Disclaimer: I have done these steps multiple times and haven't come across any issues
Read All Step carefully. Any issues or damage to your phone that occurs while doing this I am not responsible.
If TWRP asks you for Password to decrypt data & maybe you have important data in you device, So you can't format data.
Follow these steps:
1. Download the OxygenOS full zip file (tested on 4.0.1 & above)
2. Open TWRP.
3. When It asks for password, cancel it.
4. Click "Read Only" button.
5. Install the OxygenOS zip file.
6. Reboot.
7. The OS may misbehave.
8. Open TWRP again. & Boom! No encryption password.
9. Connect to PC and copy the Important data.
10. Flash Any ROM now.
Thanks!
Recently I had to type in the password but I didn't know that it is possible to bypass it with this...
svandasek said:
Thanks!
Recently I had to type in the password but I didn't know that it is possible to bypass it with this...
Click to expand...
Click to collapse
Glad it helped you
ah.... if i only knew :crying:
That's good from a data recovery point of view... but it just sucks from a security point of view.
Not sure if I should be happy or concerned
TWRP Encryption ByPass
maddler said:
That's good from a data recovery point of view... but it just sucks from a security point of view.
Not sure if I should be happy or concerned
Click to expand...
Click to collapse
Agree .... that seems like a gaping security vulnerability. :-/
maddler said:
That's good from a data recovery point of view... but it just sucks from a security point of view.
Not sure if I should be happy or concerned
Click to expand...
Click to collapse
There's no need to be concerned (about this, specifically).
tk8lm6 said:
Agree .... that seems like a gaping security vulnerability. :-/
Click to expand...
Click to collapse
Actually, this is a case where this device is more secure than previous devices. The encryption key for your user data is divided into two parts. First is the part you type in when booting. The other half is stored in the "secure element" (TrustZone) inside the processor, and is unique to your phone. How the OP3 improves this is that it actually stores two versions of the device-specific key. One is used when the system is trusted (the kernel is signed and dm-verity passes), and the other is used when it is untrusted. This is part of what wipes your data when you unlock the bootloader. The security benefit comes from the SoC locking down the encryption keys when verification fails. Going back to the stock ROM causes all of the verification to pass, and the keys stored in the TrustZone are allowed to unlock your data partition.
On the other hand, if this allows you to bypass manually-enabled encryption, that would be a major security problem.
What interests me is that installing OOS should replace TWRP with the stock recovery image, but this appears not to have happened. Or did you have to flash TWRP again from fastboot after booting into OOS?
smaeul said:
There's no need to be concerned (about this, specifically).
Actually, this is a case where this device is more secure than previous devices. The encryption key for your user data is divided into two parts. First is the part you type in when booting. The other half is stored in the "secure element" (TrustZone) inside the processor, and is unique to your phone. How the OP3 improves this is that it actually stores two versions of the device-specific key. One is used when the system is trusted (the kernel is signed and dm-verity passes), and the other is used when it is untrusted. This is part of what wipes your data when you unlock the bootloader. The security benefit comes from the SoC locking down the encryption keys when verification fails. Going back to the stock ROM causes all of the verification to pass, and the keys stored in the TrustZone are allowed to unlock your data partition.
On the other hand, if this allows you to bypass manually-enabled encryption, that would be a major security problem.
What interests me is that installing OOS should replace TWRP with the stock recovery image, but this appears not to have happened. Or did you have to flash TWRP again from fastboot after booting into OOS?
Click to expand...
Click to collapse
No arguing that previous versions were less secure. But, still, as long as there's a way to bypass encryption that's a security failure.
Encrypted data shouldn't be made available unless proper key(s) or passwords have been provided.
If that's the way that's meant to work, then that's flawed by design.
smaeul said:
There's no need to be concerned (about this, specifically).
Actually, this is a case where this device is more secure than previous devices. The encryption key for your user data is divided into two parts. First is the part you type in when booting. The other half is stored in the "secure element" (TrustZone) inside the processor, and is unique to your phone. How the OP3 improves this is that it actually stores two versions of the device-specific key. One is used when the system is trusted (the kernel is signed and dm-verity passes), and the other is used when it is untrusted. This is part of what wipes your data when you unlock the bootloader. The security benefit comes from the SoC locking down the encryption keys when verification fails. Going back to the stock ROM causes all of the verification to pass, and the keys stored in the TrustZone are allowed to unlock your data partition.
On the other hand, if this allows you to bypass manually-enabled encryption, that would be a major security problem.
What interests me is that installing OOS should replace TWRP with the stock recovery image, but this appears not to have happened. Or did you have to flash TWRP again from fastboot after booting into OOS?
Click to expand...
Click to collapse
I've tried many times. OOS replaces TWRP only on CLEAN Instal for me.
hey guys, i tried to flash oos 5.0 zip, before that i was on another rom. wiped data, system, cache and flashed oos 5.0. and now internal storage is encrypted. how do i flash the zip in twrp now?
manchitro said:
hey guys, i tried to flash oos 5.0 zip, before that i was on another rom. wiped data, system, cache and flashed oos 5.0. and now internal storage is encrypted. how do i flash the zip in twrp now?
Click to expand...
Click to collapse
Just flash it.
Wait, are you saying by just installing a zip, the encrypion hardware pass is gone? WTF.. Is such "hack" available on other devices? Xiaomi redmi(s) for example?
hey i am not able to see any of my files or the zip itself within? is there anything to resolve that?
i can boot into os but for whatever reason cant get to twrp. i have the backup .imgs on my pc now too can i sideload a restore?
im stuck not able to get twrp to see any of my storage and i cant get into twrp twice in a row, so if i fastboot and flash twrp thru adb and then boot into twrp, it asks me for the password, if i hit cancel it just shows 0 storage. ive tried to go to adb sideload but it just sits there. I have the backup i made thru twrp before trying to update.
SourPower said:
hey i am not able to see any of my files or the zip itself within? is there anything to resolve that?
i can boot into os but for whatever reason cant get to twrp. i have the backup .imgs on my pc now too can i sideload a restore?
im stuck not able to get twrp to see any of my storage and i cant get into twrp twice in a row, so if i fastboot and flash twrp thru adb and then boot into twrp, it asks me for the password, if i hit cancel it just shows 0 storage. ive tried to go to adb sideload but it just sits there. I have the backup i made thru twrp before trying to update.
Click to expand...
Click to collapse
Yeah same issue here, as soon as I go in twrp and can't type the password, I can't access my files which is expected behavior, so I don't understand how you can access the file to flash from twrp.
Can someone detail please?
---------- Post added at 07:06 PM ---------- Previous post was at 06:40 PM ----------
Actually I just found a way out to get to previous twrp version, and all is back to normal
From your running ROM, you can download the application twrp (root needed oc)
Then you can use it to flash recovery.
I always keep former version file so I could revert to bluspark twrp that was working before. All worked as expected!
Still not solving the encryption password issue when flashing new recent twrp..
Android 10 Encryption / Security Issue - ADB Encryption Bypass?
rahulrs0029 said:
Disclaimer: I have done these steps multiple times and haven't come across any issues
Read All Step carefully. Any issues or damage to your phone that occurs while doing this I am not responsible.
If TWRP asks you for Password to decrypt data & maybe you have important data in you device, So you can't format data.
Follow these steps:
1. Download the OxygenOS full zip file (tested on 4.0.1 & above)
2. Open TWRP.
3. When It asks for password, cancel it.
4. Click "Read Only" button.
5. Install the OxygenOS zip file.
6. Reboot.
7. The OS may misbehave.
8. Open TWRP again. & Boom! No encryption password.
9. Connect to PC and copy the Important data.
10. Flash Any ROM now.
Click to expand...
Click to collapse
Does this only affect the TWRP -encryption, because when you set your lockscreen password (for the auto-encrypted userdata partition in Android 10, for example) the data can't be decrypted without this password..?
I have discovered another security issue however on a rooted device:
On my Magisk-rooted and encrypted Note 10+/Exynos (Android 10) I just found out, that the userdata (data/data ) partition is UNENCRYPTED and fully readable when viewed with an ADB viewer from my PC although the device is in lockscreen mode / locked!
This doesn't happen after reboot before the first unlock! After the device has been unlocked, accessed via ADB and re-locked (but not rebooted) it is (still) unencrypted, even after rebooting the PC!
Here the lockscreen password would not make much sense at every screenlock - it just unlocks the screen which can be bypassed and all data can be read via ADB anyway - it would only make sense once at boot. Is there a way to have two passwords (1 at boot and an easier one at screenlock) for example?
Is this issue related to Magisk? And can it be fixed?
monicaONxda said:
Does this only affect the TWRP -encryption, because when you set your lockscreen password (for the auto-encrypted userdata partition in Android 10, for example) the data can't be decrypted without this password..?
I have discovered another security issue however on a rooted device:
On my Magisk-rooted and encrypted Note 10+/Exynos (Android 10) I just found out, that the userdata (data/data ) partition is UNENCRYPTED and fully readable when viewed with an ADB viewer from my PC although the device is in lockscreen mode / locked!
This doesn't happen after reboot before the first unlock! After the device has been unlocked, accessed via ADB and re-locked (but not rebooted) it is (still) unencrypted, even after rebooting the PC!
Here the lockscreen password would not make much sense at every screenlock - it just unlocks the screen which can be bypassed and all data can be read via ADB anyway - it would only make sense once at boot. Is there a way to have two passwords (1 at boot and an easier one at screenlock) for example?
Is this issue related to Magisk? And can it be fixed?
Click to expand...
Click to collapse
Anyone with thoughts on this...?
monicaONxda said:
Anyone with thoughts on this...?
Click to expand...
Click to collapse
There are two, separate passwords. One for the encryption and one for the lock screen. And they don't have to be the same.
If you remove the encryption by formatting /data and then boot up on stock OOS, it will encrypt /data with a default password. TWRP can decrypt /data because it knows the default password that's used.
When you set the lock screen password you have the option to set the encryption password to be the same or not.
So, you could set the lock screen and encryption password to be something and then change the lock screen password only to be something different.
ADB can only access /data after it has been decrypted, ie the phone has booted up. But only if: 1. ADB is enabled, 2. You have given permission on your phone to trust the PC connecting to the phone.
So, there's no back doors here. If you have set an encryption password, you can't access the data without having entered the password. And you can't access the phone data without entering the lock screen password. And you can't access the data via ADB unless you have given the specific PC permission from your phone.
Of course, if you use the default encryption password and have TWRP installed, you might just as well not have a password at all. But that's up too you.
Sent from my OnePlus 3T using XDA Labs
BillGoss said:
When you set the lock screen password you have the option to set the encryption password to be the same or not.
So, you could set the lock screen and encryption password to be something and then change the lock screen password only to be something different.
Click to expand...
Click to collapse
For which roms is this working? I guess this behaviour is rom spefic. E.g. for all lineageos 15.1 and 16.0 roms and all roms based on tje same code base, the above procedure (setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password".
The only way I know of to get a seperate passphrase for boot and lockscreen on los15, los16 and roms based on these is this:
https://forum.xda-developers.com/on...eplus-3-3t-t3866517/post80390263#post80390263
nvertigo67 said:
For which roms is this working? I guess this behaviour is rom spefic. E.g. for all lineageos 15.1 and 16.0 roms and all roms based on tje same code base, the above procedure (setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password".
The only way I know of to get a seperate passphrase for boot and lockscreen on los15, los16 and roms based on these is this:
https://forum.xda-developers.com/on...eplus-3-3t-t3866517/post80390263#post80390263
Click to expand...
Click to collapse
'setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password"' - Ah, sorry, I didn't realise that. I was saying this based on what I had done on another phone.
Sent from my OnePlus 3T using XDA Labs
BillGoss said:
'setting the lockscreen passphrase without the boot passphrase checkbox set) will reset the boot passphrase to "default_password"' - Ah, sorry, I didn't realise that. I was saying this based on what I had done on another phone.
Sent from my OnePlus 3T using XDA Labs
Click to expand...
Click to collapse
I'm pretty sure this behavior is rom dependent and not device dependent. E.g.: in los14 and early los15 builds the user was able to set lockscreen passphrase and boot passphrase seperately from rom's settings. This has been removed from aosp (officially because of "security concerns"; but I guess these "concerns" has been too many users with too less knowledge have locked up the boot process).
For me the cryptfs cli is perfectly ok, for the average user the behaviour you've expirienced may feel more comfortable. But the longer I think about, the more I like the seperate setting... YMMV.
Related
Hi guys, this is my first post here
I have a Moto G4 that I rooted recently and flashed with good ROMs for testing, but in all ROMs, Encryption doesn't work.
In all times that I tried, I go on Settings > Encrypt and start, but always remaining 00:00 for a lot or hours and when I restart phone, I enter with password and display this error.
Decryption unsuccessful. The password you entered is correct but unfortunately your data is corrupt
Click to expand...
Click to collapse
Then I have a question, encryption doesn't work on rooted Moto G4? If yes, have other option to protect my data on rooted device?
Thanks.
joubertredrat said:
Hi guys, this is my first post here
I have a Moto G4 that I rooted recently and flashed with good ROMs for testing, but in all ROMs, Encryption doesn't work.
In all times that I tried, I go on Settings > Encrypt and start, but always remaining 00:00 for a lot or hours and when I restart phone, I enter with password and display this error.
Then I have a question, encryption doesn't work on rooted Moto G4? If yes, have other option to protect my data on rooted device?
Thanks.
Click to expand...
Click to collapse
In my knowledge, encryption will not work on rooted phones. But there is a workaround for this. You can root your phone after the phone is fully encrypted. To root your phone after it is encrypted, you can click adb sideload on TWRP and through the terminal on your pc, you can sideload phh's superuser. Reboot your phone and you have a working, encrypted phone with root installed. I didn't try this, but I think, it will work.
@stkpxl thanks for the help, but I have a question.
Will be possible to make encryption with SD card as extended internal storage? Thanks
@stkpxl I'm trying to flash LineageOS after flash Magisk but response error 7. What wrong about this? Thanks.
stkpxl said:
You flash Lineage before flashing Magisk.
Click to expand...
Click to collapse
I really trying, but isn't working, look my steps.
- Flash Stock ROM like this post http://www.stechguide.com/download-stock-firmware-of-moto-g4-and-g4-plus/
- Run stock, setup first run, format sd and define as internal storage
- Flash recovery twrp-3.0.3-n4-athene_shreps.img
- Run twrp
- Install ElementalX-G4-1.04-LOS.zip
- Run stock, set password and encryption device
- Smartphone restart and stock encrypt device
- Run stock again, password working fine
- Run twrp, twrp ask for encrytion password, I put and enter on twrp normally
- Install lineage-14.1-20170313-nightly-athene-signed.zip without wipe
* Fail on this point
Code:
Installing zip file '/path/to/lineage-14.1-20170313-nightly-athene-signed.zip'
Checking for MD5 file...
Skipping MD5 check: no MD5 file found
Target: <a big number>
detected filesystem ext4 for /dev/block/bootdevice/by-name/system
Can't install this package on top of incompatible data. Please try another package or run a factory reset
Updata process ended with ERROR: 7
Error installing zip file /path/to/lineage-14.1-20170313-nightly-athene-signed.zip
Updating partition details...
...done
This problem display only If I encrypt device on stock ROM, when I flash without encrytion, twrp flash LineageOS normally.
Seems like full disc encryption is not working in general. Its reported https://jira.lineageos.org/browse/BUGBASH-253
I am also quite sure that this bug was already in cyanogenmod and also reported there.
tonymarschall- said:
Seems like full disc encryption is not working in general. Its reported https://jira.lineageos.org/browse/BUGBASH-253
I am also quite sure that this bug was already in cyanogenmod and also reported there.
Click to expand...
Click to collapse
Thanks for reply @tonymarschall
Are you know any custom ROM that encryption is working for me test here? Thanks
joubertredrat said:
Are you know any custom ROM that encryption is working for me test here? Thanks
Click to expand...
Click to collapse
No, I am sorry and searching by myself. I hope that one day it will be official supported. Maybe you can give the issue an upvote.
Hi guys.
A bug related about encryption fail was solved and encryption is working fine on lineage-14.1-20170501-nightly-athene-signed.zip
https://jira.lineageos.org/browse/BUGBASH-253
I have a UK XT1604 Retail device which is running the current TWRP and is rooted with the stock rom.
The device was rooted with the guide from here, but at the time I didn't realise device encryption was not enabled...
Now I'm trying to enable to device encryption, but the process never starts (by the looks of it) the phone reboots to the Moto/Lenovo logo and just sits there. A manual reboot brings back the normal OS with no changes. I've seen some other posts which say I need to un-root, and other which say I just need to re-flash the boot.img file
Can someone tell me the correct process for enabling device encryption and re-rooting the device after.
I was unable to find the stock UK Retail image for this phone, but I have found a o2 version - can I use any .img files I need from that safely ? My other option is - I have an identical none-rooted device, if I fastboot TWRP (rather than install) can I extract and use the .img files from that device on mine? - This has been uploaded this morning - but its not 100% clear is this is UK and for the XT1604
Can anyone confirm the current 3.1.1-0 supports encrypted file systems and can access them?
Very new to all this Android stuff so any help is very welcome.
You should be able to unroot from the SuperSU app (at least that's what I did) and then encryption will work normally.
bsevcenk said:
You should be able to unroot from the SuperSU app (at least that's what I did) and then encryption will work normally.
Click to expand...
Click to collapse
I'd seen the option but wasnt sure if I needed the full un-root, or just 'disable super user' I presume once I've encrypted I just need to re-flash the SuperSU zip file?
iam-q said:
I'd seen the option but wasnt sure if I needed the full un-root, or just 'disable super user' I presume once I've encrypted I just need to re-flash the SuperSU zip file?
Click to expand...
Click to collapse
You'll need to do a full un-root, encrypt, and then you can flash the SuperSU zip again.
So the encryption worked fine & is set with a password. Now I'm unable to access TWRP in recovery mode as it won't accept the known working password.
I Changed the password to a PIN and that allows me to access TWRP - but if I change it back to a password TWRP flat refuses to accept it. I've seen old issues relating to earlier versions to TWRP where people had the same issue, but nothing relating to the current version. Any ideas?
There are probably already a couple guides up, but I wanted to post about how I went about doing this and have everything working. It may not work for everyone, but for me, it worked the first time.
0: Yep, there is a step zero here. :good: BACKUP YOUR PHONES INTERNAL STORAGE! IT WILL NEED TO BE WIPED FOR THIS TO WORK!
1: Flash factory image of 8.1 WITH the "-w" (wipe) command (LINK HERE)
2: Allow the system to boot. (optional: complete setup wizard and update apps)
3: Connect the phone to a PC and copy the TWRP 3.1.1-1 ZIP installer to internal storage (or download it via browser) (LINK HERE)
4: Download Magisk 14.3 using a PC or the phones browser, to internal storage (LINK HERE)
5: Reboot into bootloader (using the POWER + VOL-DOWN combo)
6: Fastboot BOOT TWRP 3.1.1-1 (LINK HERE)
Code:
fastboot boot twrp-3.1.1-1-fastboot-marlin.img
7: Once TWRP has booted up, flash the TWRP ZIP installer from step 3 (do NOT reboot to the OS yet)
8: Reboot directly to RECOVERY
9: Flash Magisk v14.3 from step 4
10: Reboot to Android and you're done!
Working TWRP and fully working root!
Only issue I'm having so far with TWRP is that MTP doesn't work. I can't transfer files to/from the phone while connected to a PC. That's why the file transfers have to happen while booted into Android. A TWRP update will likely fix this.
Hello, I followed these steps and all is working great, now I have activated fingerprint lock on my device and pin code, TWRP tells me that the pin is wrong when I go in to the recovery ? Any ideas, I did the procedre twice from stock and twrp tells me that the pin is wrong every time
Known issue on 8.1. Twrp is not working properly.
Just don't use pin or pattern at all.
mikaole said:
Known issue on 8.1. Twrp is not working properly.
Just don't use pin or pattern at all.
Click to expand...
Click to collapse
I need security on my phone, I would rather just wait for the TWRP update and/or actual 8.1
kingbri said:
I need security on my phone, I would rather just wait for the TWRP update and/or actual 8.1
Click to expand...
Click to collapse
At the rate TWRP gets updated, you'd have to wait till December for that. And sometime in December, 8.1 Final is supposed to be out.
Not sure if it works, but you could try disabling security, use TWRP for whatever you need, then enable security again when you're done.
So when you say flash with wipe command. You mean flash the flash all with -w tacked on the end?
Mckillagorilla said:
So when you say flash with wipe command. You mean flash the flash all with -w tacked on the end?
Click to expand...
Click to collapse
Yes, in other words: do not edit flash-all.sh.
Mckillagorilla said:
So when you say flash with wipe command. You mean flash the flash all with -w tacked on the end?
Click to expand...
Click to collapse
? No to editing file. The file flash-all.bat already has the -
w command in it. (use Flash-all.sh if you use Apple).
The reason post #1 instructs to wipe with the -w command is because some are used to removing the -w to preserve user data when flashing. For this root solution that won't work.
Born<ICs said:
? No to editing file. The file flash-all.bat already has the -
w command in it. (use Flash-all.sh if you use Apple).
The reason post #1 instructs to wipe with the -w command is because some are used to removing the -w to preserve user data when flashing. For this root solution that won't work.
Click to expand...
Click to collapse
worked perfectly for me ... no errors so far.
Let me rephrase. I wiped the phone, went back to 7.1.2, took 8.1 OTA now I want to root without wiping. Is this possible?
The second try, I hate the scrolling that is within apps. Looks like I might be going back to Nougat.
Scottay5150 said:
Can I root the OTA developer preview after a complete flash/wipe?
Click to expand...
Click to collapse
Yes, I am rooted and on it. Same procedure.
Working for me on Pixel non XL swapped the file for sailfish versions
I forget if I install TWRP to does this wipe the whole device?
TonikJDK said:
Yes, I am rooted and on it. Same procedure.
Click to expand...
Click to collapse
Thanks.
I mention that this method also works on Pixel Sailfish, except that it has to use twrp img and zip for Sailfish.
Any reason why I shouldn't just sideload the zips in TWRP? I did it just to test and things seem to be working so far without wiping the device.
Here's a stupid question- does the bootloader need to be unlocked? I'm carrier locked and want to be rooted with TWRP.
hooks024 said:
Here's a stupid question- does the bootloader need to be unlocked? I'm carrier locked and want to be rooted with TWRP.
Click to expand...
Click to collapse
On the Pixels yes you need to be bootloader unlocked to root.
mikaole said:
Known issue on 8.1. Twrp is not working properly.
Just don't use pin or pattern at all.
Click to expand...
Click to collapse
having same problem (says wrong pin), why do almost all guides that for Pixels you need to set up a pin in order to flash TWRP/root properly? Confused.
eddi0 said:
having same problem (says wrong pin), why do almost all guides that for Pixels you need to set up a pin in order to flash TWRP/root properly? Confused.
Click to expand...
Click to collapse
The phone is encrypted, it needs a PIN to authenticate to the OS to decrypt.
I actually had to factory reset it and NOT use a pin for it to work properly (after factory reset go into settings>security>none for screen lock). I know in the past a pin was required but as the second post states Magisk 14.3 is not playing nice with 8.1 beta.
Just updated with the February full image using fastboot, editing out the -w from flash-all.bat. Fastboot booted TWRP, and then queued up TWRP, Kernel, Magisk and let all 3 rip. No hitches and back up running rooted and everything working normally. Be sure and read the entire Security Bulletin as there were loads of functional updates not always a part of the monthly updates. :good:
Mine wouldn't flash because unlock_critical reset, now my phone is wiped and won't boot the latest update.
Tb0n3 said:
Mine wouldn't flash because unlock_critical reset, now my phone is wiped and won't boot the latest update.
Click to expand...
Click to collapse
Give Deuces script a try. It has helped a lot of people recover their device from similar situations.
I haven't tried it on Feb update though.
You can get it from Development section. Good luck.
Tb0n3 said:
Mine wouldn't flash because unlock_critical reset, now my phone is wiped and won't boot the latest update.
Click to expand...
Click to collapse
what do you mean "because unlock_critical reset?"
Tb0n3 said:
Mine wouldn't flash because unlock_critical reset, now my phone is wiped and won't boot the latest update.
Click to expand...
Click to collapse
Did you ever unlock critical before you tried the update? Or did this happen after the update?
Can someone here confirm the correct way to upgrade from rooted Jan security update without losing data? Would I
reflash stock recovery
fastboot OTA img
fastboot boot twrp.img
flash twrp.zip
flash kernel
flash magisk last?
Or can I use the full image from the dev site, remove the -w and run the flash-all.bat, then use the steps above? Same result, or is one better than the other? Am I missing any steps here?
Is xposed module working on Feb update?
RampageRR said:
Can someone here confirm the correct way to upgrade from rooted Jan security update without losing data? Would I
reflash stock recovery
fastboot OTA img
fastboot boot twrp.img
flash twrp.zip
flash kernel
flash magisk last?
Or can I use the full image from the dev site, remove the -w and run the flash-all.bat, then use the steps above? Same result, or is one better than the other? Am I missing any steps here?
Click to expand...
Click to collapse
See the OP. Use the full image then add back recovery,kernel,magisk in that order. Yes magisk last.
v12xke said:
Just updated with the February full image using fastboot, editing out the -w from flash-all.bat. Fastboot booted TWRP, and then queued up TWRP, Kernel, Magisk and let all 3 rip. No hitches and back up running rooted and everything working normally. Be sure and read the entire Security Bulletin as there were loads of functional updates not always a part of the monthly updates. :good:
Click to expand...
Click to collapse
Quick question - I have performed the flash-all part and at the end it rebooted and everything is fine (except for no root) - it asks for the encryption password and it works with my normal password.
Then I boot TWRP with "fastboot boot twrp-3.2.1-0-taimen.img" and that again works just fine but only to the point where it asks for the password - which here is NOT working? Just a few hours ago the same twrp was working fine with the exact same password (since I did a full backup in advance), and the password is obviously working fine in Android itself, it is only in TWRP where is no longer working???
xclub_101 said:
Quick question - I have performed the flash-all part and at the end it rebooted and everything is fine (except for no root) - it asks for the encryption password and it works with my normal password. Then I boot TWRP with "fastboot boot twrp-3.2.1-0-taimen.img" and that again works just fine but only to the point where it asks for the password - which here is NOT working? Just a few hours ago the same twrp was working fine with the exact same password (since I did a full backup in advance), and the password is obviously working fine in Android itself, it is only in TWRP where is no longer working???
Click to expand...
Click to collapse
I don't really know what went wrong. What do you mean it asks for the encryption password?? If you have some kind of boot encryption set, maybe that is is. My encrypted unit never asks me for a password. I have an unlock screen PIN and that is all. When I flash-all, I wait for the flash to finish (knowing it will reboot) and at the right time hold the volume down button to get me right back into the bootloader. I do not allow it to boot into the OS until I fastboot boot twrp and have never had TWRP refuse my password. Maybe it has something to do with you allowing it to boot into the OS first? Anyway from that "booted" instance of TWRP, I then queue up twrp.zip, kernel.zip, magisk.zip and once they are added, I let TWRP flash all 3. You may want to take this over to the TWRP thread where others have had the PIN issue as well. Some are confirming temporarily removing your PIN/fingerprints fixes it. I have never removed my PIN or fingerprints before or after flashing?
v12xke said:
I don't really know what went wrong. What do you mean it asks for the encryption password?? If you have some kind of boot encryption set, maybe that is is. My encrypted unit never asks me for a password. I have an unlock screen PIN and that is all. When I flash-all, I wait for the flash to finish (knowing it will reboot) and at the right time hold the volume down button to get me right back into the bootloader. I do not allow it to boot into the OS until I fastboot boot twrp and have never had TWRP refuse my password. Maybe it has something to do with you allowing it to boot into the OS first? Anyway from that "booted" instance of TWRP, I then queue up twrp.zip, kernel.zip, magisk.zip and once they are added, I let TWRP flash all 3. You may want to take this over to the TWRP thread where others have had the PIN issue as well. Some are confirming temporarily removing your PIN/fingerprints fixes it. I have never removed my PIN or fingerprints before or after flashing?
Click to expand...
Click to collapse
Yes, it is quite weird.
A few more questions - when you boot your normal Android - do you first get a question about any password there? Since if you don't - your system probably uses the default Android encryption password (which last time when I was looking was literally "default_password" without the quotes).
Why do you still need to flash the kernel - are you using a custom kernel?
xclub_101 said:
Yes, it is quite weird.
A few more questions - when you boot your normal Android - do you first get a question about any password there? Since if you don't - your system probably uses the default Android encryption password (which last time when I was looking was literally "default_password" without the quotes). Why do you still need to flash the kernel - are you using a custom kernel?
Click to expand...
Click to collapse
I never get prompted for a password upon booting, and my phone is encrypted. I think you are probably on to the real reason your twrp is not accepting your PIN. Older Nexus phones had boot encryption with a password but since the Pixel line I thought it was removed? When discussing this further in the TWRP thread I think you should be comparing notes with others on this boot encryption, because I don't have it. I'm reading something now about direct boot and fbe.
Yes I use a custom kernel, always have. I like being able to monitor and control my system and gestures, vibration, etc. I like the kernel monitor (and battery monitor) that goes along with EX Kernel. Highly recommended. Good luck to you.
i sideloaded the update to my verizon version pixel 2 xl, and havent noticed anything, mainly just a run of the mill security update. i read that pixel core has been extended to a few apps.
v12xke said:
I never get prompted for a password upon booting, and my phone is encrypted. I think you are probably on to the real reason your twrp is not accepting your PIN. Older Nexus phones had boot encryption with a password but since the Pixel line I thought it was removed? When discussing this further in the TWRP thread I think you should be comparing notes with others on this boot encryption, because I don't have it. I'm reading something now about direct boot and fbe.
Yes I use a custom kernel, always have. I like being able to monitor and control my system and gestures, vibration, etc. I like the kernel monitor (and battery monitor) that goes along with EX Kernel. Highly recommended. Good luck to you.
Click to expand...
Click to collapse
Thank you for the info!
The encryption is still a weird point - and I believe is still linked by default to the "screen lock password" as described at https://www.xda-developers.com/how-to-manually-change-your-android-encryption-password/ - but I am not yet convinced that I should remove my existing password since the system is telling me that removing it will remove all fingerprints that I have added and mark the system as unsecure for Pay.
What I wonder is if I should go ahead with just writing Magisk without decrypting the user data partition - after all Magisk should not be touching either the system nor the user data partition, so it could work just fine?
Did they remove the setting to turn on Pixel Visua Core in Developer settings?
xclub_101 said:
Thank you for the info!
The encryption is still a weird point - and I believe is still linked by default to the "screen lock password" as described at https://www.xda-developers.com/how-to-manually-change-your-android-encryption-password/ - but I am not yet convinced that I should remove my existing password since the system is telling me that removing it will remove all fingerprints that I have added and mark the system as unsecure for Pay.
What I wonder is if I should go ahead with just writing Magisk without decrypting the user data partition - after all Magisk should not be touching either the system nor the user data partition, so it could work just fine?
Click to expand...
Click to collapse
I guess my question is why do you have an encryption password at boot? My phone boots up to a lockscreen. I enter my PIN and that's it. Maybe I'm misunderstanding and you are calling my PIN your boot encryption password.... do you then have a lockscreen and enter a separate PIN? As for Magisk it doesn't decrypt the data partition or anything else. I always install it by flashing the zip file in TWRP and you have no options there. It just does it's thing and installs Magisk Manager as an app, so when you boot up System, MM is in your app drawer. You can configure it from there. My setup has always passed SafetyNet but I don't use/want Pay.
v12xke said:
I guess my question is why do you have an encryption password at boot? ...
Click to expand...
Click to collapse
Good question - I would normally expect that to be required when Android itself needs to decrypt first time after boot the user data partition? Which up to that point during the boot process is not otherwise needed?
The fact that on some systems is not required suggests to me that Android (like maybe also TWRP) first tries "default_password" and that works?
Mikulec said:
Did they remove the setting to turn on Pixel Visua Core in Developer settings?
Click to expand...
Click to collapse
yes.
djkinetic said:
i sideloaded the update to my verizon version pixel 2 xl, and havent noticed anything, mainly just a run of the mill security update. i read that pixel core has been extended to a few apps.
Click to expand...
Click to collapse
Its quite a bit more than the run of the mill security update.
visual core is now extended to any app, not just a few (so long as they target API level 26, Oreo).
i sideloaded the update like I always do. All updated normally and all functioning as expected. After sideloading the update I booted the twrp-3.2.1-0-taimen.img, it booted and when I entered my pin, which i have been using, in TWRP it would not accept my pin. I rebooted into the boot.img 3 times same issue. I removed my pin and TWRP functioned as expected. I installed TWRP.zip and rebooted recovery. Back in TWRP flashed Kernel, and Magisk and no issues. This was the first time I had issues entering my pin on booting TWRP.img
Good evening,
I have the following situation in TWRP:
1. I have waited 7 days to release the OEM.
2. After that I installed TWRP via ODIN, and logged into Recovery.
3. As usual the DATA folder was unavailable (Encrypted) and had to do FORMAT DATA, placing yes, etc ....
4. After that I was able to access, I installed Magisk and RMM STATE.
*********I also tested using SuperSu, NO-VERITY, and RMM STATE, and the same thing happened.
5. Everything wonderful, I accessed the system, the OEM remains unlocked, in the download mode has no PRE NORMAL, I can access ROOT softwares a marvel.
6. But here comes the problem, whenever I enter the TWRP it is with the DATA folder unavailable, that is, I have to redo FORMAT DATA.
7. If you do FORMAT, it restarts the procedure from the beginning.
The version of TWRP that I use is correct, the ROM is last STOCK Brazil ZTO.
I have no idea what to do.
Link to TWRP I'm downloading
https://twrp.me/samsung/samsunggalaxys8.html
I read the link below the information below, it would have some connection with the problem:
This device uses dm-verity!
This means that if you allow the system to be modified, it will prevent you from being able to boot if you are using the kernel stock. In order to bypass dm-verity's boot prevention, you will have to install a kernel that has disabled dm-verity in the fstab.
Problem solved through link:
https://forum.xda-developers.com/ga...-twrp-oreo-t3769254/post76036701#post76036701
You are asking for help, and it just so happens that there is a forum meant specifically for that.
SirSoviet said:
You are asking for help, and it just so happens that there is a forum meant specifically for that.
Click to expand...
Click to collapse
Good afternoon.
Would you link to it?
'Cause I thought I'd go in with recovery.
I have tested everything I read in the forum and it is not right.
Problem solved through link:
https://forum.xda-developers.com/ga...-twrp-oreo-t3769254/post76036701#post76036701