Is there any way to encrypt your device using a custom rom?
I've tried several roms, including PA, CM, stock,... The encryption option doesn't seem to be there.
Also I'm unable to encrypt it with the terminal command
su
vdc cryptfs enablecrypto inplace super-secure-long-password
it responds with 200 0 -1 or something like that.
Is there any way, or any rom to provide my device with full encrypion?
So, I just set a pin lock screen on my Sprint GS5, and I immediately locked it, and went to unlock it (to see what the lock screen looked like), and I entered the pin that I just set on the phone, and it said that it was incorrect. I know what I entered, and the lock screen is not taking it. I have tried multiple combinations involving numbers near the numbers I put in, and nothing has worked. I'd really like to remove the pin lock without erasing anything, as I have things I have not backed up that are not on my SD card. I did not have the device set up with Android Device Manager, nor my Samsung Account. The phone was rooted with Towel Root.
Is there anything I can do other than a factory reset? This is really aggravating me.
Now you know why you should always make a backup first.
You should be able to remove the PIN using Paulyhofman's method.
This requires ADB debugging on or in the alternative, installing a custom recovery.
If the Sprint bootloader is locked and hence you can't do a proper custom recovery, then do a forum search as there are several other PIN bypass methods in existing threads. Actually doing a search should always be the first step before posting any question.
adb shell
# sqlite3 /data/data/com.android.providers.settings/databases/settings.db
sqlite> update secure set value=65536 where name='lockscreen.password_type';
sqlite> .exit
# exit
adb reboot
.
fffft said:
Now you know why you should always make a backup first.
You should be able to remove the PIN using Paulyhofman's method.
This requires ADB debugging on or in the alternative, installing a custom recovery.
If the Sprint bootloader is locked and hence you can't do a proper custom recovery, then do a forum search as there are several other PIN bypass methods in existing threads. Actually doing a search should always be the first step before posting any question.
adb shell
# sqlite3 /data/data/com.android.providers.settings/databases/settings.db
sqlite> update secure set value=65536 where name='lockscreen.password_type';
sqlite> .exit
# exit
adb reboot
.
Click to expand...
Click to collapse
I must not have had usb debugging enabled on my phone because ADB says device not found. I was able to copy the settings.db file to my SD card using aroma, but I try to open it in SQLite reader, and it says it is encrypted. Do you know how to decrypt this file? Or anyone?
Okay, I found a solution. Instead of modifying settings.db, I deleted /data/system/locksettings.db, and the lock screen was removed.
I did this from within the aroma file manager. I finally have my phone back! I will be setting up remote controls, usb debugging, and backing some stuff up now.
CM13 encryption is a nightmare.
I've only used CM11 encryption before (use Cryptfs Password Manager to change encryption password).
I installed CM13 on a LG G2 D800. I believe it has hardware-backed storage.
I encrypted my phone using `vdc cryptfs enablecrypto inplace password` as a test. Curious to see what happened when I changed encryption methods, I switched to password encryption with password `password`.
After running `vdc cryptfs changepw password password password password2`. I was able to successfully decrypt with "password2" and unlock with "password". So I assumed the command would work... this assumption would prove my downfall.
I then reenabled pattern unlock. Interestingly, I was able to reboot without so much as a password prompt, despite being "encrypted". So I reentered the pattern, making sure to first enable boot-time pattern prompt. (Really! What's the point of encryption if it doesn't depend on user input?)
Still in pattern mode, I attempted to secure decryption while maintaining convenient unlock pattern. `vdc cryptfs changepw pattern password password password` or `pattern password password` or `password password password password` or `password password password` I actually ran a long command a few times, then a short one repeatedly, then possibly the long one some more. Each time I ran it, I got `200 0 0`, which is supposed to indicate "no error".
Nonetheless, when I reboot, the phone still asks for the pattern (I had tried to add a decryption password), but rejects the unlock pattern I was using previously. It seems like the `changepw` commands did not enable the password, but merely corrupted the pattern.
How do I unlock encryption?
(repost https://www.reddit.com/r/cyanogenmo...3_lg_g2_pattern_encryption_bricked_after_vdc/ )
How did you get vdc cryptfs to work? I've tried adb shell and termux on the device and can't get the system to recognize either.. I've got busybox installed and am running as su, but can't get the command to take..
---------- Post added at 10:56 PM ---------- Previous post was at 10:46 PM ----------
cuhead528 said:
How did you get vdc cryptfs to work? I've tried adb shell and termux on the device and can't get the system to recognize either.. I've got busybox installed and am running as su, but can't get the command to take..
Click to expand...
Click to collapse
Figured this out - downloaded the cryptfs app from the playstore and then was able to use Termux to run the command.
Hi, I have a Huawei Y625-U51 (Dual-SIM) running stock Android 4.4.2/EMUI 2.3 Lite and I would like to encrypt the device, but there are no Encryption options in "Settings > Personal > Security". Is there a way to make these options available or otherwise carry out a system encryption (i.e. using adb)?
Here's the about info to the device:
Model: HUAWEI Y625-U51
Android: 4.4.2
Secpatch-Lvl: 2015-11-01
EMUI: EMUI 2.3 Lite
Kernel: 3.4.0
Build-Number: Y625-U51V100R001C577B108
I already tried carrying out a factory reset but that didn't bring up the encryption options.
I'm well-versed with Windows/Linux system hacks but new to Android, so please bear with me. Any help would be greatly appreciated. Thx.
Encrypt Huawei Y625 via rooting and shell commands
After reading up a few articles on different ways to start encryption from the command line in various Android versions, I decided to experiment and got lucky. Here's what I did (if you want to repeat these steps I suggest you attach your phone to the charging cable first. Also remember that this will likely void your warranty bla bla ) :
rooted the Huawei Y625 using kingoRoot
installed Android Terminal Emulator and ran it
Once inside the terminal I entered
Code:
su
setenforce 0
vdc cryptfs enablecrypto inplace <YourPasswordInCleartext>
(I'm not sure whether the 'setenforce' command that sets SELinux to permissive mode is actually necessary. However, this will only change runtime mode, so you needn't worry that it may persist over reboots).
The screen then immediately went blank. I had forgotten to attach the phone to the charging cable so I scrambled to find it and finally got the phone attached. But it looked pretty much dead now.
After nothing happened for another while, I pressed the start button. The screen remained blank but I got to hear the familiar boot melody. After a while (maybe 2 or 3 minutes) I pressed start again. This time, a message appeared "Wait while your phone is being encrypted" plus a slowly increasing percentage.
* When the encryption had finished, the phone booted up as usual, only this time the familiar melody and splash screen was interrupted by the message "Type password to decrypt storage"
Minor drawbacks:
The boot process is interrupted somewhat uglily in the middle of the melody and splash screen to ask for the encryption password
TouchPal's data transfer agreement pops up every time you start to enter the decryption password (presumably because the answer is written to the /data partition which is still and encrypted and therefore not available yet at this point)
Bigger drawback:
There is no way to change the encryption password using the GUI. You have to run 'vdc cryptfs changepw <YourPasswordInCleartext>' from a shell (Result should be "200 0 0"). That's a bummer if you want to enable encryption for someone reliant on GUI apps.
One last note: this being Android 4.4.2 there is no way to encrypt the whole system. The method described above will encrypt the userdata partition (mounted as /data) only.
P.S.: Sorry for not sharing article and app links, but xda anti-spam settings prevented me as a new user from posting links. So sorry for the missing convenience, but I'm sure you'll be able to find the apps mentioned yourself and as for the articles - they were interesting but relating to wildly different Android versions with different command syntax, so you're propably better off just following the steps above anyway
As I was trying to update my EEA global stable rom 10.2.7 to the latest release (10.3.3), I followed a guide to accomplish that without losing TWRP and my /data partition. I flashed a zip called DisableForceEncryption_Treble_v18.0.zip after flashing the new rom but before reflashing magisk. As a matter of fact I could boot into the new ROM with all my data intact, but TWRP was overwritten by the official MIUI recovery.
As I flashed TWRP again via fastboot, my device was encrypted again and I had to format my /data partition.
So I restored my /data backup and booted into MIUI again, that asked for my PIN. The PIN I previously set was not working anymore so I had to delete /data/system/locksettings.db and I was able to access the OS again. Funny thing, my fingerprints were still there and still worked to unlock the phone.
Finally, I wanted to create a new PIN or Password. It asked me for a new PIN and then again to confirm it. As it seems to have accepted my newly registered PIN, it does not work when I try to unlock my phone! So I have to delete locksettings.db again (which seems to be the only file I could find that relates to lock settings). Everytime I create a new PIN, it lets me register it but then it's like it doesn't match with what I type when it asks for it to unlock the phone.
What did I do wrong? How I can restore my lock settings?
Thanks for reading so far!
That's weird.
Something similar happened to me a few days ago and I could set a new lock again with no problem.
Does it happen only with PIN? Have you tried with PATTERN?
Schnedi said:
That's weird.
Something similar happened to me a few days ago and I could set a new lock again with no problem.
Does it happen only with PIN? Have you tried with PATTERN?
Click to expand...
Click to collapse
Yes, it happens with PIN, password or pattern regardlessly. Whatever I set, it stores it, but when asked to unlock the screen or enter security settings it just rejects it.
P.S.: This might be unrelated: I don't know if Magisk 19.3 behaves like this or not, but since I installed it the Mi Unlock status is uncertain (it said "Unlocked" before, now it lets me enter on the prompt as it was the first time unlocking the phone). So I rebooted to bootloader and ran "fastboot oem device-info" which correctly reported that my device was unlocked.
Just in case... here is what i found in logcat.
Here is when I create a new PIN:
Code:
:/ # logcat |grep password
06-09 05:07:05.130 1453 1453 E LockSettingsStorage: Cannot read file java.io.FileNotFoundException: /data/system/gatekeeper.password.key: open failed: ENOENT (No such file or directory)
06-09 05:07:05.130 1453 1453 E LockSettingsStorage: Cannot read file java.io.FileNotFoundException: /data/system/password.key: open failed: ENOENT (No such file or directory)
06-09 05:14:16.049 1453 5555 W LockSettingsService: Synthetic password not enabled
Then i put it in again to confirm that it is right (it accepts it)
Code:
06-09 05:14:16.902 1453 5555 W LockSettingsService: Synthetic password not enabled
And finally when I click OK and the screen goes back to settings and it shows that I have set a lockscreen password.
Code:
06-09 05:14:22.326 1043 1043 I keystore: del USRPKEY_synthetic_password_8719d7af3fc103f4 1000
06-09 05:14:22.328 1043 1043 I keystore: del USRCERT_synthetic_password_8719d7af3fc103f4 1000
06-09 05:14:22.329 1043 1043 I keystore: del CACERT_synthetic_password_8719d7af3fc103f4 1000
06-09 05:14:22.333 1043 1043 I keystore: del USRPKEY_synthetic_password_8719d7af3fc103f4 1000
06-09 05:14:22.334 1043 1043 I keystore: del USRCERT_synthetic_password_8719d7af3fc103f4 1000
06-09 05:14:22.335 1043 1043 I keystore: del CACERT_synthetic_password_8719d7af3fc103f4 1000
06-09 05:14:22.733 1043 1043 I keystore: del USRPKEY_synthetic_password_743cd98993860e51 1000
06-09 05:14:22.734 1043 1043 I keystore: del USRCERT_synthetic_password_743cd98993860e51 1000
06-09 05:14:22.735 1043 1043 I keystore: del CACERT_synthetic_password_743cd98993860e51 1000
06-09 05:14:22.736 1043 1043 I keystore: del USRPKEY_synthetic_password_743cd98993860e51 1000
06-09 05:14:22.737 1043 1043 I keystore: del USRCERT_synthetic_password_743cd98993860e51 1000
06-09 05:14:22.737 1043 1043 I keystore: del CACERT_synthetic_password_743cd98993860e51 1000
06-09 05:14:22.803 1043 1043 I keystore: del USRPKEY_synthetic_password_8719d7af3fc103f4 1000
06-09 05:14:22.815 1043 1043 I keystore: del USRCERT_synthetic_password_8719d7af3fc103f4 1000
06-09 05:14:22.817 1043 1043 I keystore: del CACERT_synthetic_password_8719d7af3fc103f4 1000
And here is the error when I try to unlock the screen with the (correct) PIN that gets rejected:
Code:
06-09 05:19:37.552 634 634 E GatekeeperHalDevice: verify
06-09 05:19:37.552 634 634 E GatekeeperHalDevice: ret: 0
06-09 05:19:37.552 634 634 E GatekeeperHalDevice: resp->status: -24
06-09 05:19:37.558 2305 2305 D KeyguardSecurityView: [B]reportFailedPatternAttempt[/B]: #2
06-09 05:19:37.591 1453 1543 E UsbDeviceManager: handle message = 6
06-09 05:19:37.592 2305 2667 D KeyguardViewMediator: setKeyguardEnabled(true)
06-09 05:19:37.612 2305 2305 D KeyguardViewMediator: handleKeyguardDoneDrawing
06-09 05:19:37.621 2305 2305 V KeyguardUpdateMonitor: startListeningForFingerprint()
thunderteaser said:
... As I flashed TWRP again via fastboot, my device was encrypted again and I had to format my /data partition.
So I restored my /data backup and booted into MIUI again, that asked for my PIN. The PIN I previously set was not working anymore so I had to delete /data/system/locksettings.db and I was able to access the OS again. Funny thing, my fingerprints were still there and still worked to unlock the phone.
Click to expand...
Click to collapse
Do I understand correctly that you restored a backup of an encrypted data partition to an unencrypted data partition? If so, you will definitely have problems. If your device is encrypted, you probably should try restoring the backup again. If you are not encrypted, then you need to understand that, on lavender, setting pins/passwords, etc., will not work correctly if the device is not encrypted. Why? You would need to ask Xiaomi's programmers. But that is the situation.
In the end, you might need to do a clean flash ...
DarthJabba9 said:
Do I understand correctly that you restored a backup of an encrypted data partition to an unencrypted data partition? If so, you will definitely have problems. If your device is encrypted, you probably should try restoring the backup again. If you are not encrypted, then you need to understand that, on lavender, setting pins/passwords, etc., will not work correctly if the device is not encrypted. Why? You would need to ask Xiaomi's programmers. But that is the situation.
In the end, you might need to do a clean flash ...
Click to expand...
Click to collapse
Thanks for your answer. My backup comes from a /data partition that was originally formatted via TWRP when I unlocked the bootloader and rooted it, so it should be decrypted. If setting a PIN means encrypting data once again, then you are correct, as I backed up my partition with all of my lock settings stored. But to answer your question: I don't know. It just makes no sense to me, as I was able to restore my data and everything works smoothly besides the lock settings. I just know that most of my problems come from having an unreliable TWRP which doesn't support MIUI encryption (I'm waiting for OrangeFox to be released), but other than that I don't understand what is going on with Android security since Marshmallow was released (I'm coming from a OnePlus One stuck on Marshmallow).
So, should I factory reset?
thunderteaser said:
Thanks for your answer. My backup comes from a /data partition that was originally formatted via TWRP when I unlocked the bootloader and rooted it, so it should be decrypted. If setting a PIN means encrypting data once again, then you are correct, as I backed up my partition with all of my lock settings stored. But to answer your question: I don't know. It just makes no sense to me, as I was able to restore my data and everything works smoothly besides the lock settings. I just know that most of my problems come from having an unreliable TWRP which doesn't support MIUI encryption (I'm waiting for OrangeFox to be released), but other than that I don't understand what is going on with Android security since Marshmallow was released (I'm coming from a OnePlus One stuck on Marshmallow).
So, should I factory reset?
Click to expand...
Click to collapse
Rooting the device doesn't mean that it is decrypted. The lavender ROMs have a nasty habit of encrypting the device again when you boot to system (unless you have effectively disabled forced-encryption after formatting data - but this situation can change quickly). If you are not encrypted, then no attempt at securing the phone will work. It will allow you to set a pin/password, but they will always be declared to be "wrong" when you try to unlock the phone. You can easily check whether you are encrypted or not (in the ROM's security settings). Another clue - if you don't see any option of setting a fingerprint, then it means that you are not encrypted. What does the debug screen show when you boot up TWRP? If it shows something like "dm-0" somewhere on the page, then you are encrypted.
The long and short of it is this - if you want to be able to use pins/passwords/fingerprint, then your phone needs to be encrypted. IMHO all these problems with encryption are due to bugs in Xiaomi's Pie firmwares (and this is getting worse by the day). The other possible interpretation is that this is all deliberate - but I am not a conspiracy theorist, so I choose to believe that these problems are not due to malice.
Doing a factory reset is a good way of starting afresh (I don't know whether formatting data again would be better). However, if you do this, don't try to restore the data backup again - you will just return to "square one".
PS: there are already stable betas of OrangeFox for lavender (see my signature) ...
DarthJabba9 said:
Rooting the device doesn't mean that it is decrypted. The lavender ROMs have a nasty habit of encrypting the device again when you boot to system (unless you have effectively disabled forced-encryption after formatting data - but this situation can change quickly). If you are not encrypted, then no attempt at securing the phone will work. It will allow you to set a pin/password, but they will always be declared to be "wrong" when you try to unlock the phone. You can easily check whether you are encrypted or not (in the ROM's security settings). Another clue - if you don't see any option of setting a fingerprint, then it means that you are not encrypted.
Click to expand...
Click to collapse
Thanks for your superclear answer. I still don't get how to check for encryption on MIUI 10. I can't see anything related to encryption in security settings, but I still see the options to add fingerprints. Also, "adb shell ro.crypto.status" fails because there is no such file.
What does the debug screen show when you boot up TWRP? If it shows something like "dm-0" somewhere on the page, then you are encrypted.
Click to expand...
Click to collapse
Can't see any result for dm-* in my recovery log.
The long and short of it is this - if you want to be able to use pins/passwords/fingerprint, then your phone needs to be encrypted. IMHO all these problems with encryption are due to bugs in Xiaomi's Pie firmwares (and this is getting worse by the day). The other possible interpretation is that this is all deliberate - but I am not a conspiracy theorist, so I choose to believe that these problems are not due to malice.
Doing a factory reset is a good way of starting afresh (I don't know whether formatting data again would be better). However, if you do this, don't try to restore the data backup again - you will just return to "square one".
Click to expand...
Click to collapse
So do you think this happened because I originally flashed a lazyflasher version that disabled dm-verity AND force-encryption in the attempt to not lose my data partition when I flashed an updated rom?
PS: there are already stable betas of OrangeFox for lavender (see my signature) ...
Click to expand...
Click to collapse
I will definitely follow its development, thank you so much!
thunderteaser said:
Thanks for your superclear answer. I still don't get how to check for encryption on MIUI 10. I can't see anything related to encryption in security settings, but I still see the options to add fingerprints. Also, "adb shell ro.crypto.status" fails because there is no such file.
Click to expand...
Click to collapse
Send me your recovery log via PM, and I will tell you whether you are encrypted.
thunderteaser said:
So do you think this happened because I originally flashed a lazyflasher version that disabled dm-verity AND force-encryption in the attempt to not lose my data partition when I flashed an updated rom?
Click to expand...
Click to collapse
I am not sure what is the cause. But you might just want to cut your losses and reset to defaults (or, better still, format data, and let MIUI encrypt again when you restart the phone). You will of course lose all your data (and if you format data, you will lose the contents of your internal storage). However, IMHO, life is too short, and setting up a pristine system is much better than the pain endured in trying to fix these fiddly problems (always a good idea to have your data backed up on the cloud anyway - whether it is GDrive or MiCloud). This makes it less painful to set up your phone again from the start.
DarthJabba9 said:
Send me your recovery log via PM, and I will tell you whether you are encrypted.
I am not sure what is the cause. But you might just want to cut your losses and reset to defaults (or, better still, format data, and let MIUI encrypt again when you restart the phone). You will of course lose all your data (and if you format data, you will lose the contents of your internal storage). However, IMHO, life is too short, and setting up a pristine system is much better than the pain endured in trying to fix these fiddly problems (always a good idea to have your data backed up on the cloud anyway - whether it is GDrive or MiCloud). This makes it less painful to set up your phone again from the start.
Click to expand...
Click to collapse
Well, you are absolutely right but I can't stop thinking of it as an entertaining part of being an Android user, or I won't be on xda . I've sent you my log, I really appreciate your help. <3
I'm back here just to update the thread with a solution for encryption problems, hoping it will help people with similar issues.
If you are going to stay on official MIUI 10 global stable and plan to install root/magisk and still lock the device by any means (pin, pattern, fingerprints, face unlock, etc.) your data partition MUST be encrypted. If your data partition is decrypted, the only way to encrypt it properly again would be by flashing a stock data partition via fastboot (using Mi Flash Tool to flash a whole stock ROM from scratch would be even better), so backup everything as you are going to lose your data.
Then, I absolutely recommend flashing the latest OrangeFox recovery by @DarthJabba9 (see his signature), which is the only recovery I found that properly supports MIUI encryption and also supports OTA updates (and has a lot of amazing features too and a pretty cool design!).
Since the fastboot image I flashed was 10.3.2 EU, I wanted to update to 10.3.3 EU via recovery without losing data and encryption. Here is what I did (you may follow these steps as a generic guide to update to any OTA version):
1) In OrangeFox recovery click on the Settings icon on the top right and enter "MIUI OTA" settings
2) Keep everything on, but make sure to untick "disable dm-verity" and "disable force-encryption" as you want to keep them enabled (the MIUI OTA main switch on top will switch off but everything you have set will still be applied)
3) Flash the full recovery ROM zip you want to update to
4) Flash Magisk and everything else you need
5) Reboot
If you did everything correctly, Magisk installer will tell you that it's keeping dm-verity and encryption untouched (this settings are also reflected in Magisk Manager app: in the main screen go to Advanced Settings and you will see both dm verity and encryption settings checked).
Thanks to @DarthJabba9 again for the awesome support! :highfive: