TWRP failing to mount partition with ROM

[gatlinnewhouse]

My compiled TWRP image cannot mount the encrypted partition. Does not prompt for a password.

@mrmazakblu's TWRP image will prompt for a password. Inputting my password that I use to start android does not decrypt the data. Can't backup a log file to the SD Card.

https://gist.github.com/gatlinnewhouse/fb21b268983a41ff1a375e5429d5f98f

[mrmazakblu]

Yes, mine is a stripped down basic functions only. If you decrypt /data and remove the force encrypt. It should be able to do backups.

There is remove dm-verity- force encrypt project by zackptg5

https://forum.xda-developers.com/android/software/universal-dm-verity-forceencrypt-t3817389

[mrmazakblu]

Of course if you can make real decrypt work, please do. Good job by the way.

[gatlinnewhouse]

Fallback for proprietary encryption

Relevant comment in TWRP compilation XDA Thread

[mrmazakblu]

If fallback uses /system vold. Will this give trouble if you change away from stock ROM?

[gatlinnewhouse]

Will this give trouble if you change away from stock ROM?

Possibly. I do not know enough. It seems like the TWRP builds are just missing something related to how Teracube or the manufacturer encrypts the data partition. So either Sharad could see if the manufacturer can provide the relevant blobs or building an image with TW_INCLUDE_CRYPTO := true from my generated device tree might work or we have to use the fallback.

If I had two Teracubes (one for dev and one for everyday use) I would probably flash the Google System Image and see what it uses for encryption there to see if the fallback method gives me trouble outside of the stock ROM. Perhaps Sharad could test a build of TWRP on his Teracube (since he is running the GSI) to see if the fallback method causes trouble.

[gatlinnewhouse]

Alpha v0.1.0 build

Still does not request password. Must be something different between our two builds where your build prompts for the password while mine does not.

[mrmazakblu]

I plan to add those lines mentioned to my device mk file and build another one this morning.
I'll share the result. You can test?

[mrmazakblu]

Well , this is not working. The 9.0 Omni tree is missing the statis_library files needed for vold_decrypt appearently.

The commit you shared , and I tried to apply was for 7.1 branch.

I know it's possible to have decrypt, but the method is above me, I guess.

[mrmazakblu]

Alright, when I added "TW_CRYPTO_USE_SYSTEM_VOLD := true" the build failed, with missing so files.

So, I compared my treacube tree to the tree for my daily phone. It has working decrypt. (Redmi Note 8).

The BoardConfig from Redmi has "TW_INCLUDE_FBE := true"

i added this line and it built. I didnt add any key-master libs, so might not work yet. but here is link to try please.

recovery-test2-teracube.zip

[gatlinnewhouse]

I'll try this build, I also patched the errors I got with the vold_decrypt in this commit 17d8ef5

And I got a build for that here:

https://github.com/gatlinnewhouse/Teracube_twrp-device-tree/releases/tag/v0.1.0-mrm-alpha

---

I'll try both

[gatlinnewhouse]

recovery-test2-teracube.img: Password failed when using my password I have to enter before android boots. Also fails with "default_password"

twrp-teracube-v010-mrm-alpha.img: data partition will not boot. No password prompt upon entering TWRP. System, Vendor, Cache, and MicroSD card can mount and be explored via TWRP's file manager.

[gatlinnewhouse]

Found some leads:

Mediatek porting

I think this phone has the same processor

[gatlinnewhouse]

Made interesting progress with that guide for mediatek porting. I got the error: "decryption taking too long... killing" instead.

https://gist.github.com/gatlinnewhouse/c2889989aca0a13ed143fde0da32fa46

[gatlinnewhouse]

Found someone trying to get decryption to work on the same chipset here:

https://forum.xda-developers.com/android/help/help-twrp-mt6771v-ct-android-9-pie-t4061571

[gatlinnewhouse]

Found fstab.

cat /vendor/nvdata/fstab.mt6771              
# 1 "vendor/mediatek/proprietary/hardware/fstab/mt6771/fstab.in"
# 1 "<built-in>"
# 1 "<command-line>"
# 1 "/usr/include/stdc-predef.h" 1 3 4
# 1 "<command-line>" 2
# 1 "vendor/mediatek/proprietary/hardware/fstab/mt6771/fstab.in"
# 98 "vendor/mediatek/proprietary/hardware/fstab/mt6771/fstab.in"
/dev/block/platform/bootdevice/by-name/system / ext4 ro wait,verify,recoveryonly

/dev/block/platform/bootdevice/by-name/vendor /vendor ext4 ro wait,verify,recoveryonly




/dev/block/platform/bootdevice/by-name/userdata /data ext4 noatime,nosuid,nodev,noauto_da_alloc,errors=panic wait,check,formattable,quota,resize,reservedsize=128m,forcefdeorfbe=/dev/block/platform/bootdevice/by-name/metadata

/dev/block/platform/bootdevice/by-name/cache /cache ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattable

/dev/block/platform/bootdevice/by-name/protect1 /mnt/vendor/protect_f ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable
/dev/block/platform/bootdevice/by-name/protect2 /mnt/vendor/protect_s ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable
/dev/block/platform/bootdevice/by-name/nvdata /mnt/vendor/nvdata ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,formattable
/dev/block/platform/bootdevice/by-name/nvcfg /mnt/vendor/nvcfg ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable


/dev/block/platform/bootdevice/by-name/persist /mnt/vendor/persist ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,formattable


/devices/platform/externdevice* auto auto defaults voldmanaged=sdcard1:auto,encryptable=userdata
/devices/platform/11200000.usb3_xhci* auto vfat defaults voldmanaged=usbotg:auto

/dev/block/platform/bootdevice/by-name/frp /persistent emmc defaults defaults

/dev/block/platform/bootdevice/by-name/nvram /nvram emmc defaults defaults
/dev/block/platform/bootdevice/by-name/proinfo /proinfo emmc defaults defaults
/dev/block/platform/bootdevice/by-name/lk /bootloader emmc defaults defaults
/dev/block/platform/bootdevice/by-name/lk2 /bootloader2 emmc defaults defaults
/dev/block/platform/bootdevice/by-name/para /misc emmc defaults defaults
/dev/block/platform/bootdevice/by-name/boot /boot emmc defaults defaults
/dev/block/platform/bootdevice/by-name/recovery /recovery emmc defaults defaults
/dev/block/platform/bootdevice/by-name/logo /logo emmc defaults defaults
/dev/block/platform/bootdevice/by-name/expdb /expdb emmc defaults defaults
/dev/block/platform/bootdevice/by-name/seccfg /seccfg emmc defaults defaults

/dev/block/platform/bootdevice/by-name/tee1 /tee1 emmc defaults defaults
/dev/block/platform/bootdevice/by-name/tee2 /tee2 emmc defaults defaults


/dev/block/platform/bootdevice/by-name/scp1 /scp1 emmc defaults defaults
/dev/block/platform/bootdevice/by-name/scp2 /scp2 emmc defaults defaults


/dev/block/platform/bootdevice/by-name/sspm_1 /sspm_1 emmc defaults defaults
/dev/block/platform/bootdevice/by-name/sspm_2 /sspm_2 emmc defaults defaults




/dev/block/platform/bootdevice/by-name/md1img /md1img emmc defaults defaults
/dev/block/platform/bootdevice/by-name/md1dsp /md1dsp emmc defaults defaults
/dev/block/platform/bootdevice/by-name/md1arm7 /md1arm7 emmc defaults defaults
/dev/block/platform/bootdevice/by-name/md3img /md3img emmc defaults defaults

/dev/block/platform/bootdevice/by-name/cam_vpu1 /cam_vpu1 emmc defaults defaults
/dev/block/platform/bootdevice/by-name/cam_vpu2 /cam_vpu2 emmc defaults defaults
/dev/block/platform/bootdevice/by-name/cam_vpu3 /cam_vpu3 emmc defaults defaults

/dev/block/platform/bootdevice/by-name/gz1 /gz1 emmc defaults defaults
/dev/block/platform/bootdevice/by-name/gz2 /gz2 emmc defaults defaults

/dev/block/platform/bootdevice/by-name/spmfw /spmfw emmc defaults defaults




/dev/block/platform/bootdevice/by-name/boot_para /boot_para emmc defaults defaults

/dev/block/platform/bootdevice/by-name/odmdtbo /odmdtbo emmc defaults defaults
/dev/block/platform/bootdevice/by-name/dtbo /dtbo emmc defaults defaults


/dev/block/platform/bootdevice/by-name/otp /otp emmc defaults defaults

Why did I search for it? I needed to see what encryption flags the device is booting with to see if your comments on dm-verity were right (guess what, they were).

https://android.stackexchange.com/questions/215800/how-to-disable-dm-verity-on-android-with-user-build-type-rom

Specifically forcefdeorfbe=/dev/block/platform/bootdevice/by-name/metadata

[gatlinnewhouse]

Or if I can find the kernel source of the Teracube and compile a kernel with dm-verity disabled in the fstab then maybe TWRP will be able to decrypt the partition without having to flash a newly patched boot.img or otherwise wipe user data.

[mrmazakblu]

Dm-verity really does not effect /data nor encryption

[gatlinnewhouse]

This guy got decryption working on a similar device:

https://forum.xda-developers.com/android/development/recovery-twrp3-3-1-umidigi-f1-play-t4007315

https://github.com/TeamWin/android_device_umidigi_f1_play/

---

I really think the encryption of the Teracube is similar to this device based on the Teracube's vendor fstab

[gatlinnewhouse]

Got a boot log. Looking through it, it looks like it uses vold to call e4crypt or cryptfs to decrypt the /data partition

[gatlinnewhouse]

Teracube released their source code! Board dump.

Unfortunately without knowing which config to use, building with the kernel source just throws this flag:

ninja: error: 'kernel/teracube/Teracube_One/arch/arm64/configs/Teracube_One_defconfig', needed by '/mnt/e/Documents/GitHub/twrp/out/target/product/Teracube_One/obj/KERNEL_OBJ/.config', missing and no known rule to make it

---

EDIT: Building a new recovery image with vold, unfortunately had to reinstall Windows about 3 times since the September 18th update.

[gatlinnewhouse]

Errors building with the vold flag set

---

building with python2:

bootable/recovery/crypto/vold_decrypt/vold_decrypt.cpp:246:6: error: unused function 'Is_Service_Running' [-Werror,-Wunused-function]
bool Is_Service_Running(const string& initrc_svc) {
     ^
bootable/recovery/crypto/vold_decrypt/vold_decrypt.cpp:250:6: error: unused function 'Is_Service_Stopped' [-Werror,-Wunused-function]
bool Is_Service_Stopped(const string& initrc_svc) {
     ^
bootable/recovery/crypto/vold_decrypt/vold_decrypt.cpp:296:6: error: unused function 'will_VendorBin_Be_Symlinked' [-Werror,-Wunused-function]
bool will_VendorBin_Be_Symlinked(void) {
     ^
3 errors generated.
[ 36% 2447/6697] target  C: dd_twrp <= system/core/toolbox/upstream-netbsd/bin/dd/conv.c
ninja: build stopped: subcommand failed.
12:43:04 ninja failed with: exit status 1

#### failed to build some targets (12:44 (mm:ss)) ####

building with python3:

[ 53% 7633/14334] //bionic/libc:generated_android_ids generate
FAILED: /mnt/e/Documents/GitHub/twrp/out/soong/.intermediates/bionic/libc/generated_android_ids/gen/generated_android_ids.h
/mnt/e/Documents/GitHub/twrp/out/soong/host/linux-x86/bin/sbox --sandbox-path /mnt/e/Documents/GitHub/twrp/out/soong/.temp --output-root /mnt/e/Documents/GitHub/twrp/out/soong/.intermediates/bionic/libc/generated_android_ids/gen -c 'bionic/libc/fs_config_generator.py aidarray system/core/include/private/android_filesystem_config.h > __SBOX_OUT_FILES__'  __SBOX_OUT_DIR__/generated_android_ids.h
  File "bionic/libc/fs_config_generator.py", line 1028
    print FSConfigGen._FILE_COMMENT % fname
          ^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(FSConfigGen._FILE_COMMENT % fname)?
sbox command (bionic/libc/fs_config_generator.py aidarray system/core/include/private/android_filesystem_config.h > /mnt/e/Documents/GitHub/twrp/out/soong/.temp/sbox890583765/generated_android_ids.h) failed with err "exit status 1"

[ 53% 7638/14334] //system/tools/hidl:hidl-gen clang++ main.cpp [linux_glibc]
ninja: build stopped: subcommand failed.
12:24:02 ninja failed with: exit status 1

#### failed to build some targets (20:49 (mm:ss)) ####

---

Smh. v0.1.0-mrm-alpha uses vold crypto but has the TW_INCLUDE_CRYPTO := true commented out (which I do not here, and that build also couldn't decrypt the partition).

https://github.com/gatlinnewhouse/Teracube_twrp-device-tree/blob/v0.1.0-mrm-alpha/BoardConfig.mk

---

Manufacturer is Vanzo out of China. Internal vanzo name is v7101o. Found a related(?) project:

https://git.rip/dumps/gm/gm9plus_s/-/tree/full_v7101o-user-9-PPR1.180610.011-P.9PL.2001.A-s-release-keys

Here's a vanzo twrp build for another device:

https://github.com/TeamWin/android_device_vanzo_a315

[mrmazakblu]

That other build linked is Android 5. So not likely to be compatible tree

[gatlinnewhouse]

Kernel source builds went well. Using configs from your device tree with the kernel source resulted in a twrp img file which will not boot into twrp after choosing to boot into recovery. Using the config I already had laying around (in the master branch of this repo) I could get twrp to boot but no password prompt for mounting /data (also can't select data to mount manually in the twrp menu).

[mrmazakblu]

The mounting issue would be related to the fstab.

[gatlinnewhouse]

Okay, it prompts for a password now

I entered the wrong password when testing it earlier but now have to run errands. Will test again and update here (and on teracube forums if it works).

---

Still does not work with correct password. Grabbing logs

[gatlinnewhouse]

Device settings say

Encryption
Encrypt phone: Encrypted
----
Credential Storage
Storage Type: Hardware-backed
Trusted Credentials: Display trusted CA certificates
User Credentials: View and modify stored credentials (there are none)

Magisk Manager says

Installed: N/A
Ramdisk: No
A/B: No
SAR: Yes
Crypto: Block

---

Dmesg.log

Interesting bit

[  117.119977] .(2)[307:logd.auditd]type=1400 audit(1606262154.016:139): avc: denied { getattr } for pid=309 comm="recovery" path="/protect_f/tee" dev="mmcblk0p9" ino=17 scontext=u:r:recovery:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1
[  117.122864] .(2)[307:logd.auditd]type=1400 audit(1606262155.876:140): avc: denied { read } for pid=309 comm="recovery" name="tee" dev="mmcblk0p9" ino=17 scontext=u:r:recovery:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1
[  117.125735] .(2)[307:logd.auditd]type=1400 audit(1606262155.876:140): avc: denied { read } for pid=309 comm="recovery" name="tee" dev="mmcblk0p9" ino=17 scontext=u:r:recovery:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1
[  117.128477] .(2)[307:logd.auditd]type=1400 audit(1606262155.876:141): avc: denied { open } for pid=309 comm="recovery" path="/protect_f/tee" dev="mmcblk0p9" ino=17 scontext=u:r:recovery:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1

recovery.log

Interesting bits

I:Done processing fstab files
I:Can't probe device /dev/block/mmcblk0p37
I:Unable to mount '/data'
I:Actual block device: '/dev/block/mmcblk0p37', current file system: 'ext4'
I:Using automatic handling for /data/media emulated storage device.
I:Setting up '/data' as data/media emulated storage.
I:Backup folder set to '/data/media/TWRP/BACKUPS/201909T1001274'
I:Settings storage is '/data/media'
Updating partition details...
I:Unable to mount '/external_sd'
I:Actual block device: '', current file system: 'auto'
I:Unable to mount '/usbotg'
I:Actual block device: '', current file system: 'auto'
...done

/data | /dev/block/mmcblk0p37 | Size: 0MB
   Flags: Can_Be_Wiped Can_Be_Backed_Up Wipe_During_Factory_Reset Wipe_Available_in_GUI IsPresent Can_Be_Encrypted Is_Encrypted Has_Data_Media Can_Encrypt_Backup Use_Userdata_Encryption Is_Storage Is_Settings_Storage 
   Symlink_Path: /data/media
   Symlink_Mount_Point: /sdcard
   Primary_Block_Device: /dev/block/mmcblk0p37
   Crypto_Key_Location: /dev/block/platform/bootdevice/by-name/metadata
   Display_Name: data
   Storage_Name: Internal Storage
   Backup_Path: /data
   Backup_Name: data
   Backup_Display_Name: Data
   Storage_Path: /data/media
   Current_File_System: emmc
   Fstab_File_System: ext4
   Backup_Method: dd
   MTP_Storage_ID: 65539

I:Is encrypted, do decrypt page first
I:Switching packages (TWRP)
I:Set page: 'decrypt'
I:Found no matching fstab entry for uevent device '/devices/platform/externdevice/mmc_host/mmc1/mmc1:aaaa/block/mmcblk1' - add
I:Set page: 'trydecrypt'
I:operation_start: 'Decrypt'
D:crypt_ftr->fs_size = 234735552
I:Using scrypt with keymaster for cryptfs KDF
I:TWRP keymaster max API: 4
I:Signing safely-padded object
could not find any keystore module
Failed to init keymaster 0/1
Failed to initiate keymaster session
E:Keymaster signing failed
E:kdf failed
W:failure decrypting master key
E:Failed to decrypt master key
E:Password did not match
Failed to decrypt data.

Will work on this more tomorrow.

[ShitijHalder]

Same problem ! I tried everything like formatting data then I booted in Twrp again then I saw data is decrypted and I flashed dm-verity-force-encryption-disabler and It showed successfully flashed but when I setup my device and I booted into Twrp again the data was showing encrypted and _TWRP doesn't prompt for password to decrypt data _ What can I do now? Help me !

Device : Xiaomi MI 6
Twrp : cereus images

[gatlinnewhouse]

@ShitijHalder I am sorry but I am no closer to understanding why this is happening than you are. I know that Teracube has recently (in the past two weeks) released official kernel sources, but as of now I am not pursuing developing TWRP for Teracube One on Android 9. When a stable official release of Android 10 occurs then I might come back to trying to get a build working.

Basically: here be dragons and I am just as lost as you. Sorry I cannot help.

[ShitijHalder]

@ShitijHalder I am sorry but I am no closer to understanding why this is happening than you are. I know that Teracube has recently (in the past two weeks) released official kernel sources, but as of now I am not pursuing developing TWRP for Teracube One on Android 9. When a stable official release of Android 10 occurs then I might come back to trying to get a build working.

Basically: here be dragons and I am just as lost as you. Sorry I cannot help.

No Worry bro !