Hi,
I have CM10 running on my rooted Galaxy Nexus and I just enabled the disk encryption. However, I can't find any options what happens after a few failed attempts? I would like to reset and wipe my phone so that it will be usable, but without any of my data. Cerberus is flashed, so I think I'll have a better chance at recovering my phone if it's usable and not completely locked.
I have set a profile with tasker + secure settings to shutdown after 3 failed PIN attempts (which is different than the encryption password), so I should be save there and a thief would be forced to guess my much safer encryption password.
I know that I can do it with cerberus, but only manually.
Bonus point: Is there any possibility to use a pattern instead of a PIN for the display lock? It's unavailable after encrypting..
Nobody?
Related
So, turned on device encryption because it's company policy that portable devices containing sensitive data have to be encrypted. So now it prompts me for my password during start up. All well and good. But now I'm trying to figure out how to change my password. In the security settings, clicking on the encryption area does nothing. Not critical now but sooner or later I will need to change that password or if I sell the device, probably decrypt it first.
Not a word about encryption in the manual. Anyone have any idea on how to change that password? Will a factory reset result in a decrypted device?
Edit: Ok, turns out the startup password after encryption is the same as the screen lock password.
Hi,
I just bought Samsung Galaxy Note 3 and want to setup it like my old Galaxy Nexus. Also I want to stay with fully stock ROM for a while so I need to perform everything without root.
I need encryption set on my phone. Problem was that for some reason Samsung ROM does not allow PIN unlock on encrypted device. Password wasn't convenient so I searched for workaround for this.
Solution was to install Tasker+Secure Settings and change lock type to PIN just once. Everything was perfect, PIN lock was set permanently. BUT, when I rebooted the phone I wasn't able to decrypt storage with old password. My device can be only decrypted with new PIN now.
How the hell that could be? I believed that when I set encryption password it will be used for decryption. Obviously for me now, it's not.
My question is: what encryption key is used for data decryption in Android? You can change password or PIN and decrypt device with it easily. In other words: what data (encryption key) should be hacked in order to decrypt the phone and where is it?
What options are almost as secure as "secure startup" (PIN on boot)? How close?
So I have a bootloader unlock, TWRP'd HTC 10 and I know that the Nexus 6P and many newer devices allow you to enable secure startup. When you set security to PIN, MM asks you if you want to require the PIN to boot the device. If you say yes, during boot the number keypad will be presented and you have 30 tries to enter the right PIN or it erases your device. Unfortunately, with this option enabled when I flash themes (tried different ROMs, different sources), it almost always hangs just before presenting this keypad with a message that says "Preparing Settings". The screen is normal with secure startup, but after a time it proceeds to the keypad. Anyway, I want to be secure so I've left it enabled and then I forget, flash a theme, and bang - phone is screwed up.
I believe that if I don't enable this then the data system is encrypted, and I know when I boot into TWRP it asks for a PIN to decrypt and mount data. If I encrypt my SD and store the TWRP backups there, (or password protect the backups) wouldn't that protect me from someone getting into one of those? At least the data partition? And any malcontent couldn't generate a new one including data to browse because they wouldn't be able to mount data in the first place without the PIN, right? If all this is true then I'm not sure what they could get with just the system partition (and boot and recovery of course)...
Can anyone shed light onto whether secure startup is really buying me anything with these other precautions in place, and if you think secure startup is worth it? Thanks!
If I had to be flat out honest. I personally think that is over kill. People are not after the data on the device and cant get past a simple password lock.
90% of the time the device is wiped before it is ever booted completely after it is stolen.
I have a Moto Z with stock image, Magisk Root and Turbo Z Custom Kernel.
As far as I see everything is fine except two one things:
1. Sometimes downloads aren't starting at all. Which is very weird because regular surfing with Chrome works flawlessly. But if I want to watch a video from YouTube (regardless whether YouTube app or within Chrome) the video won't play sometimes. The same happens with F-Droid downloads. Sometimes an installation/updated doesn't even start the download. The network is fine (it works perfectly with any other device).
2. I have a screenlock set up but I don't think there is encryption active. I have to type the password just once (device boots to GUI then SIM pin, then unlock PIN). On encryption the unlock PIN have to be entered bevore booting into the GUI — right? However, Security Settings claims that the phone is encrypted. I wanted to set / change the password with cryptfs password manager but the app doesn't even start claiming 'cannot get superuser access' (maybe it's not compatible to Magisk?). Is it possible to change/set the password in this state without risking data loss?
The stock kernel enforces encryption, the z-kernel doesen't. However, your stock kernel already did its deeds. So if you really want to remove encryption, here is what you might want to do:
Remove all phone passwords (pin/password/pattern etc), then make a backup of everything. (If you don't & then restore such a backup, you'll always end up with password/pin/pattern mismatch).
Then boot into TWRP recovery and format(!) data partiton (erase just doesn't cut it..). If there's still a problem, change data's filesystem to ext4 and then back to f2fs - that should remove any nasty residual settings.
Then reboot & enjoy. Maybe you can restore the backed-up data files to the unencrypted partition now, but I wouldn't bet on it...
Hi again @benzinerwin
However, I don't want to remove encryption. I want to enable it.
It says that it is enabled in settings but I strongly doubt that it actually is.
Just change the password, opt for boot password (or whatever it's called), boot into TWRP and see if it asks for password/pattern to unlock access to the data partition...
If you cannot get there, just do the above, end up with an unencrypted data partition and the go through the settings and trigger the encryption with boot pass etc...
benzinerwin said:
Just change the password, opt for boot password (or whatever it's called[…]
Click to expand...
Click to collapse
That was it
In retrospective this is pretty obvious. Thank you.
Now just the problem with the struggling downloads is left.
Hmm, about the strange download problem... that pretty much sounds like an app not having all the requested rights (look through all the settings, not just the app's properties... [sigh])
But it affects all apps. Even Chrome. Regular surfing is fine but for example loading a YouTube file sometimes doesn't even start.
Hi all,
I just tryed to add a company account to my phone. During this process I was asked to add a new Administrator. Just after confirm, the phone unmonted the SD card and wanted to encrypt the phone. How to reverse?
The phone is still not encrypted and I don't want the encryption. But I cannot mount my SD card without encryption and I cannot change any security setting (only password is available as lock screen - till now I have a PIN). And, I cannot clear the certificate memory (Clear credentials is grayed).
I removed the exchange account, but this does not help.
I'm using a stock GT-I9506 with 5.0.1
Thanks for any help.
solved
I fount the solution. After selecting password as lock screen I started the encryption. During the last confirmation I aborted. After that all was like before.