I just hacked my /e/ device in 2 minutes... WTF?

I have been using /e/ for 2 weeks and so far I was getting more and more satisfied, but today I did a big mistake. I was messing around with the settings about the screen lock pattern and I stumbled on some weird options.

  • Make pattern visible
  • Show pattern error
  • Show pattern dots

I decided to turn all of them off just to see what would happen… guess what? You can’t see the unlock pattern and have no f** clue what you did wrong… Seriously why would you even add these options? The last one is a nightmare. Sorry for the rant but I obviously managed to stupidly lock myself out of my phone by failing the unvisible pattern a good dozen times and as the icing on the cake the fingerprint recognition was disabled “for security reasons”.

As I was getting kinda scared of having to perform a factory reset I desperately googled “how to bypass android pattern lock screen”, guess what? It’s trivial.

  • Reboot phone on TWRP
  • Go to advanced -> File Manager
  • Locate /data/system/locksettings.db
  • Delete it
  • Reboot normally
  • You are in! Just swipe up to access everything

How is that even possible? I thought there was some sort of disk encryption… Does that mean that simply loosing your phone exposes all of your data?
Is there any way to secure the disk data on /e/ without reverting to stock? Or is it a default Android “feature”?


Not by default. You have to encrypt your data manually. Than you have no access to /data via TWRP.

But anyway. Good find and I think someone should have a look into this issue

EDIT: I have just tried it with password on lock screen on a Android Q device. And after deleting the .db I no PW needed for login. So it seems to be an general Android issue

Yes, it is possible to circumvent any password without encryption disable. This holds true for all operating systems. I did that for some friends on their windows devices when they lost their windows password…

Even then, if you decrypt via TWRP with your pin, you could still delete, right?

Not that I’m saying this is an issue, just this is how encryption works. If the phone isn’t encrypted, any other “OS” (which is essentially what TWRP is) can read the data.

And TWRP has the ability to decrypt IF you enter the correct pin.

I’m assuming the phone in this case wasn’t encrypted, or the pin was entered in TWRP.

I never have encrypted a phone til now so i’m not sure. But when there is an automatic encryption while flashing eOS than no one knows the key and twrp can’t decrypt data.

But i think i have to make some test for this.

As far as I can remember, my Xiaomi MiMix2 has always been encrypted.
At first boot in TWRP from stock ROM I was asked for the unlock pattern, so I guess my phone was already encrypted.
So, maybe is encryption device or vendor specific ?

My 3 xiaomi devices where never encrypted by eOS, only by stock rom

A phone or whatever should always been encrypted in a way you need to enter a password/PIN code to “release” the decryption key.

For instance, go to TWRP, advanced, file manager and go to “sdcard” and you will see that anybody is able to copy or delete your pictures, documents and downloads and everything else.

In Windows, boot Ubuntu in an USB key, do not install it just use the live demo mode and your Windows C: internal drive will just appear as it was an USB stick. You will now be able to copy everything on the hardrive. I’m sure at least 90% of Windows installation aren’t encrypted, that’s crazy how it is simple to steal data.

Apart from the security problems and it’s implication, could anyone dare to explain why isn’t the disk encrypted by default on a new install, and then how do I enable it now ? Should I reinstall my system ? Where is this mentioned (if it is) in the install docs ?

There are some discussions about this on different channels. Let’s see what the result will come.

If you want encrypt your device, you can find it here

To be correctly protected, you need to :

That’s right. But on my Xiaomi Capricorn eith v-07-nougat there was no hint or prompt that I have to enable password/pin or pattern :frowning:

The ‘encryption’ has needed around one minute. So I think it wasn’t a real encrytion.

Hi @Anonyme which device are you seeing this message on… it appears to be device specific.

I thought that if you added a pin, that Android would encrypt the device?

Mine did (every phone I’ve had since Nougat has done this), so I assumed it was a native Android function?

1 Like

No, if you only setup a pin or or pattern it’s only for screen lock

@Manoj This is on a j5nlte (/e/ Oreo).
Same thing with a j3xnlte (LineageOS Nougat).

1 Like