±Your Account
Membership:
New Today: 4
New Yesterday: 11
Overall: 24360
Visitors: 44
±Latest Articles
· Catching the ghost: how to discover ephemeral evidence with Live RAM analysis
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page 1, 2 Next
Samsung S Plus PAttern Lock
Samsung S Plus PAttern Lock
Posted: Tue Dec 18, 2012 4:38 am
I am operating on a Samsung S Plus I9001 that has a pattern lock and (usb debugging off) by default, is there anyway i can get past that?
-
CopyRight - Senior Member
Re: Samsung S Plus PAttern Lock
Posted: Wed Dec 19, 2012 3:24 am
Have a read of this:
digitalinvestigation.w...ern-locks/
_________________
Colin Mortimer
FishNet Security
digitalinvestigation.w...ern-locks/
_________________
Colin Mortimer
FishNet Security
-
Coligulus - Senior Member
Re: Samsung S Plus PAttern Lock
Posted: Wed Dec 19, 2012 8:04 am
It will either have to be JTAG'ed or booted with a forensic bootloader using the UFED Cellebrite. Not sure whether the i9001 is supported, I've done a few i9000's with the UFED now.
Be careful if you are going to JTAG the device with a RIFF box or similar as the nand memory is strange to access on an i9000, if you don't tell it which part of ROM1 (as it shows it) to read you may end up just reading the wrong bit of the memory where the pictures are stored, not the system and swipe pattern.
Do you know how to find and decode the hash? If not look it up on the CCL website
Be careful if you are going to JTAG the device with a RIFF box or similar as the nand memory is strange to access on an i9000, if you don't tell it which part of ROM1 (as it shows it) to read you may end up just reading the wrong bit of the memory where the pictures are stored, not the system and swipe pattern.
Do you know how to find and decode the hash? If not look it up on the CCL website
-
mobileforensicswales - Senior Member
Re: Samsung S Plus PAttern Lock
Posted: Thu Dec 20, 2012 5:05 am
Okay Great Help you guys,
So JTAG is actually connected the damaged phone , in my case a locked phone where the lock is unknown, whilst connected the phone the JTAG brand, the JTAG literrally pushes a firmware update, then the phone works normally (without) any pattern lock.. and all the data remains there .
Did i get it right?
What do you guys think is the best JTAG brand, or atleast the one that supports more devices.
So JTAG is actually connected the damaged phone , in my case a locked phone where the lock is unknown, whilst connected the phone the JTAG brand, the JTAG literrally pushes a firmware update, then the phone works normally (without) any pattern lock.. and all the data remains there .
Did i get it right?
What do you guys think is the best JTAG brand, or atleast the one that supports more devices.
-
CopyRight - Senior Member
Re: Samsung S Plus PAttern Lock
Posted: Thu Dec 20, 2012 10:21 am
I don't think you've quite hit the nail on the head yet.
You use the JTAG interface to read the memory of the device, at all costs you want to avoid writing anything to it if you can. If you had read the article which I linked to you would see that the conclusion is not the removal of the password/PIN/pattern but the recovery of it. Once recovered you can unlock the UI and access the device further.
Is the original question relating to a forensic examination of said device?
_________________
Colin Mortimer
FishNet Security
You use the JTAG interface to read the memory of the device, at all costs you want to avoid writing anything to it if you can. If you had read the article which I linked to you would see that the conclusion is not the removal of the password/PIN/pattern but the recovery of it. Once recovered you can unlock the UI and access the device further.
Is the original question relating to a forensic examination of said device?
_________________
Colin Mortimer
FishNet Security
-
Coligulus - Senior Member
-
CopyRight - Senior Member
Re: Samsung S Plus PAttern Lock
Posted: Sun Dec 23, 2012 4:28 am
Buy yourself the same device and do it on there first. If you don't know what you are doing its not fair on your client or your own reputation to do it on the original exhibit.
You do not want to flash ANY firmware in a JTAG method. You are looking to download a raw copy of the nand and deduce the hash of the password that way
You do not want to flash ANY firmware in a JTAG method. You are looking to download a raw copy of the nand and deduce the hash of the password that way
-
mobileforensicswales - Senior Member