cyanogenmod 12和12.1 '加密电话'设置破碎,并已相当长。有没有办法以其他方式加密手机? CM可以使用加密/数据目录侧面侧面通往电话?是否有其他方法可以保持数据安全和声音?我正在努力的设备是verizon lg g3。
cyanogenmod 12和12.1 '加密电话'设置破碎,并已相当长。有没有办法以其他方式加密手机? CM可以使用加密/数据目录侧面侧面通往电话?是否有其他方法可以保持数据安全和声音?我正在努力的设备是verizon lg g3。
CyanogenMod 12 and 12.1 'Encrypt phone' setting is broken, and has been for quite a while. Is there any way to encrypt the phone in some other fashion? Can CM be sideloaded onto a phone with an encrypted /data directory? Are there any other ways to keep your data safe and sound? The device I'm working on is a Verizon LG G3.
有低(er)-Level命令,可用于shell以加密您的用户数据分区。免责声明/警告:以下说明将擦除数据,确保如果需要,请确保备份。
遵循这些步骤,您应该能够擦除数据分区,并将其加密后(类似于出厂设置):
adb root
输入根shell,然后是 adb shell
。 adb logcat
在另一个shell中来观看日志。输入此命令,键入密码,然后按Enter键。这实际上将设置密码。此命令读取一行输入( head -1
),从输入中删除尾随换行符( tr -d ' '
)并将其转换为十六进制表示( hexdump ...
)。如果它看起来很可怕,或者如果您不确定此命令所做的操作,请参阅下文。
vdc cryptfs enablecrypto wipe password $(head -1 | tr -d ' ' | hexdump -ve '1/1 "%.2x"')
上面 vdc
命令("volume守护程序客户端" )与 vold
(volume守护程序)传达了一些子命令,如 cryptfs
for加密。 adb shell0
子命令有两种模式: adb shell1
(清除 adb shell2
完全)和 adb shell3
(据说是在复制时应用加密)原始 adb shell4
内部容器)。
adb shell5
,它接受单个十六进制序列作为键。因此,如果您的密码是 adb shell6
,则十六进制表示是 adb shell7
( adb shell8
是 adb shell9
中的hex, adb logcat0
是 adb logcat1
,请参阅 http://www.asciable.com/ )。该命令是: adb logcat2
这在Nexus 5(CM-12.1-20150814运行的代码名称Hammerhead)上进行了测试,其具有用于存储元数据的单独分区。它是重要的,userdata分区具有 adb logcat3
标志设置,然后是分区的路径或特殊字符串 adb logcat4
。来自我 adb logcat5
文件:
/dev/block/platform/msm_sdcc.1/by-name/userdata / data ext4 ...,检查,加密 = / dev /块/平台/ msm_sdcc.1 / by-name / metadata
当特殊字符串 adb logcat6
( adb logcat7
)出现时,在数据分区末尾的16个Kib用于存储加密元数据。
进一步阅读,请参阅:
附录:logcat摘录从我执行的加密命令执行,直到完成并重新启动(省略了末尾的无关图形消息)。请注意,此Nexus 5具有硬件加速的Crypto(Qseecom)。
adb logcat8
There are low(er)-level commands that can be used in a shell to encrypt your user data partition. Disclaimer/Warning: the following instructions will wipe your data, ensure that you make a backup if needed.
Following these steps, you should be able to wipe your data partition and have it encrypted afterwards (similar to a factory reset):
adb root
followed by adb shell
.adb logcat
in another shell.Enter this command, type your password and press Enter. This will actually set your password. This command reads one line of input (head -1
), strips the trailing newline from Enter (tr -d '\n'
) and converts it to a hexadecimal representation (hexdump ...
). If it looks scary or if you are not sure what this command does, see below.
vdc cryptfs enablecrypto wipe password $(head -1 | tr -d '\n' | hexdump -ve '1/1 "%.2x"')
The above vdc
command ("Volume Daemon Client") communicated with vold
(Volume Daemon) has some subcommands like cryptfs
for encryption. The enablecrypto
subcommand has two modes: wipe
(clear /data
completely) and inplace
(supposedly applying encryption while copying your original /data
inside the container).
Then, four options are available starting with Android 5.0, one of them is password
which accepts a single hexadecimal sequence as key. Thus if your password is foo
, then the hexadecimal representation is 666f6f
(f
is 66
in hex, o
is 6f
, see http://www.asciitable.com/). The command for this is:
vdc cryptfs enablecrypto wipe password 666f6f
This was tested on a Nexus 5 (code name hammerhead, running cm-12.1-20150814) which has a separate partition for storing metadata. It is important that the userdata partition has the encryptable
flag set followed by either the path to a partition or the special string footer
. An (abbreviated) line from my /fstab.hammerhead
file:
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 ...,check,encryptable=/dev/block/platform/msm_sdcc.1/by-name/metadata
When the special string footer
(encryptable=footer
) is present, then 16 KiB at the end of the data partition is used to store encryption metadata.
For further reading, see:
Appendix: logcat excerpt from the moment I executed the encryption command until it finishes and reboots (omitting unrelated graphics messages at the end). Note that this Nexus 5 has hardware-accelerated crypto (QSEECom).
--------- beginning of main 08-16 12:57:15.459 W/DrmManagerClientImpl(Native)( 2108): DrmManager server died! 08-16 12:57:15.459 I/ServiceManager( 184): service 'drm.drmManager' died 08-16 12:57:15.467 D/Cryptfs ( 186): Just asked init to shut down class main 08-16 12:57:15.470 D/Cryptfs ( 186): unmounting /mnt/shell/emulated succeeded 08-16 12:57:15.599 I/ServiceManager( 184): service 'media.audio_flinger' died 08-16 12:57:15.599 I/ServiceManager( 184): service 'media.player' died 08-16 12:57:15.599 I/ServiceManager( 184): service 'media.camera' died ... 08-16 12:57:16.695 D/Cryptfs ( 186): unmounting /data succeeded 08-16 12:57:16.695 D/QSEECOMAPI: ( 186): QSEECom_get_handle sb_length = 0x2000 08-16 12:57:16.696 D/QSEECOMAPI: ( 186): App is already loaded QSEE and app id = 2 08-16 12:57:16.697 I/Cryptfs ( 186): keymaster version is 3 08-16 12:57:16.697 D/QSEECOMAPI: ( 186): QSEECom_dealloc_memory 08-16 12:57:16.697 D/QSEECOMAPI: ( 186): QSEECom_shutdown_app, app_id = 2 08-16 12:57:16.697 D/QSEECOMAPI: ( 186): QSEECom_get_handle sb_length = 0x2000 08-16 12:57:16.697 D/QSEECOMAPI: ( 186): App is already loaded QSEE and app id = 2 08-16 12:57:18.058 D/QSEECOMAPI: ( 186): QSEECom_dealloc_memory 08-16 12:57:18.058 D/QSEECOMAPI: ( 186): QSEECom_shutdown_app, app_id = 2 08-16 12:57:18.058 I/Cryptfs ( 186): Using scrypt with keymaster for cryptfs KDF 08-16 12:57:18.208 D/BootAnimation( 2683): Use save memory method, maybe small fps in actual. 08-16 12:57:18.208 E/QCOM PowerHAL( 2683): Failed to acquire lock. 08-16 12:57:18.691 D/QSEECOMAPI: ( 186): QSEECom_get_handle sb_length = 0x2000 08-16 12:57:18.691 D/QSEECOMAPI: ( 186): App is already loaded QSEE and app id = 2 08-16 12:57:18.692 I/Cryptfs ( 186): Signing safely-padded object 08-16 12:57:18.797 D/QSEECOMAPI: ( 186): QSEECom_dealloc_memory 08-16 12:57:18.797 D/QSEECOMAPI: ( 186): QSEECom_shutdown_app, app_id = 2 08-16 12:57:20.056 I/Cryptfs ( 186): Using scrypt with keymaster for cryptfs KDF 08-16 12:57:20.690 D/QSEECOMAPI: ( 186): QSEECom_get_handle sb_length = 0x2000 08-16 12:57:20.691 D/QSEECOMAPI: ( 186): App is already loaded QSEE and app id = 2 08-16 12:57:20.691 I/Cryptfs ( 186): Signing safely-padded object 08-16 12:57:20.796 D/QSEECOMAPI: ( 186): QSEECom_dealloc_memory 08-16 12:57:20.796 D/QSEECOMAPI: ( 186): QSEECom_shutdown_app, app_id = 2 08-16 12:57:21.429 I/Cryptfs ( 186): Enabling support for allow_discards in dmcrypt. 08-16 12:57:21.429 I/Cryptfs ( 186): load_crypto_mapping_table: target_type = crypt 08-16 12:57:21.429 I/Cryptfs ( 186): load_crypto_mapping_table: real_blk_name = /dev/block/platform/msm_sdcc.1/by-name/userdata, extra_params = 1 allow_discards 08-16 12:57:21.431 I/Cryptfs ( 186): Making empty filesystem with command /system/bin/make_ext4fs -a /data -l 13725837312 /dev/block/dm-0 08-16 12:57:21.447 I/make_ext4fs( 186): SELinux: Loaded file_contexts from /file_contexts 08-16 12:57:21.447 I/make_ext4fs( 186): Creating filesystem with parameters: 08-16 12:57:21.447 I/make_ext4fs( 186): Size: 13725835264 08-16 12:57:21.448 I/make_ext4fs( 186): Block size: 4096 08-16 12:57:21.448 I/make_ext4fs( 186): Blocks per group: 32768 08-16 12:57:21.448 I/make_ext4fs( 186): Inodes per group: 8144 08-16 12:57:21.448 I/make_ext4fs( 186): Inode size: 256 08-16 12:57:21.448 I/make_ext4fs( 186): Journal blocks: 32768 08-16 12:57:21.449 I/make_ext4fs( 186): Label: 08-16 12:57:21.449 I/make_ext4fs( 186): Transparent compression: none 08-16 12:57:21.449 I/make_ext4fs( 186): Blocks: 3351034 08-16 12:57:21.449 I/make_ext4fs( 186): Block groups: 103 08-16 12:57:21.459 I/make_ext4fs( 186): Reserved block group size: 823 08-16 12:57:21.465 I/make_ext4fs( 186): Created filesystem with 11/838832 inodes and 93654/3351034 blocks 08-16 12:57:21.465 I/make_ext4fs( 186): Total files: 0 08-16 12:57:21.465 I/make_ext4fs( 186): Total bytes: 0 08-16 12:57:42.926 D/Cryptfs ( 186): Successfully created filesystem on /dev/block/dm-0
对我来说,原始答案没有按预期工作。它看起来像它加密成功,但UI很快就回来了,"加密" 设置没有显示设备加密。然后我应用了更新的命令,但它仍然没有用。然后我减少了数据分区的大小它成功加密了。即
mount | grep data
查找数据分区的实际块设备。让我们假设是 /dev/block/mmcblk0p26
。
umount /data
为ext-tools工作。
e2fsck -f -p /dev/block/mmcblk0p26
不陷入即将调整大小的问题。
tune2fs -l /dev/block/mmcblk0p26
获取块计数。让我们假设它是 3057395
。
resize2fs /dev/block/mmcblk0p26 3057375
,即从原始块计数中缓和量20。
e2fsck -f -p /dev/block/mmcblk0p26
为我找到了错误地放置了inode。
我还需要安装 /system
分区,以便持有 resize2fs
。在我的系统上,该二进制文件与64位的Libc相关联,但我使用的TWRP似乎没有提供这一点。所以我需要使用 /dev/block/mmcblk0p260
来前缀命令。
For me, the original answer did not work as expected. It looked like it encrypted successfully, but the UI came back very quickly and the "Encryption" setting did not show that the devices was encrypted. I then applied the commands given in the update, but it still didn't work. I then reduced the size of the data partition and it encrypted successfully. I.e.
mount | grep data
to find the actual block device of the data partition. Let's assume it is /dev/block/mmcblk0p26
.
umount /data
for the ext-tools to work.
e2fsck -f -p /dev/block/mmcblk0p26
to not run into trouble for the upcoming resizing.
tune2fs -l /dev/block/mmcblk0p26
to obtain the Block count. Let's assume it is 3057395
.
resize2fs /dev/block/mmcblk0p26 3057375
, i.e. substract a sufficient amount like 20 from the original block count.
e2fsck -f -p /dev/block/mmcblk0p26
found a wrongly placed inode for me.
I also needed to mount the /system
partition in order to get hold of resize2fs
. On my system, that binary was linked against a 64bit version of libc, but the TWRP I was used did not seem to provide that. So I needed to prefix the commands with env LD_LIBRARY_PATH=/system/lib64
.
作为 cm12.1 2015-10-15 答案 by Lekensteyn不再有效。
显然,创建文件系统所需的 mkfs.f2fs 已从 /dev/block/mmcblk0p261
移动到 /dev/block/mmcblk0p262
我们也必须与Selinux竞争。这意味着我们需要做几个额外的步骤:
adb root
adb shell
setenforce 0
mount -oremount,Rw / system
ln -s /sbin/mkfs.f2fs /system/bin/mkfs.f2fs
vdc cryptfs enablecrypto擦除密码666f6f
As of CM12.1 2015-10-15 the answer by Lekensteyn no longer works.
Apparently the mkfs.f2fs which is needed to create the file system, has been moved from /system/bin/
to /sbin/
Also we have to contend with SELINUX. This means that we need to do several additional steps:
adb root
adb shell
setenforce 0
mount -oremount,rw /system
ln -s /sbin/mkfs.f2fs /system/bin/mkfs.f2fs
vdc cryptfs enablecrypto wipe password 666f6f
另一个更新 - cm13 2016年1月9日构建,使用Nubia Z7 Max,NX505J手机
此命令( /dev/block/mmcblk0p263
)不再需要,因为文件再次生存。没有必要创建一个符号链接。
此命令不再需要在十六进制中,如果输入十六进步,则PW将是十六进制。
/dev/block/mmcblk0p264
- 这对我来说,为我创建了 /dev/block/mmcblk0p265
not /dev/block/mmcblk0p266
我仍在研究这个问题,因为我通过了元数据所需的额外块。我现在需要通过GUI和手动命令来加密才能通过一个引导周期加密的GUI和手动命令。我会在成功加密时报告。
现在我加密,它工作正常,我第一次启动它,它说手机被加密了。使用TWRP我可以确认/数据加密,但我在TWRP中尝试的十六进制和ASCI密码都不工作。在下一次重启上,Android操作系统无法完全启动CM13。它确认我有正确的加密密码,然后我只获得1个加密引导。在第一个成功加密启动后,它之后它锁定了引导周期的动画阶段。 安全最佳实践现在推荐AES256电话加密。
Another update- CM13 Jan 9, 2016 build, using Nubia Z7 Max, NX505J phone
This command (ln -s /sbin/mkfs.f2fs /system/bin/mkfs.f2fs
) is no longer needed as the file lives here again. There is no need to create a symbolic link.
This command no longer needs to be in HEX and if you enter hex your PW will be hex.
cryptfs enablecrypto wipe password 666f6f
- This literally created a password for me of 666f6f
not foo
I am still researching this issue because I got past the extra blocks needed for the meta data. I now need to get past the fact the GUI and the manual commands to encrypt both result in encryption that is viable only through one boot cycle. I will report back when I have a successful encryption.
Right now I encrypt and it works fine and I boot the first time and it says the phone is encrypted. Using TWRP I can confirm /data is encrypted but the HEX and ASCI passwords I try in TWRP both do not work. On the next reboot the Android OS cannot fully boot CM13. It confirms I have the correct encryption password and then I only get 1 encrypted boot. After the first successful encrypted startup it locks on the animation stage of boot cycle thereafter. Security best practices now recommends AES256 phone encryption.
摩托x 2013运行cyanogenmod 12.1我也无法加密。最后,我成功了以下步骤:
su
,并确认根目录 setenforce 0
我通过组合艺术的答案和这个论坛线程。
Having a Moto X 2013 running Cyanogenmod 12.1 I also was not able to get it encrypted. Finally, I succeeded with these steps:
su
, and confirm root accesssetenforce 0
I came to this solution by combining Art's answer and this forum thread.
在精神上6小时后,我可能会偶然发现一个解决问题的解决方案。这也是一个意见。 我用Cyanogenmod 13.0和Android 6.0.1为三星S4迷你这样做了这件事。重要的关键因素在这里,我从干净的手机(新鲜固件和左右)开始它,因为当手机以前被扎根,那么手机根本不想工作。
我用FireCelord's和Lekensteyn的解决方案,但我设法忘记了来自命令的一行。
这里是我的方式:
i打开 android调试和根访问在开发人员选项中仅 。
在adb命令提示符中我使用 adb root
和 adb shell
命令。之后我打开了另一个adb命令提示符并使用 adb logcat
命令。
在第一个adb shell中,我前进了 setenforce 0
,然后 vdc cryptfs enablecrypto wipe password YOUR-PASSWORD
。
重要通知:密码命令可能因您使用的Android版本而异。如果您使用 android 5.x ,则必须使用 十六进制 系统(在CHR线中是密码中的符号,十六进制值在HX线上)。如果您使用的是使用 android 6.x ,那么您的密码将是您输入的密码。
当您注意到,我忘了使用 mount -oremount,rw /system
命令。在那之后,我屏幕将变黑。当我看到时,adb shell与日志停止并完成,然后我重新启动了手机。但对于每个人来说,问题是,氰基od不会加载。我设法很容易解决:
你去了,它应该工作。起初,当电话设置出现时,然后让它成为一分钟。如果您快速急于急于,则可能会对设置向导有点崩溃,但它将在崩溃时自动重启。
在我非常小的了解CyanogenMod和Android加密工作时,我认为在格式期间它删除了一些重要的紫绀或Android文件,什么阻止它引导。After 6 hours of mental pain and sweat I might have stumbled on a solution what worked for me. And it was an accident too. I did this for the Samsung S4 Mini with CyanogenMod 13.0 and Android 6.0.1. Important key factor here is, that I started it off from a clean phone (fresh firmware and unrooted), because when the phone was previously rooted, then the phone didn't want to work at all.
I used the Firelord's and Lekensteyn's solution to the problem, but I managed to to forget one line from the commands.
Here is how I did it:
I turned on the Android debugging and Root access to ADB only in the Developer Options.
In the ADB Command Prompt I used the adb root
and adb shell
command. After that I opened another ADB Command Prompt and used the adb logcat
command.
In the first ADB shell, I went forward with setenforce 0
and after that vdc cryptfs enablecrypto wipe password YOUR-PASSWORD
.
IMPORTANT NOTICE: The password command might vary from the Android version what you are using. If you are using Android 5.X, you must use the hexadecimal system (In the Chr line is the symbol in your password the hexadecimal value is on the Hx line). If you are using Android 6.X, then the YOUR-PASSWORD will be the password what you entered there.
As you notice then I forgot to use the mount -oremount,rw /system
command. After that I the screen will go black. When I saw, that the ADB shell with the log stopped and finished, then I rebooted the phone. But as for everyone, the problem is, that CyanogenMod wont load. And I managed to fix it quite easily:
There you go, it should work. At first, when the phone set up comes up, then let it be for a minute. There might be a little crash for the Setup Wizard if you rush it too quickly, but it will automatically restart when it crashes.
In my very small knowledge of how the CyanogenMod and the Android Encryption works, I think during the format it deletes some important Cyanogen or Android files, what stop it from booting.
加密在我的手机上没有工作(SGS5; CM13,TWRP 3.0.2-2) - 我总是有一个黑屏。
我不想使用shell命令,所以我找到了另一种方式:
我已经安装了supersu,我卸载它在应用程序中,然后闪烁 su-remover 。
之后,我能够使用菜单中的加密。
警告:
Encrypting didn't work on my phone (SGS5; CM13, TWRP 3.0.2-2) - I always got a black screen.
I didn't want to use shell commands, so I found another way :
I had SuperSU installed, I uninstalled it in the App and then flashed the SU-Remover.
After that, I was able to use the encryption from the menu.
Warning:
© 2022 it.wenda123.org All Rights Reserved. 问答之家 版权所有