FORUMS
Remove All Ads from XDA

Universal DM-Verity, ForceEncrypt, Disk Quota Disablers [10/20/2019]

3,660 posts
Thanks Meter: 5,688
 
Post Reply Email Thread
2nd December 2019, 11:07 PM |#691  
HippoMan's Avatar
Senior Member
Thanks Meter: 184
 
More
Is it possible to get rid of decryuption solely via Magisk?
I'm on a rooted OnePlus 7 Pro (GM1917) running 10.0.2 with xXx-NoLimits and Riru/EdXposed.

In my version of Magisk (v20.1), there is an "Advanced" section in which the following two items are selected:

Preserve force encryption

Preserve AVB-2.0/dm-verity

Can I remove my device's encryption simply by unselecting one or both of these items, and then rebooting?
.
3rd December 2019, 12:16 AM |#692  
Junior Member
Thanks Meter: 0
 
More
Moto XT1925-6, flashed magisk, then DM-Verity disabler, got bootloop
Hello people.

I've got a moto G6 (XT1925-6), T-Mobile (US), I updated to the latest OTA and security updates. I flashed Magisk 20.1, then the dm_verity disabler, zip named just as when it was downloaded, and I got a bootloop.

Recovery log is at

pastebin dot com/hvRGZ6jh

The forum won't let me post links, which is understandable, but I hate cluttering up the forum with long walls of text. And Pastebin gives you line numbers, which is nice.

Thanks for all your help!
3rd December 2019, 12:28 AM |#693  
reaper000's Avatar
Senior Member
Thanks Meter: 980
 
More
Quote:
Originally Posted by HippoMan

I'm on a rooted OnePlus 7 Pro (GM1917) running 10.0.2 with xXx-NoLimits and Riru/EdXposed.

In my version of Magisk (v20.1), there is an "Advanced" section in which the following two items are selected:

Preserve force encryption

Preserve AVB-2.0/dm-verity

Can I remove my device's encryption simply by unselecting one or both of these items, and then rebooting?

.

No, Non, Nyet..!

I know you read my post on the last page, because you thanked me for it yesterday. To wit:

To use a metaphor, it's not like flashing the dm-verity zip will remove the lock (encryption) from the door (data partition). It's more like you have to create a whole new door without any lock (format internal storage, flash a ROM from external USB drive, flash dm-verity zip from USB drive) from scratch.

You MUST format internal storage to be permanently unencrypted. Remember, creating a new door..,! And when you format internal storage, you also wipe the filesystem of the onboard ROM, and you won't boot at all -- which is why after formatting internal storage, you have to flash a new ROM, and then flash the dm-verity zip last.

Let me see if I can make it easy:
"Running decrypted" or having an "unecrypted phone" is the RESULT of AVOIDING the Android standard of forced encryption upon an Android operating system's initial boot. How do you disable forced encryption? By flashing the dm-verity zip right before the initial boot of the OS...
The Following 2 Users Say Thank You to reaper000 For This Useful Post: [ View ] Gift reaper000 Ad-Free
3rd December 2019, 06:30 PM |#694  
HippoMan's Avatar
Senior Member
Thanks Meter: 184
 
More
Quote:
Originally Posted by reaper000

No, Non, Nyet..!

I know you read my post on the last page, because you thanked me for it yesterday. To wit:

To use a metaphor, it's not like flashing the dm-verity zip will remove the lock (encryption) from the door (data partition). It's more like you have to create a whole new door without any lock (format internal storage, flash a ROM from external USB drive, flash dm-verity zip from USB drive) from scratch.

You MUST format internal storage to be permanently unencrypted. Remember, creating a new door..,! And when you format internal storage, you also wipe the filesystem of the onboard ROM, and you won't boot at all -- which is why after formatting internal storage, you have to flash a new ROM, and then flash the dm-verity zip last.

Let me see if I can make it easy:
"Running decrypted" or having an "unecrypted phone" is the RESULT of AVOIDING the Android standard of forced encryption upon an Android operating system's initial boot. How do you disable forced encryption? By flashing the dm-verity zip right before the initial boot of the OS...

Yes, I read your other post and understand your metaphor. I just saw those entries under Magisk, and I wanted to know what they mean and whether they provide a different path to non-encryption that hasn't been discussed yet.

It's entirely possible that someone could write Magisk-installable software which encapsulates the dm-verity disabling procedure and intercepts the device's standard OTA methodology at a low level in order to automate this dm-verity-disabling process and inject the proper dm-verity disabling code at the correct step in the modified OTA process ... i.e., right before the initial boot of the OS. But I understand now that these Magisk options do not cause anything like that to take place.

Thank you.
.
The Following User Says Thank You to HippoMan For This Useful Post: [ View ] Gift HippoMan Ad-Free
4th December 2019, 11:48 PM |#695  
reaper000's Avatar
Senior Member
Thanks Meter: 980
 
More
Quote:
Originally Posted by HippoMan

Yes, I read your other post and understand your metaphor. I just saw those entries under Magisk, and I wanted to know what they mean and whether they provide a different path to non-encryption that hasn't been discussed yet.

It's entirely possible that someone could write Magisk-installable software which encapsulates the dm-verity disabling procedure and intercepts the device's standard OTA methodology at a low level in order to automate this dm-verity-disabling process and inject the proper dm-verity disabling code at the correct step in the modified OTA process ... i.e., right before the initial boot of the OS. But I understand now that these Magisk options do not cause anything like that to take place.

Thank you.

.

In other devices like the Samsung S7 and S8 that I used before, custom ROMs are already decrypted with integrated disable dm-verity, obviating the use of a separate dm-verity zip like this one.

However, even the OTAs for that device require preexistent decryption. My guess is that the encrypted data partition is the deal breaker, in that the OTA is flashing from storage that needs to be decrypted before the new ROM is flashed. Looks like a chicken and egg conundrum, because even if you inject dm-verity-disabling script right before flash, your data partition and the system files on it remain encrypted because there wasn't a format of internal storage. And if you did format internal storage, you would have deleted the OTA ROM file that you need to flash.

Not to rain on the parade or anything, but it's been 4 years since I've noted this with the S7, so while something totally ingenious might pop up, I'm not gonna hold my breath...
7th December 2019, 04:54 PM |#696  
Junior Member
Thanks Meter: 1
 
More
Seems like it's not working for my Lenovo L78071. When I boot into the system, the encryption screen still appears, and after reboot to recovery it still asks me for password to decrypt. Also the modified TWRP I am using (there is only one which is the custom building of TWRP available for this device) has a build in force encryption disabler, I tried and it worked, but just like someone reported in this thread, I am having screen lock issue after disabling force encryption.
Attached Files
File Type: log recovery.log - [Click for QR Code] (50.8 KB, 4 views)
7th December 2019, 06:51 PM |#697  
abeloman's Avatar
Senior Member
Flag Veracruz
Thanks Meter: 695
 
More
Quote:
Originally Posted by whc2001

Seems like it's not working for my Lenovo L78071. When I boot into the system, the encryption screen still appears, and after reboot to recovery it still asks me for password to decrypt. Also the modified TWRP I am using (there is only one which is the custom building of TWRP available for this device) has a build in force encryption disabler, I tried and it worked, but just like someone reported in this thread, I am having screen lock issue after disabling force encryption.

This tool won't remove encryption; it'll avoid force encryption on first boot. If you're encrypted, you must format data to remove encryption, and after that, you can flash the zip
7th December 2019, 09:20 PM |#698  
OP Senior Member
Thanks Meter: 5,688
 
More
Quote:
Originally Posted by whc2001

Seems like it's not working for my Lenovo L78071. When I boot into the system, the encryption screen still appears, and after reboot to recovery it still asks me for password to decrypt. Also the modified TWRP I am using (there is only one which is the custom building of TWRP available for this device) has a build in force encryption disabler, I tried and it worked, but just like someone reported in this thread, I am having screen lock issue after disabling force encryption.

Looks like system didn't mount. Can you send me the link to your rom so I can check it out? Also, try the test build and post a recovery.log after like before

To everyone: New test build here, updated with workaround for android Q until TeamWin drops TWRP update for it
Attached Files
File Type: zip Disable_Dm-Verity_ForceEncrypt_TEST.zip - [Click for QR Code] (2.75 MB, 20 views)
7th December 2019, 11:08 PM |#699  
Mervingio's Avatar
Senior Member
Elysium
Thanks Meter: 917
 
More
Quote:
Originally Posted by abeloman

This tool won't remove encryption; it'll avoid force encryption on first boot. If you're encrypted, you must format data to remove encryption, and after that, you can flash the zip

But the encryption level is on hardware? OP6T this zip not work
8th December 2019, 11:51 AM |#700  
Senior Member
Thanks Meter: 31
 
More
I tried flashing Xenon HD followed by this file and gapps and tried booting which resulted in bootloop.

Shifted to PE9 which booted fine but now shows device encrypted. I understand now format data needs to be to done but can anyone tell me what went wrong and how my device got encrypted?
8th December 2019, 12:23 PM |#701  
HippoMan's Avatar
Senior Member
Thanks Meter: 184
 
More
Double-checking dm-verity flash procedure
I am running 10.0.2 on my OnePlus 7 Pro (GM1917) with xXx-NoLimits and Riru/EdXposed. I also am running the Smurf kernel. Could someone confirm whether the following are the exact steps I must follow when flashing dm-verity under that configuration? ...

(1) Boot into recovery
(2) Format /data
(3) Flash the ROM. This is the exact, same ROM zipfile that I have flashed via System update->Local upgrade, namely OnePlus7ProOxygen_21.O.22_OTA_022_all_1911070323_2 b888.zip
(4) Flash twrp-3.3.1-70-guacamole-unified-installer-mauronofrio.zip
(5) Reboot into recovery
(6) Flash the same ROM zipfile again
(7) Flash the same TWRP zipfile again
(8) Reboot into recovery
(9) Flash Smurf kernel
(10) Flash Magisk-v20.1.zip
(11) Flash Smurf kernel again
(12) Flash Disable_Dm-Verity_ForceEncrypt_10.20.2019.zip
(13) Boot to System
(14) Set up System
(15) In Magisk, flash xXx-NoLimits *** SEE QUESTION BELOW ***
(16) Reboot to System
(17) In Magisk, flash Riru and EdXposed *** SEE QUESTION BELOW ***
(18) Reboot to System

The question I have about Magisk is this: there are "Advanced" settings in the Magisk manager, and they are set by default to "Preserve force encryption" and "Preserve AVB-2.0/dm-verity". What should those "Advanced" items be set to when performing these Magisk-based flashes after dm-verity is set up as outlined above?

In general, I want to make sure that these are the precise steps that I must follow in that exact order. Also, I want to confirm that I can flash the same 10.0.2 ROM zipfile in this scenario that I have flashed via OTA. And finally, I want to confirm that the re-flashes and reboots to recovery that I list above are correct.

Thank you very much.
.
Post Reply Subscribe to Thread

Tags
dm-verity disabler, force encryption disabler

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes