I have been struggling to encrypt MI 8 as without encryption, I feel like I am walking naked
After lots of trial and error, finally got it working. Here are the steps:
Prerequisites: Flash TWRP (TWRP-3.2.3-1110-XIAOMI8-EN-wzsx150) by @gulp79 - https://goo.gl/scMQwd
1. Copy the following files to the phone:
a. Vendor/firmware from @infrag - https://drive.google.com/open?id=1BJKthOJrWaWevaxus7rYkJNc95icIOsD
b. Copy Havoc (Dipper Update 25-11-2018) by @ZeNiXxX + Gapps to the phone.
c. Titanium Backup all the user apps and copy the backup to your PC. You will have to format data and you will lose everything on the phone.
2. Reboot to TWRP.
3. Flash vendor/firmware + Havoc + Gapps.
4. Wipe - Format Data (where you have to type "yes"). This will wipe everything from your /data partition, including /sdcard.
5. Reboot to System.
6. Setup the phone and add fingerprint/PIN (important).
7. Restore the user apps from Titanium Backup by copying the backup from the PC.
8. If you need Magisk, copy it to /sdcard and reboot to TWRP and flash it. When you boot to TWRP, you will be prompted to enter PIN to decrypt data.
Voila!
Phone is encrypted and you can sleep happy.
PS: Big thanks to @ZeNiXxX (for an awesome and feature rich Havoc ROM), @gulp79 (for converting the latest TWRP to English), @infrag (for providing the flashable vendor/firmware), @milouk (default kernel in Havoc), and OpenGAPPS team.
What exactly does it do?
By.TRabZonLu™ said:
What exactly does it do?
Click to expand...
Click to collapse
It encrypts your phone. If you ever lose a phone, no one can access your data.
Without encryption, if you give me a phone which has a PIN or Pattern setup with/without fingerprint, I can easily remove the PIN/Pattern in TWRP and boot your phone and look at all the data.
Without encryption, it's analogous to walking naked.
You should specify that it is for AOSP & LOS in title, MIUI Stock Global & China has built in System & Data encryption already. ( .EU multi ROM has only system encryption)
RainGater said:
I have been struggling to encrypt MI 8 as without encryption, I feel like I am walking naked
Snip
Click to expand...
Click to collapse
My phone is on global stable. Do I use the same steps if I want to keep my phone encrypted? Thanks a lot!
What if you want to have encryption using MIUI ROM ?
pmatthew said:
What if you want to have encryption using MIUI ROM ?
Click to expand...
Click to collapse
This thread is outdated, encryption works well now.
nfsmw_gr said:
This thread is outdated, encryption works well now.
Click to expand...
Click to collapse
I would not say that; yesterday I turned on the Phone encryption on xiaomi.eu stable rom (MIUI 10.2), and after that the phone booted only to Recovery. I had to format data, reinstall the ROM, and modify fstab.qcom, to have encryption...
pmatthew said:
I would not say that; yesterday I turned on the Phone encryption on xiaomi.eu stable rom (MIUI 10.2), and after that the phone booted only to Recovery. I had to format data, reinstall the ROM, and modify fstab.qcom, to have encryption...
Click to expand...
Click to collapse
I still can't find a way for GLOBAL ROM (latest PIE) to have DATA & SYSTEM encryption while keeping ROOT. Boot loops to recovery every time.... If anyone has this or can achieve this, please share. The closest i've been is I can get root, and have DM Verity with Optional encryption just fine -but as soon as i choose to encrypt the phone from the menu, it errors trying, then continuously boot loops.
pmatthew said:
I would not say that; yesterday I turned on the Phone encryption on xiaomi.eu stable rom (MIUI 10.2), and after that the phone booted only to Recovery. I had to format data, reinstall the ROM, and modify fstab.qcom, to have encryption...
Click to expand...
Click to collapse
Agimax said:
I still can't find a way for GLOBAL ROM (latest PIE) to have DATA & SYSTEM encryption while keeping ROOT. Boot loops to recovery every time.... If anyone has this or can achieve this, please share. The closest i've been is I can get root, and have DM Verity with Optional encryption just fine -but as soon as i choose to encrypt the phone from the menu, it errors trying, then continuously boot loops.
Click to expand...
Click to collapse
Umm, I flashed latest global myself a couple of days ago through fastboot.
I admit I didn't root the clean booted global rom, but mi-globe and xiaomi.eu variants got rooted just fine for me with Magisk V18.0.
nfsmw_gr said:
Umm, I flashed latest global myself a couple of days ago through fastboot.
I admit I didn't root the clean booted global rom, but mi-globe and xiaomi.eu variants got rooted just fine for me with Magisk V18.0.
Click to expand...
Click to collapse
Of course, Root without encryption is fine. Try running ROOT with DATA & SYSTEM encryption. That is the issue i am finding. Xiaomi.eu doesn't come with encryption out of the box for DATA. GLOBAL ROM defaults to encryption for SYSTEM & DATA on first boot. If it's not encrypted or flashing the DM-Verity/FEC remover first, running Magisk root is fine. As i stated, GLOBAL ROM with ROOT and FULL system & data encryption is where the issue lies.
Agimax said:
Of course, Root without encryption is fine. Try running ROOT with DATA & SYSTEM encryption. That is the issue i am finding. Xiaomi.eu doesn't come with encryption out of the box for DATA. GLOBAL ROM defaults to encryption for SYSTEM & DATA on first boot. If it's not encrypted or flashing the DM-Verity/FEC remover first, running Magisk root is fine. As i stated, GLOBAL ROM with ROOT and FULL system & data encryption is where the issue lies.
Click to expand...
Click to collapse
No I mean I was encrypted as well.
I'd try again just to be sure about what I said but I've finalized my LOS setup right now haha.
I'm almost 100% certain I was encrypted because I never formated data from twrp, just flashed stock, twrp, xiaomi.eu, magisk.
This shouldn't remove the encryption, and besides without the remover zip the rom enforces encryption, and I didn't flash the remover zip.
nfsmw_gr said:
No I mean I was encrypted as well.
I'd try again just to be sure about what I said but I've finalized my LOS setup right now haha.
I'm almost 100% certain I was encrypted because I never formated data from twrp, just flashed stock, twrp, xiaomi.eu, magisk.
This shouldn't remove the encryption, and besides without the remover zip the rom enforces encryption, and I didn't flash the remover zip.
Click to expand...
Click to collapse
- you said you flashed twrp, xiaomi.eu and magisk. Xiaomi.eu isn't encrypted by default without editing the values manually......Soo.... No you didn't have encryption and root in that scenario.
Agimax said:
- you said you flashed twrp, xiaomi.eu and magisk. Xiaomi.eu isn't encrypted by default without editing the values manually......Soo.... No you didn't have encryption and root in that scenario.
Click to expand...
Click to collapse
If I didn't format data after flashing xiaomi.eu the encryption has no reason to be gone.
If it had gone then the internal storage on my device would be blank. But all the files were there.
So yeah the encryption remained.
In any case believe what you will, I'm not gonna flash everything again just to prove my point.
If I need to go back to miui for any reason I'll do it and post back, otherwise give it a go yourself.
nfsmw_gr said:
If I didn't format data after flashing xiaomi.eu the encryption has no reason to be gone.
If it had gone then the internal storage on my device would be blank. But all the files were there.
So yeah the encryption remained.
In any case believe what you will, I'm not gonna flash everything again just to prove my point.
If I need to go back to miui for any reason I'll do it and post back, otherwise give it a go yourself.
Click to expand...
Click to collapse
I've tried xiaomi.eu in the past. The latest build i tried is dec 22, 2018, but the phone never encrypted. Contrary to LOS it always encrypted when i flashed it.
So, if your phone encrypted, then you need to decrypt it by entering the pattern/security when booting to recovery right?
To make sure if my phone encrypted, i boot to twrp and security pattern will appear. If its not encrypted, there will be no security pattern in twrp boot. I double checked it with connecting the phone with usb cable, An encrypted phone will always displaying random text/folder file, while not encrypted phone always display the real file.
So, i formatted data and flash xiaomi.eu (magisk etc) to see if it encrypted, its not. And i wipe everything again, i flashed LOS (etc), but it still not encrypted. So, i formatted data, and flash LOS (etc) right away, and the the phone was encrypt.
I think the fault was xiaomi.eu dec 22 build???
So, my final conclusion atm xiaomi.eu encryption is still fail.
Sent from my Mi 8 using Tapatalk
Yes MIUI ROM encryption is still fail
Just to confirm post above.
This eu rom encrypt only if you trip Fstab or you flash before an official Miui rom and encrypt it. then you can flash custom miui rom or miuirum and encrytion stay.
I don't explain why but I tested it on my old MI5.
Totally an unnecessary effort, but useful for those FBI agents. It's also hard to remove the encryption tho, I flashed a thousand times to remove the encryption and I won't mess with it again, but still an useful thread for FBI agents.
Finally figured out how to Root MIUI Global Stock AND keep DATA/Storage encryption
https://forum.xda-developers.com/showpost.php?p=78988313&postcount=4
Does this have something in relation with the bootloop when I try to flash any ROM that's different than MIUI? I'm very curious because my Mi 8 started to have bootloop problems when the Android Pie came out. Only one version of TWRP works for me, PixelExperience gives me bootloop when I flash it, xiaomi.eu works only following very specific steps (and this is the only one I've succesfully installed).
Related
I have unlocked bootloader officially. Have the latest TWRP available for Kenzo, latest firmware, using Aroma Gapps from opengapps.com, NitrogenOS Oreo 8.1 latest build.
I encrypted my phone from the privacy settings in the settings app due to obvious reasons. Now while booting into android, it asks for encryption password and the set password works here, but when i reboot into recovery, TWRP asks me for the encryption password. Here starts the problem, even if i put the correct password, it won't decrypt my data saying that the password is wrong. Previously when i was coming from miui, the decrypt function of twrp worked flawlessly.
How to fix it, please help !
Just full wipe and format internal and reinstall custom Rom.
rifai_loop said:
Just full wipe and format internal and reinstall custom Rom.
Click to expand...
Click to collapse
You don't understand, i need my phone encrypted.
amritesh3011 said:
I have unlocked bootloader officially. Have the latest TWRP available for Kenzo, latest firmware, using Aroma Gapps from opengapps.com, NitrogenOS Oreo 8.1 latest build.
I encrypted my phone from the privacy settings in the settings app due to obvious reasons. Now while booting into android, it asks for encryption password and the set password works here, but when i reboot into recovery, TWRP asks me for the encryption password. Here starts the problem, even if i put the correct password, it won't decrypt my data saying that the password is wrong. Previously when i was coming from miui, the decrypt function of twrp worked flawlessly.
How to fix it, please help !
Click to expand...
Click to collapse
Due to oreo 8.1's security twrp can't work here. You need to use latest version of twrp. May be it solve ur prblm. Encryption is unique way to encript data. U have encrypted ur phone by ur phone's default encript option. So, try to decrypt by using default option. If you haven't found that, you need to format to decrypt.
Sharath Mane said:
Due to oreo 8.1's security twrp can't work here. You need to use latest version of twrp. May be it solve ur prblm. Encryption is unique way to encript data. U have encrypted ur phone by ur phone's default encript option. So, try to decrypt by using default option. If you haven't found that, you need to format to decrypt.
Click to expand...
Click to collapse
1) iam using the latest official twrp for kenzo
2) the official way to decrypt my phone is to reset it, that is loose all data.
Btw i did use an encrypted lineage os 15.1 and twrp worked back then and i don't remember doing anything different.
P.S. i do miss blackberry playbook OS
You can try flash redwolf twrf and remove security rom
Idoy_tea said:
You can try flash redwolf twrf and remove security rom
Click to expand...
Click to collapse
Okay will try and update later.
P.S. link plz
Hi,
I can finally unlock the bootloader - which AFAIK wipes user data. Now, since I've used the phone heavily over the waiting period, there's a lot to backup and reintegrate later on.
What's the quickest way to do so?
MTP-copy all of Internal Storage to PC -> unlock -> copy back?
(I am experienced with unlocking, rooting, flashing Roms and recoveries, but haven't had a non-rooted phone for about 8 years, so I am a bit out of the loop on non-root backup procedures)
TIA!
Using adb pull, you could probably get your internal storage.
Iirc the canonical dirs are:
/storage/emulated/0
/storage/emulated/legacyHelium should be sufficient for apps.
For me unlocking didn't wipe data.
Only wipe was when I installed developer rom to be able to unlock.
So the process should be unlock, flash twrp and then flash magisk to maintain twrp and avoid the bootloop. Then you can backup with root and clean flash if you want.
Twrp can't decrypt data but it's not needed to flash magisk. Anyway you can flash orangefox (latest version, beta 6) from twrp and it can decrypt data to access it from recovery.
omnomnomkimiiee said:
Using adb pull, you could probably get your internal storage.
Iirc the canonical dirs are:
/storage/emulated/0
/storage/emulated/legacyHelium should be sufficient for apps.
Click to expand...
Click to collapse
Thanks.
Any advantage of using adb vs. just mounting the device via mtp? Last I've used adb for file transfer it was slower than even mtp...
jes0411 said:
For me unlocking didn't wipe data.
Only wipe was when I installed developer rom to be able to unlock.
Click to expand...
Click to collapse
do you mean "to be able to root"? because otherwise I don't follow...
So the process should be unlock, flash twrp and then flash magisk to maintain twrp and avoid the bootloop. Then you can backup with root and clean flash if you want.
Twrp can't decrypt data but it's not needed to flash magisk. Anyway you can flash orangefox (latest version, beta 6) from twrp and it can decrypt data to access it from recovery.
Click to expand...
Click to collapse
Thanks. This is gonna sound very noob, but since I'm new to MIUI - is data already encrypted in stock MIUI? Otherwise I'll need orangefox only for switching between future custom ROMs, right?
santoo said:
do you mean "to be able to root"? because otherwise I don't follow...
Thanks. This is gonna sound very noob, but since I'm new to MIUI - is data already encrypted in stock MIUI? Otherwise I'll need orangefox only for switching between future custom ROMs, right?
Click to expand...
Click to collapse
I mean to unlock because I can't bind my mi account in stable and had to install developer rom to bind account.
Yes data is already encrypted on stock rom. If you need to access data partition in recovery you need orangefox. But it's not needed to flash magisk.
To use custom roms you don't need orangefox because you can format data from twrp and then flash the rom. I started using orangefox since I tried miui 10 oreo beta because I was unable to avoid encryption on that rom.
jes0411 said:
I mean to unlock because I can't bind my mi account in stable and had to install developer rom to bind account.
Yes data is already encrypted on stock rom. If you need to access data partition in recovery you need orangefox. But it's not needed to flash magisk.
To use custom roms you don't need orangefox because you can format data from twrp and then flash the rom. I started using orangefox since I tried miui 10 oreo beta because I was unable to avoid encryption on that rom.
Click to expand...
Click to collapse
Thanks for the explanations!
I plan on just unlocking bootloader, enabling cam2 and installing a current gcam today - I'll wait with flashing until miui10 stable is released in the next week or so, so I can do a "fair" comparison between Lineage and Miui (and possibly some others)
jes0411 said:
For me unlocking didn't wipe data.
Click to expand...
Click to collapse
A quick heads-up, just in case anyone stumbles upon this thread:
As of MIUI 9.5.17 global stable, using official MIUI unlock 3.3.525.23, unlocking the bootloader DOES WIPE user data & factory-resets the phone (to be more precise - it wipes the complete internal storage).
SD is, as expected, left alone.
santoo said:
A quick heads-up, just in case anyone stumbles upon this thread:
As of MIUI 9.5.17 global stable, using official MIUI unlock 3.3.525.23, unlocking the bootloader DOES WIPE user data & factory-resets the phone (to be more precise - it wipes the complete internal storage).
SD is, as expected, left alone.
Click to expand...
Click to collapse
I only shared my experience.
My data was wiped when I installed developer rom to bind account but when I unlocked bootloader after 360h data remained intact. When I flashed twrp phone didn't boot but I solved it flashing magisk.
jes0411 said:
I only shared my experience.
Click to expand...
Click to collapse
Yes, and I thank you for it.
I was not accusing you of anything - things may well have changed with different versions of MIUI or different versions of the unlock tool, or between chinese/global versions. Just a warning for others that, at least with the versions I posted, having a backup is reaaaaally nice :good:
There is an excellent explanation of Xiaomi's antirollback features elsewhere on the site. The thread contains a general overview of the steps required to install TWRP to flash a custom ROM. In brief (i) boot into TWRP installed on local machine with adb (ii) use TRWP to install TWRP itself and/or the ROM (iii) flash away....
My experience has been that TWRP run from the local machine cannot decrypt and access the file system to read/write/execute files. This is despite using the correct PIN, no PIN, factory reset. Note that TWRP cannot access /data so cannot selectively format it.
Any suggestions for a n00b???
droid_tsar said:
There is an excellent explanation of Xiaomi's antirollback features elsewhere on the site. The thread contains a general overview of the steps required to install TWRP to flash a custom ROM. In brief (i) boot into TWRP installed on local machine with adb (ii) use TRWP to install TWRP itself and/or the ROM (iii) flash away....
My experience has been that TWRP run from the local machine cannot decrypt and access the file system to read/write/execute files. This is despite using the correct PIN, no PIN, factory reset. Note that TWRP cannot access /data so cannot selectively format it.
Any suggestions for a n00b???
Click to expand...
Click to collapse
You cannot decrypt it because of:
a: you have to flash twrp with working decryption
b: boot to a custom recovery, WIPE DATA ONLY NOT FACTORY RESET (in advance) then flash Disable_Force_Encryption.zip (This will prevent the system to encrypt data from first boot)
Of course, everything you need is on XDA, just find it.
Xiaomi's AntiRollback feature prevents you from rollbacking from e.g MIUI 10 to MIUI 9 due to the vendor and firmware issues.
More details here https://www.xda-developers.com/xiaomi-anti-rollback-protection-brick-phone/amp/
Thanks Darklouis - solved the problem by not rebooting to the system before flashing the ROM...just reboot into bootloader mode without allowing the encryption to proceed, move ROM into storage and flash from TWRP. Worked well
Darklouis said:
You cannot decrypt it because of:
a: you have to flash twrp with working decryption
b: boot to a custom recovery, WIPE DATA ONLY NOT FACTORY RESET (in advance) then flash Disable_Force_Encryption.zip (This will prevent the system to encrypt data from first boot)
Of course, everything you need is on XDA, just find it.
Xiaomi's AntiRollback feature prevents you from rollbacking from e.g MIUI 10 to MIUI 9 due to the vendor and firmware issues.
More details here https://www.xda-developers.com/xiaomi-anti-rollback-protection-brick-phone/amp/
Click to expand...
Click to collapse
droid_tsar said:
Thanks Darklouis - solved the problem by not rebooting to the system before flashing the ROM...just reboot into bootloader mode without allowing the encryption to proceed, move ROM into storage and flash from TWRP. Worked well
Click to expand...
Click to collapse
Glad to help
Hello
I am using MIUI global 11.0.8 stock rom. Recently just unlocked the bootloader and trying to figure out how to flash LineageOS in it.
Tried to followed this guide https://forum.xda-developers.com/poco-f1/how-to/xiaomi-poco-f1-unlock-bootloader-custom-t3839405
But it seems like it is pretty old and not updated. Should i follow this thread or there is something updated? Also feels like i'm missing various things like disabling encryption(!), needs to be on old stock rom for proper installation, customized TWRP recovery and specific Xiaomi programs to do it properly. Could someone identify the missing info/issues i'm having trouble with? TIA.
61zone said:
Hello
I am using MIUI global 11.0.8 stock rom. Recently just unlocked the bootloader and trying to figure out how to flash LineageOS in it.
Tried to followed this guide https://forum.xda-developers.com/poco-f1/how-to/xiaomi-poco-f1-unlock-bootloader-custom-t3839405
But it seems like it is pretty old and not updated. Should i follow this thread or there is something updated? Also feels like i'm missing various things like disabling encryption(!), needs to be on old stock rom for proper installation, customized TWRP recovery and specific Xiaomi programs to do it properly. Could someone identify the missing info/issues i'm having trouble with? TIA.
Click to expand...
Click to collapse
FIRST OF ALL BACKUP YOUR DATA. Go to fastboot mode and flash latest twrp recovery. Boot to recovery and wipe cache, system and data. Since this is the first time you are installing a custom rom you should format data in twrp. After formatting data reboot to twrp then transfer latest Lineage OS flashable zip in you phone's storage and flash it. Then flash gapps if you want. Then magisk if you want root and DFE if you don't want encryption. That's it. Now reboot to system.
And remember google is your friend.
callmebutcher101 said:
FIRST OF ALL BACKUP YOUR DATA. Go to fastboot mode and flash latest twrp recovery. Boot to recovery and wipe cache, system and data. Since this is the first time you are installing a custom rom you should format data in twrp. After formatting data reboot to twrp then transfer latest Lineage OS flashable zip in you phone's storage and flash it. Then flash gapps if you want. Then magisk if you want root and DFE if you don't want encryption. That's it. Now reboot to system.
And remember google is your friend.
Click to expand...
Click to collapse
Actually there is too much information to handle at once that's why i got confused lol. Thanks for the infos :good:
I'll try to do according to your info.
Hi. I installed Android 12 Pixel Experience rom and my TWRP gone after this. After installing the rom, TWRP replaced with Pixel Experience's own recovery mode. Currently, the ROM is installed and I can use it without any problems, but I cannot switch to a different ROM in any way. When I install TWRP with ADB, I cannot install the file named "DM Verity & ForceEncrypt disabler" because everything is encrypted. I do not use any passwords on the ROM (fingerprint, screen lock, etc.). I want to install new ROM so I need to make TWRP permanent and remove encryption on TWRP, because i can't see my files. As I said, the phone is can open and I can use it without problems. Looking forward to your help, thank you.
1) Backup everything
2) Install twrp and sideload the PE rom but don't boot into it
3) Flash the DFE (disable force encryption ) zip from twrp
4) Boot into the rom
Remember you won't get the ota updates if you disable the encryption and have to manually update the rom
easdasd617 said:
Hi. I installed Android 12 Pixel Experience rom and my TWRP gone after this. After installing the rom, TWRP replaced with Pixel Experience's own recovery mode. Currently, the ROM is installed and I can use it without any problems, but I cannot switch to a different ROM in any way. When I install TWRP with ADB, I cannot install the file named "DM Verity & ForceEncrypt disabler" because everything is encrypted. I do not use any passwords on the ROM (fingerprint, screen lock, etc.). I want to install new ROM so I need to make TWRP permanent and remove encryption on TWRP, because i can't see my files. As I said, the phone is can open and I can use it without problems. Looking forward to your help, thank you.
Click to expand...
Click to collapse
You need to read the instructions before you flash anything. PE A12 is encrypted by default and because TWRP can't handle the decryption of A12 ROMs, PE replacing the TWRP with PE Recovery, so to be able to get OTA updates. This is a workaround until TWRP fix the decryption issue.
To flash another ROM, take backup of the files you want from your Internal Storage, flash TWRP via ADB, wipe everything and format data. Then connect your device to PC and transfer the ROM and the files you want to flash into your Internal Storage and proceed with flashing.