Edit Oct 17, 2014 - Encrypt your device/phone with custom ROM

cnewsgrp · Jul 7, 2014

Disclaimer: I am not responsible for any damage or liability arising out of these steps. I did not invent anything, I just tried something. Only move forward at your risk
If you don't agree ... stop reading and move on...

Background: Our phone has access to so much personal information that its scary if it fell into wrong hands. The only way to fix this is to encrypt phone. I did lot of research and here is a working solution that works for me - try at your risk.

Download Links:
a) Tested with ROM Stock 4.4.4 NH7 Galaxy S4 M919/Jfltetmo by @ShinySide
b) Tested with ROM |ROM|★KANGAKAT★|►KTU84P◄|4.4.4|Xposed|►8◄|6.26.14 by @iB4STiD
c) stock recovery AT&T S4 works with M919
d) Philz/CWM custom recovery

Encrypting with custom rom
1) Assume you are on custom recovery. - Backup everything first. Create a nandroid backup
2) Do a full wipe and install one of the two roms linked above (I have tested with few other roms ... none worked). Start the phone and set it up the way you want. Install all apps etc.
3) ODIN Stock recovery. See #c under download above. Its AT&T stock recovery but works for me. You need to know how to ODIN - find out. Doing this wrong will permanently damage your phone
4) Start your phone and turn on encryption. You will need to set lock type = password and will need to connect to charger and have 80% charge.
- Phone will do blank and stay blank for 20-30 minutes. Do not do anything. Encryption is happening behind the scenes.
- You might have to do this twice or thrice if it did not encrypt first time. For me the phone went blank first time and after 25 minutes it restarted but device was not encrypted. I redid the same steps and worked second time.
- If you interrupt the encryption process (battery pull or power up) you will see error message (encryption failed, reset device)
5) If all goes well you now have a password protected encrypted phone with custom rom!!! Check in Settings -> Security
6) You may install custom recovery ... but I don't see the point because you will need stock recovery to decrypt

To install another ROM
1) Reboot into stock recovery, then wipe data and cache (this removes encryption).
2) install your recovery of choice and install ROM using recovery. Philz/CWM

Credit goes to @Tronicus and his reply Flash a Rom on an Encrypted Android

Tronicus said:
How to Flash a rom on an encrypted Android phone (specifically this one, the I9505 SGH-I337).

The Problem: Once encrypted, you can't decrypt it easily. When encrypting the phone android will tell you you can only decrypt it using a factory reset. Naturally you assume it's talking about the "Factory Data Reset" option found in Settings --> Backup and Reset. But noooo, Android is lying through its ****ing teeth. Then you'll assume you have to wipe everything from your custom recovery mod (CWM, TWRP, or one of those). Wrong again! You'll get beautiful "can't mount /data" messages and more bull****. I read about a workaround that required installing the new rom using ADB, but I had ingeniously disabled USB debugging prior to wiping everything, so I only got so far with that option (plus it's tediously long if you haven't installed all the necessary software already and don't feel like bricking your phone because you made a typo in the command line). So, apparently the only other way to really format that partition free of its encryption is to use a stock recovery. So:

Short Version for Godlike users who know automatically how to do all this **** without any help (mimicking how most help posts are finely detailed on this site): Flash stock recovery, wipe everything, flash your custom recovery and install your new rom.

Long version for us mortals who don't know everything and haven't already downloaded already every single bit of software on earth:

Backup all the stuff you want to save. This process will truly wipe EVERYTHING. You can do it manually, or you can use an app like Titanium Backup Pro to help you (find it on Google Play Store). Here's a nice guide which recommends what to restore and what not to restore: http://xdaforums.com/showthread.php?t=1480343

Flash the stock recovery using Odin. You can download a stock recovery from here: http://xdaforums.com/showpost.php?p=49687791&postcount=3 It's the link called "I337MK2stockrecovery.tar.md5" In case you don't know how to flash it with Odin, this short guide will help: http://xdaforums.com/showthread.php?t=1506697

In step 6 replace "recovery.tar.md5" with the stock recovery you downloaded.

Wipe everything from the Stock recovery console. This little ****er will **** up the encryption all those sissies couldn't touch. You're welcome. You boot into recovery mode from a turned off phone by pressing simultaneously the volume up key + the home key + the power key until you see blue text appearing in the top left corner of your screen.

Reinstall your custom recovery. In my case I had installed the rom BEFORE flashing in the stock recovery (apparently it works, you just can't boot because of the encryption), so I was able to boot into the new rom before I returned to my custom recovery. Weird. Anyways, I recommend CWM. You can pick it up from this link: http://goo.im/devs/philz_touch/CWM_Advanced_Edition/jflte

For some weird reason they call the I337 version the "jflte" version. It's bonkers. Click there, and download the latest version that ends with .tar.md5. This version is upgradable via Odin, which we already used. Use the same instructions used as when you upgraded the stock recovery rom.

Boot into your recovery mod and flash your rom like you usually do.

A word about TWRP: it cost me many hours of work and I don't recommend it. Its website is outdated, and recommends using GooManager (which is no longer mantained) and doesn't work anymore for this. GooManager suggests using a new, different app, which doesn't have the option of installing TWRP. Then I tried using their TWRP Manager app from play store and the image file wouldn't download. Then I tried manually selecting the image file in TWRP manager that I downloaded from their site for use via the ADB method, and it bricked my phone... twice (using two different methods the app sugested). I tried so much because in theory TWRP has the ability to decrypt android's 4.4 encryption, but after looking at their github site I noticed it was filled with people's reports (including people with the S4) on how it wouldn't work decrypting squat. So I gave up, and installed CWM in 30 seconds.

Disclaimer: I am not responsible for any damage or liability arising out of these steps. I did not invent anything, I just tried something. Only move forward at your risk

lordcheeto03 · Jul 8, 2014

cnewsgrp said:
One of the things I needed was the ability to encrypt my phone (device only not external SD) for security purpose. Our phones today gives access to lot of information that I would rather not fall in wrong hands. I did lot of research and here is a working solution.

Credit goes to @Tronicus and his reply Flash a Rom on an Encrypted Android

The quote looks long however it is really very simple. To install another ROM
- Install and reboot into stock recovery, then wipe data and cache (this removes encryption).
- Then install your recovery of choice and install ROM using recovery. Philz/CWM

This has been tested working on |ROM|★KANGAKAT★|►KTU84P◄|4.4.4|Xposed|►8◄|6.26.14 by @iB4STiD
This did NOT work on a Touchwiz ROM by same developer
I have not tested any other ROM

I don't know if it matters too much or not, but the stock recovery you linked to is for the AT&T S4. A good rule of thumb is to never use Odin to flash anything not specifically for your particular device... In this case the M919.

Sent from my SGH-M919 using XDA Premium 4 mobile app

cnewsgrp · Jul 9, 2014

lordcheeto03 said:
I don't know if it matters too much or not, but the stock recovery you linked to is for the AT&T S4. A good rule of thumb is to never use Odin to flash anything not specifically for your particular device... In this case the M919.

Sent from my SGH-M919 using XDA Premium 4 mobile app

I have tested stock recovery on M919 .. it works

p-hil · Jul 9, 2014

Honestly im surprised its not talked about more since there is a big push for personal privacy when it comes to data. Encryption really is a pain in the ass to work with on android. Figuring out how to switch or update custom roms while encrypted will drive you insane. The easiest way is to just odin back to stock and start over, but that requires a computer anytime you need to flash anything.

I recently was trying out one of the 4.4.4 GPE roms and turned on encryption. It worked great until i started missing touchwiz and wanted to go back to HyperDrive TW. So the journey began...

First of all, i backed up everything to external storage since i knew everything on the internal storage would have to be wiped. I loaded the phone into recovery mode (using TWRP) and tried wiping, but all i got was a bunch of "Failed to mount" errors. Fine. Got the same error when trying to factory reset or wiping /system, /data, /cache, and anything else. Tried formatting to different file systems and then formatting back to the original but no luck. Fixing permissions didnt help. I just kept trying everything available multiple times.

Eventually it started wiping everything except the /data mount. Well... At least i could install new custom roms. Im not sure exactly what did it because i was just throwing everything at it. Anyways I got it to install, and booted into it. Nope.

Now it was saying I needed the password to decrypt the internal storage. It would detect wrong passwords fine, but as soon as i put the correct password in, it would allow me in, show the green android encryption picture, then blank screen. I thought it was just decrypting and setting up my rom but after a few hours my screen was still black and nothing was happening. Pulled battery and went back to TWRP.

I started wiping everything again and again and tried doing everything i could to wipe everything on the internal storage. Again, not sure what did it, but eventually got it all cleaned up and got a new rom installed and could boot into it.

The whole process probably took about 6-7 hours...

I dont even want to enable encryption on the new rom...

cnewsgrp · Jul 18, 2014

p-hil said:
Honestly im surprised its not talked about more since there is a big push for personal privacy when it comes to data. Encryption really is a pain in the ass to work with on android. Figuring out how to switch or update custom roms while encrypted will drive you insane. The easiest way is to just odin back to stock and start over, but that requires a computer anytime you need to flash anything.

I recently was trying out one of the 4.4.4 GPE roms and turned on encryption. It worked great until i started missing touchwiz and wanted to go back to HyperDrive TW. So the journey began...

First of all, i backed up everything to external storage since i knew everything on the internal storage would have to be wiped. I loaded the phone into recovery mode (using TWRP) and tried wiping, but all i got was a bunch of "Failed to mount" errors. Fine. Got the same error when trying to factory reset or wiping /system, /data, /cache, and anything else. Tried formatting to different file systems and then formatting back to the original but no luck. Fixing permissions didnt help. I just kept trying everything available multiple times.

Eventually it started wiping everything except the /data mount. Well... At least i could install new custom roms. Im not sure exactly what did it because i was just throwing everything at it. Anyways I got it to install, and booted into it. Nope.

Now it was saying I needed the password to decrypt the internal storage. It would detect wrong passwords fine, but as soon as i put the correct password in, it would allow me in, show the green android encryption picture, then blank screen. I thought it was just decrypting and setting up my rom but after a few hours my screen was still black and nothing was happening. Pulled battery and went back to TWRP.

I started wiping everything again and again and tried doing everything i could to wipe everything on the internal storage. Again, not sure what did it, but eventually got it all cleaned up and got a new rom installed and could boot into it.

The whole process probably took about 6-7 hours...

I dont even want to enable encryption on the new rom...

Yeah Encryption does not seem to work on TWZ roms. I tried on G Eye without luck.

cnewsgrp · Oct 19, 2014

I have updated op. Please check

POQbum · Oct 21, 2014

Encryption will slow down your phone quite a bit. More battery usage + more CPU usage + slower phone = not worth it unless you've got some very private stuff you don't want being shared. Otherwise, 3rd party apps that lock a lot of files, can encrypt certain files, and hide others will do the trick perfectly well.'

Not trying to bash fully encrypting your phone, but I've tried it before and although I am very pro privacy, I had to eventually take it off due to all the extra hassle it created.

cnewsgrp · Oct 24, 2014

Don't know about slowing down. I am not seeing it. I feel differently about security.

Topics

Topics

Edit Oct 17, 2014 - Encrypt your device/phone with custom ROM

cnewsgrp

Senior Member

lordcheeto03

Senior Member

cnewsgrp

Senior Member

p-hil

Member

cnewsgrp

Senior Member

cnewsgrp

Senior Member

POQbum

Senior Member

cnewsgrp

Senior Member

Similar threads

Top Liked Posts

New posts