±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 5
Overall: 27628
Visitors: 76

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Samsung S Plus PAttern Lock

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Samsung S Plus PAttern Lock

Post Posted: Tue Dec 18, 2012 3:38 am

I am operating on a Samsung S Plus I9001 that has a pattern lock and (usb debugging off) by default, is there anyway i can get past that?  

CopyRight
Senior Member
 
 
  

Re: Samsung S Plus PAttern Lock

Post Posted: Wed Dec 19, 2012 2:24 am

Have a read of this:

digitalinvestigation.w...ern-locks/
_________________
Colin Mortimer
AirWatch 

Coligulus
Senior Member
 
 
  

Re: Samsung S Plus PAttern Lock

Post Posted: Wed Dec 19, 2012 7:04 am

It will either have to be JTAG'ed or booted with a forensic bootloader using the UFED Cellebrite. Not sure whether the i9001 is supported, I've done a few i9000's with the UFED now.

Be careful if you are going to JTAG the device with a RIFF box or similar as the nand memory is strange to access on an i9000, if you don't tell it which part of ROM1 (as it shows it) to read you may end up just reading the wrong bit of the memory where the pictures are stored, not the system and swipe pattern.

Do you know how to find and decode the hash? If not look it up on the CCL website Very Happy  

mobileforensicswales
Senior Member
 
 
  

Re: Samsung S Plus PAttern Lock

Post Posted: Thu Dec 20, 2012 4:05 am

Okay Great Help you guys,

So JTAG is actually connected the damaged phone , in my case a locked phone where the lock is unknown, whilst connected the phone the JTAG brand, the JTAG literrally pushes a firmware update, then the phone works normally (without) any pattern lock.. and all the data remains there .

Did i get it right?

What do you guys think is the best JTAG brand, or atleast the one that supports more devices.  

CopyRight
Senior Member
 
 
  

Re: Samsung S Plus PAttern Lock

Post Posted: Thu Dec 20, 2012 9:21 am

I don't think you've quite hit the nail on the head yet.

You use the JTAG interface to read the memory of the device, at all costs you want to avoid writing anything to it if you can. If you had read the article which I linked to you would see that the conclusion is not the removal of the password/PIN/pattern but the recovery of it. Once recovered you can unlock the UI and access the device further.

Is the original question relating to a forensic examination of said device?
_________________
Colin Mortimer
AirWatch 

Coligulus
Senior Member
 
 
  

Re: Samsung S Plus PAttern Lock

Post Posted: Thu Dec 20, 2012 10:03 pm

Yes it is,  

CopyRight
Senior Member
 
 
  

Re: Samsung S Plus PAttern Lock

Post Posted: Sun Dec 23, 2012 3:28 am

Buy yourself the same device and do it on there first. If you don't know what you are doing its not fair on your client or your own reputation to do it on the original exhibit.

You do not want to flash ANY firmware in a JTAG method. You are looking to download a raw copy of the nand and deduce the hash of the password that way  

mobileforensicswales
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 2
Go to page 1, 2  Next