[Howto] Different PIN on lockscreen than for device encryption

Search This thread
By:
Advanced…
JackSlaterIV

JackSlaterIV

Senior Member
Sep 4, 2013
174
38
robberknight said:
...
Click to expand...
Click to collapse

Hi robberknight (and all people here),

It would be nice to have a script that automatically submits the unlock password, a script that can be triggered by a Tasker event.
For example if you are at home (accessible wifi network) then the script unlocks the phone automatically.
So basically you'd have an encrypted phone when you go out, and an automatically unlocked phone when you are at home.

It's technically possible to make a script like that?
 
M

mimox

Senior Member
Apr 22, 2011
94
12
targetjr said:
Using the GUI you cannot change your pin. The GUI will force you to change your security to a long password. To change your pin you will either need to use a custom command or you will need to decrypt your device and then change the pin and then re-encrypt your device using the commands above.
Click to expand...
Click to collapse

By "decrypt" you mean factory resetting or is there another way to decrypt? :confused:
 
A

abhinavk

Member
Jan 6, 2013
19
2
I'm having the same problem for a different reason

IHawkMike said:
Just a warning for all of you to prevent making the same mistake I did: Do not set the password longer than 16 characters!

On my shiny new Galaxy S4 (SGH-M919) I am now locked out since the password field at boot does not accept extra characters. I'm attempting to decrypt with ADB but I might be stuck with a factory wipe as my only option.
Click to expand...
Click to collapse

I need to decrypt my SGS4 (except, AT&T SGH-i337) in order to do a full factory reset. Did you figure out how to decrypt over ADB?

Thanks,

--Abhinav
 
texaslittleangel

texaslittleangel

Senior Member
Nov 6, 2010
353
20
Sydney, Australia
]Here's my problem, not sure if files can be pulled (I just need one file from my phone) given that debbugging is on

updated to the mixrom TWRP via Flashify in order to flash updated ROM.

Once in TWRP (it took password fine during first loggin) I:

Cleared Cache and Dalvik
Flashed Rom
Flashed new Gapps (failed)
Flashed kernal patch (for trinity)
Flashed Kernal
Flashed SU
Rebooted

When I booted phone prompted to enter "Enter password to decrypt storage" it is telling me that it is the wrong password. I've never had any issues until today that I flashed 4.4. I know it is the correct password. I tried going back into TWRP and when I am prompted to enter the password, it says Failed and I am unable to see my files.

Is there a way to pull the files via ADB? If so how? That would be great and I wouldn't feel sick to my stomach for my stupidity
 
Last edited:
T

Timmey806

Member
Oct 24, 2008
35
33
Thür
armbold said:
Hi robberknight (and all people here),

It would be nice to have a script that automatically submits the unlock password, a script that can be triggered by a Tasker event.
For example if you are at home (accessible wifi network) then the script unlocks the phone automatically.
So basically you'd have an encrypted phone when you go out, and an automatically unlocked phone when you are at home.

It's technically possible to make a script like that?
Click to expand...
Click to collapse

Why don't you simply use Tasker for this case? Make a new profile, State - Connected to your network then create a new task select display - lockscreen - off. In this case I recommend you to use an exit task to lock your display while not connected to your wi-fi. Done :)

I'm using this task since more than a year with CyanogenMod. Works great but sometimes you need to turn your display on befor tasker locks your phone.

Gesendet von meinem Galaxy Nexus mit Tapatalk
 
X

xdascrat

New member
Jul 24, 2012
4
0
Works on 4.3 OmegaROM (v54) S3 Internation with minor fix

Many thanks to pulser_g2 and OP,
I tried the script, but the check in sqliteFound doesn't work properly.
On shell sqlite3 -version works without any problem.
Within the script the command gives this output
"CANNOT LINK EXECUTABLE: cannot locate symbol "register_localized_collators" referenced by sqlite3

At the end the solution was, to comment out the line "sys.exit(1)", and the script runs without problems -> and my screen has PIN Lock!
 
K

kilurb

Member
Feb 12, 2014
9
3
This thread has been very helpful. I have a Sprint GS4 and used the command-line method to enable encryption and a different PIN on 4.2.2. Now, I've had to use Kies to update my phone to 4.3 and the entire device had to be wiped. So I don't have encryption yet. But I've got root access, so at least that's working. My problem is that I can't get either command line encryption nor the built-in encryption to work. The phone reboots but when it comes back on a couple of minutes later, it isn't encrypted. I attempted to use adb logcat, but the file I redirected the output to was empty after the phone restarted. Honestly, I sure I'm not using it correctly. My beliefe is that /data is not being unmounted, but I don't know how to figure out what's preventing it. If anyone has any tips on how to get the logging working, or insight into what else be wrong, I would appreciate it.

There is nothing else I've done to the phone that I think is odd.

Thanks all.
 
D

dadnammit

Senior Member
Jun 24, 2013
63
14
Device and SD card encryption use same keys?

Clarification: Do the "encrypt device" and "encrypt sd card" features use the same cryptfs key? I am using both modes of encryption and wondering if changing the cryptfs password as described above will apply to both?
 
D

dadnammit

Senior Member
Jun 24, 2013
63
14
Thanks to targetjr but what about SD card?

thx1200 said:
Is there a way to encrypt the SD Card through a command line option? I ran into the same issue on the GS4 where when I go to the SD Card encryption options it tells me I need to set a strong password first, so I can't do it from the GUI.
Click to expand...
Click to collapse

@targetjr : Your approach sounds easier than using the python script or one of the apps on Google Play. But what about the external SD card? How can one encrypt that from the command line?
 
Last edited:
D

dadnammit

Senior Member
Jun 24, 2013
63
14
Can't past boot pwd prompt after cryptfs command

targetjr said:
2) From a terminal on a rooted system (tested on rooted stock Sprint G3), type
> su
> vdc cryptfs enablecrypto inplace <LongSecurePassword>[/INDENT]
Click to expand...
Click to collapse

I'm on 4.1.2 Jelly Bean on a Galaxy S Advance, stock ROM (I9070XXLQE_I9070BTUMP7_BTU), rooted.

After running the above "vdc cryptfs enablecrypto inplace" command, or after setting up device encryption normally through the menus and then running "vdc cryptfs changepw", I can't get past the password prompt on boot. It keeps saying try again.

Has something changed with the encryption implementation and the cryptfs commands no longer work?
Note: I'm using a 16-char password (the max that the input screen will take), just in case that is relevant.
 
S

sorceror171

Senior Member
Jun 19, 2012
57
17
perpendox.com
LS1_01 said:
Modified version worked on the Nexus 4 with Cyanogenmod 10.1 as well! Thanks! :) The original script was giving the "password match hash failed" error likely because the password is stored in a different location on the Nexus 4 as well!
Click to expand...
Click to collapse

Sadly, it's not working with a Verizon Galaxy S4. I get the "Password hash compare mismatch" message; presumably Samsung's changed the hash. Anyone have suggestions how to proceed? I purely can't believe a usability issue like this has gone on so long. I assume they can't imagine this'll work if they turn encryption on by default!
 
N

netrin

New member
Feb 19, 2015
1
0
sorceror171 said:
Sadly, it's not working with a Verizon Galaxy S4. I get the "Password hash compare mismatch" message; presumably Samsung's changed the hash. Anyone have suggestions how to proceed? I purely can't believe a usability issue like this has gone on so long. I assume they can't imagine this'll work if they turn encryption on by default!
Click to expand...
Click to collapse

Bumping this thread because it's still a very relevant issue.

Has anyone found a solution to the "password hash compare mismatch" issue for Galaxy S4 and S5?

The script was so useful, but Samsung must have changed their hash or something--is there a quick fix to this? A non-programmer like me can't figure it out, but I hope someone with experience can take a moment to look at it!
 
T

thomasjfox

Member
Jun 10, 2017
7
7
the open source "SnooperStopper" application allows you to set a different password for the full disk encryption (FDE). So you can have a simple PIN for the lockscreen and a full password on boot for FDE. Internally it uses "vdc cryptfs" commands to accomplish that. Works for me on lineage 13.x and 14.x.

It also can detect xx number of wrong PIN entries and automatically shutdown.
Good if you ever loose your phone :) Either it runs out of battery or someone else finds it and tries various lockscreen pincodes.
 
You must log in or register to reply here.

Similar threads

lokeshsaini94
  • Locked
[CLOSED] [GUIDE] [how to] CREATE OWN ROM [FOR ANY ANDROID DEVICE] [FOR N00B] [EASIEST METHODS]
Replies
1K
Views
1M
Oswald Boelcke
Oswald Boelcke
S
[GUIDE] [HOW-TO] Install Adobe Flash Player on Android 4.1 Jelly Bean/ Android 4.4
Replies
1K
Views
3M
dasdsad1
dasdsad1
Unjustified Dev
[GUIDE] New Root Method for LG Devices
Replies
1K
Views
1M
Azaze666
Azaze666
DroidModder
[GUIDE] How to edit build.prop on any Android device!
Replies
264
Views
803K
S
Shinkoku
Area51©
[MOD] AppRadio Unchained - Full mirroring for Pioneer AppRadio 2 and 3
Replies
10K
Views
2M
Area51©
Area51©

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 7
    R
    robberknight
    Hi,

    Android 4 / ICS has a good security feature: full device encryption. But it's implementation has a big usability problem: you have to use the same password for device encryption as on the lockscreen. Meaning you have to enter the complicated encryption password every time you want to access your phone :mad:

    Chosing an easy password would make encryption worthless and Android limits the lowest complexity allowed for encryption.

    Technically these passwords are two completely separate things. It's just the Android UI that mingles this. So it's time to hack and separate what should be separate!

    Here is how to do it, rooted phone needed:

    1. Make a backup
    2. Enable USB debugging that you have a backdoor if something goes wrong
    3. Install the prerequisites: SL4A including Python4Android
    4. Switch your SuperSU or superuser to grant su by default. You will have to accept lots of commands otherwise, and I had problems with the dialog of my SuperSU doing this
    5. Install my pin_change.py program in the sl4a/scripts directory on your phone, it is attached to this post. Maybe you have to rename the extension to .py (had to rename it due to forum restrictions)
    6. Start pin_change.py through SL4A
    7. It will make a backup of your current password and allow you to set a new numeric pin
    8. Reboot your phone, the lockscreen caches the old settings otherwise
    9. Disable USB debugging and switch your superuser settings back

    That's it, you can now use an easy pin on your lockscreen.

    Maybe you are missing the sqlite3 command. pin_change.py will check for it and notify you if it is not there. The easiest way to get it is the "Sqlite installer for root" app on the market.

    pin_change.py allows to restore the backup or to set a new pin. You should restore the backuped password before you change your encryption password through the Android GUI.

    I tested this on a Samsung Galaxy SII and a HTC Sensation, both EU models running a 4.0.3 from the manufacturer. I just rooted them, no custom roms.
    The only thing I could find was that the vpn account data is encrypted too and you now can't enter the password anymore. So you have to redo you vpn setup, no big deal.

    Just to make it clear: this allows you to use a numeric pin for unlocking where e.g. the Samsung Galaxy S2 requires a alphanumeric password. This tool does not (yet?) allow to use a pattern to unlock.

    You do this on your own risk, no warranty, this script may brick your phone, drink all your beer or eat little children. So be careful.
    View
    6
    T
    targetjr
    Using PIN for lockscreen and Password for Encryption

    Figure out how to get the Galaxy S3 from Sprint to use the PIN numeric entry screen for my lockscreen, and a password and full-keyboard prompt for encryption.

    The issue is that on stock ROMs for Sprint Galaxy S3 (and I believe this is true for many other S3 ROMs), you must use a full keyboard/password for the lockscreen and encryption. Using the EncPassChanger and other scripts based on cryptfs changepw won't switch the lockscreen entry method from keyboard to numeric keypad if your password contains only numbers. The following script keeps encryption password entry method (full keyboard) independent of lockscreen entry method (e.g., PIN).

    The key is that you can enable encryption independent of your lockscreen via the following command syntax
    su vdc cryptfs enablecrypto <wipe|inplace> <passwd>

    The process for having a PIN lockscreen and a long password for system encyrption is
    1) Set a PIN for your lockscreen as normal

    2) From a terminal on a rooted system (tested on rooted stock Sprint G3), type
    > su
    > vdc cryptfs enablecrypto inplace <LongSecurePassword>

    Then wait...after about 30 seconds your android will reboot and the encryption process will begin. After encryption completes (about 1 hour) your system will reboot and eventually prompt for the <LongSecurePassword> to gain access to your system. You will only need to enter that password once for each reboot / power-on. The lockscreen will continue to use the original PIN input method and PIN code.

    It might be possible to use this technique to even have a lockscreen with pattern or no security, while the device remains encrypted. That possibility has not been tested.

    Use the above technique at your own risk. "Bad people" will still have easy access to your data (based on the lockscreen method chosen) until they reboot or power-cycle your android (when they will then be greeted by the request for your LongSecurePassword.

    Also, I have not tried changing the PIN or lockscreen method after applying the above change. The unknown is how vendors have modified Android's lockscreen code - don't know how or when in the process they force the two to be kept in-sync.

    -- TJ

    BTW> more info on vdc command is via:
    android.googlesource.com/platform/system/vold/+/b1596afa59c7108cc6ce23bab54a1bc41961806a/CommandListener.cpp​
    View
    3
    pulser_g2
    pulser_g2
    azoom1 said:
    Although this worked great on my Sprint S2, I've just upgraded to the S3, (running JB 4.1.1) and I'm getting stuck at "can't read salt". I did what I could and I looked through the script and confirmed the database is at the same location in the S2 and S3. However, although I can find the salt in the S2 database, it does not appear in the S3 database. Obviously, that's why it's getting the error. Unfortunately, I can't find any information as to where the salt in stored in JB. My thought was to make a small modification to the script and point it to the correct database.

    This script made using encryption on the S2 very pleasant. Any assistance you can give in helping to get it working on JB/S3 would be greatly appreciated.

    Thanks.
    Click to expand...
    Click to collapse

    I've modified the script to work on the Galaxy Note II (N7100) on JB (4.1.1), as Samsung stores their settings elsewhere. It should be the same on the S3 as well :) Just expand to see it and copy/paste,,,


    Code: 
    #
# Android pin change
# change the pin without Android UI restrictions bothering you
# allows to use a different pin on the lockscreen than the password
# for device encryption
#
# Version 1.0 / 2012-05-29
# by robberknight
#
# modified by Pulser_G2 (pulser_at_xda-developers.com) to work with
# Samsung devices (tested on Galaxy Note II N7100 JB 4.1.1)
# No Warranty!

import android
import subprocess
import sys
import hashlib
import struct
import binascii

class PinChange(object):

	def __init__(self):
		self.droid = android.Android()
	
	def askNewPin(self):
		pin1 = self.droid.dialogGetInput('New PIN (numeric)').result
		if not pin1:
			return False
		
		if not pin1.isdigit() or len(pin1) < 4 or len(pin1) > 16:
			self.droid.dialogCreateAlert("Error", "Invalid PIN")
			self.droid.dialogSetNeutralButtonText('Abort')
			self.droid.dialogShow()
			return False

		pin2 = self.droid.dialogGetInput('Confirm PIN').result 
		if not pin2:
			return False

		if pin1 != pin2:
			self.droid.dialogCreateAlert("Error", "PINs don't match")
			self.droid.dialogSetNeutralButtonText('Abort')
			self.droid.dialogShow()
			return False
	
		return pin1

	def getFileContent(self,filename):
		try:
			catpipe = subprocess.Popen(["su", "-c", "cat \""+filename+"\" 2>/dev/null"], stdout = subprocess.PIPE)
			catoutput = catpipe.communicate()[0]
			if catpipe.returncode == 0:
				return catoutput
			else:
				return None
		except:
			self.droid.dialogCreateAlert("Error", "Can't execute su call (not rooted?)")
			self.droid.dialogSetNeutralButtonText('Abort')
			self.droid.dialogShow()
			sys.exit(1)
		
	def sqliteFound(self):
		try:
			statpipe = subprocess.Popen(["sqlite3", "-version"], stdout = subprocess.PIPE)
			statoutput = statpipe.communicate()[0]
			if statpipe.returncode == 0 and statoutput[0] >= '3':
				return True
		except:
			pass
		self.droid.dialogCreateAlert("Error", "Can't find sqlite3 command")
		self.droid.dialogSetNeutralButtonText('Abort')
		self.droid.dialogShow()
		sys.exit(1)

	def createBackup(self):
		if self.getFileContent("/data/system/password.sav") == None or \
			len(self.getFileContent("/data/system/password.sav")) == 0:
			try:
				statpipe = subprocess.Popen(["su", "-c", "cat /data/system/password.key >/data/system/password.sav"], stdout = subprocess.PIPE)
				statoutput = statpipe.communicate()[0]
				if statpipe.returncode != 0:
					self.droid.dialogCreateAlert("Error", "Can't create password backup")
					self.droid.dialogSetNeutralButtonText('Abort')
					self.droid.dialogShow()
					sys.exit(1)
				chmodpipe = subprocess.Popen(["su", "-c", "chmod 600 /data/system/password.sav"], stdout = subprocess.PIPE)
				chmodpipe.communicate()[0]
				if chmodpipe.returncode != 0:
					self.droid.dialogCreateAlert("Error", "Can't secure password backup")
					self.droid.dialogSetNeutralButtonText('Abort')
					self.droid.dialogShow()
					sys.exit(1)
				sqlitepipe = subprocess.Popen(["su", "-c", "sqlite3 -batch \
					/data/system/locksettings.db \"SELECT value FROM locksettings WHERE name = 'lockscreen.password_type'\" >/data/system/password_type.sav"], 
					stdout = subprocess.PIPE)
				sqlitepipe.communicate()[0]
				if sqlitepipe.returncode != 0:
					self.droid.dialogCreateAlert("Error", "Can't backup password type")
					self.droid.dialogSetNeutralButtonText('Abort')
					self.droid.dialogShow()
					sys.exit(1)
			except:
				self.droid.dialogCreateAlert("Error", "Can't execute su call (not rooted?)")
				self.droid.dialogSetNeutralButtonText('Abort')
				self.droid.dialogShow()
				sys.exit(1)
		
	def restoreBackup(self):
		if self.getFileContent("/data/system/password.sav") != None and \
			len(self.getFileContent("/data/system/password.sav")) > 0 and \
			self.getFileContent("/data/system/password_type.sav") != None and \
			len(self.getFileContent("/data/system/password_type.sav")) > 0:
			try:
				statpipe = subprocess.Popen(["su", "-c", "cat /data/system/password.sav >/data/system/password.key"], stdout = subprocess.PIPE)
				statoutput = statpipe.communicate()[0]
				if statpipe.returncode != 0:
					self.droid.dialogCreateAlert("Error", "Can't restore password backup")
					self.droid.dialogSetNeutralButtonText('Abort')
					self.droid.dialogShow()
					sys.exit(1)
			except:
				self.droid.dialogCreateAlert("Error", "Can't execute su call (not rooted?)")
				self.droid.dialogSetNeutralButtonText('Abort')
				self.droid.dialogShow()
				sys.exit(1)
			pwdtype=self.getFileContent("/data/system/password_type.sav")
			pwdtype=pwdtype.splitlines()[0].strip()
			self.writePasswordType(pwdtype)
			self.droid.dialogCreateAlert("Success", "Backup restored")
			self.droid.dialogSetPositiveButtonText('Ok')
			self.droid.dialogShow()
				
	def writePasswordType(self,typeno):
		try:
			sqlitepipe = subprocess.Popen(["su", "-c", "sqlite3 -batch \
				/data/system/locksettings.db \"UPDATE locksettings SET value='"+str(typeno)+"' WHERE name = 'lockscreen.password_type'\""], 
				stdout = subprocess.PIPE)
			sqlitepipe.communicate()
			if sqlitepipe.returncode == 0:
				return
		except:
			pass
		self.droid.dialogCreateAlert("Error", "Can't write pwd type")
		self.droid.dialogSetNeutralButtonText('Abort')
		self.droid.dialogShow()
		sys.exit(1)

	def writePassword(self,pwdhash):
		try:
			catpipe = subprocess.Popen(["su", "-c", "cat >/data/system/password.key"], 
				stdout = subprocess.PIPE, stdin = subprocess.PIPE)
			catoutput = catpipe.communicate(pwdhash)[0]
			if catpipe.returncode == 0:
				return
		except:
			pass
		self.droid.dialogCreateAlert("Error", "Can't write password")
		self.droid.dialogSetNeutralButtonText('Abort')
		self.droid.dialogShow()
		sys.exit(1)

	def readSalt(self):
		try:
			sqlitepipe = subprocess.Popen(["su", "-c", "sqlite3 -batch \
				/data/system/locksettings.db \"SELECT value FROM locksettings WHERE name = 'lockscreen.password_salt'\""], 
				stdout = subprocess.PIPE)
			sqliteoutput = sqlitepipe.communicate()[0].splitlines()[0].strip()
			salt=long(sqliteoutput)
			if sqlitepipe.returncode == 0 and sqliteoutput == str(salt):
				return salt
		except:
			pass
		self.droid.dialogCreateAlert("Error", "Can't read salt")
		self.droid.dialogSetNeutralButtonText('Abort')
		self.droid.dialogShow()
		sys.exit(1)

	def saltToHex(self,saltlong):
		blob=struct.pack(">q",saltlong)
		longagain=struct.unpack(">Q",blob)[0]
		hexstr=hex(longagain).lstrip("0x").rstrip("L")
		return hexstr.lower()
		
	def hashPinOriginal(self,pin,salt):
		# this is what google is doing in stock android
		salted=str(pin)+self.saltToHex(salt)
		md5str=hashlib.md5(salted).hexdigest()
		sha1str=hashlib.sha1(salted).hexdigest()
		return (sha1str+md5str).upper()

	def hashPinSamsung(self,pin,salt):
		# samsung has modified the code, at least on the GT-I9100
		salted=str(pin)+self.saltToHex(salt)
		hashbuf=str()
		i=0
		while i < 1024:
			hashbuf=hashlib.sha1(hashbuf+str(i)+salted).digest()
			i=i+1
		return binascii.hexlify(hashbuf).upper()	

	def checkCurrentPassword(self,salt):
		pwd = self.droid.dialogGetInput('Enter current Password').result
		if not pwd:
			return False
		
		pwdfile=self.getFileContent("/data/system/password.key")
		pwdhash=self.hashPinOriginal(pwd,salt)
		
		if pwdhash == pwdfile:
			return "original"
		else:
			pwdhash=self.hashPinSamsung(pwd,salt)
			if pwdhash == pwdfile:
				return "samsung"
			else:
				self.droid.dialogCreateAlert("Error", "Password hash compare mismatch")
				self.droid.dialogSetNeutralButtonText('Abort')
				self.droid.dialogShow()
				return False
		
	def setNewPin(self):
		salt=self.readSalt()
		curpwdtype=self.checkCurrentPassword(salt)
		if not curpwdtype:
			return False
		newpin = self.askNewPin()
		if not newpin:
			return False
		if curpwdtype == "original":
			newhash=self.hashPinOriginal(newpin,salt)
		elif curpwdtype == "samsung":
			newhash=self.hashPinSamsung(newpin,salt)
		else:
			return
		self.createBackup()
		self.writePassword(newhash)
		# pwd types:
		# 65536 = no protection
		# 131072 = numeric pin
		# 262144 = alphanumeric password
		self.writePasswordType(131072)
		self.droid.dialogCreateAlert("Success", "New Password written")
		self.droid.dialogSetPositiveButtonText('Ok')
		self.droid.dialogShow()
	
	def run(self):
		self.sqliteFound()
		if self.getFileContent("/data/system/password.sav") != None:
			self.droid.dialogCreateAlert("Backup found", "Restore from backup or set new PIN?")
			self.droid.dialogSetPositiveButtonText('Restore')
			self.droid.dialogSetNegativeButtonText('Set PIN')
			self.droid.dialogShow()
			if self.droid.dialogGetResponse().result['which'] == 'positive':
				self.restoreBackup()
			if self.droid.dialogGetResponse().result['which'] == 'negative':
				self.setNewPin()
		else:
			self.setNewPin()
			
pinchange = PinChange()
pinchange.run()
    View
    2
    S
    salatiel
    The easiest way to accomplish this is to set the password for the boot using vdc cryptfs changepw PASSWORD.


    Sent from my Galaxy Nexus using xda app-developers app

    ---------- Post added at 04:07 PM ---------- Previous post was at 04:04 PM ----------

    that will change the password for the encrypted volume while keeping you pin whatever you initially set up

    Sent from my Galaxy Nexus using xda app-developers app
    View
    2
    A
    azoom1
    Script method is better than "vdc cryptfs changepw" on Galaxy S2 Epic Touch

    This script is the way to go for the Galaxy S2 Epic Touch for at least 2 reasons:

    1) Using the "vdc cryptfs changepw" method doesn't seem to work. I tried Cryptfs Password and EncPassChanger both of which fail with the error that the current password is incorrect. My presumption is that the EpicTouch stores the password differently than a Nexus. (I tried to use it command-line as well, but I'm not really versed in that method so I'm not sure I was doing it correctly.)

    2) The EpicTouch also requires an alpha-numeric password in order to encrypt. It will not accept a PIN. You must choose a password with at least 6 characters, including one alpha and one numeric. Again, this is different than the Nexus which appears to accept a simpler numeric PIN for encryption.

    Thus, using the "vdc cryptfs changepw" method would not be optimal because you'd still be stuck with the alpha-numeric PIN that you used to initially encrypt the device. Thus, this script method that changes the GUI PIN is much better.

    A hint for those who are trying this and have never used SLA4/Python (as I was):

    1) Load SLA4
    2) Menu-View-Interpreters
    3) Menu-Add
    4) Select Python 2.6.2 - the SLA4 app will go get Python and intall it with the correct linking
    5) Exit SLA4, then start Python and select Install, and when finished, exit Python
    6) Put the pin_change.py file in the SLA4 "scripts" directory
    7) Start SLA4

    After that, when SLA4 is run you should see the script in the pick list. Upon selection SLA4 will pop-up an icon select-list. Pick the gear, which will run the script.

    Thanks to the original poster for sharing this.
    View

New posts