• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[NATIVE][ARM]Linux binaries for Android (EncFS, Cryptsetup, PhotoRec, SMBNetFS..)

Search This thread

DualJoe

Senior Member
Oct 12, 2011
2,141
1,020
de
Its very likely not extracted properly. The output clearly shows parts of the signature file that is part of a text file. The shell also seems to execute the file as script not as binary. Maybe your unpacker has problems with 'ustar tar' files or something like that. Try again with proper 'tar'.

It works for me on Termux (lvm2-2.02.187-r1.apk):
localhost ramdisk # usr/sbin/lvm.static version
LVM version: 2.02.187(2) (2020-03-24)
Library version: 1.02.170 (2020-03-24)
Driver version: 4.22.0
Configuration: ./configure --build=armv7-alpine-linux-musleabihf --host=armv7-alpine-linux-musleabihf --prefix=/usr --sysconfdir=/etc --libdir=/lib --sbindir=/sbin --localstatedir=/var --enable-static_link --disable-nls --disable-readline --enable-pkgconfig --enable-applib --with-thin=internal --enable-dmeventd --enable-cmdlib --with-thin-check=/sbin/thin_check --with-thin-dump=/sbin/thin_dump --with-thin-repair=/sbin/thin_repair --with-dmeventd-path=/sbin/dmeventd --enable-udev_rules CLDFLAGS=-Wl,--as-needed
 
Last edited:

afridi.shahriar

Senior Member
May 22, 2014
318
100
The static libs are for compilation only. The binaries are in the archive i mentioned above.
ok.
i installes alpne linux.
inside it , i installed e2fsprogs and f2fs-tools.
but, cant format any partition using these binaries from here.(yes, im root)

[[email protected] ~]# mkfs.f2fs -f /u/blk/cust

F2FS-tools: mkfs.f2fs Ver: 1.14.0 (2020-08-24)

Info: Disable heap-based policy
Info: Debug level = 0
Info: Trim is enabled
Error: Failed to get the device stat!
[[email protected] ~]# mkfs.f2fs -f /dev/block/by-name/cust
F2FS-tools: mkfs.f2fs Ver: 1.14.0 (2020-08-24)

Info: Disable heap-based policy
Info: Debug level = 0
Info: Trim is enabled
Error: Failed to open the device!
[[email protected] ~]#


----

also installed parted (apk add parted)


[[email protected] ~]# parted
bash: parted: command not found
[[email protected] ~]# apk add parted
(1/1) Installing parted (3.4-r0)
Executing busybox-1.34.0-r5.trigger
OK: 64 MiB in 63 packages
[[email protected] ~]# parted
Error: No device found
Retry/Cancel? cancel
[[email protected] ~]# parted /dev/block/sda
Error: Error opening /dev/block/sda: Permission denied
Retry/Cancel?
 
Last edited:

DualJoe

Senior Member
Oct 12, 2011
2,141
1,020
de
Depending on your rom/kernel/device the system/hypervisor might protect the partitions. I also wouldn't count all too much on GNU Linux disk tools in the Android world. There might be things that don't work or could harm your device severely (writing MBR/GPT or something). I would rather use well-tested tools instead.

'parted -l' (list) works for me in Termux. Maybe you have more luck in TWRP.
 
Last edited:
  • Like
Reactions: Ultramanoid

afridi.shahriar

Senior Member
May 22, 2014
318
100
hey.
Depending on your rom/kernel/device the system/hypervisor might protect the partitions. I also wouldn't count all too much on GNU Linux disk tools in the Android world. There might be things that don't work or could harm your device severely (writing MBR/GPT or something). I would rather use well-tested tools instead.

'parted -l' (list) works for me in Termux. Maybe you have more luck in TWRP.
i discovered it!
actually ,
termux-alpine is working as proot.
not real root (0).

that's why these errors are showing.

even if i deny magisk root access to termux , still termux-alpine is showing as root and i read "termux-alpine" binary.
it's written as proot.

so, how can i become real root user from alpine?
 

afridi.shahriar

Senior Member
May 22, 2014
318
100
Be my guest.
can u plz update f2fs-tools to 1.14.0-3 ?
because 1.14.0 has critical bugs for resize.f2fs
example: create a 100MiB f2fs partition.
now increase the partition size to 1GiB (from parted)

and do: resize.f2fs

now instead of increasing f2fs, it will become corrupted! and, u can't mount/fsck it.

this bug is in v1.14.0

------

in v1.14.0-1,
u can resize it .
but, the preallocated area will become so high, it will nearly eat 50% of ur partition after resizing.

ex: u have a 100MiB f2fs partition. (45MiB reserved by f2fs preallocation of 100MiB)
do resize.f2fs (v1.14.0-2),

now, increase the partition to 1GiB, and, resize.f2ffs this partition.

now, u can mount the partition, but,
f2fs uses 490MiB of 1GiB as reserved!!!
----
this bug is fixed in v1.14.0-3 (2021 sept 9, arch_linux), i have tested this fix.

so , can u plz build this f2fs-tools v1.14.0-3 static aarch64 binary?
thanks
 

afridi.shahriar

Senior Member
May 22, 2014
318
100
This is a master snapshot (1603a3d1d).
thanks.
but, it still has the same bug as before. that, resizing a partition from 100MiB to 1GiB/more corrupts the partition.
----
can u plz make it from the archlinux's f2fs-tools 1.14.0.-3 sources?
as, only in Arch linux, its actually fixed.
(debian, Ubuntu, solus, fedora etcs - all has a bug of over provisioning 50% of the partition space after resizing)
 
Last edited:

DualJoe

Senior Member
Oct 12, 2011
2,141
1,020
de
Check with 'fsck.f2fs -V' that it shows '2021-09-20' and you don't have any other version in your $PATH.

The commit they cherry-picked in Arch build 3 is already included. There is nothing left to do.
 
  • Like
Reactions: Ultramanoid

afridi.shahriar

Senior Member
May 22, 2014
318
100
Check with 'fsck.f2fs -V' that it shows '2021-09-20' and you don't have any other version in your $PATH.

The commit they cherry-picked in Arch build 3 is already included. There is nothing left to do.
i kept them under /cache , and, did
su
/cache/mkfs.f2fs ...
....
/cache/resize.f2fs

and still it happened.

i checked manjaro and arch -- they r fixed in their latest version..
BTW, thanks for ur try!!!
 

DualJoe

Senior Member
Oct 12, 2011
2,141
1,020
de
I've double-checked that the Arch commit is included and applied. Either it doesn't work on ARM (or something) or you are still using the wrong binary. 'resize.f2fs' is a symlink. Maybe it picks the '/system/bin/fsck.f2fs' one instead and not the new one in your folder. That's why i strongly adviced to check the binary with '-V'.
 
Last edited:
  • Like
Reactions: Ultramanoid

afridi.shahriar

Senior Member
May 22, 2014
318
100
I've double-checked that the Arch commit is included and applied. Either it doesn't work on ARM (or something) or you are still using the wrong binary. 'resize.f2fs' is a symlink. Maybe it picks the '/system/bin/fsck.f2fs' one instead and not the new one in your folder. That's why i strongly adviced to check the binary with '-V'.
yeah.
i have checked again, i have copied fsck.f2fs to system/bin as resize.f2fs; renamed ur binaries fsck.f2fs as resize.f2fs and executed from /cache/resize.f2fs ,, and version,, tried from recovery
but, still same thing is happening.
probably this is not working on arm.
anyways, thanks!

-----
BTW, this commit u linked , contain a fix for over-provisioning ,from v1.14-1.

but, our android's f2fs-tools (v1.13, v1.14, binaries build by you previously+ today) are stuck in worst condition.

where, u can't even resize a 100MiB f2fs partition to 1GiB. (i mean, simply cant increase the partition a lot).
 

DualJoe

Senior Member
Oct 12, 2011
2,141
1,020
de
Maybe the dependency (util-linux) is the culprit. I didn't check for updates there. Also, i can omit all other commits from upstream and only cherry-pick the ovp fix exactly as Arch does. Will give it another shot tomorrow.
 
  • Like
Reactions: Ultramanoid

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    u can't even mount it!
    You initially were talking about the over provisioning bug. Now you say you cannot mount it at all. This rather looks like two independent bugs. Your kernel might have problems with resized partitions.
    1
    alpine (aarch64) already has static binaries, they should work on Android (aarch64) (not tested)

    apk search lvm2-static device-mapper-event-static device-mapper-static lvm2-static-2.02.187-r1 device-mapper-event-static-2.02.187-r1 device-mapper-static-2.02.187-r1

    ...
    1
    Depending on your rom/kernel/device the system/hypervisor might protect the partitions. I also wouldn't count all too much on GNU Linux disk tools in the Android world. There might be things that don't work or could harm your device severely (writing MBR/GPT or something). I would rather use well-tested tools instead.

    'parted -l' (list) works for me in Termux. Maybe you have more luck in TWRP.
    1
    This is a master snapshot (1603a3d1d).
    1
    Check with 'fsck.f2fs -V' that it shows '2021-09-20' and you don't have any other version in your $PATH.

    The commit they cherry-picked in Arch build 3 is already included. There is nothing left to do.
  • 32
    Native ARM Linux binaries
    (for all ARMv7 compatible platforms)


    Open-source Linux binaries that are either not available on Android (e.g. in Termux)
    or make sense to be statically compiled (e.g. to run in TWRP/recovery for data recovery).

    These are root tools and might damage your device severely. Use at your own risk. I take no responsibility whatsoever. If in doubt don't use them.

    Minimum CPU: ARMv7/vfpv3-d16. Compiled against musl-libc/Android Kernel 3.4. Binaries are static, bionic/libc independent and should run on Android, TWRP, emulator or any other compatible ARM device. Musl is patched (info)(info2)(patch file: patch -p0 -u -b -i musl-android-smp.patch) to iterate CPU cores by /proc/stat instead of _SC_NPROCESSORS_CONF/sched_getaffinity to prevent false detection due to ARM cpu core powersaving (permanently turning cores on/off). This should report CPU cores more reliably to multithreading apps.

    Example instructions how to build EncFS can be found here.
    My Cryptsetup compile recipes are here.

    Changelog:
    20190923 - f2fs-tools added
    20190915 - dislocker, ntfs-3g, mount.exfat-fuse added
    20190910 - VeraCrypt added
    20191215 - musl smp patch added
    20191224 - hstr v2.2.0 updated
    20191225 - Testdisk, PhotoRec v7.2-wip-dec2019 updated
    20200103 - tar v1.32 updated (with selinux, acl, xattr support)
    20200513 - Cryptsetup v2.3.2 added
    20200518 - fscrypt 0.2.7, strace56(aarch64) added
    20200525 - p7zip v17.01 added
    20200603 - parted v3.3 added
    20200606 - fxz v1.1.0alpha added
    20201212 - ddrescue v1.25 added
    20201212 - Cryptsetup v2.3.4 updated
    20210113 - f2fs-tools updated to v1.14.0
    20210125 - Several tools compiled by @Borovets. See 'Misc' tools.
    20210413 - Cryptsetup v2.3.5 updated
    20210916 - Cryptsetup v2.4.1 updated. Thx to @misterhsp.

    Data recovery tools:
    - PhotoRec 7.2 - PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.
    - Testdisk 7.2 - Recover lost partitions and partition tables. For external sdcards. Never use it on internal mmc unless you know what you're doing.
    - ext4magic 0.3.2 (with supplementary gnu date binary that can handle relative time like 'date -d "-20minutes" +%s')
    - fidentity - A little utility sharing PhotoRec signature database. It identifies the type of data contained in a file and reports the extension as seen by PhotoRec.
    - debugfs - Might be helpful on ext2 systems or other stuff.
    - strace 4.20 - For debugging. Mainly to catch syslog messages (as Android has no traditional /dev/log buffer).
    - strace 5.6 - For aarch64.
    - ddrescue v1.25 - Data recovery tool for block devices with errors.

    Compression tools:
    p7zip v17.01 (fork) - (Download) A new p7zip fork with additional codecs and improvements
    pixz - Parallel, indexed xz compressor
    xz - Multicore aware version of xz/lzma (use --thread=0)
    tar v1.32 - Tar provides the ability to create tar archives, as well as various other kinds of manipulation. Download below. More builds from @mirfatif here.
    fxz - (Download) FXZ Utils is a fork of XZ Utils. It adds a multi-threaded radix match finder and optimized encoder.

    Misc:
    - hexcurse v1.60.0 - Hexcurse is a curses-base hex editing utility that can open, edit, and save files, editing both the hexadecimal and decimal values. 'ncurses' ui layout depends on TERM env variable. Change temporary with eg. 'TERM=xterm-256color hexcurse <file>'. See /system/etc/terminfo for possible terminals (xterm-256color, linux..).
    - nethogs v0.8.5 - ncurse/nettop-like per-app separated speedmeter and traffic counter supporting high refresh rate. Try 'nethogs -d0' (speedmeter) or 'nethogs -v1' (traffic counter).
    - rsync v3.1.3 - rsync is an open source utility that provides fast incremental file transfer. (--with-rsyncd-conf=/data/etc/rsyncd.conf)
    - smbnetfs v0.6.1 - SMBNetFS is a Linux/FreeBSD filesystem that allow you to use samba/microsoft network in the same manner as the network neighborhood in Microsoft Windows. More info see below.
    - progress v0.14 - Linux tool to show progress for cp, mv, dd, ... (formerly known as cv). Download here.
    - archivemount (20180801) - A fuse filesystem for mounting archives in formats supported by libarchive. Download here.
    - squashfuse v0.1.103 - FUSE filesystem to mount squashfs archives Download here.
    - FuseISO - FuseISO is a FUSE module to mount ISO filesystem images (.iso, .nrg, .bin, .mdf and .img files). It currently support plain ISO9660 Level 1 and 2, Rock Ridge, Joliet, and zisofs. Download here.
    - HSTR v2.2.0 - HSTR (HiSToRy) is a command line utility that brings improved Bash/zsh command completion from the history. It aims to make completion easier and more efficient than Ctrl-r. (If history is empty try setting HISTFILE in /system/etc/bash/bashrc e.g. export HISTFILE=/data/.bash_history).
    - GNU screen, tmux - Thanks to @mirfatif.
    - dislocker, ntfs-3g, mount.exfat-fuse - Thanks to @mirfatif.
    - f2fs-tools - Thanks to @mirfatif. Update: v1.14.0 here.
    - parted v3.3 - GNU Parted (the name being the conjunction of the two words PARTition and EDitor) is a free partition editor, used for creating and deleting partitions. Note: It might be useful to partition external sdcards (e.g. to limit adoptable storage). I do not recommend to use it on internal memory. It might brick your phone.
    - Several tools compiled by @Borovets
    Borovets tools 2021.01.25
    arptables-0.0.5-[2021.01.17]-static.zip
    autoflushtest-1.0-[2021.01.14]-static.zip
    btrfs-compsize-1.3-[build-2]-[2020.12.27].zip
    btyacc-3.0-[2021.01.18]-static.zip
    c-blosc-1.21.1-development-[2020.12.22].zip
    c-blosc2-2.0.0-beta-6-development-[2020.04.21].zip
    cabextract-1.9.1-[2021.01.08]-static.zip
    compsize-1.3-[2021.01.07]-static.zip
    convert-color-space-0.1-[2021.01.18]-static.zip
    cpustat-0.02.13-[2021.01.13]-static.zip
    doxygen-1.9.2-[2021.01.17]-static.zip
    ed-1.17-[2021.01.11]-static.zip
    hello-2.10-[2021.01.08]-static.zip
    htop-3.0.5-[2021.01.13]-static.zip
    ipcalc-ng-1.0.0-[2020.12.28]-static.zip
    iw-5.9-[2021.01.08]-static.zip
    libsqlite-3.34.1-[2021.01.20].zip
    libtar-1.2.20-[2021.01.16]-static.zip
    m5-1.0-[2020.12.31]-static.zip
    sqlite-3.34.1-[2021.01.20]-static.zip

    Borovets tools 2021.01.27
    lcab-1.0-beta-12-[2021.01.17].zip
    memdump-1.01-[2021.01.25].zip
    memdumper-0.4-[2021.01.25].zip
    memtester-4.5.0-[2021.01.09].zip
    tcpdump-4.99.0-[libcap-1.9.1]-[2021.01.05].zip
    wget2-1.99.2-[2020.12.12].zip
    wolfssl-4.5.0-[2020.12.12].zip
    xfsprogs-5.10.0-[2021.01.01].zip

    Crypttools:
    (These crypttools are mostly frontend tools for the main backend that resides in the kernel. If your kernel hasn't been configured accordingly at compile time you might not be able to use all features.)
    Cryptsetup v2.3.5 - (Download) Cryptsetup is an utility used to conveniently setup disk encryption based on DMCrypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format.
    eCryptfs-utils v111 - Frontend tools for the enterprise cryptographic filesystem for Linux. That's what Android/Google use for encryption. It's file-based (no container) and mounting can be automated by Termux widget. Needs shared libraries but is still portable. See notes below.
    EncFS v1.9.5 - EncFS provides an encrypted filesystem in user-space. It runs in userspace, using the FUSE library for the filesystem interface.
    gocryptfs - An encrypted overlay filesystem written in Go. Download here. Thanks to @mirfatif.
    VeraCrypt - VeraCrypt is a free open source disk encryption software. Download here. Thanks to @mirfatif.
    fscrypt 0.2.7 - (Download) fscrypt is a high-level tool for the management of Linux filesystem encryption. Needs at least kernel 4.1.

    Crypttools info:

    Cryptsetup:

    General Notes:
    - Features like TrueCrypt, VeraCrypt and LUKS2 need 'userspace crypto api' enabled in kernel. Most Android kernels are probably not configured for that and you have to recompile your kernel or contact your kernel maintainer. For kernel 3.4 you need this:
    Code:
    CONFIG_CRYPTO_USER=y
    CONFIG_CRYPTO_USER_API=y
    CONFIG_CRYPTO_USER_API_HASH=y
    CONFIG_CRYPTO_USER_API_SKCIPHER=y
    - If 'cryptsetup benchmark' is incomplete and says 'userspace crypto api not available' you might be affected. You can still use LUKS1 though. A full benchmark looks like this:
    Code:
    # cryptsetup benchmark
    
    # Tests are approximate using memory only (no storage IO).
    PBKDF2-sha1       249186 iterations per second for 256-bit key
    PBKDF2-sha256     327680 iterations per second for 256-bit key
    PBKDF2-sha512      58829 iterations per second for 256-bit key
    PBKDF2-ripemd160  227555 iterations per second for 256-bit key
    PBKDF2-whirlpool   33539 iterations per second for 256-bit key
    argon2i       4 iterations, 208288 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
    argon2id      4 iterations, 207817 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
    #     Algorithm | Key |  Encryption |  Decryption
            aes-cbc   128b    77.8 MiB/s    88.4 MiB/s
        serpent-cbc   128b           N/A           N/A
        twofish-cbc   128b    58.5 MiB/s    61.9 MiB/s
            aes-cbc   256b    61.5 MiB/s    68.4 MiB/s
        serpent-cbc   256b           N/A           N/A
        twofish-cbc   256b    58.5 MiB/s    61.8 MiB/s
            aes-xts   256b    95.1 MiB/s    86.9 MiB/s
        serpent-xts   256b           N/A           N/A
        twofish-xts   256b    60.0 MiB/s    61.8 MiB/s
            aes-xts   512b    74.1 MiB/s    67.2 MiB/s
        serpent-xts   512b           N/A           N/A
        twofish-xts   512b    60.3 MiB/s    62.0 MiB/s


    LUKS:
    Code:
    ** 10MB test image (luks.img) **
    dd if=/dev/zero of=luks.img bs=1M count 10M
    cryptsetup luksFormat luks.img
    cryptsetup open luks.img myluks
    mke2fs -t ext4 /dev/mapper/myluks
    mkdir luks
    mount /dev/mapper/myluks luks
    ** luks folder is ready here **
    umount luks
    cryptsetup close myluks
    - If standard luksFormat cipher (aes-xts-plain64) doesn't work (not supported by your kernel) you can try one of the more compatible ciphers:
    Code:
    cryptsetup luksFormat -c cbc-essiv:sha256 luks.img myluks
    cryptsetup luksFormat -c aes-plain luks.img myluks
    - For LUKS2 (experimental) use:
    Code:
    cryptsetup luksFormat --type luks2 luks.img
    - Use "cryptsetup -v --debug" for more verbose output (debugging). In case of errors.


    Veracrypt:
    Code:
    cryptsetup open --type tcrypt --veracrypt veracrypt.tc myvera
    cryptsetup status myvera
    mkdir /data/myvera
    mount /dev/mapper/myvera /data/myvera
    umount /data/myvera
    cryptsetup close myvera
    - Use container from desktop system (created with real Veracrypt)
    - "veracrypt.tc" is the veracrypt container name
    - "myvera" is an arbitrary name (handle)
    - Use "cryptsetup -v --debug" for more verbose output (debugging). In case of errors.

    eCryptfs-utils:

    General Notes:
    These tools are not built statically as they explicitly rely on 'dlopen' (plugin system). Instead they are compiled with relative rpaths (./libs). That means dependencies (libraries in subfolders) must be present in the binaries folder and you have to be in the binaries folder itself (with 'cd') before invoking any binary. By this the binaries are still portable (system independent) as long as the subfolders are present. I've put the files into a tar.gz archive so permissions should be set +x already. Extract the archive into /data/local/bin for 'Example' below.
    Code:
    mkdir -p /data/local/bin
    cd /data/local/bin
    tar xf crypttools.armv7.20180204.tar.gz
    cd ecryptfs
    ./ecryptfs-stat --help

    More info: ArchLinux Wiki

    Example:

    Tested on /sdcard based on FUSE filesystem. sdcardfs untested. Might need selinux permissive.

    We create a folder /sdcard/pics that can be enabled (files present) or disabled (no files present) by a click on a widget button (Termux script) and entering our password. The encryption is done on a per-file basis. The actual files are stored encrypted in /sdcard/efs/pics.

    - You might need SuperSU or Magisk Superuser for 'su -mm'. That makes sure that all apps can see the mounted folder (mount namespace separation).
    - Busybox needed
    - Install Termux and Termux:Widget from F-Droid or Playstore
    - Start it and enter:
    Code:
    pkg upgrade
    pkg install tsu
    exit
    - Create script /data/data/com.termux/files/home/.shortcuts/efs-pics.sh and make sure permissions(700) and owner (take from parent folder) are correct.
    Code:
    #!/system/xbin/bash
    su -mm -c "/system/xbin/bash -c /data/local/scripts/$(basename "$0")"
    - Create script /data/local/scripts/efs-pics.sh (770/root):
    Code:
    #!/system/xbin/bash
    set -e
    PATH=$PATH:/data/data/com.termux/files/usr/bin
    
    # Necessary because rpaths are relative
    cd /data/local/bin/ecryptfs
    
    # /data/myefskey contains the salted key.
    # Don't forget to make a backup.
    # Without it encrypted data is lost.
    function enter_passphrase {
        read -p "Enter passphrase: " passphrase
        sig=$(printf "%s" "$passphrase" | ./ecryptfs-insert-wrapped-passphrase-into-keyring /data/myefskey -) || exit
        sig=$(echo $sig | cut -d "[" -f2 | cut -d "]" -f1)
    }
    
    CPATH1="/data/media/0/efs/pics"
    CPATH2="/data/media/0/pics"
    if ! mountpoint -q ${CPATH2}; then
        enter_passphrase
        echo ""
        mount -t ecryptfs -o ecryptfs_sig=$sig,ecryptfs_fnek_sig=$sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 ${CPATH1} ${CPATH2} || (echo "$(basename "$0") mount failed!"; exit)
        ./keyctl clear @u
        echo "$(basename "$0") mount successful! :)"
    else
        umount ${CPATH2} || (echo "$(basename "$0") umount error $? :("; exit)
        echo "$(basename "$0") umount successful :)"
    fi
    
    # uncomment to force-close Termux window
    # killall com.termux
    - If your rom uses encryption already (/data/data) beware the './keyctl clear @u' command. It might flush *all* keys in the kernel including the Android encryption one (i'm not sure). This might lead to unpredicted behavior. Either comment it out (then your once injected key remains in the kernel keystore and someone could simply remount your folder without passphrase) or make yourself familiar with the keyctl command and handle it yourself. My phone is not encrypted so i cannot help here.
    - Create random keyfile (/data/myefskey) and wrap it with passphrase. This might need 1-2 minutes depending on your devices entropy pool (/dev/random). Backup this key (/data/myefskey). Without it your encrypted data is lost. And don't forget the trailing '-' (minus) at the end of the line, it's important.
    Code:
    cd /data/local/bin/ecryptfs
    read -p "Enter passphrase: " passphrase; printf "%s\n%s" $(busybox od -x -N 100 --width=30 /dev/random | head -n 1 | busybox sed "s/^0000000//" | busybox sed "s/[[:space:]]*//g") "${passphrase}" | ./ecryptfs-wrap-passphrase /data/myefskey -
    - Create folders:
    Code:
    mkdir -p /sdcard/efs/pics /sdcard/pics
    - Create Widget (Termux) and select 'efs-pics.sh'.
    - Start it and enter your passphrase (you used above). If everything goes well (it will tell you) you can place files into /sdcard/pics and scrambled files should come up in /sdcard/efs/pics. Never write into /sdcard/efs/pics directly.
    - Activate widget again. /sdcard/pics should get emptied.
    - Optional: You can set /data/media/0/efs/pics to 700/root so no one can access/see the encrypted data.

    SMBNetFS info:

    Note: The library paths are relative. You need to be in the folder (with 'cd') to spawn the executable (./smbnetfs). You can extract the archive wherever you want though as far as the file/folder structure remains intact.

    Example:
    Code:
    mount -o remount,rw /
    mkdir -p /data/local/bin /mnt/cifs
    mount -o remount,ro /
    tar xf smbnetfs.tar.gz -C /data/local/bin
    cd /data/local/bin/smbnetfs
    export HOME=/data/local/bin/smbnetfs/home
    * enter your smb credentials into smbnetfs/home/.smb/smbnetfs.auth (eg. auth "192.168.1.2" "${user}" "${pass}")
    ./smbnetfs /mnt/cifs
    cd /mnt/cifs/192.168.1.2/${share}
    I think it usually should list the samba environment in /mnt/cifs but i'm not sure which prerequisites are necessary for that (edit: maybe it needs real workgroup/hostname instead of IPs). If nothing comes up this should work:
    The folder 192.168.1.2/${share} is unreachable by Androids folder picker (unless you can enter the path manually). So either pre-create the folder structure beforehand (mkdir -p /mnt/cifs/192.168.1.2/${share}) and add/register the folder to your app by folder picker (eg. MXPlayer) and then overmount that with the actual ${share}. Or bindmount the folder:
    Code:
    mount --bind /mnt/cifs/192.168.1.2/${share} /mnt/cifs2
    Edit: Another option is to let smbnetfs create a static link (actually a symbolic link) to the share in the mountpoint root (/mnt/cifs). Its not as robust as the bindmount though. MXPlayer doesn't find any files (even though the folder picker shows the folders properly).
    Code:
    echo "link myfiles 192.168.1.2/${share}" > /data/local/bin/smbnetfs/home/.smb/smbnetfs.host
    chmod 700 /data/local/bin/smbnetfs/home/.smb/smbnetfs.host

    I've noticed that MXPlayer shows the samba folders just for a glimpse of a second. But if you enter one of the local folders and then go back all samba folders are there. Not sure why this is happening or maybe its just my system.

    Edit2: Not yet tested but.. check the permissions. Its possible that SMBNetFS mounts with 755 or something. That's inaccessible for Android apps. Try this:
    Code:
    ./smbnetfs -o umask=000,noatime,noexec,nodev,nosuid /mnt/cifs

    Samba 4.8.3 configuration:
    Code:
    _idmap_modules=idmap_rid,idmap_hash,idmap_tdb2
    _pdb_modules=pdb_tdbsam,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4
    _auth_modules=auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4
    
    waf configure --prefix=/tmp/myout \
    -C \
    --sysconfdir=./conf/etc/samba \
    --with-configdir=./conf/etc/samba \
    --localstatedir=./conf/var \
    --libexecdir=./conf/usr/lib \
    --enable-fhs \
    --with-lockdir=./conf/var/cache/samba \
    --with-piddir=./conf/run/samba \
    --with-logfilebase=./conf/var/log/samba \
    --without-pam \
    --without-systemd \
    --without-ads \
    --with-shared-modules=$_idmap_modules,$_pdb_modules,$_auth_modules \
    --disable-cups \
    --without-gettext \
    --bundled-libraries=NONE,com_err,ldb,uid_wrapper,resolv_wrapper,socket_wrapper,nss_wrapper,ntdb,roken,wind,hx509,asn1,heimbase,hcrypto,krb5,gssapi,heimntlm,hdb,kdc,cmocka,talloc,tdb,pytdb,ldb,pyldb,tevent,pytevent \
    --disable-rpath-install \
    --disable-python --without-ad-dc --without-acl-support --without-ldap \
    --hostcc=/usr/bin/gcc \
    --cross-compile --cross-execute='qemu-arm -L /media/devpart/qemu/root'
    
    waf build -j4
    waf install
    6
    Compression tools added.
    Next are crypttools (ecryptfs-utils, cryptsetup).
    5
    [...]
    But can you also build a binary for gocryptfs? ^^
    nuetzlich (dot) net/gocryptfs
    Can't promise anything. First attempts to create the cross compiler toolchain with go language enabled were not successful. Will contact some people.

    @DualJoe sir with your permissions :)
    EncFS is simpler, gocrptfs has complications.
    Firstly, static binary is only built without_openssl. (Edit: In fact it's possible otherwise after playing with GO environment variables, but I couldn't make it work with cross-compiler. Code uses only GO compiler and not C code (i.e. libc and hence gcc) unless we build with openssl.) Secondly gocryptfs uses fusermount for mounting FUSE at runtime. So fusermount must be on $PATH. Thirdly, syslog needs to be disabled as there is no syslog on Android.
    Unlike mainstream Linux, fusermount won't work without superuser privileges due to /dev/fuse permissions and other issues discussed here. Use allow_other for non-root access to mountpoint.
    And obviously! Kernel should be built with FUSE (CONFIG_FUSE_FS).
    Code:
    ~$ grep -i fuse /proc/filesystems
    ~$ ls /dev/fuse
    Natively compiled with gcc and musl libc on Void Linux.
    Initial tests work. Can't rectify bugs :D

    Code:
    ~# mkdir .encrypted mountpoint
    ~# gocryptfs -nosyslog -init .encrypted
    ~# gocryptfs -info .encrypted
    ~# gocryptfs -allow_other -nosyslog .encrypted mountpoint
    ~# touch mountpoint/testfile
    ~# ls .encrypted mountpoint
    ~# fusermount -u mountpoint

    UPDATED
    Built on VoidLinux ARM64 running on Android device. Linked against musl libc.
    5
    I only have gifsicle. The other ones are too complex for my setup atm.