TWRP 3.3.1 for bardock cannot encrypt backups (although it claims to do so)
pietsch opened this issue · 14 comments
- I am running an official build of TWRP, downloaded from https://twrp.me/Devices/
- I am running the latest version of TWRP
- I have read the FAQ (https://twrp.me/FAQ/)
- I have searched for my issue and it does not already exist
Device codename: bardock
TWRP version: 3.3.1-0
WHAT STEPS WILL REPRODUCE THE PROBLEM?
- in Options, I have compression enabled, nothing else
- in Name, I replace
userdebugwith some descriptive ASCII characters - in Select Storage, I choose USB OTG
- in Encryption, I enter a password twice
WHAT IS THE EXPECTED RESULT?
This should result in an encrypted backup.
WHAT HAPPENS INSTEAD?
The backup is not encrypted. When I restore it in TWRP, I am not asked to enter a password (even after rebooting or switching the device off). On Linux, I can simply unpack the backup files with tar xf, and unpacked files are not encrypted.
ADDITIONAL INFORMATION
I am running LineageOS 16 (the last release for this device) on a BQ Aquaris X.
/tmp/recovery.log: https://paste.omnirom.org/view/d434d22f
dmesg: https://paste.omnirom.org/view/1cee9a58
Hello, can you post a recovery.log showing the backup attempt?
I would, but paste.omnirom.org says: "413 Request Entity Too Large".
I created a fresh, supposedly encrypted backup and uploaded the resulting recovery.log here: https://paste.systemli.org/?cbc60ebeefc24eec#7gj8jexhZDBpdMmZ4P1rzoTqUbnDicNMEHcJ1bXNpTxW
Again, I can unpack the backup files using tar.
Hello, only /data/data is encrypted by openaes due to performance reasons. To encrypt the system backup, you will need to use a desktop utility.
FWIW, we intend to remove openaes because of know security vulnerabilities and let the user encrypt on their own.
My first test was to extract my stored wifi passwords, which is as easy as tar xfv data.ext4.win000 /data/misc/wifi/WifiConfigStore.xml. This is not what I expect to be possible with encrypted backups. Please document this unexpected behaviour clearly and visibly.
Damn, not even files below /data/data/ are encrypted! I just extracted Tor Browser files, and they are not encrypted at all:
tar xfv 2020-04-11--06-33-19_lineage_bardock-data-enc-[REDACTED]/data.ext4.win000 /data/data/org.torproject.torbrowser/files/mozilla/
$ file data/data/org.torproject.torbrowser/files/mozilla/[REDACTED]/times.json
data/data/org.torproject.torbrowser/files/mozilla/[REDACTED]/times.json: JSON data
$ file data/data/org.torproject.torbrowser/files/mozilla/[REDACTED]/cookies.sqlite
data/data/org.torproject.torbrowser/files/mozilla/[REDACTED]/cookies.sqlite: SQLite 3.x database, user version 9, last written using SQLite version 3028000Can you upload the log regarding this backup?
That log file is too big for pastebins. I uploaded it here (will expire after a week): https://send.firefox.com/download/078f90116bb654b3/#gqC_862GkHL-C97mtdVFUA
Looks like a bug on your device
WARNING: linker: /system/etc/ld.config.txt:28: warning: property "namespace.default.asan.search.paths +" redefinition
CANNOT LINK EXECUTABLE "openaes": library "libopenaes.so" not found
libc: CANNOT LINK EXECUTABLE "openaes": library "libopenaes.so" not found
Can you open this bug on the device tree and reference this ticket? It looks like Kra1o5 is the maintainer.
This looks like a task for you.
I would do it if you tell me how, @bigbiff. Would this happen on Gerrit? I have never used Gerrit.
Yes, I read this
I just meant to create an issue on the device repo here: https://github.com/TeamWin/android_device_bq_bardock