Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,741,682 Members 42,904 Now Online
XDA Developers Android and Mobile Development Forum

[Howto] Different PIN on lockscreen than for device encryption

Tip us?
 
robberknight
Old
(Last edited by robberknight; 7th June 2012 at 11:13 PM.) Reason: finally I'm allowed to link
#1  
Junior Member - OP
Thanks Meter 8
Posts: 17
Join Date: May 2012
Default [Howto] Different PIN on lockscreen than for device encryption

Hi,

Android 4 / ICS has a good security feature: full device encryption. But it's implementation has a big usability problem: you have to use the same password for device encryption as on the lockscreen. Meaning you have to enter the complicated encryption password every time you want to access your phone

Chosing an easy password would make encryption worthless and Android limits the lowest complexity allowed for encryption.

Technically these passwords are two completely separate things. It's just the Android UI that mingles this. So it's time to hack and separate what should be separate!

Here is how to do it, rooted phone needed:
  1. Make a backup
  2. Enable USB debugging that you have a backdoor if something goes wrong
  3. Install the prerequisites: SL4A including Python4Android
  4. Switch your SuperSU or superuser to grant su by default. You will have to accept lots of commands otherwise, and I had problems with the dialog of my SuperSU doing this
  5. Install my pin_change.py program in the sl4a/scripts directory on your phone, it is attached to this post. Maybe you have to rename the extension to .py (had to rename it due to forum restrictions)
  6. Start pin_change.py through SL4A
  7. It will make a backup of your current password and allow you to set a new numeric pin
  8. Reboot your phone, the lockscreen caches the old settings otherwise
  9. Disable USB debugging and switch your superuser settings back

That's it, you can now use an easy pin on your lockscreen.

Maybe you are missing the sqlite3 command. pin_change.py will check for it and notify you if it is not there. The easiest way to get it is the "Sqlite installer for root" app on the market.

pin_change.py allows to restore the backup or to set a new pin. You should restore the backuped password before you change your encryption password through the Android GUI.

I tested this on a Samsung Galaxy SII and a HTC Sensation, both EU models running a 4.0.3 from the manufacturer. I just rooted them, no custom roms.
The only thing I could find was that the vpn account data is encrypted too and you now can't enter the password anymore. So you have to redo you vpn setup, no big deal.

Just to make it clear: this allows you to use a numeric pin for unlocking where e.g. the Samsung Galaxy S2 requires a alphanumeric password. This tool does not (yet?) allow to use a pattern to unlock.

You do this on your own risk, no warranty, this script may brick your phone, drink all your beer or eat little children. So be careful.
Attached Files
File Type: txt pin_change.py.txt - [Click for QR Code] (8.8 KB, 1094 views)
The Following 7 Users Say Thank You to robberknight For This Useful Post: [ Click to Expand ]
 
robberknight
Old
(Last edited by robberknight; 7th June 2012 at 11:16 PM.) Reason: Add links
#2  
Junior Member - OP
Thanks Meter 8
Posts: 17
Join Date: May 2012
When you use a numeric pin on your lockscreen, someone could use fingerprint locations to guess your pin code. So you should make sure that noone can make enough tries till he finds the correct pin.

Here is how to limit the number of failed pins:
  • Install Tasker
  • Install Secure Settings
  • Open Tasker and Create a new Profile
  • Context based on state - Plugin - Secure Settings
  • You can configure it to the desired number of failed login attemts
  • New Task - Misc - Reboot - Shutdown

I have set the failed login attempts to two. After that the phone instantly switches off. When switching it on again, everything is encrypted and you have to enter the long and complex encryption password. Voila, we are secure!
The Following User Says Thank You to robberknight For This Useful Post: [ Click to Expand ]
 
robberknight
Old
(Last edited by robberknight; 30th May 2012 at 02:14 AM.) Reason: line break fix
#3  
Junior Member - OP
Thanks Meter 8
Posts: 17
Join Date: May 2012
While I'm at it - one more hint about device encryption:

When I first tried to encrypt my Samsung Galaxy S2, it started and showed a green robot. After about a minute it rebooted and that was it - no encryption.

I activated adb logcat to see what was going on. Lots of other stuff and finally this:
Code:
Select Code
E/Cryptfs (   73): unmounting /data failed
E/Cryptfs (   73): Error enabling encryption after framework is shutdown, no data changed, restarting system
I thought a bit about it and had the idea that maybe the external sdcard is still mounted and that mountpoint creates this problem. I was right - removing the external sd solved it.
 
szakeetm
Old
#4  
Junior Member
Thanks Meter 0
Posts: 6
Join Date: Jun 2012
Quote:
Originally Posted by robberknight View Post
Hi,

Android 4 / ICS has a good security feature: full device encryption. But it's implementation has a big usability problem: you have to use the same password for device encryption as on the lockscreen. Meaning you have to enter the complicated encryption password every time you want to access your phone

Chosing an easy password would make encryption worthless and Android limits the lowest complexity allowed for encryption.

Technically these passwords are two completely separate things. It's just the Android UI that mingles this. So it's time to hack and separate what should be separate!

Here is how to do it, rooted phone needed:
  1. Make a backup
  2. Enable USB debugging that you have a backdoor if something goes wrong
  3. Install the prerequisites: SL4A including Python4Android (Sorry, I was not allowed to link it, not enough rights in the forum - so search for it)
  4. Switch your SuperSU or superuser to grant su by default. You will have to accept lots of commands otherwise, and I had problems with the dialog of my SuperSU doing this
  5. Install my pin_change.py program in the sl4a/scripts directory on your phone, it is attached to this post. Maybe you have to rename the extension to .py (had to rename it due to forum restrictions)
  6. Start pin_change.py through SL4A
  7. It will make a backup of your current password and allow you to set a new numeric pin
  8. Reboot your phone, the lockscreen caches the old settings otherwise
  9. Disable USB debugging and switch your superuser settings back

That's it, you can now use an easy pin on your lockscreen.

Maybe you are missing the sqlite3 command. pin_change.py will check for it and notify you if it is not there. The easiest way to get it is the "Sqlite installer for root" app on the market.

pin_change.py allows to restore the backup or to set a new pin. You should restore the backuped password before you change your encryption password through the Android GUI.

I tested this on a Samsung Galaxy SII and a HTC Sensation, both EU models running a 4.0.3 from the manufacturer. I just rooted them, no custom roms.
The only thing I could find was that the vpn account data is encrypted too and you now can't enter the password anymore. So you have to redo you vpn setup, no big deal.

Just to make it clear: this allows you to use a numeric pin for unlocking where e.g. the Samsung Galaxy S2 requires a alphanumeric password. This tool does not (yet?) allow to use a pattern to unlock.

You do this on your own risk, no warranty, this script may brick your phone, drink all your beer or eat little children. So be careful.
I need a little noob help here, using Samsung Galaxy SII on ICS 4.0.3. I don't have much experience with Python, only installed it to make this script work.

Running pin_change.py I get the "sqlite3 command not found" error. Now I guess I have to install the thirdparty.tar.gz from the Python for Android (Google Code) website, but I have no idea what to do with the downloaded file. Could you please help?
 
robberknight
Old
#5  
Junior Member - OP
Thanks Meter 8
Posts: 17
Join Date: May 2012
Quote:
Originally Posted by szakeetm View Post
Running pin_change.py I get the "sqlite3 command not found" error. Now I guess I have to install the thirdparty.tar.gz from the Python for Android (Google Code) website, but I have no idea what to do with the downloaded file. Could you please help?
Just do as I wrote, you don't need no thirdparty.tgz:

Quote:
Originally Posted by robberknight
Maybe you are missing the sqlite3 command. pin_change.py will check for it and notify you if it is not there. The easiest way to get it is the "Sqlite installer for root" app on the market.
 
szakeetm
Old
#6  
Junior Member
Thanks Meter 0
Posts: 6
Join Date: Jun 2012
Yes, the problem is the missing sqlite. I will do as you told once I re-encrypted my phone. Will keep you posted once I have the results.
 
szakeetm
Old
#7  
Junior Member
Thanks Meter 0
Posts: 6
Join Date: Jun 2012
It worked! Installing sqlite fixed the problem. Thank you!
 
porgybess
Old
#8  
Member
Thanks Meter 6
Posts: 47
Join Date: Apr 2012
Hi robberknight,

Thanks for this very interesting work. Will this work on Honeycomb as well, or just ICS?
 
robberknight
Old
#9  
Junior Member - OP
Thanks Meter 8
Posts: 17
Join Date: May 2012
I don't have a Honeycomb device to test so I don't know.

You can just try it though. The script tests the password before changing anything. The test will fail if encoding is done different on Honeycomb. And the script also creates a backup before overwriting anything.

I consider the chance that the script breaks anything quite low. But it can very well be that the script aborts with an error because something is done different on Honeycomb.
 
xdascrat
Old
#10  
Junior Member
Thanks Meter 0
Posts: 4
Join Date: Jul 2012
Thumbs up sqlite3 binary

Some hints:
I failed to install "Sqlite installer for root".
So I grabbed sqlite3 from SuperOneClickv2.3.3-ShortFuse.zip.
Somehow it won't start within the python script. It throws "cannot locate register_android_functions" in def sqliteFound(self) which ends up with the error "sqlite3 command not found". Executing sqlite3 -version in the shell caused no problem.

I managed to get sqlite3 working by installing again from "Sqlite installer for root" after proper remount of /system in read-write mode
"mount -o remount,rw /dev/block/mmcblk0p15 /system"

The PIN-Lock works now!

Using S3 with DarkyROM III v2.0 (Android 4.0.4)

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes