using XDA Labs
You will lose DRM even with "dd" to restore (tested on Mi Mix 3 5G)
Hi, i have problem.
Now i have K20, unlocked, xiaomi eu rom, miui 11 dev. How to have encrypted memory. In setting it writes ncrypt, but it is not encrypted. How to encrypt phone memomy on android 10?
dromaczek said:
Hi, i have problem.
Now i have K20, unlocked, xiaomi eu rom, miui 11 dev. How to have encrypted memory. In setting it writes ncrypt, but it is not encrypted. How to encrypt phone memomy on android 10?
Click to expand...
Click to collapse
flash latest 9.11.7 eu rom dirty mode. but change twrp for new 1109 release and you get encrypted at install.
you can install rom with your today twrp and flash 1109 after.
1109 twrp is at twrp page here at XDA
lolo9393 said:
flash latest 9.11.7 eu rom dirty mode. but change twrp for new 1109 release and you get encrypted at install.
you can install rom with your today twrp and flash 1109 after.
1109 twrp is at twrp page here at XDA
Click to expand...
Click to collapse
Doesn help, cause on TWRP i could have acces to all photos without password
dromaczek said:
Doesn help, cause on TWRP i could have acces to all photos without password
Click to expand...
Click to collapse
You need a TWRP version that don't ignore the encryption
Pupet_Master said:
You need a TWRP version that don't ignore the encryption
Click to expand...
Click to collapse
But if someone stole my phone, he ould use twrp which ignore enrytion and has my photos, i dont like this scenario
dromaczek said:
But if someone stole my phone, he ould use twrp which ignore enrytion and has my photos, i dont like this scenario
Click to expand...
Click to collapse
No, if you use a TWRP that don't ignore encryption and the phone is encrypted, far as i know there is no way to decrypt without format.
All depends if you encrypt it with the right twrp
In the lastcase, try the beta of orange fox and set a password there
dromaczek said:
Doesn help, cause on TWRP i could have acces to all photos without password
Click to expand...
Click to collapse
That's 1109 release is able to well encrypt.
You are prompted at twrp interface to enter the pw pin in order to decrpyt the rom and enter in all TWRP feature.
That's the way it must work to protect your data.
---------- Post added at 02:58 AM ---------- Previous post was at 02:52 AM ----------
Pupet_Master said:
No, if you use a TWRP that don't ignore encryption and the phone is encrypted, far as i know there is no way to decrypt without format.
All depends if you encrypt it with the right twrp
In the lastcase, try the beta of orange fox and set a password there
Click to expand...
Click to collapse
Just as talk. I do not see OrangeFox TWRP official and validated release yet.
And if I well remenber, the pin pw protection it offered was just blocking twrp access but not decryption. It was so easy to install or boot any other TWRP to bypass it.
lolo9393 said:
That's 1109 release is able to well encrypt.
You are prompted at twrp interface to enter the pw pin in order to decrpyt the rom and enter in all TWRP feature.
That's the way it must work to protect your data.
---------- Post added at 02:58 AM ---------- Previous post was at 02:52 AM ----------
Just as talk. I do not see OrangeFox TWRP official and validated release yet.
And if I well remenber, the pin pw protection it offered was just blocking twrp access but not decryption. It was so easy to install or boot any other TWRP to bypass it.
Click to expand...
Click to collapse
Enjoy..
https://drive.google.com/open?id=1Sh-6ddfSOIL0e9V9gDmxFNljKw2sX08s