[APP][ICS] EncPassChanger -- set different device encryption and lock screen password

[Kibab]

No, there is no limits on the length of password when using this app. Android itself also doesn't force any restrictions on password length.
See frameworks/base/services/java/com/android/server/MountService.java (framework part, client) and system/vold/CommandListener.cpp (server part).

So you can really set as long password as you like. I hope there is no restrictions built in while reading password from user during boot, though... Need to check this.

 

[Ronaldo Forenucci]

Thanks. I thought that when creating a lock screen code, there was a limit?

From the Guardian Project site:

https://guardianproject.info/2012/01/04/strong-mobile-passwords-with-yubikey-usb-token/

Android has a limit of 17 characters for its disk encryption and screen unlock password.

And I also seem to remember a pop up when creating it on the device itself, which is why I asked.

Thanks for the App!

RF

 

[brocktice]

This is a much needed utility

Thanks for writing this. I can't believe it's not built into ICS. However, it says 'OK' when run on CM10/toro, but then the password did not change. What are the commands to change the password manually?

---------- Post added at 05:53 PM ---------- Previous post was at 05:45 PM ----------

Thanks for writing this. I can't believe it's not built into ICS. However, it says 'OK' when run on CM10/toro, but then the password did not change. What are the commands to change the password manually?

Of course, right after I post this it now works for some reason. It would still be good to have the commands listed to do it manually. I may try to figure it out from your source. Thanks again!

 

[Kibab]

The command is 'vdc cryptfs changepw', see also https://github.com/kibab/encpasscha...ndroid/EncPassChanger/ChangePasswordTask.java
Please describe in detail what have you done and how you have tested that password did not change, that's interesting and maybe I should fix something.

Regarding password length limit, yes the Android UI may enforce some restrictions, but on the low-level there is no any checks of length. The only thing that I really should check is that is there is any restriction in password prompt that is presented during device boot.

 

[brocktice]

The command is 'vdc cryptfs changepw', see also https://github.com/kibab/encpasscha...ndroid/EncPassChanger/ChangePasswordTask.java
Please describe in detail what have you done and how you have tested that password did not change, that's interesting and maybe I should fix something.

Regarding password length limit, yes the Android UI may enforce some restrictions, but on the low-level there is no any checks of length. The only thing that I really should check is that is there is any restriction in password prompt that is presented during device boot.

I'm not really sure what happened the first time.

I put in my old and new passwords, clicked the button and the program said it was changed OK. However, then when I rebooted it needed the old password. I had a problem where it froze or ran out of juice suddenly later in the day, so maybe it has to shut down correctly to save the new password?

 

[brocktice]

Just set this up on the first try on my Nexus 7, no trouble. First time with the GNex must have been PEBKAC. Thanks again for making this app!

 

[Kibab]

Just set this up on the first try on my Nexus 7, no trouble. First time with the GNex must have been PEBKAC. Thanks again for making this app!

Great, glad that it works also on Nexus7.
I'm going to buy it btw, when I visit NY this October

 

[naguz]

Works great on CM9 on Galaxy S2. Thanks! Now if only I could choose to combine encryption with a lock screen pattern! Time for a feature request, maybe. Too bad so few care about encryption, will probaly go unnoticed.

 

[pulser_g2]

https://santoku-linux.com/howto/mobile-forensics/how-to-brute-force-android-encryption

A good reason to use this, and have a strong encryption key, rather than relying on the PIN yo secure the actual encryption key...

 

[renaud]

https://santoku-linux.com/howto/mobile-forensics/how-to-brute-force-android-encryption

A good reason to use this, and have a strong encryption key, rather than relying on the PIN yo secure the actual encryption key...

Actually, this is weaker than you think...
This 7 lines shell script run in recovery allows to recover a 4 digits pass: http://pastebin.com/Mdu06RZN

 

[pulser_g2]

Actually, this is weaker than you think...
This 7 lines shell script run in recovery allows to recover a 4 digits pass: http://pastebin.com/Mdu06RZN

Bahahaha... Google didn't think to put in rate limiting or brute force protection, even for online attacks?

 

[Ronaldo Forenucci]

LOL. True, but us crypto nerds are using 17 full ASCII characters for the stock encryption....a lot longer brute force time than 4 digits! Now with this utility..fugetabouit! It would be great if a YubiKey would work via OTG on the password entry screen at boot.

RF

 

[0x000]

any update on this? does it work properly on jelly bean? i have JB 4.1.2 already on my galaxy nexus and it doesn't show up in play store? i'd rather install it via play store instead of apk directly.

 

[Kibab]

any update on this? does it work properly on jelly bean? i have JB 4.1.2 already on my galaxy nexus and it doesn't show up in play store? i'd rather install it via play store instead of apk directly.

Yes. It does work on JB, I use it currently on Galaxy Nexus and Nexus 7, both running 4.1.2.
Strange that you don't see it, please try duirect link then: https://play.google.com/store/apps/details?id=com.kibab.android.EncPassChanger

 

[0x000]

ha, thanks very much it seems the play store search does not show anything (also tested with another galaxy nexus on 4.1.2 JB and tried many different search keywords) but it works fine with the direct link with play store!

 

[Kibab]

That means that my app has poor search keywords set. I have updated the app description, hope this will improve the situation. Thanks for reporting!

 

[Kibab]

Version 2.0 of EncPassChanger brings fixes for Jelly Bean (particularly, checks for validity of old password), shell characters escaping (which means more complex passwords) and "Debug mode", which one can use to debug problems with password changing process.
Google Play version is updated, code is uploaded on GitHub

 

[Ronaldo Forenucci]

Version 2.0 of EncPassChanger brings fixes for Jelly Bean (particularly, checks for validity of old password), shell characters escaping (which means more complex passwords) and "Debug mode", which one can use to debug problems with password changing process.
Google Play version is updated, code is uploaded on GitHub

This worked well on 4.3 as well...Will it be good on 4.4? (My N5 is getting here today). Thanks for the hard work! Us security guys are a small group, but these types of programs are critical

PD

 

[Kibab]

This worked well on 4.3 as well...Will it be good on 4.4? (My N5 is getting here today). Thanks for the hard work! Us security guys are a small group, but these types of programs are critical

PD

Unfortunately Google chose not to issue an update to 4.4 for my Galaxy Nexus phone. So I cannot test if my app will work on 4.4.
I will be happy to assist anyone in testing the app on 4.4.

 

[0x000]

i've just tested it on my nexus 5 (EU version), as far as i can tell everything works fine as intended.
only selecting the debug output text didn't work properly, everytime i've selected it and scrolled down, the "copy button" disappeared hence i have no debug info for you ^^