Samsung Gt-i9300 ( ...
 
Notifications
Clear all

Samsung Gt-i9300 ( S3)

8 Posts
4 Users
0 Likes
353 Views
(@simply)
Posts: 5
Active Member
Topic starter
 

Can anyone help please?

I am trying to establish the imei number of a handset in my possession. The handset is locked with a password

A physical extraction using both Cellebrite and XRY has retrieved data from the device but neither report the IMEI.

I have the hex data from the exam

Can anyone tell me where the imei is recorded within this data?

Many thanks

 
Posted : 12/07/2014 6:01 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

Do you speak about Samsung GT-I9300 (original) or Samsung GT-I9300 (Chinese phone)?

 
Posted : 12/07/2014 6:48 pm
(@simply)
Posts: 5
Active Member
Topic starter
 

From what I can see its an original it is however in a poor state.

 
Posted : 12/07/2014 7:23 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

You can use data from field 'Unlock Pattern' UFED's report for unlock this phone .
After that you can get IMEI.

 
Posted : 12/07/2014 7:50 pm
(@simply)
Posts: 5
Active Member
Topic starter
 

Hi Igor, Thanks for the response,

I have tried using both the unlock pattern and unlock pattern carver from ufed without success.

It appears that as the password is complex it is not being recovered which is why I ask if anuyone knows the location or how the imei is stored

I have tried a regular search for the TAC in the hex data but without knowing how it is coded I am struggling.

any suggestions?

 
Posted : 13/07/2014 1:53 pm
(@simply)
Posts: 5
Active Member
Topic starter
 

Having carried out further research and comparing the files with another device it would appear that the IMEI field is not encrypted however on my device reads as a row of 0's ( probably why I couldnt find the TAC)

I am assuming that the imei has been manually altered / reprogrammed at some stage.

any thoughts would be welcome.

 
Posted : 13/07/2014 10:01 pm
 RonS
(@rons)
Posts: 358
Reputable Member
 

Simply,

Send you a private message.

Ron

 
Posted : 13/07/2014 11:56 pm
Bendroid
(@bendroid)
Posts: 35
Eminent Member
 

True, this could be the solution. Having a corrupted EFS partition (the partition network related stuff is stored in) usually shows up as a generic IMEI number readnig like "004900xxxx.." or just "000000xxxx.."
Attention, this does not necessarily indicate intentional tampering but may also happen to people flashing their device incorrectly or applying Custom Roms. Everything else except Radio reception, Bluetooth- and Wifi connections would still work though.
Maybe it is possible finding out whether a Custom Rom or Stock Rom has been installed.

 
Posted : 14/07/2014 12:44 am
Share: