[A/B][A-ONLY][SCRIPT][READ-ONLY][EROFS][ANDROID 10+] Universal Disable Force Encryption for RO and RW "NEO STABLE"

[LeeGarChat]

Disable Force Encryption NEO​

Do you all know what DFE is? no?
Anyway. Basically, your device has an encrypted data section "/data" by default. Let's look at the advantages of google's solution that we will lose after disabling encryption:
- Confidence in data retention. Even if your device has TWRP/OFOX or other custom Recvoery, before accessing your data, you will need to enter the password from the lockscreen, otherwise it will be impossible to read the data.

What disadvantages follow from this?
- As an enthusiast who wants to flash different ROMs, you may have noticed that every time that you flash a new ROM, you have to format the "/data" section. Which can be a pain.

Why is it necessary to do this?
- The fact that every ROM is assembled/compiled on a different database and may have different approaches (encryption keys) for data encryption. In order for this to work you need to format the data partition so that when the new ROM boots it can encrypt the system with its own unique encryption keys, so that the integrity of the data partition is maintained and it is accessible to the user.

So what does the DFE do?
- Removes the keys that are used to encrypt the data section from the fstab file
Read more about fstab here source.android.com

What are the advantages of using DFE?
- You don't need to FORMAT the data in the following cases:
*If you change the android database (From 11 to 12 and vice versa)
*If you change vendor database, miui/aosp/OOS/LOS and so on
*** !!!! You will still need to make wipe data for the ROM to work correctly

-There are also disadvantages:
*Since the data is not encrypted in any way, then access to them is free. Anyone who gets access to your device will be able to access ALL the data
*You need to carefully monitor the sequence of actions when installing or changing the ROM, so that the DFE is active, otherwise you may lose data because the data will try to be encrypted again, you will get a bootloop, and all data will be lost

What is DFE-NEO?
*Many people know DFE from this thread XDA, it has stopped working for A/B devices with dynamic partitions, there is also a problem that in some ROMs the system has the RO(Read-Only) status of the system partition. Starting with A13 Google will promote EROFS(Enhanced Read-Only File System) which will not be possible to manipulate without first converting to EXT4, in order to change the status to RW(Read-Write). Because of this, it is not possible to modify fstab directly in 100% of cases. This is where DFE-NEO comes in.
*The NEO method works by utilizing Magiskinit and Overlay.d GitHub


How does it work without Magisk?
*In fact, in no way. If my script does not detect magisk in the boot_a/Boot_b section, magisk will be installed, after which the main bianrys files will be deleted, so there will be no root access but magiskinit itself will continue to work. In this regard, the system boot time will be longer by 40-50 seconds ( from the brand logo )

And so what can this script do:
-Hides Encryption - Forces the system to think that the data is encrypted.
-Reflash recovery after OTA - only for devices with recovery in boot_a/_b
-Flash current recovery - only for devices with recovery in boot_a/_b
-Flash DFE
-Flash magisk

Spoiler: Arguments.txt

If you want to change the parameters , then you need to change the file argumetns.txt inside the archive , or put the modified arguments.txt to the archive, or to rebuild the archive with the changed argumetns.txt

# legacy or neo
DFE method=neo

# both | in-current | un-current
Flash SLOT=both

# none|system|bootloader|recovery
Reboot after installing=none

# You can add your own language, to do this, just drop
a file into the language folder by analogy with the topic
that is already there
# indo|russian|english

Language=english

# ================================================== #
Force reading arguments.txt=false
# ================================================== #
Flash DFE= true
Disable AVB= true
Disable QUOTA= true
Hide not encrypted= true
# ================================================== #
Flash Magisk= false
# ================================================== #
Reflash Recovery for OTA= false
Reflash current Recovery for Recovery= false
# ================================================== #
Wipe DATA= false
Remove PIN= false
# ================================================== #
Skip warning= false

Modes of operation of these parameters
These parameters have two modes:
• true (yes, true),
• false(no, not true)
Exceptions for specific parameters
• DFE method(DFE method)= neo(new method)
Another argument for DFE method
legacy(old method)

• Flash slot= both (patching boot_a and boot_b sections, also applies to magisk firmware, twrp)
More arguments for Flash slot
• in-current (patching of the boot_x section, where x is the current slot, also applies to magisk firmware, twrp)
• un-current (patching the boot_x partition, where x is the opposite slot)

• Reboot after installing(Reboot after installation)= none (no, that is, there will be no reboot)
More arguments for Reboot after installing
• system(restart into the system, simple reboot)
• bootloader (reboot to fastboot mode)
• recovery (reboot into recovery mode)

• Language(installer language)=english(English)
More arguments for Language
• indo(Indonesian)
• russian (Russian language)

So we have sorted out the modes of operation of all parameters. Now, what does each of them mean.
The values of these parameters
Here the functions of the parameters are described in true mode, for exceptions depending on the mode of operation of the parameter
• DFE method - DFE patching method
• Flash slot - patching the boot partition
• Reboot after installing - reboot after installation
• DISABLE DINAMIC REFRESHRATE - disable dynamic screen formatting, ONLY FOR MIUI
• Language - the language of the installer
• Force reading arguments.txt - dfe-neo will immediately address the arguments in arguments.txt without the possibility of creating a temporary arguments.txt
• Flash DFE - DFE firmware
• Hide not encrypted - The ROM will think that encryption is enabled
• Skip warning - at the end, a guide will be shown on the correct use of dfe after firmware
• Reflash recovery for ota - reinstalling recovery after ota updates, according to the Flash slot parameter mode=
• Reflash current Recovery for Recovery - flash the current recovery, according to the Flash slot parameter mode=
• Wipe DATA - deleting the contents of the /data section without formatting the internal memory (where the Android, Downloads, Music, etc. folders are located) If you sew DFE for the first time, then we still do format data
• Remove PIN - remove password
• Disable AVB - system integrity check is disabled (or whatever you call it, you can set false if you flash magisk)
• Disable QUOTA - (to be honest, I didn't understand what it was, but you can leave it true)
• Flash Magisk - Installing Magisk, according to the Flash slot parameter mode=

And you can also set up your own temporary arguments.txt during installation:

In DFE-NEO, in addition to using arguments.txt in .zip archive, you can still set up your temporary one.
Launch the dfe-neo archive and select Configure Arguments now ( volume + >> volume - )
And we are offered to configure the parameters.
Volume + indicates change
Volume - indicates select

What should I choose DFE method= neo or legacy?
• Neo method - patches the boot partition, we leave neo if the system partitions are read-only, also suitable if the system partitions are editable
• Legacy method - patches fstab.qcom in the /vendor/etc/ section, this method cannot be used if the system partitions are read-only.




Also be careful and read what the script writes at the end of the installation

• If you data is encrypted, then after flashing DFE you need to format data

1. If DFE was installed with Magisk you can upgrade or downgrade the Magisk version later without flashing DFE again
2. If you uninstall Magisk via uninstall or Magisk app Then the DFE will stop its work! In this case, you will need to flash the DFE again
3. If DFE was WITHOUT Magisk, it WILL work, but you can also install Magisk later. And also follow the warning 1 and 2
4. If you install TWRP or another custom recovery, then DFE by analogy with Magisk, will stop working
5. If you update/Install a new ROM, then DFE will need to be flashed again, by analogy with Magisk

You can install DFE as a magisk module. BUT THIS IS NOT A MODULE, BUT JUST AN INTERFACE FOR INSTALLATION

• Demo vido: https://t.me/mfpupdate/22

And also you can flash as a regular zip archive via TWRP, while you do not have to reboot TWRP.


The work consists of the same mechanism as Magisk. If your recovery is located in boot, then after updating / flashing twrp, just like magisk, dfe will be overwritten
After updating/changing ROM you need to reflash dfe again

You can flash dfe without rebooting twrp
No needed for system to be RW for DFE to work
Support erofs
Support flashing from magisk app ( like module magisk )

Later from the computer I will supplement the post. I will add screenshots, etc.

Download link - SourceForge

TG group : @PocoF3DFE
Donate only TG link https://t.me/mfpupdate/47

 

[arifqur]

Great job Alexey. Very useful mod

 

[Yangasto]

Hello everyone, I am writing a script to disable encryption on A/B devices. if you help me with testing on other devices, I will be glad, at the moment it works fine for Poco f3 ( Alioth/Aliothin ). I'm sure it will work just as well on other devices.

And so what can this script:

Hide no encrypted - Forces the system to think that the data is encrypted.

Reflash recovery after OTA - only for devices with recovery into boot_a/_b

Flash current recovery - only for devices with recovery into boot_a/_b

Flash DFE

Flash magisk


The work consists of the same mechanism as Magisk. If u recovery if your recovery is located in boot, then after updating / flashing twrp, just like magisk, dfe will turn off
After update/change ROM u need reflash dfe

You can flashing dfe without reboot twrp
No needed RW system
Support erofs
Support flashing from magisk app ( like module magisk )

Later from the computer I will supplement the post. I will add screenshots, etc.


TG group : @PocoF3DFE

Great job bro its perfectly work on my Redmi Note 11 Spes, thanks buddy

 

[wsdyleon]

sorry for my noob question:does it solove the read-only attribute for erofs partion，my phone is civi （code mona）

 

[LeeGarChat]

sorry for my noob question:does it solove the read-only attribute for erofs partion，my phone is civi （code mona）

Yes, if I understand u. Anyway it's working on RW system and RO system. But anyway waiting 0.8.0 beta, because in > 0.7.0 patching only boot partitions, I think need patching recovery partition for device with recovery

 

[wsdyleon]

Yes, if I understand u. Anyway it's working on RW system and RO system. But anyway waiting 0.8.0 beta, because in > 0.7.0 patching only boot partitions, I think need patching recovery partition for device with recovery

thank u for your answer，but i donnt konw how to flash it.i flash"dfe+magisk+reflash"on my phone in twrp，but bootloop for me

 

[wsdyleon]

Yes, if I understand u. Anyway it's working on RW system and RO system. But anyway waiting 0.8.0 beta, because in > 0.7.0 patching only boot partitions, I think need patching recovery partition for device with recovery

my english still sucks,after flashing the zip ，the ro system would still ro，just dfe。am i right?

 

[lopestom]

Download link - SourceForge

Great and Congrats!

Can you explain about each zip file made?

Is there a situation for each file?
What does each file do exactly?

Which file should I choose?
----------------------------------------
UPD.
Okay OP. Good work but have consequencies........

Here what I made:

1. installed magisk;
2. installed DFE-NEO-0.7.0-BETA+HNE.zip via magisk - modules;
3. Rebooted device.

Problem: Red message in the screen (look attached SS).

Solved with:

USB Debugging enable;​

Permission adb Okay;​

cmd command:​

D:\Program Android\platform-tools>adb shell
Mydevice:/ $ pm list packages
package:com.google.android.networkstack.tethering
package:com.android.fmradio
package:com.android.temperature
[...]
package:com.android.theme.icon_pack.filled.settings
package:com.android.watermark
package:com.android.dreams.basic
[...]
Mydevice:/ $ pm uninstall --user 0 com.android.watermark
Success
127|Mydevice:/ $ exit

D:\Program Android\platform-tools>adb reboot

D:\Program Android\platform-tools>

Reboot device and Red message good bye.
My device fir reference: MTK arm64 -- armv8-a - A11 - TWRP AB - ro.virtual_ab.enabled=true

 

[LeeGarChat]

Great and Congrats!

Can you explain about each zip file made?

Is there a situation for each file?
What does each file do exactly?

Which file should I choose?
----------------------------------------
UPD.
Okay OP. Good work but have consequencies........

Here what I made:

1. installed magisk;
2. installed DFE-NEO-0.7.0-BETA+HNE.zip via magisk - modules;
3. Rebooted device.

Problem: Red message in the screen (look attached SS).

Solved with:

USB Debugging enable;​

Permission adb Okay;​

cmd command:​

D:\Program Android\platform-tools>adb shell
Mydevice:/ $ pm list packages
package:com.google.android.networkstack.tethering
package:com.android.fmradio
package:com.android.temperature
[...]
package:com.android.theme.icon_pack.filled.settings
package:com.android.watermark
package:com.android.dreams.basic
[...]
Mydevice:/ $ pm uninstall --user 0 com.android.watermark
Success
127|Mydevice:/ $ exit

D:\Program Android\platform-tools>adb reboot

D:\Program Android\platform-tools>

Reboot device and Red message good bye.
My device fir reference: MTK arm64 -- armv8-a - A11 - TWRP AB - ro.virtual_ab.enabled=true

Thanks for feedback. I'll try fix it. After installing DFE noe, is your device no longer encrypted?

 

[lopestom]

Thanks for feedback. I'll try fix it. After installing DFE noe, is your device no longer encrypted?

I can make backup of Data now with TWRP.
But..........
I need to do more testing regarding the ROM.
I fixed a reset - FORMAT DATA with TWRP to see/test if everything would work fine after that.
Knowing that there would be a possibility it might not work, re-install your zip file and reboot to test again.

So there's a big problem: - WiFi connection doesn't work
- going to settings - Security - Encryption&credentials =====>>> Black Screen .......... stop ............ go back setting automatically
- others??

Do not worry about me. I have experience in getting the device running normally. The device is also not for my daily use.
So I will need time for more testing or you should write for users not to do a factory reset.

 

[LeeGarChat]

I can make backup of Data now with TWRP.
But..........
I need to do more testing regarding the ROM.
I fixed a reset - FORMAT DATA with TWRP to see/test if everything would work fine after that.
Knowing that there would be a possibility it might not work, re-install your zip file and reboot to test again.

So there's a big problem: - WiFi connection doesn't work
- going to settings - Security - Encryption&credentials =====>>> Black Screen .......... stop ............ go back setting automatically
- others??

Do not worry about me. I have experience in getting the device running normally. The device is also not for my daily use.
So I will need time for more testing or you should write for users not to do a factory reset.

Send me download link on you ROM. I'll check structure

 

[lopestom]

Send me download link on you ROM. I'll check structure

UMIDIGI Power 5 4GB_N_V1.0_20220315 - SPFT release
UMIDIGI_POWER5_4GB_N_V1-0_20220315.rar

 

[uaevuon]

Great.

 

[LeeGarChat]

I can make backup of Data now with TWRP.
But..........
I need to do more testing regarding the ROM.
I fixed a reset - FORMAT DATA with TWRP to see/test if everything would work fine after that.
Knowing that there would be a possibility it might not work, re-install your zip file and reboot to test again.

So there's a big problem: - WiFi connection doesn't work
- going to settings - Security - Encryption&credentials =====>>> Black Screen .......... stop ............ go back setting automatically
- others??

Do not worry about me. I have experience in getting the device running normally. The device is also not for my daily use.
So I will need time for more testing or you should write for users not to do a factory reset.

Test 0.9.0 version please

 

[lopestom]

Test 0.9.0 version please

Thanks man. I appreciate what you're doing.
I already tried with this and newer version DFE-NEO-0.10.1-BETA.zip having the same situation as before.
Unfortunately there is something that blocks the wifi working after installing DFE-NEO-x.xx.x-BETA.zip. Regarding this, I tested restoring the NVRAM, NVCFG and NVDATA files and the wifi started to work, however the part that DFE-NEO does is lost.

Is there something that DFE-NEO does with NvRam, NvCfg and NvData partitions?? Is it something that is a prerequisite for the ROM to work encrypted and consequently to work or not work the wifi?

I couldn't try all possibilities to investigate and test as I have been sick for a few days.

 

[LeeGarChat]

Thanks man. I appreciate what you're doing.
I already tried with this and newer version DFE-NEO-0.10.1-BETA.zip having the same situation as before.
Unfortunately there is something that blocks the wifi working after installing DFE-NEO-x.xx.x-BETA.zip. Regarding this, I tested restoring the NVRAM, NVCFG and NVDATA files and the wifi started to work, however the part that DFE-NEO does is lost.

Is there something that DFE-NEO does with NvRam, NvCfg and NvData partitions?? Is it something that is a prerequisite for the ROM to work encrypted and consequently to work or not work the wifi?

I couldn't try all possibilities to investigate and test as I have been sick for a few days.

Some ROMs may not work correctly with DFE, due to the fact that the ROMs are designed to work with an encrypted data partition, or there are any protections. also, on some ROMs, the data split must be formatted according to the associated with certain keys -C and -O -g. DFE-NEO does not modify any partitions except boot, just like magisk. DFE-NEO works thanks to magisk-init, which allows you to run custom scripts during ROM startup. the script that is executed during system startup, makes a copy of fstab, deletes the encryption keys and mounts it in place of the original fstab, there is no full-fledged verification of the system. all work is based on magisk logic

 

[OldNoobOne]

Awesome job LeeGarChat, much appreciated by all users I have quoted your post link in other threads too so all can see the magic .
My device is Shamshung Galeksi M21 2021 (SM-M215G) But when I flashed from TWRP it showed some red error : 577 something like that, then when I flashed from Majisk it showed error code 3 : DFE-NEO only for virtual_ab devices
Treble Check shows my device is treble compliant having AB partition and TWRP displays following partitions: System, Vendor, Product, Odm, Cache, Data, EFS, Metadata, Sec EFS, Micro SD Card, USB OTG.
In my Shaomi Readmi Note 10 (mohito) TWRP displays Slot A & Slot B under Advanced Tab and ROMs get directly flashed to Inactive Slot B, also everytime I try flash new custom ROM I have to first flash MyUi Factory ROM and also System partition doesnt show in TWRP Mount section.
My question is what is the difference between Shamshung Galeksi M21 Android 11 out-of-box & Shaomi Readmi Note 10 Mohito ? why TWRP shows System partition mount in Shamshung and not in shaomi though both are A/B devices?
Pls help.

 

[lopestom]

Some ROMs may not work correctly with DFE, due to the fact that the ROMs are designed to work with an encrypted data partition, or there are any protections. also, on some ROMs, the data split must be formatted according to the associated with certain keys -C and -O -g. DFE-NEO does not modify any partitions except boot, just like magisk. DFE-NEO works thanks to magisk-init, which allows you to run custom scripts during ROM startup. the script that is executed during system startup, makes a copy of fstab, deletes the encryption keys and mounts it in place of the original fstab, there is no full-fledged verification of the system. all work is based on magisk logic

Great News!
@2mkl and me solved the Wi-Fi issue......... But I not write here about.

Thanks again

 

[LeeGarChat]

Great News!
@2mkl and me solved the Wi-Fi issue......... But I not write here about.

Thanks again

can you tell us in PM how you fixed the problems you wrote about earlier

 

[LeeGarChat]

History of updates and news

June 16
Update DFE-NEO 0.10.0 beta
- Added Feature, choose wether you want to flash DFE legacy / neo ( for legacy need RW system and not working with erofs)

july 14
Update dfe-neo beta 0.11.0
- Add magisk 25.1
- Add volume key selector
- Add remove lockscreen-pin select for key selector

july 20
Update dfe-neo beta 0.12.0
- Add new arguments:
- Wipe data
- Reboot after

july 22
DFE-NEO-0.12.4-BETA update
- Add additional settings (optional) like wipe data, reboot after
- Add disable dynamic refrash rate display ( only miui and works with dfe-neo method )

july 23
DFE-NEO-0.13.0-BETA update
- Add new arguments into arguments.txt, now u can change it without volume key
- Add new options "remove avb" " remove quota" ( default removed )
- The code has been slightly rewritten
- Update somthing patches for safety net fix based on later version 2.3.1 https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.3.1

july 24
DFE-NEO-0.13.3-BETA update
- Minor fix
- Cleaning ui print
- Added calculation of script running time

july 25
I show by my example how to install a ROM in conjunction with DFE-NEO, as well as additional zips

Download DFE-NEO LINK ( Alway later version )
Thread XDA LINK
Please subscribe to the updates and news channel LINK

Thanks

july 28
DFE-NEO-0.14.0-BETA update
- Add language select ( it is currently configured only in the file arguments.txt )
Languages:
• Russian
• English
• Indo
• you can add your own language
- Fix ro.dfe.neo.state
- Add force reading arguments.txt

july 30
DFE-NEO-0.14.1-BETA update
- Reworked my_print function to work correctly in other languages. previously, it worked fine only with English
- Updated the Russian language. fixed typos

july 30
DFE-NEO-0.15.0-BETA update
- Add support A-Only devices
Languages v003:
- There was a bug with a large number of characters ****