English

Phone encrypted, pin not asked?

Hi
I have my phone encrypted. In the beginning, I was asked for the pin at startup. Now, after reboot or even a (short) shutdown, the phone boots fine, does not ask for pin, and has access to the supposedly encrypted /data… Settings say phone is encrypted, /data is on a dm-0 partition, which would be expected for a crypt partition. Does the hardware keystore stay unlocked? Anybody else does experience this?

Could be a software bug in FP-OS(OS) putting the encryption key to chip-internal keystore without actually protecting it with the password. Did you try removing the battery as well? But normally even without removing the battery it definitely should ask for the password!

No, I didn’t try that yet, though I should, for those reasons… But yes, it should not unlock the key… Probably will test shutting completely down and remove battery this weekend…

Can you post the contents of your /fstab.qcom or similar (but should be named like that on the FP2 since it uses the qcom platform)? I would be interested if there is a parameter encryptable= present and where it points to.

I assume this issue is closely related to not being able to access encrypted /data from recovery discussed in this thread:

Yap, there is:

(What is the right quote command when posting from mobile?)

Klaus

You could try to dump the cryptofooter and check what is there. See this article:

Hmm,I guess the footer is at the end of the partition? Up to now I didn’t find anything at the start. In omnirom it was at the end. But the skip option in dd doesn’t seem to work. It dumps more than should be left

There is an issue with some dd versions in busybox, if you use the “real” dd it should work. Or just dump the partition via adb to the desktop and then use dd there.

And yes, the footer is supposed to be at the very end of the partition - that’s why it’s called footer and not header. :smile:

Ok, with /system/xbin/dd everything worked fine (/system/xbin/dd if=/dev/block/platform/msm_sdcc.1/by-name/userdata of=footer skip=27845900000 ibs=1). The crypto footer is there, in the expected format.

Will have to remove battery, to check.

Edit: did not help. Had the battery removed for at least two minutes, and also pressed power button, for a good measure… No pin was necessary

Well then…since you have backup of your data now (I hope you pulled the whole partition!): Do a factory reset (wipe data), make some basic setup (but without encryption), extract the crypto footer and compare them.

Hello,

I have the same problem. Up to date OS, factory reset my FP2 and re-cypher my storage. But it never asked for a pin. So anybody could start it, and personal data are viewable at startup wthout pin (lockscreen for example).

You could use the app snooper stopper from f-droid to reset your encryption password.

Android users a terrified encryption method, one key is tight to the hardware, the other I’d yours. So the file should still be encrypted with your hardware key. In any case, you can add/edit your personal key with the app mentioned. This way you can also have a different password for encryption and screen lock.

For more details see

Thank you, explainations are quite clear (subject is hard) it will help me finding a solution.
But my device is running stock OS FP2 version : non rootable … so cannot use this app.

Rootable it is, but I don’t know if you want to root it only for that purpose.

I don’t and with my knew knowledge, I found out that I missed a screen lock pin or password in Setup>Security.
Now FP2 at boot ask me for a PIN before anything else.

Thank a lot.