-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Root How to encrypt a rooted device?
- Thread starter unclesol
- Start date
-
- Tags
- samsung galaxy s5
AppleCultApost8
Newbie
What software are you using to encrypt your root?
AppleCultApost8
Newbie
Yes there are tons of 3rd party apps in the Google Play store that will also encrypt your files. As for the native one in the settings, have you disabled any services on your rooted phone, sometimes disabled services may cause that.
Hey everyone & unclesol,
hope I can help you with this... a month too late, but I myself figured it out just a couple days ago...
I'm still a beginner, so excuse me if it's too detailed. Maybe another noob like me might find it useful
I also wanted to encrypt my rooted phone (Note 3 N9005) but as OP said, encryption cannot start and crashes due to root being activated. The bad thing is that you cannot root after encrypting (as far as I know...).
Sometimes deactivating SuperSU temporarily (settings -> application manager -> SuperSU; don't tick deactivate-box in supersu app) and start encryption in safe mode helps.
But when it doesn't you can do it like alphahere from xda suggests. Here the steps since I may not post the link to his instruction
1. According to him latest busybox needs to be installed.
2. After enabling USB Debugging on your phone, you need to go to adb shell on your PC and type su for root access . Accept the root permission request on your phone. You will then see in adb that the $ will turn into # . (That's what took me so long to get it right as a beginner)
3. Type following command: pkill -KILL daemonsu
This will temporarily disable supersu/root. (You see that the # will turn back into $. Also you'll see your apps won't be able to gain root access). After encrypting your phone will be automatically rooted again.
4. alphahere says not to open SuperSu afterwards. Just start with encryption.
This time encryption won't crash (at least it worked for me on BobcatRom and X-Note Rom). Yeahiiiii
Some other collection of tips/apps some might find helpful AFTER encrypting:
As much as I love encryption on my Galaxy, Samsung forces you to use the password lock option with at least one number and the PIN option is greyed out. On the one hand you need a long password for security but on the other hand it's a real pain to type that long PW everytime you turn on your screen.
1. For those of you who cannot run the app "cryptfs" in order to separate boot PW and lockscreen PW, you can do it manually (Found it on Nikolay Elenkovs blog, big thanks!):
- As above you need to go to Adb Shell. Type:
su -c vdc cryptfs changepw newpassword after the $ symbol and it's done. Other users warn you that the maximal length should be 16 characters. Otherwise bad things will happen...
2. The step above does not solve the enter-PW-everytime problem.
On my Samsung, in settings you can disable the lock for max. 30 minutes, but then there is absolutely no lock, not even swipe... annoying when you accidently hit a button in your pocket... The app "delayed lock" solved this for me. A widget on your homescreen can let you switch between your password lock and swipe lock.
3. I found this awesome app "Remote Power Off" on xda. You can turn off your device remotely by receiving a SMS with a certain code you chose.
Nice if you forgot your phone somewhere ... I think
(When you notice your phone keeps shutting down after receiving a SMS, changing your code can help you with this)
Happy October Encryption Time For Yall
hope I can help you with this... a month too late, but I myself figured it out just a couple days ago...
I'm still a beginner, so excuse me if it's too detailed. Maybe another noob like me might find it useful
I also wanted to encrypt my rooted phone (Note 3 N9005) but as OP said, encryption cannot start and crashes due to root being activated. The bad thing is that you cannot root after encrypting (as far as I know...).
Sometimes deactivating SuperSU temporarily (settings -> application manager -> SuperSU; don't tick deactivate-box in supersu app) and start encryption in safe mode helps.
But when it doesn't you can do it like alphahere from xda suggests. Here the steps since I may not post the link to his instruction
1. According to him latest busybox needs to be installed.
2. After enabling USB Debugging on your phone, you need to go to adb shell on your PC and type su for root access . Accept the root permission request on your phone. You will then see in adb that the $ will turn into # . (That's what took me so long to get it right as a beginner
)3. Type following command: pkill -KILL daemonsu
This will temporarily disable supersu/root. (You see that the # will turn back into $. Also you'll see your apps won't be able to gain root access). After encrypting your phone will be automatically rooted again.
4. alphahere says not to open SuperSu afterwards. Just start with encryption.
This time encryption won't crash (at least it worked for me on BobcatRom and X-Note Rom). Yeahiiiii
Some other collection of tips/apps some might find helpful AFTER encrypting:
As much as I love encryption on my Galaxy, Samsung forces you to use the password lock option with at least one number and the PIN option is greyed out. On the one hand you need a long password for security but on the other hand it's a real pain to type that long PW everytime you turn on your screen.
1. For those of you who cannot run the app "cryptfs" in order to separate boot PW and lockscreen PW, you can do it manually (Found it on Nikolay Elenkovs blog, big thanks!):
- As above you need to go to Adb Shell. Type:
su -c vdc cryptfs changepw newpassword after the $ symbol and it's done. Other users warn you that the maximal length should be 16 characters. Otherwise bad things will happen...
2. The step above does not solve the enter-PW-everytime problem.
On my Samsung, in settings you can disable the lock for max. 30 minutes, but then there is absolutely no lock, not even swipe... annoying when you accidently hit a button in your pocket... The app "delayed lock" solved this for me. A widget on your homescreen can let you switch between your password lock and swipe lock.
3. I found this awesome app "Remote Power Off" on xda. You can turn off your device remotely by receiving a SMS with a certain code you chose.
Nice if you forgot your phone somewhere ... I think
(When you notice your phone keeps shutting down after receiving a SMS, changing your code can help you with this)
Happy October Encryption Time For Yall
Hmm yeah, you're right, once encrypted I haven't found a way to make backups (TWRP won't load my internal sd).
But Samsung smartphones have the feature to undo encryption in settings instead of factory reset.
Haven't tried that out yet, but I guess one would have to disable SuperSU temporarily again in order not to crash the undo process... If anyone tried out please tell me
But Samsung smartphones have the feature to undo encryption in settings instead of factory reset.
Haven't tried that out yet, but I guess one would have to disable SuperSU temporarily again in order not to crash the undo process... If anyone tried out please tell me
Thanks for the hint above -- going to try this soon! That with the keep-fingerprint hack should allow me to have a nicely secure and still usable, rooted device. ( XDA thread# 2714662 -- sorry can't link yet 
)
Questions I'm trying to understand:
1) You did the above on Note 3 and I have S5 but it seems the security profile on both devices is basically the same. Thoughts? Anyone tried this in S5?
2) What happens that makes this manual encryption necessary? Just Samsung/Knox BS?
3) I've heard about people running into a boot loop. At what level does that happen? How do you recover from it? (Odin? Safe mode and stop the encrypt request? etc)
4) Extra fun, I'm doing this on an AT&T device so I have to use stock boot loader. Does that affect the recovery options any?
Anyhow, just trying to put all this together first. I'm willing to try it out, just so I know I won't end up bricking the thing.
) Questions I'm trying to understand:
1) You did the above on Note 3 and I have S5 but it seems the security profile on both devices is basically the same. Thoughts? Anyone tried this in S5?
2) What happens that makes this manual encryption necessary? Just Samsung/Knox BS?
3) I've heard about people running into a boot loop. At what level does that happen? How do you recover from it? (Odin? Safe mode and stop the encrypt request? etc)
4) Extra fun, I'm doing this on an AT&T device so I have to use stock boot loader. Does that affect the recovery options any?
Anyhow, just trying to put all this together first. I'm willing to try it out, just so I know I won't end up bricking the thing.
Well, I don't know the answers to #1 and #2, but about running into bootloop (#3) I can tell you this from my experience
Before figuring out the solution I posted above, I ran into bootloop everytime I tried to encrypt the phone (with root enabled):
The bootloop happens right after you click the last step of the "Encryption" option in your settings (after setting up the password and pluggin in the charger).
Usually your phone will restart and then show you your encryption progress (in percentage).
But when your phone is rooted, it won't show you any progress in %. Instead it will tell you to enter your password right away and after that it will restart again and again and again...
So I also tried to encrypt without rooting the phone and there was no bootloop and the encryption worked fine... but after encrypting successfully you cannot root anymore...
It took me another couple hours to figure out how to recover from this ugly bootloop. (Is that called brick?)
People tell that factory reset helps, but I installed TWRP recovery and Custom Rom.
And Factory Reset in TWRP did not make bootloop go away... >.<... So I had to use ODIN:
Seems that the "normal/regular" ODIN steps (loading your stock firmware and clicking "start") will not work and results in an error massage.
I additionally had to find the right PIT file for my phone and then insert it into ODIN with the option "Re-Partition" enabled to make ODIN work.
After ODIN finishes, your phone will restart, but still show you the (not-working) "enter encryption-password" notification (still with bootloop).
You have to run factory reset to make this go away. (Power+ Vol-Up + Home Buttons).
As I mentioned Factory Reset option in e.g. TWRP will not work, so do not install this right after ODIN!
Again, a detailed description for anyone who faces bootloop and (like me) wonders why ODIN does not work and thinks OMG you just broke your phone
@aikidork: I'm also curious, if root+encryption+fingerprint will work together. Would be cool if you tell if this works on your S5. Heard that Android 5 will come with encryption by default, but will make root very difficult. I wonder how Samsung will implement its fingerprint feature in the Lolipop update... My personal wishlist is a Samsung with area-type fingerprint sensor like Touch-Id... ^_^
Before figuring out the solution I posted above, I ran into bootloop everytime I tried to encrypt the phone (with root enabled):
The bootloop happens right after you click the last step of the "Encryption" option in your settings (after setting up the password and pluggin in the charger).
Usually your phone will restart and then show you your encryption progress (in percentage).
But when your phone is rooted, it won't show you any progress in %. Instead it will tell you to enter your password right away and after that it will restart again and again and again...
So I also tried to encrypt without rooting the phone and there was no bootloop and the encryption worked fine... but after encrypting successfully you cannot root anymore...
It took me another couple hours to figure out how to recover from this ugly bootloop. (Is that called brick?)
People tell that factory reset helps, but I installed TWRP recovery and Custom Rom.
And Factory Reset in TWRP did not make bootloop go away... >.<... So I had to use ODIN:
Seems that the "normal/regular" ODIN steps (loading your stock firmware and clicking "start") will not work and results in an error massage.
I additionally had to find the right PIT file for my phone and then insert it into ODIN with the option "Re-Partition" enabled to make ODIN work.
After ODIN finishes, your phone will restart, but still show you the (not-working) "enter encryption-password" notification (still with bootloop).
You have to run factory reset to make this go away. (Power+ Vol-Up + Home Buttons).
As I mentioned Factory Reset option in e.g. TWRP will not work, so do not install this right after ODIN!
Again, a detailed description for anyone who faces bootloop and (like me) wonders why ODIN does not work and thinks OMG you just broke your phone
@aikidork: I'm also curious, if root+encryption+fingerprint will work together. Would be cool if you tell if this works on your S5. Heard that Android 5 will come with encryption by default, but will make root very difficult. I wonder how Samsung will implement its fingerprint feature in the Lolipop update... My personal wishlist is a Samsung with area-type fingerprint sensor like Touch-Id... ^_^
I am here to report... epic success!
For the record I am running an AT&T S5 (G900A), rooted using the ND3-Downgrade/Towelroot/NG3-Upgrade method, running Stock Samsung / Touchwiz ROM (locked boot loader, FML :banghead: ). I've kept root with OTA disabled / frozen and various security nag screens turned off. I also have XPosed installed for a few choice mods, otherwise pretty "standard" root setup. That said, I can only warrant this to work for the STOCK configs as noted.
Anyhow, fast forward to setting up encryption, here's what I did:
- Install Busybox (I have Stericson version), RootExplorer file manager, a terminal Emulator (or enable USB debugging), and SuperSU (no promises about this working on other root managers!)
- Set up a fingerprint lockscreen. Configure ALL your fingers you want to use ahead of time since this won't be configurable later!
- Using Root Explorer, copy/backup the following files to external SD: /data/system/locksettings.db , /data/system/locksettings.db-shm , /data/system/locksettings.db-wal
- Kill all running apps.
- Launch command prompt in ADB or Terminal Emulator.
- Execute
so that your prompt changes from "$" to "#" (you are now root)Code:
su - Kill the SuperSU daemon to temporarily disable root mode (lasts until reboot):
Code:
pkill -KILL daemonsu - Your root daemon will kick you out of privileged status during shutdown, changing "#" prompt back to "$" (root is temp disabled)
- DO THIS STEP IMMEDIATELY without rebooting or launching more apps! Go to the default security screen and select Encrypt Device. Set up a password lock screen as required (8 digits with at least one number). Plug in to power if not using ADB. Confirm the encryption operation.
- If everything is working well, you will see the encryption screen, a soft-reboot splash screen, and then a progress indicator counting up to 100%. If it moves beyond zero, congrats your encryption is working! Wait for this to finish.
- Now, to restore the lock screen, unlock the phone and launch your Root Explorer again.
- Restore the three files you backed up earlier to their exact locations, overwriting the replacement ones that the encryption setup created.
- Wait for phone to lock (or reboot once more) and confirm that you can unlock the phone with fingerprint.
Now never touch this setting again! ;-) No promises what happens if you upgrade, as I noted OTA is disabled. But you can always decrypt if you really have to.
Sorry to bump and old thread, but I just tried this approach (from aikidork) and was able to successfully encrypt my rooted AT&T Samsung Galaxy S5 G900A. Thanks for that. But... now the phone freezes before the unlock screen! :O
However, when I copied back the three files: /data/system/locksettings.db , /data/system/locksettings.db-shm , /data/system/locksettings.db-wal, my phone can no longer boot! I enter my decryption password, the phone makes the AT&T boot up sound, but then it freezes on the rotating AT&T symbol and will not go to the PIN unlock screen at all. I can't seem to fix this.
Is there any way I can fix this problem? I just hope I didn't brick my phone. The encryption succeeded but now the login screen to unlock the phone is completely inaccessible. I've never seen an Android freeze like this one the AT&T loading screen and not even load the unlock screen. Help, anyone?? please...
edit: if I hold Power+Button+Up-Volume to load recovery, it will say "failed to mount /data (Invalid argument). So it looks like this change made it so that /data can't load at all! I don't know what to do
However, when I copied back the three files: /data/system/locksettings.db , /data/system/locksettings.db-shm , /data/system/locksettings.db-wal, my phone can no longer boot! I enter my decryption password, the phone makes the AT&T boot up sound, but then it freezes on the rotating AT&T symbol and will not go to the PIN unlock screen at all. I can't seem to fix this.
Is there any way I can fix this problem? I just hope I didn't brick my phone. The encryption succeeded but now the login screen to unlock the phone is completely inaccessible. I've never seen an Android freeze like this one the AT&T loading screen and not even load the unlock screen. Help, anyone?? please...
edit: if I hold Power+Button+Up-Volume to load recovery, it will say "failed to mount /data (Invalid argument). So it looks like this change made it so that /data can't load at all! I don't know what to do
Last edited:
AZgl1500
Extreme Android User
What you are talking about right now, is just exactly why I have been reluctant to encrypt anything I own.
I have always been paranoid that the hard drive would quit working, or I would enter a bad password and not be able to get back into it again.
And my phone? Not even going to attempt it.
I just don't let it out of my sight.
I have always been paranoid that the hard drive would quit working, or I would enter a bad password and not be able to get back into it again.
And my phone? Not even going to attempt it.
I just don't let it out of my sight.
Well it wasn't the encryption that was the problem; that worked fine. It was the fact that, against my better judgment, I decided to follow these directions and modify the /data/system files. Sure enough, that messed things up. But everything in aikidork's instructions up to Step 10 worked great. Everything after, however, forced me to do a factory reset
AZgl1500
Extreme Android User
Well, at least with the Factory Reset you regained the use of your phone again.
Been there, done that... we all learn as we miss-step our way thru Android.
I can remember exactly what I was doing one night on a long car trip, many states away from home and my old Galaxy S just up and locked up. It had a habit of that if I tried to keep more than two apps open at the same time. It is extremely short on usable memory, like about 267 kBytes worth... (it is still registered and works fine)
Back to the story..... phone locked up, found a hotel for the night, and started trying from memory to figure out how to get it going again. No laptop, so no internet.
After much anguish I finally decided that a total Factory Reset was necessary. Mind you, I had never done that before.... this was my first smartphone and in the first month of use.... it took me more than another hour to figure what exact 3 keys to push to get to the Reset Menu...
Fortunately all went well except for the 60 questions to answer while it went thru the entire registration process all over again. At that time, I did not know how to restore the Address Book but I didn't care, at least the phone was working and I could call the wife and let her know I was still alive
Been there, done that... we all learn as we miss-step our way thru Android.
I can remember exactly what I was doing one night on a long car trip, many states away from home and my old Galaxy S just up and locked up. It had a habit of that if I tried to keep more than two apps open at the same time. It is extremely short on usable memory, like about 267 kBytes worth... (it is still registered and works fine)
Back to the story..... phone locked up, found a hotel for the night, and started trying from memory to figure out how to get it going again. No laptop, so no internet.
After much anguish I finally decided that a total Factory Reset was necessary. Mind you, I had never done that before.... this was my first smartphone and in the first month of use.... it took me more than another hour to figure what exact 3 keys to push to get to the Reset Menu...
Fortunately all went well except for the 60 questions to answer while it went thru the entire registration process all over again. At that time, I did not know how to restore the Address Book but I didn't care, at least the phone was working and I could call the wife and let her know I was still alive
Tom Atkinson
Lurker
Sorry to bump and old thread, but I just tried this approach (from aikidork) and was able to successfully encrypt my rooted AT&T Samsung Galaxy S5 G900A. Thanks for that. But... now the phone freezes before the unlock screeno
Not sure if this will help anyone, but the first time I tried this I set the new password to actually be newpassword ! maybe try that if you get stuck!