Code: /* * Your warranty is now void. * * I am not responsible for bricked devices, dead SD cards, * thermonuclear war, or you getting fired because the alarm app failed. Please * do some research if you have any concerns about the features in this tool * before using it! YOU are choosing to make these modifications, and if * you point the finger at me for messing up your device, I will laugh at you. Hard. A lot. */

suggests

SHOULD

Checks if your device is compatible Dumps the currently installed boot.img. Unpacks the dump of your currently installed boot.img. The unpacking process is done via a self-compiled, statically linked version of unmkbootimg. It patches the filesystem tables which include the force-encrypt flags. This process will change "forceencrypt" to "encryptable". Then, if necessary, it patches the filesystem tables to not use dm-verity. This is done by removing the "verify" mount-parameter. Creates a new boot.img. The unpacking process is done via a self-compiled, statically linked version of mkbootimg. Flashes the modified boot.img

HTC Nexus 9 WiFi (flounder)

HTC Nexus 9 LTE (flounder_lte)

Motorola Nexus 6 (shamu)

LG Nexus 5X (bullhead)

Huawei Nexus 6P (angler)

v1 - Initial version with HTC Nexus 9 WiFi (flounder) support

v2 - Added Motorola Nexus 6 (shamu) support

v3 - Added support for HTC Nexus 9 LTE (flounder_lte)

v4 - Added support for signed boot-images

v5 - Changed error handling to compensate for missing fstab files. Some roms seem not to ship with the complete set of boot-files from AOSP.

v6 - FED-Patcher will enforce the same structure for the patched boot.img that the original boot.img had. Additionally, the kernel commandline will also be taken over. This should fix pretty much every case where devices would not boot after patching.

v7 - FED-Patcher will now disable dm-verity in fstab to get rid of the red error sign on marshmallow roms.

v8 - Added support for LG Nexus 5X (bullhead) and Huawei Nexus 6P (angler)

A supported device An unlocked bootloader An already installed ROM with forceencrypt flag. (like cyanogenmod CM12.1) A recovery that includes busybox (TWRP, CWM)

Make a thorough, conservative backup of your data if there is any on your device Go into your recovery (TWRP, CWM) Flash fed_patcher-signed.zip If your device is already encrypted (You booted your ROM at least once) you need to do a full wipe to get rid of the encryption. This full wipe will clear all your data on your data-partition (where your apps as well as their settings are stored) as well as on your internal storage so please, do a backup before. If you don't do a backup and want to restore your data... well... Call obama.

XDA:DevDB Information

FED-Patcher, Tool/Utility for all devices (see above for details)

Contributors

Version Information

Hello everybody,I created a tool - initially for the nexus 9 (flounder|flounder_lte) - that gets rid of the ForceEncrypt flag in a generic way (meaning it should work no matter what rom you are on). It does that by patching the currently installed boot.img.I enhanced that tool to make it work for other devices too. (See the list below to see if your device is supported)The Android CDD (Compatibility Definition Document) demands that all devices with the appropriate horse powerMUST enable full disk-encryption (FDE) by default. Even though I support every step towards more security I have to criticize this approach.. Encryption takes time because some component has to de- and encrypt the stuff on the disk at some point and in current devices it's the CPU's task. Even though modern devices have quite fast CPU cores you can still easily feel the difference between FDE in the on- or off-state. The I/O is faster and boot-times take only half as long. (I did not do any scientific measurements though)There is an ongoing discussion about this topic in cyanogenmod's gerrit for the nexus 9. Although it's a fun read it is pretty clear that this exchange of views is not going anywhere near a useful outcome. Additionally, Google's stock ROMs always have forced encryption enabled on newer devices.Because performance is important to me and at least my tablet does not need the extra security I created the FED-Patcher (ForceEncrypt Disable Patcher).FED-Patcher is a simple flashable ZIP that is supposed to be run in a recovery that has busybox integrated (like TWRP or CWM). This is what it does:Go into your "Settings"-App. In "Security", if it offers you to encrypt your device it is. If it says something like "Device is encrypted" it indeed isIMPORTANT: If you update your ROM you have to run FED-Patcher again because ROM-updates also update the boot-partition which effectively removes my patch. So, if you are on CM12.1 for example and you used my patch and do an update to a newer nightly you have to run FED-Patcher again. If you don't do so Android will encrypt your device at the first boot.Well, I implemented tons of checks that prevent pretty much anything bad from happening. But, of course, we're dealing with the boot-partition here. Even though I tested FED-Patcher quite a lot there is still room for crap hitting the fan.Scroll down to the attached thumbnails.* pbatard for making (un)mkbootimg (dunno if he is on xda)* @ rovo89 for his xposed framework - I used some of his ideas by reading the source of his xposed installer flashable ZIP for FED-Patcher. gladiac , rovo89Betav82015-10-272015-10-272016-10-23