Is anyone getting a...
 
Notifications
Clear all

Is anyone getting around an Android swipe code

27 Posts
12 Users
0 Likes
1,584 Views
mrpumba
(@mrpumba)
Posts: 116
Estimable Member
Topic starter
 

Just wondering if anyone is getting around an Android swipe code? If so please post for all or send me a private message. It seems we have recovered a rash of Android cell phones with the swipe code active.

 
Posted : 28/01/2012 12:55 am
 RonS
(@rons)
Posts: 358
Reputable Member
 

There is no generic solution for all Android models from different vendors.

Currently, Cellebrite UFED supports physical extraction (of the entire flash memory) bypassing pattern lock from selected models (about 30) and also decode the pattern itself and the image.

As a lab solution there are about 80 additional models including many Samsung Android devices (like the Galaxy S, S2 and many more) and Motorola Android devices (many high runners).

This would be added to UFED support in about 2-3 months.

I am not aware of any other solutions beside more invasive methods, like JTAG or chip-offm that in many cases can also be decoded by the Cellebrite UFED PA.

Ron

 
Posted : 28/01/2012 9:42 am
mrpumba
(@mrpumba)
Posts: 116
Estimable Member
Topic starter
 

Thanks Rons, Even though it goes around the swipe code, are you still able to extract the data off the phone (ie txt, mms, photos, contacts…..ect)

 
Posted : 28/01/2012 4:32 pm
 RonS
(@rons)
Posts: 358
Reputable Member
 

Sure, this is all the point to get access to the data. Cellebrite UFED PA also decodes most of the physical extractions (implementing file system reconstruction) and this is also why we added file system extraction so that ALL extractions will be decoded.

Getting the pattern itself is byproduct

 
Posted : 28/01/2012 9:15 pm
 N1XY
(@n1xy)
Posts: 25
Eminent Member
 

Assuming you can gain access to the users Google password you can bypass it using the forgot password method - that's the only way I know that you can bypass it on *all* devices.

If the device has USB debugging enabled or you can flash a custom ROM then you can also get around it that way - USB debugging being enabled is pretty unlikely as it's off by default.

Don't forget that flashing a custom ROM to a device that has never had one flashed before will result in Android wiping all of the user data as a security precaution.

I'm sure you already know, but also keep in mind that even though the device is locked background services will be running and changing data. If you had my device I would issue a remote wipe command immediately, and keep sending it hoping that at some point it connects to a network again.

- Tom

 
Posted : 29/01/2012 12:45 am
mrpumba
(@mrpumba)
Posts: 116
Estimable Member
Topic starter
 

N1XY, that's why I process them in a Ramsey box……. Thanks RonS, I have the UFED Logical, but I do have access to a UFED Physical at another agency. I'll give it a try.

 
Posted : 29/01/2012 6:06 am
 RonS
(@rons)
Posts: 358
Reputable Member
 

mrpumba,
Which vendor/model is your device?

 
Posted : 29/01/2012 10:37 am
mrpumba
(@mrpumba)
Posts: 116
Estimable Member
Topic starter
 

RonS - Cellebrite UFED Logical (Forensic) with the recent updates.

 
Posted : 29/01/2012 5:20 pm
 RonS
(@rons)
Posts: 358
Reputable Member
 

I was asking about the phone )

 
Posted : 29/01/2012 9:27 pm
mrpumba
(@mrpumba)
Posts: 116
Estimable Member
Topic starter
 

oh…lol Can't remember they're at the office but if my memory is correct in the HTC family

 
Posted : 30/01/2012 7:22 am
Page 1 / 3
Share: