English

Custom TWRP 3.2.3 to decrypt Android 8/9 encryption


#21

Good news is I’ve been able to flash with the latest LOS+microG of today. I used an OTG cable plus a FAT32 partition plus the terminal in TWRP to mount (mkdir /mnt; mount /dev/block/sda1 /mnt). After that I was able to boot the OS once more, with today’s image.

(I had difficulty with mounting ext4 for whatever reason, apparently unknown features or something.)


#22

If you want to flash anything you stored on the internal storage, you won’t be able to access it. Either store it on the sd card, or missing one you’ll have to adb sideload (or push it onto cache with adb while in twrp)


#23

SD card wasn’t readable from TWRP.


#24

Do you use adopted storage? Admittedly, i didn’t test this version of twrp, but every other version that couldn’t decrypt data was able to read the sd card. That’s my workflow: download, put it in sd, boot into to twrp…


#25

Yup, I do. I couldn’t mount a different microSD card either. Perhaps because of the ext4fs issue I described earlier.


#26

Which TWRP?
Regarding the custom 3.2.3 …


“default_password” is for when you set screen lock to “None” or “Swipe” in the OS before encrypting …

You can encrypt without setting a decryption PIN/password/pattern by setting screen lock to “None” or “Swipe” in the OS before encrypting.
TWRP may ask for a password nonetheless … “default_password” can be used in this case in the custom TWRP 3.2.3, while official TWRP 3.2.3-0 might accept “none” for this.


Seems to be a TWRP feature, happens with every character and the delete “key”. Perhaps there to prevent accidental double input?


#27

I tried 3.2.3, 3.2.3 modified, and 3.3.0.

Encrypting with a default password seems to defeat the purpose of encrypting (ie. snake oil).


#28

That’s right of course, but the story goes …

Android encryption just takes the decryption method to later prompt the user with from Android’s screen lock setting at the time of encryption.

There are screen lock settings like “None” and “Swipe”.

TWRP took care decryption can be done with its password prompt in this case :wink: .


#29

By the way … It’s not the improved camera module either.
I just tried without it, decrypting 15.1 encryption failed anyway … https://pastebin.com/F0LwD5GK


#30

Another observation:
The modified TWRP 3.2.3 could not format data.

I wanted to format data to remove encryption, wipe everything and install the official Lineage OS 16.0. TWRP could not wipe data…

I then installed the official TWRP 3.2.3 and then could format data without any problem.

I have now installed the official Lineage OS 16.0 and have no encryption in place…


#31

Is this a general problem of twrp? Are other devices also affected? Or is it an FP2-related twrp problem? Or maybe a combination of LineageOS and twrp?


#32

I also tried the version from @chrmhoffmann, which takes a long time to boot. It at least asks for a decryption pin, but I’m not able to decrypt data (“failed to decrypt data”), too bad :-/.


#33

As I need a working FP2 I cannot try myself. Therefore again to make it clear to me:

Does LOS 16.1. dispose of an own recovery like Google Android? If so, it is clear that I cannot back-up with this recovery but it would be possible to encrypt and to reboot encrypted phone.

If so, could I wipe on my phone everything of existing encrypted LOS 15.1 and format data partition with ext4 and install then via adb without TWRP LOS 16.1.?
If I then encrypt this 16.1. it should reboot.
Of course I have no backups via TWRP but I could live with this situation as mails, calendar and contacts are safe on the server of my provider.

Did anyone try?


#34

Hi,
soooooo…

It is not mandatory to have TWRP which supports encryption for normal workflows, like: install Lineage 16, upgrade from 15.1 to 16, upgrade from one nightly build of 16 to another one. This can be done without TWRP decryption support.
a) Install Lineage 16 and upgrading from 15.1: can be done through “adb sideload” or from SD card, or I think from /cache - if that’s big enough (never tried myself).
b) Updating from one nightly build to the next: can be done through the Lineage Updater and does not require a recovery that can decrypt - if this does not work, it’s a bug in either FP2 lineage or twrp.

What cannot be done without TWRP with decryption:
a) access and backup data from twrp
b) store a downloaded lineage zip and install it (when downloaded through browser).

Chris
PS1: What apparently also does not work at all (nothing to do with twrp) is upgrading from 14.1->15.1->16 with an ecrypted data partition.
PS2: Yes, there’s also a normal “lineage” recovery (but lineage does not deliver them through download afaik). This lineage recovery does not support encryption, but it does support the above workflows. It can be compiled from the lineage / android sources. If someone wants that, I can build it and upload it.


:de: Treffen in Hamburg für alle Fairphoner
#35

Many thanks for the detailed answer.

So i have to format my encrypted 15.1. data partition and to install 16.1 nightly via ADB. Of course data are lost. Then, as far as i understood, i can encrypt 16.1. Updates for 16.1 can be installed via LOS-updater. Also the question is, whether at least the apps can be backed-up via ADB. Did it in the past under Ubuntu with “adb backup -apk…”

For me it is not mandatory as i could use ADB in case i have to go back to a fresh install.

As travelling need my phone this week, but would try next week and report if there is no better solution in the meantime.


#36

I actually do not know. What I was told was that if you have encrypted with 14.1 and then go to 15.1 and then to 16 it does not work.

When you start from scratch in 15.1 and go to 16, this (I think) should work…

Chris

PS: I would try to save my apps with something like titanium backup (if there’s anything really important that is not saved to the cloud) and then just try.


#37

in this new topic https://forum.fairphone.com/t/lineage-16-0-android-pie-nightly/50287/6 two users report that an install with a previously encrypted data partiton worked well.

I erased the encryption before installing Los16 however if I want to restore now my data partition with TWRP, android starts an encryption process when booting…


#38

I’ve removed encryption and ‘convinced’ Android not to start encryption process at boot like described here: Lineage-16.0 (Android Pie) Beta


#39

gonna try this! thanks a lot for this hint!


#40

After updating to current signed/official LOS 16 versión, twrp’s decryption is no longer working for me either…