Custom TWRP 3.2.3 to decrypt Android 8/9 encryption

The custom TWRP 3.2.3 version this topic here is about can decrypt 14.1 encryption just fine … there are still problems with 15.1 and 16.0 encryption (not the same problems official TWRP 3.3.0-0 has, but problems).

Regarding LineageOS 16.0 … it currently will not work on 14.1 encryption anyway.

Just flash (or install via TWRP) the TWRP 3.2.3-0 image again, same way as you did with 3.3.0-0.

1 Like

To be clear, if I want to encrypt my device on LOS 16, I cannot do this reliably because from then on TWRP won’t work anymore?

LineageOS 16.0 will encrypt and work this way just fine.

Official TWRP 3.2.3-0 can’t decrypt this, but will work fine apart from that.
Official TWRP 3.3.0-0 can’t decrypt anything (it seems), but will should work fine apart from that.

The custom TWRP 3.2.3 in this topic seems to be on to something, but sadly doesn’t decrypt 15.1 and 16.0 encryption reliably in every case … currently.


Thing is, don’t you need TWRP to decrypt when you update the weekly update?

Only the data partition gets encrypted. OS updates don’t affect the data partition.
(I know Android says that it encrypts “the phone”. That’s a lie :wink: .)

If TWRP can’t decrypt the data partition, the biggest catch will be that you will not have the data partition in a TWRP backup.
And there’s of course some smaller stuff, e.g. you obviously can’t have a look at the data partition with the TWRP file manager this way.

But apart from that, TWRP will still work for installs and updates and backups of the system and cache partitions.


I just encrypted my device on 16, and when I upgrade now it says update failed. From within TWRP (3.3.0) I can’t mount anything. So it isn’t possible to update to the newest firmware.

So you installed LineageOS 16.0 and encrypted.
Right now there’s only one official build out for LineageOS 16.0 … what do you mean you “upgrade now”? Upgrade to what?

Can you try either official TWRP 3.2.3-0 or the custom TWRP 3.2.3 this topic is about?
Perhaps I was a bit too optimistic about the general functionality of TWRP 3.3.0-0, which I didn’t confirm myself in detail yet, but this topic isn’t about 3.3.0-0 anyway.

Firmware? Meaning the #modemfiles?

Yes, I use the microG version.

I meant the OS.

Neither works, but with the 3.2.3 versions I get asked for a password. Neither my PIN nor default_password work.

What is also very odd is that when I fill in the password “default_password” it lags after the 2nd ‘s’. I need to press the 2nd ‘s’ multiple times.

Good news is I’ve been able to flash with the latest LOS+microG of today. I used an OTG cable plus a FAT32 partition plus the terminal in TWRP to mount (mkdir /mnt; mount /dev/block/sda1 /mnt). After that I was able to boot the OS once more, with today’s image.

(I had difficulty with mounting ext4 for whatever reason, apparently unknown features or something.)

If you want to flash anything you stored on the internal storage, you won’t be able to access it. Either store it on the sd card, or missing one you’ll have to adb sideload (or push it onto cache with adb while in twrp)

SD card wasn’t readable from TWRP.

Do you use adopted storage? Admittedly, i didn’t test this version of twrp, but every other version that couldn’t decrypt data was able to read the sd card. That’s my workflow: download, put it in sd, boot into to twrp…

Yup, I do. I couldn’t mount a different microSD card either. Perhaps because of the ext4fs issue I described earlier.

Which TWRP?
Regarding the custom 3.2.3 …

“default_password” is for when you set screen lock to “None” or “Swipe” in the OS before encrypting …

You can encrypt without setting a decryption PIN/password/pattern by setting screen lock to “None” or “Swipe” in the OS before encrypting.
TWRP may ask for a password nonetheless … “default_password” can be used in this case in the custom TWRP 3.2.3, while official TWRP 3.2.3-0 might accept “none” for this.

Seems to be a TWRP feature, happens with every character and the delete “key”. Perhaps there to prevent accidental double input?

I tried 3.2.3, 3.2.3 modified, and 3.3.0.

Encrypting with a default password seems to defeat the purpose of encrypting (ie. snake oil).

That’s right of course, but the story goes …

Android encryption just takes the decryption method to later prompt the user with from Android’s screen lock setting at the time of encryption.

There are screen lock settings like “None” and “Swipe”.

TWRP took care decryption can be done with its password prompt in this case :wink: .

1 Like

By the way … It’s not the improved camera module either.
I just tried without it, decrypting 15.1 encryption failed anyway …

Another observation:
The modified TWRP 3.2.3 could not format data.

I wanted to format data to remove encryption, wipe everything and install the official Lineage OS 16.0. TWRP could not wipe data…

I then installed the official TWRP 3.2.3 and then could format data without any problem.

I have now installed the official Lineage OS 16.0 and have no encryption in place…

Is this a general problem of twrp? Are other devices also affected? Or is it an FP2-related twrp problem? Or maybe a combination of LineageOS and twrp?

I also tried the version from @chrmhoffmann, which takes a long time to boot. It at least asks for a decryption pin, but I’m not able to decrypt data (“failed to decrypt data”), too bad :-/.