Samsung Galaxy Note...
 
Notifications
Clear all

Samsung Galaxy Note 5

5 Posts
4 Users
0 Likes
526 Views
(@cart34)
Posts: 11
Active Member
Topic starter
 

I currently have a Physical accusation of a Samsung Galaxy s5. I was wondering does anyone no how to find the passcode of the phone using the Physical Analyzer ver 5.2? I already tried running the plugins that comes with Physical Analyzer (I Believe there were three) and they didn't work.

Thanks

 
Posted : 15/09/2016 7:00 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I currently have a Physical accusation of a Samsung Galaxy s5. I was wondering does anyone no how to find the passcode of the phone using the Physical Analyzer ver 5.2? I already tried running the plugins that comes with Physical Analyzer (I Believe there were three) and they didn't work.

Thanks

You have a Physical WHAT? 😯

jaclaz

 
Posted : 15/09/2016 12:34 pm
(@dcs1094)
Posts: 146
Estimable Member
 

I currently have a Physical accusation of a Samsung Galaxy s5. I was wondering does anyone no how to find the passcode of the phone using the Physical Analyzer ver 5.2? I already tried running the plugins that comes with Physical Analyzer (I Believe there were three) and they didn't work.

Thanks

You have a Physical WHAT? 😯

jaclaz

I'll give it a go at translating… think someone has assaulted a phone because it was locked? wink

@ cart34 - Have not looked at an S5 yet, however from previous devices you used to be able to obtain the password hash and salt from the following files

Passcode Lock

/data/system/<password.key>
/data/system/<locksettings.db> - also check for a WAL as might be stored in that instead.

Pattern Lock

/data/system/<gesture.key>

I believe UFED Physical Analyzer only cracks up to 4-digit codes when decoding content, so I tend to use Andriller which does the trick. There are some python scripts around that do it too.

 
Posted : 15/09/2016 12:59 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I'll give it a go at translating… think someone has assaulted a phone because it was locked? wink

Yep, that must be it. wink

jaclaz

 
Posted : 15/09/2016 2:28 pm
(@arcaine2)
Posts: 235
Estimable Member
 

It's also worth checking /data/system/device_policies.xml to see what code exacly is it. You can read how long is it, if it contains digits only or a letters, lower/uppercase and how many. For codes longer than 5-6 or just different than digits only i do suggest using hashcat since it's more efficient. I also do rememner that Andriller had some issues with cracking codes longer codes (either stucked or found wrong code), but i think it was for "Crack PIN", not the "Crack PIN (Samsung)" mode.

This is a good example on how to use hashcat for that, just switch "-m 110" for "-m 5800" (that's for Samsung only).

@DCS1094, yes, it's the same for S5.

 
Posted : 15/09/2016 11:31 pm
Share: