[APP][ICS] EncPassChanger -- set different device encryption and lock screen password

Search This thread
By:
Advanced…
K

Kibab

Member
Oct 13, 2007
17
23
37
Munich
kibab.com
Android 3+ has a nice feature -- device encryption. You can encrypt the contents of your device with a password, and after that this password must be entered during device boot, otherwise the data is permanently lost.
The bad thing is that this password is set to the screen lock PIN / password. So you either set a short password or PIN, that you can enter quickly each time you unlock your phone from sleep (but this provides weak encryption), or set a long password and have to type it 20-30 times during the day.

This stupid behavior may be fixed easily. Android provides command-line tool called 'vdc', an interface to Android Volume Manager. As written in "Notes on the implementation of encryption in Android 3.0" [1], it has a command 'cryptfs changepw', that allows changing encryption password. Of course this command must be executed as root.
vdc has some other commands related to encryption, one of them is 'cryptfs verifypw', that allows to validate the supplied password.

I'm currently writing an application that will assist user with changing encryption password. This is my first public application for Android. You can find a source code on GitHub [2]. It is very simple, but maybe android gurus here may find what to make better.

Comments and pull requests are welcome :)
Thanks!

[1] http source.android.com/tech/encryption/android_crypto_implementation.html
[2] https github.com/kibab/encpasschanger
 

Attachments

  • EncPassChanger.apk
    26.1 KB · Views: 768
Last edited:
  • Like
Reactions: steadfasterX, Tony Tan, dogmatism and 15 others
U

uDroid

Senior Member
Feb 8, 2011
244
20
Berlin
Kibab said:
Android 3+ has a nice feature -- device encryption. You can encrypt the contents of your device with a password, and after that this password must be entered during device boot, otherwise the data is permanently lost.
The bad thing is that this password is set to the screen lock PIN / password. So you either set a short password or PIN, that you can enter quickly each time you unlock your phone from sleep (but this provides weak encryption), or set a long password and have to type it 20-30 times during the day.

This stupid behavior may be fixed easily. Android provides command-line tool called 'vdc', an interface to Android Volume Manager. As written in "Notes on the implementation of encryption in Android 3.0" [1], it has a command 'cryptfs changepw', that allows changing encryption password. Of course this command must be executed as root.
vdc has some other commands related to encryption, one of them is 'cryptfs verifypw', that allows to validate the supplied password.

I'm currently writing an application that will assist user with changing encryption password. This is my first public application for Android. You can find a source code on GitHub [2]. It is very simple, but maybe android gurus here may find what to make better.

Comments and pull requests are welcome :)
Thanks!

[1] http source.android.com/tech/encryption/android_crypto_implementation.html
[2] https github.com/kibab/encpasschanger
Click to expand...
Click to collapse
Sorry im noob
What will change visualy?
Or screenshot?

Sent from my LT26i using XDA Premium HD app
 
R

randalla0622

Senior Member
Jan 10, 2007
53
2
Bothell
www.xaren.net
Thank you for this. I wanted a more simple password for the unlock, but a longer more complicated password for the decryption. You should put it on the market and charge $.99USD (or equivalent in your currency) as it's quite useful. I'd buy it :)
 
K

Kibab

Member
Oct 13, 2007
17
23
37
Munich
kibab.com
Thank you!
Actually I have registered myself as Google Play Developer, now I'm waiting for approval. As soon as my registration is approved, I will update this thread :)
Although I'm going to make a free and donate versions, because I believe that will help to make Android better, and people who want to say "Thank you" will buy Donate version anyway :)
 
K

Kibab

Member
Oct 13, 2007
17
23
37
Munich
kibab.com
uDroid said:
Sorry im noob
What will change visualy?
Or screenshot?

Sent from my LT26i using XDA Premium HD app
Click to expand...
Click to collapse

Nothing will change visually, hence no screenshot. What's important is that you may set strong password for decrypting the internal storage, but keep using simple password (or PIN) to unlock the screen.

P.S. I have verified that my app works on Jelly Bean too.
 
K

Kibab

Member
Oct 13, 2007
17
23
37
Munich
kibab.com
I have finally published an application on Google Play! Currently there is a free version, Donate version will come a bit later :)
The link is: https:// play.google.com/store/apps/details?id=com.kibab.android.EncPassChanger

Enjoy! :)
 
T

tijuanacartel

Senior Member
Nov 18, 2010
286
53
Thanks for this. I've been trying to work out why encryption wont work on any ROM on my HOX (dies with unable to get size of block device cryptfs), and you have given me a good lead to investigate with vdc. Information on encryption in android is sparse, and almost all threads here on XDA get no replies.

Thanks again.
 
pulser_g2

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,544
11,630
I've been tempted to use device encryption recently, but there is a distinct lack of information about it, particularly on custom ROMs...

Might need to give it a go, just the lack of backup abilities might be an issue...
 
zurchpet

zurchpet

Senior Member
Nov 16, 2008
929
167
Winterthur, Schweiz
nobrain.ch
pulser_g2 said:
I've been tempted to use device encryption recently, but there is a distinct lack of information about it, particularly on custom ROMs...

Might need to give it a go, just the lack of backup abilities might be an issue...
Click to expand...
Click to collapse

I use CM10 on the Galaxy Nexus (maguro). Encrypted. Actually, only /data is encrypted. /system stays unencrypted. And this App works as described.

For Backup use TWRP. It asks for your password to decrypt storage.
You can then backup, restore, flash, install whole ROMs, wipe and what not.

>> I would like to see this app in Play Store :D <<

I should read before I post:
Kibab said:
I have finally published an application on Google Play! Currently there is a free version, Donate version will come a bit later :)
The link is: https://play.google.com/store/apps/details?id=com.kibab.android.EncPassChanger

Enjoy! :)
Click to expand...
Click to collapse

Thanks for that :D

btw. The encrypted /data partition lets you have two boot animations, one that is shown before code has been entered (the one in /system/media) and one after the correct code entry (the one in /data/local).
 
Last edited:
pulser_g2

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,544
11,630
zurchpet said:
I use CM10 on the Galaxy Nexus (maguro). Encrypted. Actually, only /data is encrypted. /system stays unencrypted. And this App works as described.

For Backup use TWRP. It asks for your password to decrypt storage.
You can then backup, restore, flash, install whole ROMs, wipe and what not.

>> I would like to see this app in Play Store :D <<

btw. The encrypted /data partition lets you have two boot animations, one that is shown before code has been entered (the one in /system/media) and one after the correct code entry (the one in /data/local).
Click to expand...
Click to collapse

Hmm... I have i9100 (S2), so I would need to see about putting TWRP onto it...

Yeah, only data and SD are encrypted... Can TWRP cope with encrypted SD btw?
 
adrianblack

adrianblack

Senior Member
Mar 22, 2008
97
22
West Coast
Quite awesome. Now, can I use a strong password for encryption and then pattern lock for normal day to day use? That would be my ideal situation. I heart pattern lock!
 
vegaman

vegaman

Senior Member
Jan 30, 2010
462
66
Auckland
Just trying to clarify how this works... so you keep your normal 'short' pin unlock code for unlocking the screen, but set a long code for decryption, and this code will only be requested once per boot, during bootup? Is this correct?

Thanks
 
K

Kibab

Member
Oct 13, 2007
17
23
37
Munich
kibab.com
adrianblack said:
Quite awesome. Now, can I use a strong password for encryption and then pattern lock for normal day to day use? That would be my ideal situation. I heart pattern lock!
Click to expand...
Click to collapse

Unfortunately it's not possible to use pattern lock while using device encryption, Android forbids it. Patching Android framework will help, but this is completely another story and possible suggestion for ROM makers such as Cyanogenmod.
 
R

Ronaldo Forenucci

Senior Member
May 19, 2012
418
54
Is the 16 character Android limitation present, when using this tool? I currently use a 16 character device encryption/unlock pass phrase. I'd like to strengthen the device pass phrase some more.

I don't know if this is even possible during the device boot sequence, but being able to use a Yubikey with an OTG cable would be awesome!

RF
 
You must log in or register to reply here.

Similar threads

zhuhang
[APP] Official ViPER4Android Audio Effects (FX v2.5.0.5) - New Features & 7.0 Support
Replies
29K
Views
10M
S
Stepon
A.R.I.S.E. Sound Systems
ARISE Sound Systems™ - Auditory Research in Sound Enhancement
Replies
34K
Views
4M
nericollin
nericollin
N
[APP][ROOT] LMT Launcher v3.2
Replies
15K
Views
5M
H
hugozo
iBotPeaches
[UTIL][JAN 20, 2024] Apktool - Tool for reverse engineering apk files
Replies
6K
Views
2M
Z
Zhelkek
R
  • Locked
[DEFUNCT] Reloaded ICS 1.9b4-050712 | CyanogenMod 9 UI Enhancements | All phones
Replies
2K
Views
738K
iDreamless531
iDreamless531

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 18
    K
    Kibab
    Android 3+ has a nice feature -- device encryption. You can encrypt the contents of your device with a password, and after that this password must be entered during device boot, otherwise the data is permanently lost.
    The bad thing is that this password is set to the screen lock PIN / password. So you either set a short password or PIN, that you can enter quickly each time you unlock your phone from sleep (but this provides weak encryption), or set a long password and have to type it 20-30 times during the day.

    This stupid behavior may be fixed easily. Android provides command-line tool called 'vdc', an interface to Android Volume Manager. As written in "Notes on the implementation of encryption in Android 3.0" [1], it has a command 'cryptfs changepw', that allows changing encryption password. Of course this command must be executed as root.
    vdc has some other commands related to encryption, one of them is 'cryptfs verifypw', that allows to validate the supplied password.

    I'm currently writing an application that will assist user with changing encryption password. This is my first public application for Android. You can find a source code on GitHub [2]. It is very simple, but maybe android gurus here may find what to make better.

    Comments and pull requests are welcome :)
    Thanks!

    [1] http source.android.com/tech/encryption/android_crypto_implementation.html
    [2] https github.com/kibab/encpasschanger
    View
    3
    K
    Kibab
    Version 2.0 of EncPassChanger brings fixes for Jelly Bean (particularly, checks for validity of old password), shell characters escaping (which means more complex passwords) and "Debug mode", which one can use to debug problems with password changing process.
    Google Play version is updated, code is uploaded on GitHub :)
    View
    2
    K
    Kibab
    0x000 said:
    any update on this? does it work properly on jelly bean? i have JB 4.1.2 already on my galaxy nexus and it doesn't show up in play store? i'd rather install it via play store instead of apk directly.
    Click to expand...
    Click to collapse
    Yes. It does work on JB, I use it currently on Galaxy Nexus and Nexus 7, both running 4.1.2.
    Strange that you don't see it, please try duirect link then: https://play.google.com/store/apps/details?id=com.kibab.android.EncPassChanger
    View
    1
    renaud
    renaud
    Great, it's easier than to change on command line :)
    This should just be default android behavior
    View

New posts