New method to bypas...
 
Notifications
Clear all

New method to bypass security on HTC/Motorola devices

8 Posts
4 Users
0 Likes
507 Views
ForensicMeteor
(@forensicmeteor)
Posts: 60
Trusted Member
Topic starter
 

For those that are in the know, gaining root access/flashing a custom recovery on a HTC device requires unlocking the bootloader, then flashing a custom recovery via ADB, and finally installing root via recovery or through the booted system. Of course, with a custom recovery, one can create a Nandroid backup which can be imported into Cellebrite Physical Analyzer for parsing/analysis.

The big problem here is the first step unlocking the bootloader. This process wipes the data on the phone in order to complete the unlock (HTC did this in order to protect user data) which is not an option in investigations.

I recently had a case where I had to obtain data and a physical image was not possible due to a password protected HTC device (I needed USB debugging activated).

There is a service called SunShine that charges $25 to unlock the bootloader of many HTC or Motorola device (including recent models) without the lose of user data. It also does not change data in the User Data partition as far I know. Thought I should share. I am in no way affiliated with SunShine.

Link below
http//theroot.ninja/index.html

 
Posted : 13/05/2016 3:04 am
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

25$ are you serious? It is too expensive.

 
Posted : 13/05/2016 3:09 am
ForensicMeteor
(@forensicmeteor)
Posts: 60
Trusted Member
Topic starter
 

25$ are you serious? It is too expensive.

I don't think that's bad at all considering most cases are in the hundreds or thousands…

 
Posted : 13/05/2016 3:19 am
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

A flasher box is cheaper.

 
Posted : 13/05/2016 8:35 am
(@droopy)
Posts: 136
Estimable Member
 

25 usd?? Come on, just visit XDA FORUM and do it FREE

 
Posted : 13/05/2016 5:06 pm
ForensicMeteor
(@forensicmeteor)
Posts: 60
Trusted Member
Topic starter
 

25 usd?? Come on, just visit XDA FORUM and do it FREE

Yes, going through XDA is free. BUT, the process of unlocking a bootloader will erase user data. This is built in to HTCs bootloader unlock process. The keys are provided by HTC via HTCDEV.

The entire point of paying $25 is too avoid the lose of user data by purchasing a private exploit these guys have figured out and marketed….

 
Posted : 13/05/2016 9:00 pm
(@arcaine2)
Posts: 235
Estimable Member
 

The entire point of paying $25 is too avoid the lose of user data by purchasing a private exploit these guys have figured out and marketed….

Correct me if i'm wrong, but isn't XTC2 being able to do the same (+ s-off, unlock, cid change) for hTC without wiping the device for free? Sure, the "box" itself costs a bit more (99 euro + VAT) than 25$ but it's one time only.

Also, last time i checked, SunShine was an .apk that needed to be installed on the device itself (with internet access) to proceed with bootloader unlock.

 
Posted : 15/05/2016 3:58 pm
(@droopy)
Posts: 136
Estimable Member
 

http//xtc2clip.org/

 
Posted : 15/05/2016 10:34 pm
Share: