• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[MOD] Multidisabler fork *keeps data encryption*: disables Vaultkeeper, auto-flash of stock recovery, proca, wsm, cass,

Search This thread

SolidHal

Member
Oct 4, 2016
16
32
shadow moses island
github.com
Since many custom recoveries (twrp) don't usually support mounting an encrypted data partition, the original Multidisabler disables file based encryption (https://source.android.com/security/encryption/file-based) which results in an unencrypted data partition.

While many find this useful, and it saves time to be able to download a zip and hop right in to recovery to flash it, this is not great for user security and privacy.
It is important enough that google has required file based encryption on all new devices running android 10 and higher (source https://source.android.com/security/encryption/file-based)


All that is to say, I forked the multidisabler and dropped the code that disables encryption. Install it in twrp like you would any other zip.

source: https://github.com/SolidHal/multidisabler-samsung-keep-encryption
downloads: https://github.com/SolidHal/multidisabler-samsung-keep-encryption/releases/tag/3.1-encrypt

FAQ:
Q: How do I get zips on my device to flash in twrp/other custom rom
A: either use your microsd, or use the adb sideload function. Most if not all recoveries have adb sideload support. its pretty great. for twrp it is under "advanced"

Huge thanks for @ianmacd for creating the Multidisabler: https://forum.xda-developers.com/t/...of-stock-recovery-proca-wsm-cass-etc.3919714/
 
  • Like
Reactions: tombbb and clipcarl

elliwigy

Forum Moderator / Recognized Dev / Dev Relations
Staff member
XDA App Taskforce
I assume you would need a bootload r unlock?


Is there any Bootloader bypass?
Im not willing to pay someone 150+ for a phone to be unlocked.... Especially when I am already paying $1000+ for the phone.

If not I'll much rather wait till I pay of the last few payments for the phone
Pretty sure it's not 150+ dollars lolol.. but I understand..

To answer your questions since I didn't see any yet, yes, you need a bootloader unlocked seeing as how this is a flashable zip you would flash in TWRP and TWRP of course requires an unlocked bootloader etc. (or SHRP or OF recovery whichever doesn't matter, they all require bootloader to be unlocked...)

And no, there isn't any "bypass", at least if I understand correctly in that by bypass you mean something that bypasses the bootloader and allows custom firmware to boot without unlocking the bootloader in which case of course is still no, there hasn't been one for a long time.

And not being able to pay for the service is understandable, if you prefer to unlock devices normally then I am sure you have researched which ones are best but usa Snap models are usually not the choice to go for.
 

elliwigy

Forum Moderator / Recognized Dev / Dev Relations
Staff member
XDA App Taskforce
I just wanted to add for those that won't click the Google/Android link you posted on file-based encryption what it means to have encryption when it comes to TWRP. He briefly mentions it in the OP but essentially what it means is that if you use twrp or other custom recovery while in twrp your data partition is encrypted.. This means when you use adb shell, build in terrminal, file manager, or even install/flashing from device itself the data will be encrypted so you will not be able to access your files while in recovery at all if they are on the device itself.. to flash a zip you would need to start your custom recovery in adb sideload then use computer with phone plugged in and adb installed and adb sideload the zip you want to install from your computer.

Therefore in order to install your zips as stated in the OP you would need to use an external sd card, or adb sideload.

I never care about encryption honestly but I suppose if data is encrypted and you have twrp installed then anyone can access your files and make backups or anything they want vs. not encrypted it just limits your options for flashing but makes it harder for people to steal your data..

Although I am pretty sure if any hacker knew what they were doing regardless, if they had root and/or TWRP then they could surely steal your data if they really wanted to encryped or not lol. This is just my opinion though..
 

SolidHal

Member
Oct 4, 2016
16
32
shadow moses island
github.com
>Although I am pretty sure if any hacker knew what they were doing regardless, if they had root and/or TWRP then they could surely steal your data if they really wanted to encryped or not lol. This is just my opinion though..

Definitely, simply unlocking the bootloader opens you up to plenty of evil-maid type attacks where someone could replace your kernel with their own, and next time you decrypt your device it could record the key, or simply start copying data out over the network.

But, encryption does provide important protection from different types of attacks.
Without encryption, anyone can access your data anytime they have access to your device, no clever attacks necessary. Just plug it in, and the data is theirs. With encryption enabled, attacks are definitely still possible, but are much harder to execute.

If you care about your data, have encryption enabled, and want to protect against evil-maid type attacks, make sure to wipe your device after it leaves your control.

If you are seriously concerned about security (life or death, substantial financial loss, etc) don't unlock your bootloader, or look into roms like graphene that support re-locking the bootloader.

adb sideload or an external sd card work great for development work while keeping your important things encrypted.
 

elliwigy

Forum Moderator / Recognized Dev / Dev Relations
Staff member
XDA App Taskforce
>Although I am pretty sure if any hacker knew what they were doing regardless, if they had root and/or TWRP then they could surely steal your data if they really wanted to encryped or not lol. This is just my opinion though..

Definitely, simply unlocking the bootloader opens you up to plenty of evil-maid type attacks where someone could replace your kernel with their own, and next time you decrypt your device it could record the key, or simply start copying data out over the network.

But, encryption does provide important protection from different types of attacks.
Without encryption, anyone can access your data anytime they have access to your device, no clever attacks necessary. Just plug it in, and the data is theirs. With encryption enabled, attacks are definitely still possible, but are much harder to execute.

If you care about your data, have encryption enabled, and want to protect against evil-maid type attacks, make sure to wipe your device after it leaves your control.

If you are seriously concerned about security (life or death, substantial financial loss, etc) don't unlock your bootloader, or look into roms like graphene that support re-locking the bootloader.

adb sideload or an external sd card work great for development work while keeping your important things encrypted.
I know what encryption is and does lol.. was moreso just posting what this means in twrp for ppl that dont know or understand and think twrp is broken or something when its just encryption fir example.
 

callidus_ex_de_latebros

Senior Member
Feb 4, 2014
131
138
Has anyone been using Magisk (or some other root method) while keeping FBE enabled?

I've been looking at custom ROMs, but most of them (especially OneUI roms) seem to break/disable FBE. Is anyone using a custom ROM with FBE, or am I better-off just rooting the stock ROM and debloating?
 

SolidHal

Member
Oct 4, 2016
16
32
shadow moses island
github.com
Has anyone been using Magisk (or some other root method) while keeping FBE enabled?

I've been looking at custom ROMs, but most of them (especially OneUI roms) seem to break/disable FBE. Is anyone using a custom ROM with FBE, or am I better-off just rooting the stock ROM and debloating?
I use my custom lineage builds with FBE enabled, not sure about magisk though. If you try it, please report back :)
 

Top Liked Posts