[UNOFFICIAL][ENCRYPTION][wrappedkey] TWRP 3.3.1-6: proper system_as_root & decryption

Search This thread

Yemble

Senior Member
Sep 2, 2013
309
87
Bradford
Android 10 compatibility?

I've been running Xiaomi.eu weeklies successfully with PTWRP for several months now, without ever encountering any issue. All of the ROM updates to date have been MIUI 11 / Android 9, however, the next one will be MIUI 11 / Android 10.

Will PTWRP continue to work correctly with Android 10 ? My RN7P is encrypted and rooted.
 

rrrsssttt

Member
Jul 10, 2018
35
4
Has anyone been able to get the 3.3.1-6 version working? I've downloaded the file but it installs v 3.3.1-0.

I'm wondering if I'm doing something wrong or if the wrong file is linked?
 

Yemble

Senior Member
Sep 2, 2013
309
87
Bradford
I've been running Xiaomi.eu weeklies successfully with PTWRP for several months now, without ever encountering any issue. All of the ROM updates to date have been MIUI 11 / Android 9, however, the next one will be MIUI 11 / Android 10.

Will PTWRP continue to work correctly with Android 10 ? My RN7P is encrypted and rooted.

hi guys,
i confused for decrypt/encrypt,
i unlock my bootloader today now i want flash xiaomi.eu but i got confuse.
Suggest you wait for the Android 10 release, due tomorrow?, before flashing TWRP. However, there is still no word from the Dev about Android 10 support in this TWRP?
 

a.broken.star

Senior Member
Mar 11, 2013
1,380
657
India
Got a new RNPro7 . Waiting for the bootloader unlock wait period to get over..

I will always remain on MiUi. But i might try unofficial miui builds like xiaomi.eu or miui pro..

So should i use this recovery ? Or some other ? Also, do i need to be careful about encrypt decrypt thing like formatting data etc ?
 

Yemble

Senior Member
Sep 2, 2013
309
87
Bradford
Got a new RNPro7 . Waiting for the bootloader unlock wait period to get over..

I will always remain on MiUi. But i might try unofficial miui builds like xiaomi.eu or miui pro..

So should i use this recovery ? Or some other ? Also, do i need to be careful about encrypt decrypt thing like formatting data etc ?

Best recovery for Xiaomi.eu Miui 11 / Android 9. Supports encryption properly.

No word on Android 10 compatibility yet. Miui 11 / Android 10 ROM keeps getting delayed, presumably due to issues!
 
  • Like
Reactions: a.broken.star

a.broken.star

Senior Member
Mar 11, 2013
1,380
657
India
Best recovery for Xiaomi.eu Miui 11 / Android 9. Supports encryption properly.

No word on Android 10 compatibility yet. Miui 11 / Android 10 ROM keeps getting delayed, presumably due to issues!
So all miui roms are encrypted ? Do i have flash that fcrypt zip file while changing ROMs ? Or do i need to use format data option ? Or is just the simple process to change rom based on Miui :

1) unlock bootloader
2) flash twrp
3) wipe data system etc
4) flash rom
5) flash magisk
6) reboot
 

Naveenthemi

Senior Member
Aug 8, 2016
440
127
Xiaomi Redmi Note 7 Pro
So all miui roms are encrypted ? Do i have flash that fcrypt zip file while changing ROMs ? Or do i need to use format data option ? Or is just the simple process to change rom based on Miui :

1) unlock bootloader
2) flash twrp
3) wipe data system etc
4) flash rom
5) flash magisk
6) reboot
Yep, you would have to clean wipe each time you shift from unofficial to official. You could try OrangeFox recovery instead of Peter's which hasn't been updated in a while and is missing out on some features...
OrangeFox supports OTA updates and such, instructions are provided in the forum..
Some Custom ROM's also require you to flash a certain Firmware before flashing the ROM, and some require you to disable encryption after flashing the ROM. Do check out the ROM page carefully for particular instructions.
 
  • Like
Reactions: a.broken.star

a.broken.star

Senior Member
Mar 11, 2013
1,380
657
India
Yep, you would have to clean wipe each time you shift from unofficial to official. You could try OrangeFox recovery instead of Peter's which hasn't been updated in a while and is missing out on some features...
OrangeFox supports OTA updates and such, instructions are provided in the forum..
Some Custom ROM's also require you to flash a certain Firmware before flashing the ROM, and some require you to disable encryption after flashing the ROM. Do check out the ROM page carefully for particular instructions.
Thanx for the detailed reply.
Do miui rom require me to disable encryption ? Sorry there is no specific thread for custom miui roms like xiaomi.eu and miuipro
 

DarthJabba9

Senior Member
May 5, 2014
3,680
3,468
Greater London
Thanx for the detailed reply.
Do miui rom require me to disable encryption ? Sorry there is no specific thread for custom miui roms like xiaomi.eu and miuipro
MIUI does not expect you to disable encryption. In fact, on some devices, MIUI would be very upset if you disable encryption (eg, FP, PIN, password will not work). But violet is not one of the devices with this problem.
 

a.broken.star

Senior Member
Mar 11, 2013
1,380
657
India
MIUI does not expect you to disable encryption. In fact, on some devices, MIUI would be very upset if you disable encryption (eg, FP, PIN, password will not work). But violet is not one of the devices with this problem.


Those Custom ROM's have their own websites with specific instructions...No MIUI doesn't, it's encrypted by default unless you force disable it...

Thanx.. I'll flash twrp and flash xiaomi.eu rom...
 

Kevin8768

Member
Feb 5, 2020
12
1
Kolkata, Bidhan Nagar
Code:
/*
 * I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...). 
 * Please do some research if you have any concerns about features included in the products you find here before flashing it! 
 * YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you. 
 * Your warranty will be void if you tamper with any part of your device / software.
 * Same statement for XDA.
 */

Introduction

This is an unofficial build of TWRP for Redmi Note 7 Pro (violet). Differences with the official one include:

- Supports CAF-based wrappedkey encryption (decryption) properly (tested with MIUI 10.3.5.0)
- Supports decrypting devices that have screen lock set up after Android 9 May update, which introduced a new key derivation function.
- Mounts the system partition at /system_root as per AOSP standards. This makes the auto-backup scripts (e.g. GApps / Magisk survival script) work properly during updates, and you no longer need any 'patch' to flash GApps / Magisk properly. However, this may break some existing ROMs. See below FAQ section for details.
- Appended DTBO to the recovery image so it doesn't depend on the dtbo partition. No standalone DTBO image required.

Flashing instructions

- Download and extract the img file
- Reboot to fastboot mode
- fastboot flash recovery whatever_img_file_you_extracted.img
- Reboot and press Volume + to enter recovery
- DO NOT try to run 'fastboot boot recovery.img', it won't work.
- DO NOT flash the fcrypt disabler if you use my recovery. There is no need to do so, and it is possible to mess stuff up if you don't know what you are doing.
- You have to format the data partition if and ONLY IF:
1) You were not encrypted, now going to an encrypted state, or vice-versa OR
2) You were on a ROM other than MIUI that does not support "wrappedkey" (ROMs would often state it supports wrappedkey if it does), now going to a ROM that supports it

Limitations

DO NOT boot this recovery with empty system and vendor partitions. It will fail to decrypt any data partition with empty /system and /vendor. DO NOT wipe system and vendor partitions without installing a new one before rebooting. I am working to remove this limitation.

Now works even with empty system and vendor partitions after 3.3.1-5. No need to worry about formatting system and vendor breaking TWRP any more.

The restore zip created by the Migrate app is NOT compatible with this recovery. It's a problem of the Migrate app, not this recovery. Please DO NOT try to flash the restore zip created by Migrate.

FAQ

- Q: Do I need any specific DTBO image to make this recovery working?
- A: Nope. It is appended to the recovery image so it will work with any DTBO.

- Q: What is wrappedkey?
- A: It's a different mode of FBE implemented in CAF, the Qualcomm branch of AOSP.

- Q: This cannot install ROM X, why?
- A: Because it mounts the system partition at /system_root, which is AOSP standard behavior for A-only system_as_root devices, but is broken in some custom ROMs currently (MIUI should work though). To make any ROM work again, they will need to include this commit from LineageOS Gerrit https://review.lineageos.org/c/LineageOS/android_build/+/247066

- Q: Decryption doesn't work with ROM X, why?
- A: Decryption should work for most ROMs based on the CAF branch (not AOSP). CAF ROMs (including official MIUI) use a different scheme for key storage, which is why TWRP hasn't supported it till now. I have ported the CAF encryption changes (wrappedkey) to TWRP, but unfortunately this will break ROMs that do not support the CAF wrappedkey mode of encryption. Here is a list of patches non-CAF ROMs need to support CAF-encrypted /data partitions https://mokeedev.review/q/topic:%22fbe-wrapped-key%22+(status:eek:pen%20OR%20status:merged). If you confirm your ROM is CAF-based but the decryption still does not work, please open an issue on my GitHub repository which you could find below. (XDA threads are no good for issue tracking, sorry)

- Q: Why not contribute to the official TWRP?
- A: All the patches to the TWRP code base have been submitted to the official gerrit code review, though not merged yet, which you can see below.

Downloads

3.3.1-6: https://mega.nz/#!3QIRQYhK!Jq5QrGfJw5VCYZ8sq_BO1qNZecrFqlM9IB1IdSwogvI
changes: updated kernel to support pstore instead of /proc/last_kmsg. If you don't know what this is, it's probably not relevant to you.

Here you can find an unofficial LOS build with wrappedkey encryption and also proper system_as_root support for those survival scripts https://forum.xda-developers.com/redmi-note-7-pro/development/unofficial-lineageos-16-caf-encryption-t3933532. In addition, all official MIUI builds should flash just fine.

History versions:

3.3.1-5: https://mega.nz/#!nMowHKiL!zRvoTM0iIZKArmUDnZzaEFtXQv0_q7hIHUCmTHTOmOM
changes: 1) Now works even with empty /system and /vendor partition 2) Fixed brightness problem; 3) Enabled EDL Reboot
3.3.1-3: https://mega.nz/#!yAYXxAzZ!FNMYLzLphnSmJ-DbBx-OZUgxxYiftgn8e4Jn3kxiQik

Patches and sources

Patches for TWRP are available here:

https://gerrit.omnirom.org/#/c/34091/
https://gerrit.omnirom.org/#/c/34093/
https://gerrit.omnirom.org/#/c/34092/
https://gerrit.omnirom.org/#/c/android_bootable_recovery/+/34096/

Patches for ROMs to support wrapped key have been given in the above sections.

Source of the current device tree for TWRP: https://github.com/PeterCxy/android_device_xiaomi_violet-twrp
Kernel source: https://github.com/PeterCxy/android_kernel_xiaomi_sm6150, note that the device tree uses a prebuilt kernel image.

Contributors
PeterCxy, Dyneteve, merothh
Source Code: https://github.com/PeterCxy/android_device_xiaomi_violet-twrp

going to install
 

Top Liked Posts

  • There are no posts matching your filters.
  • 40
    [UNOFFICIAL][ENCRYPTION][wrappedkey] TWRP 3.3.1-6: proper system_as_root & decryption

    Code:
    /*
     * I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...). 
     * Please do some research if you have any concerns about features included in the products you find here before flashing it! 
     * YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you. 
     * Your warranty will be void if you tamper with any part of your device / software.
     * Same statement for XDA.
     */

    Introduction

    This is an unofficial build of TWRP for Redmi Note 7 Pro (violet). Differences with the official one include:

    - Supports CAF-based wrappedkey encryption (decryption) properly (tested with MIUI 10.3.5.0)
    - Supports decrypting devices that have screen lock set up after Android 9 May update, which introduced a new key derivation function.
    - Mounts the system partition at /system_root as per AOSP standards. This makes the auto-backup scripts (e.g. GApps / Magisk survival script) work properly during updates, and you no longer need any 'patch' to flash GApps / Magisk properly. However, this may break some existing ROMs. See below FAQ section for details.
    - Appended DTBO to the recovery image so it doesn't depend on the dtbo partition. No standalone DTBO image required.

    Flashing instructions

    - Download and extract the img file
    - Reboot to fastboot mode
    - fastboot flash recovery whatever_img_file_you_extracted.img
    - Reboot and press Volume + to enter recovery
    - DO NOT try to run 'fastboot boot recovery.img', it won't work.
    - DO NOT flash the fcrypt disabler if you use my recovery. There is no need to do so, and it is possible to mess stuff up if you don't know what you are doing.
    - You have to format the data partition if and ONLY IF:
    1) You were not encrypted, now going to an encrypted state, or vice-versa OR
    2) You were on a ROM other than MIUI that does not support "wrappedkey" (ROMs would often state it supports wrappedkey if it does), now going to a ROM that supports it

    Limitations

    DO NOT boot this recovery with empty system and vendor partitions. It will fail to decrypt any data partition with empty /system and /vendor. DO NOT wipe system and vendor partitions without installing a new one before rebooting. I am working to remove this limitation.

    Now works even with empty system and vendor partitions after 3.3.1-5. No need to worry about formatting system and vendor breaking TWRP any more.

    The restore zip created by the Migrate app is NOT compatible with this recovery. It's a problem of the Migrate app, not this recovery. Please DO NOT try to flash the restore zip created by Migrate.

    FAQ

    - Q: Do I need any specific DTBO image to make this recovery working?
    - A: Nope. It is appended to the recovery image so it will work with any DTBO.

    - Q: What is wrappedkey?
    - A: It's a different mode of FBE implemented in CAF, the Qualcomm branch of AOSP.

    - Q: This cannot install ROM X, why?
    - A: Because it mounts the system partition at /system_root, which is AOSP standard behavior for A-only system_as_root devices, but is broken in some custom ROMs currently (MIUI should work though). To make any ROM work again, they will need to include this commit from LineageOS Gerrit https://review.lineageos.org/c/LineageOS/android_build/+/247066

    - Q: Decryption doesn't work with ROM X, why?
    - A: Decryption should work for most ROMs based on the CAF branch (not AOSP). CAF ROMs (including official MIUI) use a different scheme for key storage, which is why TWRP hasn't supported it till now. I have ported the CAF encryption changes (wrappedkey) to TWRP, but unfortunately this will break ROMs that do not support the CAF wrappedkey mode of encryption. Here is a list of patches non-CAF ROMs need to support CAF-encrypted /data partitions https://mokeedev.review/q/topic:%22fbe-wrapped-key%22+(status:eek:pen%20OR%20status:merged). If you confirm your ROM is CAF-based but the decryption still does not work, please open an issue on my GitHub repository which you could find below. (XDA threads are no good for issue tracking, sorry)

    - Q: Why not contribute to the official TWRP?
    - A: All the patches to the TWRP code base have been submitted to the official gerrit code review, though not merged yet, which you can see below.

    Downloads

    3.3.1-6: https://mega.nz/#!3QIRQYhK!Jq5QrGfJw5VCYZ8sq_BO1qNZecrFqlM9IB1IdSwogvI
    changes: updated kernel to support pstore instead of /proc/last_kmsg. If you don't know what this is, it's probably not relevant to you.

    Here you can find an unofficial LOS build with wrappedkey encryption and also proper system_as_root support for those survival scripts https://forum.xda-developers.com/redmi-note-7-pro/development/unofficial-lineageos-16-caf-encryption-t3933532. In addition, all official MIUI builds should flash just fine.

    History versions:

    3.3.1-5: https://mega.nz/#!nMowHKiL!zRvoTM0iIZKArmUDnZzaEFtXQv0_q7hIHUCmTHTOmOM
    changes: 1) Now works even with empty /system and /vendor partition 2) Fixed brightness problem; 3) Enabled EDL Reboot
    3.3.1-3: https://mega.nz/#!yAYXxAzZ!FNMYLzLphnSmJ-DbBx-OZUgxxYiftgn8e4Jn3kxiQik

    Patches and sources

    Patches for TWRP are available here:

    https://gerrit.omnirom.org/#/c/34091/
    https://gerrit.omnirom.org/#/c/34093/
    https://gerrit.omnirom.org/#/c/34092/
    https://gerrit.omnirom.org/#/c/android_bootable_recovery/+/34096/

    Patches for ROMs to support wrapped key have been given in the above sections.

    Source of the current device tree for TWRP: https://github.com/PeterCxy/android_device_xiaomi_violet-twrp
    Kernel source: https://github.com/PeterCxy/android_kernel_xiaomi_sm6150, note that the device tree uses a prebuilt kernel image.

    Contributors
    PeterCxy, Dyneteve, merothh
    Source Code: https://github.com/PeterCxy/android_device_xiaomi_violet-twrp
    12
    Now fixed and tested with MIUI.
    3
    I’m not new to installing custom recoveries and installing ROM, but I am new to Xiaomi devices.

    In the simplest form possible,

    With this I should be able to just run the ‘fastboot install recovery twrp.img’ and not have to run “fastboot erase userdata’?

    also

    Do I still need to flash the zip I have that disables forced encryption?

    You won't need to erase userdata or flash fcrypt disabler anymore, if all the ROMs will update to support the wrappedkey encryption
    3
    Could you provide instructions to flash this ?
    Or is it just the same as the 'official one'?

    just fastboot flash recovery whatever_you_downloaded_and_extracted.img
    3
    is it necessary to flash vbmeta-thermal.zip on this twrp?

    No need; but please pay attention to the explanation in the beginning of this thread about encryption used in different ROMs (Q: Decryption doesn't work with ROM X, why? and the answer).

    ---------- Post added at 06:40 PM ---------- Previous post was at 06:31 PM ----------

    Hi, I am in 10.3.5.0(PFGMIXM}, and need help. I have unlocked my bootloader, and unable to flash the recovery. I don't see any errors in fastboot flash recovery recovery.img (latest recovery image) but it reverts to MI recovery all the time. Please help
    This is the MIUI thing to put back its own recovery. Try to fastboot reboot after flash and immediately press and hold Vol UP button. You will have to get TWRP.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone