FORUMS
Remove All Ads from XDA

[UNOFFICIAL][ENCRYPTION][wrappedkey] TWRP 3.3.1-6: proper system_as_root & decryption

175 posts
Thanks Meter: 558
 
By PeterCxy, Senior Member on 25th May 2019, 07:05 AM
Post Reply Email Thread
Code:
/*
 * I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...). 
 * Please do some research if you have any concerns about features included in the products you find here before flashing it! 
 * YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you. 
 * Your warranty will be void if you tamper with any part of your device / software.
 * Same statement for XDA.
 */
Introduction

This is an unofficial build of TWRP for Redmi Note 7 Pro (violet). Differences with the official one include:

- Supports CAF-based wrappedkey encryption (decryption) properly (tested with MIUI 10.3.5.0)
- Supports decrypting devices that have screen lock set up after Android 9 May update, which introduced a new key derivation function.
- Mounts the system partition at /system_root as per AOSP standards. This makes the auto-backup scripts (e.g. GApps / Magisk survival script) work properly during updates, and you no longer need any 'patch' to flash GApps / Magisk properly. However, this may break some existing ROMs. See below FAQ section for details.
- Appended DTBO to the recovery image so it doesn't depend on the dtbo partition. No standalone DTBO image required.

Flashing instructions

- Download and extract the img file
- Reboot to fastboot mode
- fastboot flash recovery whatever_img_file_you_extracted.img
- Reboot and press Volume + to enter recovery
- DO NOT try to run 'fastboot boot recovery.img', it won't work.
- DO NOT flash the fcrypt disabler if you use my recovery. There is no need to do so, and it is possible to mess stuff up if you don't know what you are doing.
- You have to format the data partition if and ONLY IF:
1) You were not encrypted, now going to an encrypted state, or vice-versa OR
2) You were on a ROM other than MIUI that does not support "wrappedkey" (ROMs would often state it supports wrappedkey if it does), now going to a ROM that supports it

Limitations

DO NOT boot this recovery with empty system and vendor partitions. It will fail to decrypt any data partition with empty /system and /vendor. DO NOT wipe system and vendor partitions without installing a new one before rebooting. I am working to remove this limitation.

Now works even with empty system and vendor partitions after 3.3.1-5. No need to worry about formatting system and vendor breaking TWRP any more.

The restore zip created by the Migrate app is NOT compatible with this recovery. It's a problem of the Migrate app, not this recovery. Please DO NOT try to flash the restore zip created by Migrate.

FAQ

- Q: Do I need any specific DTBO image to make this recovery working?
- A: Nope. It is appended to the recovery image so it will work with any DTBO.

- Q: What is wrappedkey?
- A: It's a different mode of FBE implemented in CAF, the Qualcomm branch of AOSP.

- Q: This cannot install ROM X, why?
- A: Because it mounts the system partition at /system_root, which is AOSP standard behavior for A-only system_as_root devices, but is broken in some custom ROMs currently (MIUI should work though). To make any ROM work again, they will need to include this commit from LineageOS Gerrit https://review.lineageos.org/c/Linea...build/+/247066

- Q: Decryption doesn't work with ROM X, why?
- A: Decryption should work for most ROMs based on the CAF branch (not AOSP). CAF ROMs (including official MIUI) use a different scheme for key storage, which is why TWRP hasn't supported it till now. I have ported the CAF encryption changes (wrappedkey) to TWRP, but unfortunately this will break ROMs that do not support the CAF wrappedkey mode of encryption. Here is a list of patches non-CAF ROMs need to support CAF-encrypted /data partitions https://mokeedev.review/q/topic:%22fbe-wrapped-key%22+(statuspen%20OR%20status:merged). If you confirm your ROM is CAF-based but the decryption still does not work, please open an issue on my GitHub repository which you could find below. (XDA threads are no good for issue tracking, sorry)

- Q: Why not contribute to the official TWRP?
- A: All the patches to the TWRP code base have been submitted to the official gerrit code review, though not merged yet, which you can see below.

Downloads

3.3.1-6: https://mega.nz/#!3QIRQYhK!Jq5QrGfJw...lM9IB1IdSwogvI
changes: updated kernel to support pstore instead of /proc/last_kmsg. If you don't know what this is, it's probably not relevant to you.

Here you can find an unofficial LOS build with wrappedkey encryption and also proper system_as_root support for those survival scripts https://forum.xda-developers.com/red...ption-t3933532. In addition, all official MIUI builds should flash just fine.

History versions:

3.3.1-5: https://mega.nz/#!nMowHKiL!zRvoTM0iI...7hIHUCmTHTOmOM
changes: 1) Now works even with empty /system and /vendor partition 2) Fixed brightness problem; 3) Enabled EDL Reboot
3.3.1-3: https://mega.nz/#!yAYXxAzZ!FNMYLzLph...gn8e4Jn3kxiQik

Patches and sources

Patches for TWRP are available here:

https://gerrit.omnirom.org/#/c/34091/
https://gerrit.omnirom.org/#/c/34093/
https://gerrit.omnirom.org/#/c/34092/
https://gerrit.omnirom.org/#/c/andro...overy/+/34096/

Patches for ROMs to support wrapped key have been given in the above sections.

Source of the current device tree for TWRP: https://github.com/PeterCxy/android_...mi_violet-twrp
Kernel source: https://github.com/PeterCxy/android_..._xiaomi_sm6150, note that the device tree uses a prebuilt kernel image.

Contributors
PeterCxy, Dyneteve, merothh
Source Code: https://github.com/PeterCxy/android_...mi_violet-twrp
The Following 25 Users Say Thank You to PeterCxy For This Useful Post: [ View ] Gift PeterCxy Ad-Free
 
 
25th May 2019, 02:39 PM |#2  
PeterCxy's Avatar
OP Senior Member
Thanks Meter: 558
 
More
Now fixed and tested with MIUI.
The Following 7 Users Say Thank You to PeterCxy For This Useful Post: [ View ] Gift PeterCxy Ad-Free
25th May 2019, 03:36 PM |#3  
Senior Member
Thanks Meter: 62
 
More
Quote:
Originally Posted by PeterCxy

Now fixed and tested with MIUI.

Could you please tell us what is fixed and what is wrong with the previous one? Just out of curiosity.
25th May 2019, 04:36 PM |#4  
Member
Thanks Meter: 8
 
More
I’m not new to installing custom recoveries and installing ROM, but I am new to Xiaomi devices.

In the simplest form possible,

With this I should be able to just run the ‘fastboot install recovery twrp.img’ and not have to run “fastboot erase userdata’?

also

Do I still need to flash the zip I have that disables forced encryption?
25th May 2019, 04:52 PM |#5  
Naveenthemi's Avatar
Senior Member
Thanks Meter: 75
 
More
Could you provide instructions to flash this ?
Or is it just the same as the 'official one'?
25th May 2019, 06:46 PM |#6  
Junior Member
Thanks Meter: 7
 
More
Can confirm this successfully decrypts storage, running xiaomi.eu on my phone. Thanks for your work.
26th May 2019, 01:34 AM |#7  
PeterCxy's Avatar
OP Senior Member
Thanks Meter: 558
 
More
Quote:
Originally Posted by Dwughjsd

Could you please tell us what is fixed and what is wrong with the previous one? Just out of curiosity.

It did not decrypt MIUI 10.3.5.0 successfully due to magic (I missed some commits from qcom). It was fixed by pulling more commits in.
The Following 2 Users Say Thank You to PeterCxy For This Useful Post: [ View ] Gift PeterCxy Ad-Free
26th May 2019, 01:43 AM |#8  
PeterCxy's Avatar
OP Senior Member
Thanks Meter: 558
 
More
Quote:
Originally Posted by Jpwner

I’m not new to installing custom recoveries and installing ROM, but I am new to Xiaomi devices.

In the simplest form possible,

With this I should be able to just run the ‘fastboot install recovery twrp.img’ and not have to run “fastboot erase userdata’?

also

Do I still need to flash the zip I have that disables forced encryption?

You won't need to erase userdata or flash fcrypt disabler anymore, if all the ROMs will update to support the wrappedkey encryption
The Following 3 Users Say Thank You to PeterCxy For This Useful Post: [ View ] Gift PeterCxy Ad-Free
26th May 2019, 01:44 AM |#9  
PeterCxy's Avatar
OP Senior Member
Thanks Meter: 558
 
More
Quote:
Originally Posted by Naveenthemi

Could you provide instructions to flash this ?
Or is it just the same as the 'official one'?

just fastboot flash recovery whatever_you_downloaded_and_extracted.img
The Following 2 Users Say Thank You to PeterCxy For This Useful Post: [ View ] Gift PeterCxy Ad-Free
26th May 2019, 08:06 AM |#10  
Naveenthemi's Avatar
Senior Member
Thanks Meter: 75
 
More
Quote:
Originally Posted by PeterCxy

just fastboot flash recovery whatever_you_downloaded_and_extracted.img

So it's possible for me to flash OTA Updates without encountering a bootloop and such?
26th May 2019, 09:41 AM |#11  
Member
Thanks Meter: 16
 
More
Can someone please provide an alternate download link? The Mega link doesn't seem to work for me.

EDIT: Worked on a different device. Thanks.
The Following 2 Users Say Thank You to oyogen For This Useful Post: [ View ] Gift oyogen Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes