FORUMS
Remove All Ads from XDA

TWRP with Samsung decryption support

4,670 posts
Thanks Meter: 11,856
 
By steadfasterX, Recognized Developer on 19th January 2015, 01:29 PM
Post Reply Email Thread
This is a special version of TWRP to be able to decrypt Samsung STOCK ROM's.

Who wants this?
  1. When you use Samsung stock ICS , a stock based ROM or sediROM
  2. AND: When you have enabled full device encryption
  3. AND: When you want to do a nandroid backup OR want to access your data from within TWRP

... then this TWRP version is for you! So maybe no one else then me needs this but as I thought it could be useful for others too I publish it here.

The reason having another TWRP version then the "mainstream" one is that the Team Win Recovery dev's had dropped support for the Samsung proprietary device encryption somewhen since v2.7.
Even TWRP v2.6 does not work without changes as well.
As I use sediROM as my daily driver and I like to have a valid nandroid backup I decided to build a version which can handle Samsung's device decryption.

In short:
I created a TWRP version which is the same then the one bubor made but it is able to decrypt any stock Samsung ICS ROM (or other stock based custom ROM's like sediROM).

Current state:
Please keep in mind that the keyboard within TWRP is not the most responsive one. That said please ensure that you do not press the characters too fast because that can result in "password failed". Type it slow and char by char and it should work absolutely fine.
  • Backup encrypted /data without entering decryption password ( = full Image of /data) - tested
  • Backup encrypted /data with entered decryption password - tested
  • Restore for both above methods - tested
  • Decrypt /data - tested
  • Decrypt /sdcard - tested
  • adb shell - tested
  • Mounting all available partitions - tested
  • Installing sediROM (v1.7) - tested (partially working)
    --> IMPORTANT HINT: I highly recommend to decrypt within ANDROID before (re)installing another ROM! The reason is when you NOT decrypt (cancel) when starting up TWRP and then install a custom ROM it will make /sdcard inaccessible! If you want to REMOVE all your data and also everything on /sdcard you can also cancel the decryption password in TWRP and then install a custom ROM like sediROM but afterwards when booting up Android /sdcard gets formatted so if that is not what you want decrypt within Android first. This does affect the "modify mode" of sediROM, too - well not all parts of it but I do not want to get into detail. I cannot recommend it - decrypt before modify is the better option believe me. All this will be fixed in sediROM and a bug was already filed.
  • Using Modify Mode of sediROM (v1.7) after entered decryption password in TWRP - tested (partially working) - I cannot recommend it - decrypt before modify is the better option believe me. All this will be fixed in sediROM and a bug was already filed.
  • Encrypt a backup file - tested
  • Restoring an encrypted backup file - tested
  • Date & Time correct - UTC by default (need 1 successful boot and correct set time in Android) - tested

Known issues:
Download
Go to the "Download" section above.

Installation
sediTWRP will be provided as IMG file and as ODIN package. So you need either "heimdall", "adb" or Odin to flash.
I MAY will provide that sometime as flashable zip, too.

Example for using adb:
  1. boot up TWRP
  2. adb push sediTWRP_v2.6.3.0_sT-v1.0.22-ICS.img /tmp/
  3. adb shell "dd if=/tmp/sediTWRP_v2.6.3.0_sT-v1.0.22-ICS.img of=/dev/block/mmcblk0p8"
  4. adb shell sync
  5. adb reboot recovery

Sources
Thanks
Special thanks @bubor for the source device tree and his help in many questions.

.

XDA:DevDB Information
TWRP with Samsung decryption support, Tool/Utility for the Samsung Captivate Glide

Contributors
xdajog, bubor
Source Code: https://github.com/xdajog/bootable_recovery_twrp_i927


Version Information
Status: Stable
Current Stable Version: v3.0.23
Stable Release Date: 2015-02-10
Current Beta Version: v2.5.8
Beta Release Date: 2015-02-09

Created 2015-01-19
Last Updated 2016-08-17
The Following 6 Users Say Thank You to steadfasterX For This Useful Post: [ View ]
 
 
19th January 2015, 01:29 PM |#2  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 11,856
 
Donate to Me
More
Known issues & FAQ
Known issues & FAQ

Is it possible to decrypt Cyanogenmod, AOSP based ROM's?
Obviously not. As this TWRP version uses Samsung's crypto libraries this will not work (well you could give it a try but I think the chances are at 0,1% that it would work).

Why is this such an old version?
The reason why I use v2.7 is that I do not need to patch many code here. v2.8 need to be fully patched to get it work so I do not know if I will do it. Maybe...

So what is the exact differences to TWRP by bubor?
In short: They are technical identical but when compiled sediTWRP will use all CRYPTO Flags needed to support Samsung decryption. To get this fully work I patched TWRP code related to decryption and proprietary Samsung crypto libraries have been included.
In detail: Check out the sources at Github (see OP - section "Sources")


Are there any known bugs?
Check out the Bug reports here




.
The Following 2 Users Say Thank You to steadfasterX For This Useful Post: [ View ]
19th January 2015, 01:29 PM |#3  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 11,856
 
Donate to Me
More
Changelog
Changelog

Version naming convention is always:
Code:
sediTWRP [sediTWRP-Version]-[Android version of the proprietary Samsung crypto libs]_v[TWRP-Version]
sediTWRP v3.0.23-ICS_v2.7.1.0

Please keep in mind that the keyboard within TWRP is not the most responsive one. That said please ensure that you do not press the characters too fast because that can result in "password failed". Type it slow and char by char and it should work absolutely fine.

I state this as the first stable version of sediTWRP because all main features are tested and working fine.
That means:
  • Backup encrypted /data without entering decryption password ( = full Image of /data) - tested
  • Backup encrypted /data with entered decryption password - tested
  • Restore for both above methods - tested
  • Decrypt /data - tested
  • Decrypt /sdcard - tested
  • adb shell - tested
  • Mounting all available partitions - tested
  • Installing sediROM (v1.7) - tested
    --> IMPORTANT HINT: I highly recommend to decrypt within ANDROID before (re)installing another ROM! The reason is when you NOT decrypt (cancel) when starting up TWRP and then install a custom ROM it will make /sdcard inaccessible! If you want to REMOVE all your data and also everything on /sdcard you can also Cancel the decyption password in TWRP and then install a custom ROM like sediROM but afterwards when booting up Android /sdcard gets formatted so if that is not what you want decrypt within Android first. This does NOT affect the "modify mode" of sediROM - this will work when you decrypted within TWRP.
  • Using Modify Mode of sediROM (v1.7) after entered decryption password in TWRP - tested
  • Encrypt a backup file - tested
  • Restoring an encrypted backup file - tested
  • Date & Time correct - UTC by default (need 1 successful boot and correct set time in Android) - tested

Fixes:
  • fix(!): decryption of /sdcard was not possible.
    The main reason/fix for this was that the code I taken from xdarklight is using aes-cbc-plain:sha1 as crypto parameters for the internal storage (/sdcard)! Well that is wrong. At least in the UCLJ3 Samsung crypto config /sdcard uses the same crypto parameters like for /data. Which means aes-cbc-essiv:sha256 ! I changed the parameter and it works like a charme now! Man that was driving me nuts..

Enhancements:
  • new: You can now fully decrypt ICS based Samsung stock ROMs with this version of TWRP!

Known issues:
To download go to the "Download" section above.



Previous versions:


sediTWRP v2.5.8-ICS_v2.7.1.0

Fixes:
  • fix(!): Restore hadn't worked (see bug report)
    This was fixed by using CM KK as compiling base (instead of ICS)
  • fix(!): sediROM installlation hadn't worked (see bug report)
    This was fixed by using CM KK as compiling base (instead of ICS)
  • fix: naming convention (sediTWRP version first)

Known issues:
Enhancements:
  • new: special recovery kernel compiled from source (sediKERNEL)
    It's main purpose is to be as have as less footprint as possible to have more space for the initial ramdisk.
    Check out the changeset @ github

To download go to the "Download" section above.

Version naming convention was:
Code:
sediTWRP [sediTWRP-Version]-[Android Codename]_v[TWRP-Version]
sediTWRP v2.7.1.0_v2.0.11-ICS
  • same as sT-v1.0.22-ICS but based on TWRP 2.7.1.0

sediTWRP v2.6.3.0_v1.0.22-ICS
  • added Samsung's Crypto libraries so decrypting /data is possible
  • some font cosmetics
  • changed version string to give a meaningful idea for what this TWRP version is for






.
The Following 2 Users Say Thank You to steadfasterX For This Useful Post: [ View ]
19th January 2015, 06:44 PM |#4  
whats the diference of original TWRP by @bubor ?
whats exactly mean encryption & decription. i install, backup, and nandroid backup of my first rom fine. and no problem by v2.6 v2.7 2.8
why used this old version for develop?
----------------------------------------------------------------
please Make a recovery or odin flashable version after more stabler. ( i dont good feeling about adb & termnal Emulators Codes )
The Following User Says Thank You to organic2 For This Useful Post: [ View ] Gift organic2 Ad-Free
19th January 2015, 09:47 PM |#5  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 11,856
 
Donate to Me
More
Quote:
Originally Posted by organic2

whats the diference of original TWRP by @bubor ?
whats exactly mean encryption & decription. i install, backup, and nandroid backup of my first rom fine. and no problem by v2.6 v2.7 2.8
why used this old version for develop?
----------------------------------------------------------------
please Make a recovery or odin flashable version after more stabler. ( i dont good feeling about adb & termnal Emulators Codes )

Open system settings - Security - Device Encryption. This will encrypt your device. Once it is encrypted it will be not possible to backup with twrp anymore.

The reason why I use v2.6 is that I do not need to patch the code here. I currrently develop on v2.7 which will be released soon. V2.8 need to be fully patched to get it work so I do not know if I will do it. Maybe.


-----
Sent from my SGH-I927 using XDA Android mobile app
The Following User Says Thank You to steadfasterX For This Useful Post: [ View ]
19th January 2015, 10:20 PM |#6  
Thumbs up
Quote:
Originally Posted by xdajog

Open system settings - Security - Device Encryption. This will encrypt your device. Once it is encrypted it will be not possible to backup with twrp anymore.

The reason why I use v2.6 is that I do not need to patch the code here. I currrently develop on v2.7 which will be released soon. V2.8 need to be fully patched to get it work so I do not know if I will do it. Maybe.


-----
Sent from my SGH-I927 using XDA Android mobile app

1)
ahaaa! understand
ok. we dont need the v2.7 & 2.8 . this 2.6 version enough for us. becuse the v2.6 in enough for installing ics & jb roms. dont need 2.7 for stock ics. dont worry. Take it easy. Forget that...
thanks for you work
-------------------------------------------------------
2)
Im fully backup by cwm from my stock GB rom!
i restored it 2 or 3 times fine. and fully worked.
the android v2.3 isnt encrypted? only ics encrypted and cant backup?
The Following User Says Thank You to organic2 For This Useful Post: [ View ] Gift organic2 Ad-Free
19th January 2015, 10:34 PM |#7  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 11,856
 
Donate to Me
More
Quote:
Originally Posted by organic2

1)
ahaaa! understand
ok. we dont need the v2.7 & 2.8 . this 2.6 version enough for us. becuse the v2.6 in enough for installing ics & jb roms. dont need 2.7 for stock ics. dont worry. Take it easy. Forget that...
thanks for you work
-------------------------------------------------------
2)
Im fully backup by cwm from my stock GB rom!
i restored it 2 or 3 times fine. and fully worked.
the android v2.3 isnt encrypted? only ics encrypted and cant backup?

I do not know if 2.3 can be encrypted but even with ICS you need to enable it manually. In Lollipop encryption will be enabled by default but not in gingerbread or Ics.


-----
Sent from my SGH-I927 using XDA Android mobile app
The Following User Says Thank You to steadfasterX For This Useful Post: [ View ]
19th January 2015, 10:40 PM |#8  
Quote:
Originally Posted by xdajog

I do not know if 2.3 can be encrypted but even with ICS you need to enable it manually. In Lollipop encryption will be enabled by default but not in gingerbread or Ics.


-----
Sent from my SGH-I927 using XDA Android mobile app

Im Sure. We can backup from GB by CWM normally
You can test it in ICS
Perhaps working too
The Following User Says Thank You to organic2 For This Useful Post: [ View ] Gift organic2 Ad-Free
20th January 2015, 05:50 AM |#9  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 11,856
 
Donate to Me
More
Quote:
Originally Posted by organic2

Im Sure. We can backup from GB by CWM normally
You can test it in ICS
Perhaps working too


You mean encrypted(!) GB? Afaik CWM has no support for encrypted devices. Maybe CWM will simply dump

-----
Sent from my SGH-I927 using XDA Android mobile app
The Following User Says Thank You to steadfasterX For This Useful Post: [ View ]
20th January 2015, 08:22 AM |#10  
Quote:
Originally Posted by xdajog

You mean encrypted(!) GB? Afaik CWM has no support for encrypted devices. Maybe CWM will simply dump

-----
Sent from my SGH-I927 using XDA Android mobile app

No no. Fully nandroid backup from my first orginal GB by cwm. And restore anf use it 3 times
The Following User Says Thank You to organic2 For This Useful Post: [ View ] Gift organic2 Ad-Free
20th January 2015, 09:10 AM |#11  
Senior Member
Thanks Meter: 1,433
 
Donate to Me
More
Quote:
Originally Posted by organic2

No no. Fully nandroid backup from my first orginal GB by cwm. And restore anf use it 3 times

You dont use encypt. Yes, you can backup GB, but you CAN NOT backup encypred GB.
Actually You can backup any encypted partition by dump raw data.
Nobody cares when I removed encrypt support from my twrp builds.
The Following 2 Users Say Thank You to bubor For This Useful Post: [ View ] Gift bubor Ad-Free
Post Reply Subscribe to Thread

Tags
encryption, ics, nandroid, recovery, twrp

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes