Develop Bugs

Question on "Phone Encryption"

Hey guys, sorry if this has been answered somewhere else, but I just want to confirm my understanding about encryption.
I'm setting up MobileIron and TouchDown for my work email and paused when the IT policy asked me to encrypt my phone.
So, is doing encryption will make it impossible for us to flash rom, radio, any kind of flashing + impossible to do all other things in CWM - due to the partition is being locked and encrypted before the device boots up?
(I'm not good to explain it technically, hopefully you get what I mean).
Slower boot time? The only way to decrypt is to factory reset and wipe all data? Impossible to backup nandroid? etc etc...
Of course the device would be more secure from the company's security point of view, but is that it?
I'm pretty sure there's no other workaround if I want to setup my phone with work email, since of course the IT policy applies to all employees so I can't ask for an exception.
At the same time I don't want to lose my ability to flash just because of the work email, it defeats the purpose of me having Android (which is to tweak and mess with my phone).
I came from SGSII where the IT policy only enforces PIN/password/pattern requirement, or perhaps because SGSII doesn't have encryption capability.
Appreciate your comment and opinion guys.

Hopefully someone knows.

kisekio said:
Hey guys, sorry if this has been answered somewhere else, but I just want to confirm my understanding about encryption.
I'm setting up MobileIron and TouchDown for my work email and paused when the IT policy asked me to encrypt my phone.
So, is doing encryption will make it impossible for us to flash rom, radio, any kind of flashing + impossible to do all other things in CWM - due to the partition is being locked and encrypted before the device boots up?
(I'm not good to explain it technically, hopefully you get what I mean).
Slower boot time? The only way to decrypt is to factory reset and wipe all data? Impossible to backup nandroid? etc etc...
Of course the device would be more secure from the company's security point of view, but is that it?
I'm pretty sure there's no other workaround if I want to setup my phone with work email, since of course the IT policy applies to all employees so I can't ask for an exception.
At the same time I don't want to lose my ability to flash just because of the work email, it defeats the purpose of me having Android (which is to tweak and mess with my phone).
I came from SGSII where the IT policy only enforces PIN/password/pattern requirement, or perhaps because SGSII doesn't have encryption capability.
Appreciate your comment and opinion guys.
Click to expand...
Click to collapse
Once your device is encrypted you won't be able to flash roms because recovery can't see the SD when you try to flash a kernel or rom.
You can't remove the encryption through a factory reset if your device is rooted and running CWM recovery. It will fail and the phone just boots up as normal. The only way I was able to remove encryption was to ADB/Fastboot the stock images onto my Nexus.
Lastly, I noticed the phone being very slow to boot with encryption.
Until Google give the option to decrypt I won't go near encryption again. Hope this helps and answers some of your questions.

jd1001 said:
Once your device is encrypted you won't be able to flash roms because recovery can't see the SD when you try to flash a kernel or rom.
Click to expand...
Click to collapse
I assume any kind of flashing won't work with encryption, including rom, kernel, radio, circlesmod, and all other kinds of mods that require flashing from CWM.
Is that correct?
If that's the case looks like I'm not going to use my work email on my phone.

Yeah your assumptions are correct!

jd1001 said:
Once your device is encrypted you won't be able to flash roms because recovery can't see the SD when you try to flash a kernel or rom.
You can't remove the encryption through a factory reset if your device is rooted and running CWM recovery. It will fail and the phone just boots up as normal. The only way I was able to remove encryption was to ADB/Fastboot the stock images onto my Nexus.
Lastly, I noticed the phone being very slow to boot with encryption.
Until Google give the option to decrypt I won't go near encryption again. Hope this helps and answers some of your questions.
Click to expand...
Click to collapse
I'm in exactly the same situation, unfortunately found out that i can't decrypt it with factory reset after I'm already encrypted
Do you happen to know good tutorial for flashing via ADB/fastboot?
I flashed my CM10 4.1.1 using galaxy nexus toolkit

http://forum.xda-developers.com/showthread.php?t=1830108 You're welcome.

[Q] How to Root/use Recovery on a fully encrypted International Note 2 LTE?

Hi all,
I recently got a HK N7105 and because it lacked the possibility to use a french keyboard I upgraded to a stock unbranded ROM from Sweden (XXDLL1) and succesfully rooted with the relevant CF_autoroot through Odin. Also installed TWRP 2.3.3.1.
Then, I connected the Note 2 to my corporate exchange server which enforced a full encryption policy (device and external SD card) so I had to type in a password at each boot time (with a "nice" swedish prompt that took ma while to decypher), plus a password to unlock the screen. All was well as the root survived the process.
Next I upgraded to a later stock ROM from France (XXDLL4 from SFR) to try and get rid of the swedish prompt. That worked fine (and root was loast in the process, as expected) but I hated the branded stuff so much I reverted to XXDLL1 until a proper unbranded "english" or "french" ROM is available.
At this point I decided to root again. I was running XXDLL1 like the first time and used the same autoroot tar from Chainfire. Except my Note 2 was still encrypted and after that it would not accept my boot password (a four digit PIN) anymore so I was guted and had to factory reset and root then reinstall everything before reconnecting to the exchange server.
Question 1: Does anyone know of a safe, proven way to root a fully encrypted Samsung device so I can go another upgrade without having to wipe the device first?
Why reinstall everything? Why not backup everything first so you can restore after the wipe? Well, it so happens that no recovery (at least neither CWM or TWRP) can read any encrypted media on the Note 2 at the moment. And no Recovery can actually fully backup the device as well.
Question 2: Does anyone know of a proper way to handle this situation with minimum hassle?
So far, the best I can think of is doing a Titanium backup and FTP the files to my NAS so I can retrieve them later. But (Question 3) will this be enough to restore my phone to the expected state after a stock firmware upgrade?
Thanks in advance,
François

frankieGom said:
Hi all,
I recently got a HK N7105 and because it lacked the possibility to use a french keyboard I upgraded to a stock unbranded ROM from Sweden (XXDLL1) and succesfully rooted with the relevant CF_autoroot through Odin. Also installed TWRP 2.3.3.1.
Then, I connected the Note 2 to my corporate exchange server which enforced a full encryption policy (device and external SD card) so I had to type in a password at each boot time (with a "nice" swedish prompt that took ma while to decypher), plus a password to unlock the screen. All was well as the root survived the process.
Next I upgraded to a later stock ROM from France (XXDLL4 from SFR) to try and get rid of the swedish prompt. That worked fine (and root was loast in the process, as expected) but I hated the branded stuff so much I reverted to XXDLL1 until a proper unbranded "english" or "french" ROM is available.
At this point I decided to root again. I was running XXDLL1 like the first time and used the same autoroot tar from Chainfire. Except my Note 2 was still encrypted and after that it would not accept my boot password (a four digit PIN) anymore so I was guted and had to factory reset and root then reinstall everything before reconnecting to the exchange server.
Question 1: Does anyone know of a safe, proven way to root a fully encrypted Samsung device so I can go another upgrade without having to wipe the device first?
Why reinstall everything? Why not backup everything first so you can restore after the wipe? Well, it so happens that no recovery (at least neither CWM or TWRP) can read any encrypted media on the Note 2 at the moment. And no Recovery can actually fully backup the device as well.
Question 2: Does anyone know of a proper way to handle this situation with minimum hassle?
So far, the best I can think of is doing a Titanium backup and FTP the files to my NAS so I can retrieve them later. But (Question 3) will this be enough to restore my phone to the expected state after a stock firmware upgrade?
Thanks in advance,
François
Click to expand...
Click to collapse
I think using Exynos Abuse apk will do the work
http://forum.xda-developers.com/showthread.php?t=2050297

Thanks for the heads up, I'll look into it. But to be clear, that answers question 1, correct?
Sent from my GT-N7105 using xda app-developers app

frankieGom said:
Thanks for the heads up, I'll look into it. But to be clear, that answers question 1, correct?
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
Yes that's a way to root the device.
Regarding encryption, very few people on xda seem to use it. So for that reason you'll have trouble finding out what works... I do use it though through choice so I can help you a bit.
When you encrypt the device, just consider /data to be off limits to anything not booted fully. That's why it asks you for your key in swedish - it can't see what language is in use until you unlock /data.
You will have issues using recovery with the device, since they can't read /data. You can use an external sd to perhaps load data to the device though.
I believe that TWRP might soon support the Samsung encryption on the device, meaning you could use it as recovery. Once you have a recovery that supports Samsung encryption, you should be able to consider it a fairly normal device.
Just be more cautious to backup your data as it is hard to recover if something goes wrong...

If your using stock rom 4.1.2, exynos abuse method of root will not work. It's been patched
Sent from my GT-N7100 using xda app-developers app

pulser_g2 said:
Yes that's a way to root the device.
Regarding encryption, very few people on xda seem to use it. So for that reason you'll have trouble finding out what works... I do use it though through choice so I can help you a bit.
When you encrypt the device, just consider /data to be off limits to anything not booted fully. That's why it asks you for your key in swedish - it can't see what language is in use until you unlock /data.
You will have issues using recovery with the device, since they can't read /data. You can use an external sd to perhaps load data to the device though.
I believe that TWRP might soon support the Samsung encryption on the device, meaning you could use it as recovery. Once you have a recovery that supports Samsung encryption, you should be able to consider it a fairly normal device.
Just be more cautious to backup your data as it is hard to recover if something goes wrong...
Click to expand...
Click to collapse
Fine, I understand. As long as I have a way to recover my data if I need to wipe I'm okay... I just have to hope Titanium backup gives me that until TWRP can manage encruption on the Note 2.
I'm really waiting for a stock rom that boots in English or French now.
Sent from my GT-N7105 using xda app-developers app

vash_h said:
If your using stock rom 4.1.2, exynos abuse method of root will not work. It's been patched
Sent from my GT-N7100 using xda app-developers app
Click to expand...
Click to collapse
Not the case with xxdll1. When was it patched, xxdll4 or xxdll7?
Sent from my GT-N7105 using xda app-developers app

frankieGom said:
Not the case with xxdll1. When was it patched, xxdll4 or xxdll7?
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
I am on Stock 4.1.2 and Exynos Abuse did work on my device, it's successfully rooted using the Exynos AbuseAPK on 4.1.2 :good:

OK, now I have been experimenting a bit with backups and upgrade and have trouble restoring my device fully. Let me explain...
I got hold of a TWRP build that seems to handle Samsung encryption fine through one of the TWRP devs (thanks!), so I decided to go back and try to update my device.
Current ROM: N7105XXDLL1_N7105TLADLL1_N7105XXDLK7_HOME.tar (obtained from Samsung Updates)
New ROM: N7105XXDLL7_N7105OLBDLL2_N7105DXDLL1_HOME.tar (obtained from Samsung Updates)
First I performed a complete Titanium Backup on the device and pulled the files to my laptop using ADB.
Then I restarted into TWRP 2.4.0.0 (got a prompt for my password), performed a full backup and pulled the files to the laptop using ADB.
(for some reason, I could not install the new ROM from TWRP (unable to open ZIP), but the ZIP looked OK, as well as after a second download which TWRP since did not like, so I had to use Odin instead).
Next, I flashed DLL7 with Odin. It worked, asked for the password at boot, but the device was unrooted at this point (I expected that).
Then, I flashed CF-Auto-Root-t0lte-t0ltexx-gtn7105.tar from Odin, but the boot up password would not be accepted anymore as I already knew.
Tried to flash DLL7 again from Odin, same thing
Flashed TWRP back on recovery partition, but on startup it would not ask for password anymore and the external sdcard looked empty to it.
I then copied my backup to a different, non encrypted sdcard and could restore from TWRP but the password would still not work after reboot.
I did a factory reset, restored backup, same result.
At this point I decided to factory reset, wipe Dalvik and format /data. The format did the trick and after TWRP restore of my original back up the device booted up, did not ask for password and all my data was there. Except the Exchange account I use for Corporate email wants me to restore encryption in order to work (I expected that too).
Back at DLL1, so I flashed DLL7 again with Odin (OK), rooted the phone, triangled away the flash counter and reflashed TWRP to recovery.
I was where I wanted to be except for one thing: I need to restore Corporate access. But when I let it encryp the phone it does nothing. I let it through the night and nothing). And if I reboot the phone no password is needed at boot time, yet the phone seems to behave as if it thought the device was still encrypted...
I reflashed my original, full, backup (i.e DLL1) succesfully but Exchange still wants to encrypt my device. Isn't restore supposed to restore the encrypted /data I backed up?
At this point I'm left with possibly tryinjg to go back to full factory settings, not use the backup at all, encrypt the device then restore my data from the Titanium backup I made.
Is there a better option?

[edited jan 18 - TWRP/TB behaviour]
My comments apply to encrypted devices only! I am not trying to talk down TWRP or TB here, as they provide splendid performance on non encrypted devices. I have come upon hard time trying to upgrade/restore an encrypted device using thoise tools, that's all
For those considering upgrading & re-rooting encrypted devices, don't!
I am finding the hard way that this is a one way street. At this point, my TWRP made full backup does not restore the device to the expected status. Each time I apply it, subsequent bootup takes several minutes and I end up going through the initial setup procedure. It seems the device for some reasoin goes through a complete reset procedure.
[edit]
Clarification: The TWRP build I use, 2.4.0.0 is an alpha build and I was not current when I restored my backup. I so happens that it was overwriting the encryption header on the partition, which messed things up bad, and had issues writing back the data partition, ending up in a factory reset status!
Using the latest drop as of today (jan 27) I was able to restore my original backup and am now back to my original state. All is well.
[/edit]
Titanium Backup is none better. It keeps telling me that my Android ID has changed, a host of system applications start to fail when I try to restore and generally speaking I have now spent between a good 20 hours trying to simply restore my data.
[edit]
this behaviour is probably linked to encryption. I know for a fact that TB works very well on non encrypted phones. The 20h figure is overall, not just with TB.
[/edit]
The end story is: root before you encrypt, and either don't upgrade or don't re-root if you do! If you do, be prepared for some rough times...
Unless someone has a cleat idea of how to do this properly without losing all your data, that is.
François

frankieGom said:
For those considering upgrading & re-rooting encrypted devices, don't!
I am finding the hard way that this is a one way street. At this point, my TWRP made full backup does not restore the device to the expected status. Each time I apply it, subsequent bootup takes several minutes and I end up going through the initial setup procedure. It seems the device for some reasoin goes through a complete reset procedure.
Titanium Backup is none better. It keeps telling me that my Android ID has changed, a host of system applications start to fail when I try to restore and generally speaking I have now spent between a good 20 hours trying to simply restore my data.
The end story is: root before you encrypt, and either don't upgrade or don't re-root if you do!
Unless someone has a cleat idea of how to do this properly without losing all your data, that is.
François
Click to expand...
Click to collapse
I have had no issues despite doing upgrades, with and without wipes.
Titanium is fine, just stop restoring system app data. Seriously, what data do you have in a system app that you want to restore.
Restore your user apps, their data, and the xml based call, sms, Wifi backups. It will work fine.
Device ID isn't a problem - it's just trying to help you.

pulser_g2 said:
I have had no issues despite doing upgrades, with and without wipes.
Titanium is fine, just stop restoring system app data. Seriously, what data do you have in a system app that you want to restore.
Restore your user apps, their data, and the xml based call, sms, Wifi backups. It will work fine.
Device ID isn't a problem - it's just trying to help you.
Click to expand...
Click to collapse
Sorry if I came across dissing Titanium Backup and/or TWRP. This was not the intent... I am sure both tools work real nice in general cases (and I have had success restoring data on a Jetstream before).
My main issue here is _full device encryption_ enforced by my company's corporate IT to allow me on the corporate exchange server. Do you have full device encryption on?
On my device, even after a full wipe and flashing a fresh stock rom Titanium Backup just did not work as I hoped. When I had to confirm individual popups of apps closing unexpectedly while it was proceeding and got nothing back in the end, what was I supposed to think? It could be that I don't understand how TB works... I was neither able to restore missing apps after the flash (missing apps: 0) nor installed apps data (they would close unexpectedly when started after restoring the back up). So I say: until full operation of TB on encrypted devices is documented, I will stay away from it, even though I am a registered user (and I do not plan to seek reimbursment)!
Anyway, I got to a belated happy ending (previous post edited).

frankieGom said:
Sorry if I came across dissing Titanium Backup and/or TWRP. This was not the intent... I am sure both tools work real nice in general cases (and I have had success restoring data on a Jetstream before).
My main issue here is _full device encryption_ enforced by my company's corporate IT to allow me on the corporate exchange server. Do you have full device encryption on?
On my device, even after a full wipe and flashing a fresh stock rom Titanium Backup just did not work as I hoped. When I had to confirm individual popups of apps closing unexpectedly while it was proceeding and got nothing back in the end, what was I supposed to think? It could be that I don't understand how TB works... I was neither able to restore missing apps after the flash (missing apps: 0) nor installed apps data (they would close unexpectedly when started after restoring the back up). So I say: until full operation of TB on encrypted devices is documented, I will stay away from it, even though I am a registered user (and I do not plan to seek reimbursment)!
Anyway, I got to a belated happy ending (previous post edited).
Click to expand...
Click to collapse
Yup I use device encryption Enabled manually, but it's the same encryption.
You should find that titanium shouldn't even be aware of it - the encryption is transparent!
I wonder... I'm sure lenny had that issue on a recent 4.1.2 "stock" ROM... And he doesn't use encryption...
I personally have had no issues with titanium on an encrypted device anyway
I notice you were using the newest rom - that's the one lenny had issues on.

pulser_g2 said:
Yup I use device encryption Enabled manually, but it's the same encryption.
You should find that titanium shouldn't even be aware of it - the encryption is transparent!
I wonder... I'm sure lenny had that issue on a recent 4.1.2 "stock" ROM... And he doesn't use encryption...
I personally have had no issues with titanium on an encrypted device anyway
I notice you were using the newest rom - that's the one lenny had issues on.
Click to expand...
Click to collapse
Exactly like I thought, encryption should be transparent to Titanium Backup since it runs within the OS.
I have had problems restoring into 4.1.2 DLL1 (the build I came from) and DLL7 (the one I was trying to go to)
The point is moot anyway since the DLL7 I tried was actually branded (Singtel stuff all around the launcher) and did not include French, which is why restoring my TWRP backup was a tempting proposition.
Good to know TB runs fine with encryption as well. What ROM are you running?
François

frankieGom said:
Hi all,
I recently got a HK N7105 and because it lacked the possibility to use a french keyboard I upgraded to a stock unbranded ROM from Sweden (XXDLL1) and succesfully rooted with the relevant CF_autoroot through Odin. Also installed TWRP 2.3.3.1.
Then, I connected the Note 2 to my corporate exchange server which enforced a full encryption policy (device and external SD card) so I had to type in a password at each boot time (with a "nice" swedish prompt that took ma while to decypher), plus a password to unlock the screen. All was well as the root survived the process.
Next I upgraded to a later stock ROM from France (XXDLL4 from SFR) to try and get rid of the swedish prompt. That worked fine (and root was loast in the process, as expected) but I hated the branded stuff so much I reverted to XXDLL1 until a proper unbranded "english" or "french" ROM is available.
At this point I decided to root again. I was running XXDLL1 like the first time and used the same autoroot tar from Chainfire. Except my Note 2 was still encrypted and after that it would not accept my boot password (a four digit PIN) anymore so I was guted and had to factory reset and root then reinstall everything before reconnecting to the exchange server.
Question 1: Does anyone know of a safe, proven way to root a fully encrypted Samsung device so I can go another upgrade without having to wipe the device first?
Why reinstall everything? Why not backup everything first so you can restore after the wipe? Well, it so happens that no recovery (at least neither CWM or TWRP) can read any encrypted media on the Note 2 at the moment. And no Recovery can actually fully backup the device as well.
Question 2: Does anyone know of a proper way to handle this situation with minimum hassle?
So far, the best I can think of is doing a Titanium backup and FTP the files to my NAS so I can retrieve them later. But (Question 3) will this be enough to restore my phone to the expected state after a stock firmware upgrade?
Thanks in advance,
François
Click to expand...
Click to collapse
About a backup : have you tried Online Nandroid (Playstore) (or similar, based on Onandroid) ? This makes a CWM or TWRP compatible backup while the device is running (everything should be unencrypted at this moment).
See http://forum.xda-developers.com/showthread.php?t=1620255
About rooting : you can try the same trick as above, by using ADB-shell and pushing the needed files to root to the device while it is running.
For my S3 there is a Toolkit that automates all this (http://forum.xda-developers.com/showthread.php?t=1703488), maybe there is something similar for your device ?
If not, you should still be able to do it using manual ADB-pushing.
I'm sorry I can't give you detailed instructions about the rooting as I'm not familiar with your device. Search here on XDA and you'll find more details.

pat357 said:
About a backup : have you tried Online Nandroid (Playstore) (or similar, based on Onandroid) ? This makes a CWM or TWRP compatible backup while the device is running (everything should be unencrypted at this moment).
See http://forum.xda-developers.com/showthread.php?t=1620255
About rooting : you can try the same trick as above, by using ADB-shell and pushing the needed files to root to the device while it is running.
For my S3 there is a Toolkit that automates all this (http://forum.xda-developers.com/showthread.php?t=1703488), maybe there is something similar for your device ?
If not, you should still be able to do it using manual ADB-pushing.
I'm sorry I can't give you detailed instructions about the rooting as I'm not familiar with your device. Search here on XDA and you'll find more details.
Click to expand...
Click to collapse
Thanks for the suggestions, and no I had not tried Online Nandroid as I was not aware of it. Anyway, my main issue is now resolved since TWRP has include support for Samsung TouchWiz based encryption in 2.4 and that works well.
For those interested, the only remaining issues I have with TWRP regarding encryption are that if you want to format /data from TWRP (say, to remove encryption) it will fail unless you _do not_ enter the password at boot, and the TWRP formated /data cannot be re-encrypted (you must use stock recovery to factory reset/wipe the device or else the encryption step will sit deat in the water doing nothing). I suppose the second one is a bug that will be fixed in a later version.
I will check Online Nandroid out anyway, being able to make a backup from a live system sounds good!
François

frankieGom said:
Thanks for the suggestions, and no I had not tried Online Nandroid as I was not aware of it. Anyway, my main issue is now resolved since TWRP has include support for Samsung TouchWiz based encryption in 2.4 and that works well.
For those interested, the only remaining issues I have with TWRP regarding encryption are that if you want to format /data from TWRP (say, to remove encryption) it will fail unless you _do not_ enter the password at boot, and the TWRP formated /data cannot be re-encrypted (you must use stock recovery to factory reset/wipe the device or else the encryption step will sit deat in the water doing nothing). I suppose the second one is a bug that will be fixed in a later version.
I will check Online Nandroid out anyway, being able to make a backup from a live system sounds good!
François
Click to expand...
Click to collapse
I have a similar issue. I had the device encrypted and decided to ROOT (using CF-AutoRoot). Unfortunately I cannot bypass the password screen now, although I know that I'm entering the right password. You are saying that if I flash TWRP everything will be fine?

ludovicianul said:
I have a similar issue. I had the device encrypted and decided to ROOT (using CF-AutoRoot). Unfortunately I cannot bypass the password screen now, although I know that I'm entering the right password. You are saying that if I flash TWRP everything will be fine?
Click to expand...
Click to collapse
Two separate things:
Root messing up encrypted touchwiz devices and twrp not handling touchwiz encrypted partitions properly.
The 2nd one, as much as I can tell, is fixed since before 2.5 so if youwork with the latest (2.6) you should be fine.
The first one I haven't played with in a while, but my finding is that you don't want to root a device once it's been encrypted. I've tried several different methods including rooting as you flag as is possible with twrp and all end up the same:the password is not recognised anymore!
The only thing that works for me is rooting before encrypting or only flashing pre-rooted ROMs.

frankieGom said:
Two separate things:
Root messing up encrypted touchwiz devices and twrp not handling touchwiz encrypted partitions properly.
The 2nd one, as much as I can tell, is fixed since before 2.5 so if youwork with the latest (2.6) you should be fine.
The first one I haven't played with in a while, but my finding is that you don't want to root a device once it's been encrypted. I've tried several different methods including rooting as you flag as is possible with twrp and all end up the same:the password is not recognised anymore!
The only thing that works for me is rooting before encrypting or only flashing pre-rooted ROMs.
Click to expand...
Click to collapse
Yes - I had to factory reset the phone and format the SD Card. Never root AFTER encryption :silly:

[Q] Recovery and outdated device questions

Hello,
I got my Htc One on Day 1 that Verizon released it and rooted it using rumrunner, for both S-off and root access with no problems. I have since to update my phone. I would like to update my phone to the latest radios and firmware, and start flashing custom roms.
My problem is I cannot make a backup from TWRP, my company required me to encrypt my phone to get work email but I have since had them remove the encryption but it seems that TWRP is still requesting a password to decrypt my data. I use the same password that I was using to encrypt my device but it says that it is wrong. I was thinking of factory resetting my phone but since there is no SD card will all the data that I have on my internal storage, i.e. the different backs ups I made from various apps still be on the internal storage or will they be deleted too.
Also once the encryption problem is resolved what is the best way to update my phone
Thanks
geterdone11

geterdone11 said:
Hello,
I got my Htc One on Day 1 that Verizon released it and rooted it using rumrunner, for both S-off and root access with no problems. I have since to update my phone. I would like to update my phone to the latest radios and firmware, and start flashing custom roms.
My problem is I cannot make a backup from TWRP, my company required me to encrypt my phone to get work email but I have since had them remove the encryption but it seems that TWRP is still requesting a password to decrypt my data. I use the same password that I was using to encrypt my device but it says that it is wrong. I was thinking of factory resetting my phone but since there is no SD card will all the data that I have on my internal storage, i.e. the different backs ups I made from various apps still be on the internal storage or will they be deleted too.
Also once the encryption problem is resolved what is the best way to update my phone
Thanks
geterdone11
Click to expand...
Click to collapse
Everything you need is in this thread -
http://forum.xda-developers.com/showthread.php?t=2485319
Just download the newest rom, download the newest firmware package. Put the rom on your SD card, put the firmware in your adb / fastboot firectory etc.....instructions should all be on that page.
Flash the firmware first, get the newest version of TWRP from the original development section here, flash it next, then flash the new sense 6 / 4.4.2 rom from recovery. Profit. You are s-off, so should be easy. I don't think your encryption glitch will even effect the process. And if you mess something up, since you are s-off you can just RUU back to stock. Hope this helps.

Phone storage encryption - tips, things to avoid, or general advice?

(Verizon HTC One M9, S-OFF, bootloader *** UNLOCKED ***, Software status: Official, TWRP recovery installed, Android version 5.0.2, HTC Sense version 7.0 Software number 1.33.605.15)
I'm anticipating a requirement in my near future to turn on "Phone storage encryption (Protect content on this phone with a password)" under Settings -> Security. When I did this under similar circumstances on my HTC One M7, it seemed to adversely affect the performance of the phone. I encountered a lot of random freezes at various points (after entering my unlock PIN, waking up the phone, switching apps, even occasionally during phone calls).
In fairness, I had a lot of stuff on internal storage on my old phone - pictures, audio, etc. - that I now store on my 32GB microSD card on the M9. Nonetheless, the prospect of encrypting my internal storage is intimidating, especially because it's apparently a one-way operation, and there's No Going Back if the phone performance starts to lag as the old phone's did.
Has anyone else experienced any similar troubles after turning on Phone storage encryption? Also, I'm not averse to moving off of the HTC stock ROM; I just haven't done it yet. Is there a particular ROM that seems to perform better -- or worse -- with encrypted internal storage?
Thanks.

Good question and I realy would like to join in.
Normaly Google says, since Android 5 Storage encryption should be standard and phones with native Android 5 should have hardware accelerated encryption. But there is no information thats says which phone have this hardware accelerated encryption.
And in addition most phones with native android 5 don't have standard encryption activated.
So is there anyone who tested the M9 with storage ecryption?
\Edit:
This article says AES comes with ARMv8 wich is used in Snapdragon 810 http://www.chip.de/news/Rueckzieher...sselung-in-Android-5.0-Lollipop_76997991.html

encryption disabled dial pad and texting
I have a sprint M9, twrp recovery, rooted, and flashed Viperone ROM.
Everything was working great.
Because of work email needs and the need for Microsoft Exchange, I had to encrypt the phone. So I did.
After encryption, I cannot make outbound calls. I receive calls. Just cannot dial them. Seems like the problem is with the dial pad. Lets me enter the number, but when I hit "call" it just goes away. I cannot type internal phone commands like ##1234## to get information. Just disappears.
Also, I cannot send or receive text messages.
I went into TWRP to revert back to my backup. And of course no backup is there. Everything is encrypted and unreadable by TWRP. I have read a lot on these boards and thank you. I cannot find much written on this subject.
Sprint reports everything is fine and working on their end.
So frustrated. Seems like an easy setting or fix. The dial pad is not reading something from an encrypted file?
Sorry for the ignorant language. I am very new at all this. Any ideas?

crk53 said:
I have a sprint M9, twrp recovery, rooted, and flashed Viperone ROM.
Everything was working great.
Because of work email needs and the need for Microsoft Exchange, I had to encrypt the phone. So I did.
After encryption, I cannot make outbound calls. I receive calls. Just cannot dial them. Seems like the problem is with the dial pad. Lets me enter the number, but when I hit "call" it just goes away. I cannot type internal phone commands like ##1234## to get information. Just disappears.
Also, I cannot send or receive text messages.
I went into TWRP to revert back to my backup. And of course no backup is there. Everything is encrypted and unreadable by TWRP. I have read a lot on these boards and thank you. I cannot find much written on this subject.
Sprint reports everything is fine and working on their end.
So frustrated. Seems like an easy setting or fix. The dial pad is not reading something from an encrypted file?
Sorry for the ignorant language. I am very new at all this. Any ideas?
Click to expand...
Click to collapse
Hi
I know this is late on this thread, but I was wondering if and or how you resolved your dilemma? I'm considering encrypting my HTC m9 on 6.0

DGL2033 said:
Hi
I know this is late on this thread, but I was wondering if and or how you resolved your dilemma? I'm considering encrypting my HTC m9 on 6.0
Click to expand...
Click to collapse
HTC uses proprietary (non-AOSP) encryption. As a result, TWRP won't be able to decrypt your phone if you have encrypted it on a stock or stock-based ROM.
In theory, TWRP can decrypt when encryption is performed with an AOSP ROM (CyanogenMod, CandySiX, et cetera). Unfortunately, encryption - though functional - doesn't behave as expected even on these ROMs. Your phone will indeed be encrypted successfully, but some ROMs (CyanogenMod) won't re-boot after encryption and other ROMs will boot (CandySiX) but still not be decrypted by TWRP.
TLDR: If you want encryption, go for it but know that you're locked into that choice.

computerslayer said:
HTC uses proprietary (non-AOSP) encryption. As a result, TWRP won't be able to decrypt your phone if you have encrypted it on a stock or stock-based ROM.
In theory, TWRP can decrypt when encryption is performed with an AOSP ROM (CyanogenMod, CandySiX, et cetera). Unfortunately, encryption - though functional - doesn't behave as expected even on these ROMs. Your phone will indeed be encrypted successfully, but some ROMs (CyanogenMod) won't re-boot after encryption and other ROMs will boot (CandySiX) but still not be decrypted by TWRP.
TLDR: If you want encryption, go for it but know that you're locked into that choice.
Click to expand...
Click to collapse
Hey, thanks for the quick, informative reply. I may just hold off for now, as I'm likely to root after warranty is up. But,FYI, From what I read in the HTC user guide, I could undo the HTC encryption with a factory reset, which I would probably do when they stop updating, and I move to CM or other ROM at that point. I appreciate the advice greatly, as it sounds like personal experience, or you're well informed on the subject, or both.

DGL2033 said:
Hey, thanks for the quick, informative reply. I may just hold off for now, as I'm likely to root after warranty is up. But,FYI, From what I read in the HTC user guide, I could undo the HTC encryption with a factory reset, which I would probably do when they stop updating, and I move to CM or other ROM at that point. I appreciate the advice greatly, as it sounds like personal experience, or you're well informed on the subject, or both.
Click to expand...
Click to collapse
My pleasure!
To confirm, yes you can absolutely remove encryption via factory reset.

On my U11 (Oreo 8.0/currently stuck on ViperU2.1 as nothing else seems to boot) I can't seem to decrypt my device (its lagging a bit due to encryption I believe.)
It won't allow me to decrypt in Settings, nor will it decrypt on a hard reset, nor allow me to change it after a hard reset. And reflashing Viper still has phone encrypted.
Any tips?

Set up 5x as new Device or from Previous backup? (to best improve poor performance)

Hello,
My 5x became more less unusable so I had to factory reset it. Will setting it up as new device be more advantageous in terms of performance? Or should I stick with the backup and save my self a lot of time downloading everything?
I had this phone since it came out and I think I will be getting rid of it. It became laggy as hell and 2gb of ram just does not cut it, and now since I just upgraded from 6.0 to 6.0.1 my build number is MTC19V and for the life of me I cant find a way to decrypt it. Encrypted 5x is even worse (I've done both so had a feel for it with and without it)

neopl666 said:
Hello,
My 5x became more less unusable so I had to factory reset it. Will setting it up as new device be more advantageous in terms of performance? Or should I stick with the backup and save my self a lot of time downloading everything?
I had this phone since it came out and I think I will be getting rid of it. It became laggy as hell and 2gb of ram just does not cut it, and now since I just upgraded from 6.0 to 6.0.1 my build number is MTC19V and for the life of me I cant find a way to decrypt it. Encrypted 5x is even worse (I've done both so had a feel for it with and without it)
Click to expand...
Click to collapse
Check out this thread
https://www.reddit.com/r/nexus5x/comments/4nayhm/to_those_of_you_with_lag_force_closes_etc/
factory reset and set up as new google account to experiment and see if there is still lag. Just load up a couple of your most used apps to start.
I've run encrypted and unencrypted side by side on 2 5xs on same build with same exact software loaded and there was no noticeable difference within Android. I doubt your lag is because of encryption.
Also if you are running out of memory it just takes a little longer to switch to an app, it doesn't lag all the time. If it is lagging all the time, that is caused by something else.
Any chance you were running low on storage space? 2GB or less free? If so, there's a decent chance that was causing lag as EMMC drives don't perform well when they start getting full.
The way you run decrypted on MTC19V is the same as on previous releases. It hasn't changed.
Use TWRP to install SuperSU then boot into bootloader
fastboot erase user
fastboot format user
If you need root, boot into TWRP and reinstall SuperSU as last two steps will overwrite SuperSU.

sfhub said:
Check out this thread
https://www.reddit.com/r/nexus5x/comments/4nayhm/to_those_of_you_with_lag_force_closes_etc/
factory reset and set up as new google account to experiment and see if there is still lag. Just load up a couple of your most used apps to start.
I've run encrypted and unencrypted side by side on 2 5xs on same build with same exact software loaded and there was no noticeable difference within Android. I doubt your lag is because of encryption.
Also if you are running out of memory it just takes a little longer to switch to an app, it doesn't lag all the time. If it is lagging all the time, that is caused by something else.
Any chance you were running low on storage space? 2GB or less free? If so, there's a decent chance that was causing lag as EMMC drives don't perform well when they start getting full.
The way you run decrypted on MTC19V is the same as on previous releases. It hasn't changed.
Use TWRP to install SuperSU then boot into bootloader
fastboot erase user
fastboot format user
If you need root, boot into TWRP and reinstall SuperSU as last two steps will overwrite SuperSU.
Click to expand...
Click to collapse
Thank you for your post. I think the issue with my phone is that overtime it just became increasingly slower. I always kept at least 6gb of free space as I am aware of the issue of not doing so. Taking off encryption soon after I purchased the phone when it came out did make it more responsive. I now wiped it and loaded 6.0.1 and can say that the phone came back to life. But for how long? This time around I will try to not tweak the hell out of it and to not load too many things through xposed as those were probably the culprits of poor performance over the months.
I will try the commands you recommend to remove encryption, what I did before that failed to work was format the data partition through TWRP. Will my phone remain unencrypted if I side load the next OTA, or will side loading the OTA encrypt it back up? Thanks again!
PS. I am considering OnePlus 3 but the (incredibly timely) review on Anandtech states that the color calibration of the screen is some of the worse out there, and that may just be the deal breaker. It is a shame really as otherwise it is looking like a one fine device.

neopl666 said:
Thank you for your post. I think the issue with my phone is that overtime it just became increasingly slower. I always kept at least 6gb of free space as I am aware of the issue of not doing so. Taking off encryption soon after I purchased the phone when it came out did make it more responsive. I now wiped it and loaded 6.0.1 and can say that the phone came back to life. But for how long?
Click to expand...
Click to collapse
I tested starting with April release. It is possible with earlier releases encryption was slower, but with April release side-by-side comparison with encrypted vs unencrypted there was no noticeable difference. I loaded reasonably large games, offline GPS maps, web browsing, etc.
Sometimes it is hard to tell if unencrypting is the reason the phone is faster, because as part of unencrypting, you essentially do a factory reset when your user partition gets wiped/reformatted. It is possible your phone could have been faster just by the factory reset with no decryption.
neopl666 said:
I will try the commands you recommend to remove encryption, what I did before that failed to work was format the data partition through TWRP. Will my phone remain unencrypted if I side load the next OTA, or will side loading the OTA encrypt it back up? Thanks again!
Click to expand...
Click to collapse
The critical step is *never* boot using a factory boot.img. Then you can remain decrypted.
If you sideload an OTA, immediately boot into bootloader when done, then to recovery. I say boot into bootloader, because sometimes you can mistime the boot into recovery, and boot into android by mistake. I don't remember if sideload immediately reboots when done or gives you some time, but you need to get into bootloader (or TWRP recovery, either directly or via bootloader menu option) prior to initial boot with the stock boot.img, otherwise it will reencrypt.
From TWRP you'll need to flash the SuperSU install zip and that will patch your boot.img to remove foreced encryption. From that point on you are safe.
Honestly, I ran for a month decrypted even though I found no difference in performance between encrypted and unencrypted, just in case there were long term differences. It wasn't until I found a separate issue with my SIM card and visual voicemail that only occurred on decrypted sytems that I switch back.
It's been a few weeks and there have been no noticeable slowdowns for my usage, but I don't have 2 units to run side-by-side right now, so I can't say with as much surety as I could when I literally ran them side-by-side and pressed on the same apps and did the same actions.