TWRP 3.3.1 for bardock cannot encrypt backups (although it claims to do so)

[pietsch]

• [x] I am running an official build of TWRP, downloaded from https://twrp.me/Devices/
• [x] I am running the latest version of TWRP
• [x] I have read the FAQ (https://twrp.me/FAQ/)
• [x] I have searched for my issue and it does not already exist

Device codename: bardock TWRP version: 3.3.1-0

WHAT STEPS WILL REPRODUCE THE PROBLEM?

• in Options, I have compression enabled, nothing else
• in Name, I replace userdebug with some descriptive ASCII characters
• in Select Storage, I choose USB OTG
• in Encryption, I enter a password twice

WHAT IS THE EXPECTED RESULT?

This should result in an encrypted backup.

WHAT HAPPENS INSTEAD?

The backup is not encrypted. When I restore it in TWRP, I am not asked to enter a password (even after rebooting or switching the device off). On Linux, I can simply unpack the backup files with tar xf, and unpacked files are not encrypted.

ADDITIONAL INFORMATION

I am running LineageOS 16 (the last release for this device) on a BQ Aquaris X.

/tmp/recovery.log: https://paste.omnirom.org/view/d434d22f dmesg: https://paste.omnirom.org/view/1cee9a58

[bigbiff]

Hello, can you post a recovery.log showing the backup attempt?

[pietsch]

I would, but paste.omnirom.org says: "413 Request Entity Too Large".

[pietsch]

I created a fresh, supposedly encrypted backup and uploaded the resulting recovery.log here: https://paste.systemli.org/?cbc60ebeefc24eec#7gj8jexhZDBpdMmZ4P1rzoTqUbnDicNMEHcJ1bXNpTxW

Again, I can unpack the backup files using tar.

[bigbiff]

Hello, only /data/data is encrypted by openaes due to performance reasons. To encrypt the system backup, you will need to use a desktop utility.

FWIW, we intend to remove openaes because of know security vulnerabilities and let the user encrypt on their own.

[pietsch]

My first test was to extract my stored wifi passwords, which is as easy as tar xfv data.ext4.win000 /data/misc/wifi/WifiConfigStore.xml. This is not what I expect to be possible with encrypted backups. Please document this unexpected behaviour clearly and visibly.

[pietsch]

Damn, not even files below /data/data/ are encrypted! I just extracted Tor Browser files, and they are not encrypted at all:

tar xfv 2020-04-11--06-33-19_lineage_bardock-data-enc-[REDACTED]/data.ext4.win000 /data/data/org.torproject.torbrowser/files/mozilla/

$ file data/data/org.torproject.torbrowser/files/mozilla/[REDACTED]/times.json
data/data/org.torproject.torbrowser/files/mozilla/[REDACTED]/times.json: JSON data

$ file data/data/org.torproject.torbrowser/files/mozilla/[REDACTED]/cookies.sqlite
data/data/org.torproject.torbrowser/files/mozilla/[REDACTED]/cookies.sqlite: SQLite 3.x database, user version 9, last written using SQLite version 3028000

[bigbiff]

Can you upload the log regarding this backup?

[pietsch]

That log file is too big for pastebins. I uploaded it here (will expire after a week): https://send.firefox.com/download/078f90116bb654b3/#gqC_862GkHL-C97mtdVFUA

[bigbiff]

Looks like a bug on your device WARNING: linker: /system/etc/ld.config.txt:28: warning: property "namespace.default.asan.search.paths +" redefinition CANNOT LINK EXECUTABLE "openaes": library "libopenaes.so" not found libc: CANNOT LINK EXECUTABLE "openaes": library "libopenaes.so" not found

Can you open this bug on the device tree and reference this ticket? It looks like Kra1o5 is the maintainer.

[pietsch]

This looks like a task for you.

[pietsch]

I would do it if you tell me how, @bigbiff. Would this happen on Gerrit? I have never used Gerrit.

[pietsch]

Does @Kra1o5 read this?

[Kra1o5]

Yes, I read this

[bigbiff]

I just meant to create an issue on the device repo here: https://github.com/TeamWin/android_device_bq_bardock