Why this doesn't work in Android 5.0 about cryptfs-password-manager HOT 10 CLOSED

It works on debug builds, but production builds block the reply from vold, so there is no way of knowing whether the command executed successfully or not. Also passwords are now passed as hex-encoded strings, so make sure you encode properly if doing this manually, otherwise you will be locked out of your device.

I actually have the code for 5.0 support, but as I said, it only works if you disable SELinux. There are other ways to do this, but none of them is ideal.

from cryptfs-password-manager.

Do I need to disable SELinux or is it only needed for use from app (not adb shell)? How should I proceed without disabling SELinux, is it somehow doable? Is there some documentation about it? I couldn't fond anything on Google. Thank you very much!

from cryptfs-password-manager.

It works exactly the same way from an app and from the shell. If you have root, there is no need to disable SELinux, but you won't get any output from the cryptfs command. It is doable, but you have to be sure you entered the right password. For example this will set the decryption PIN to '1234':

# vdc cryptfs changepw pin 31323334

from cryptfs-password-manager.

Thank you, I have tried it (fingers crossed ;-)) on my rooted Nexus 4 with long passphrase and it works like a charm! I have used simple Python 3 script to get the hexadecimal password:

python -c 'import binascii; print(binascii.hexlify(input("Password: ").strip().encode("ascii")))'

from cryptfs-password-manager.

Thanks @nelenkov and @xmikos for the information.

Does this method still work when using a PIN for unlocking but a passphrase for encrypting?

I'm asking because until Android 4.4 you got a full keyboard regardless of the type of security, but now apparently you get a numeric keyboard when setting a PIN. I'm guessing that the parameter default|password|pin|pattern enables one or another, but I don't want to find out that I can't type letters after setting a passphrase, so I prefer asking now :)

from cryptfs-password-manager.

Yes, the parameter sets the type of the unlock/decrypt method. Android 5.0 will try to pass the string you enter to the lockscreen, but it should not be a problem if the unlock type doesn't match. As usual, use at your own risk.

from cryptfs-password-manager.

I've committed experimental Lollipop support, only works if SuperSU is installed. Try it out if interested.

from cryptfs-password-manager.

You can use the following command to enable vdc output when testing via the shell:

supolicy --live 'allow vdc devpts chr_file {read write getattr ioctl}'

from cryptfs-password-manager.

Sorry for continuing the off-topic: vdc cryptfs changepw password <passphrase in hex> worked beautifully. I use a PIN for normal phone unlocking but a long passphrase for booting, and full keyboard is showing now when booting.

Also, if it were to be useful, I tried the supolicy command to enable the output and it was 200 0 0.

from cryptfs-password-manager.

Great, glad it works for you. I've just pushed the updated app to the Play Store, so closing this. Please open new issues if you have problems with the app.

from cryptfs-password-manager.