Samsung S Plus PAtt...
 
Notifications
Clear all

Samsung S Plus PAttern Lock

9 Posts
4 Users
0 Likes
550 Views
CopyRight
(@copyright)
Posts: 184
Estimable Member
Topic starter
 

I am operating on a Samsung S Plus I9001 that has a pattern lock and (usb debugging off) by default, is there anyway i can get past that?

 
Posted : 18/12/2012 2:38 pm
(@coligulus)
Posts: 165
Estimable Member
 

Have a read of this

http//digitalinvestigation.wordpress.com/2012/02/16/unlocking-android-pattern-locks/

 
Posted : 19/12/2012 1:24 pm
(@mobileforensicswales)
Posts: 274
Reputable Member
 

It will either have to be JTAG'ed or booted with a forensic bootloader using the UFED Cellebrite. Not sure whether the i9001 is supported, I've done a few i9000's with the UFED now.

Be careful if you are going to JTAG the device with a RIFF box or similar as the nand memory is strange to access on an i9000, if you don't tell it which part of ROM1 (as it shows it) to read you may end up just reading the wrong bit of the memory where the pictures are stored, not the system and swipe pattern.

Do you know how to find and decode the hash? If not look it up on the CCL website D

 
Posted : 19/12/2012 6:04 pm
CopyRight
(@copyright)
Posts: 184
Estimable Member
Topic starter
 

Okay Great Help you guys,

So JTAG is actually connected the damaged phone , in my case a locked phone where the lock is unknown, whilst connected the phone the JTAG brand, the JTAG literrally pushes a firmware update, then the phone works normally (without) any pattern lock.. and all the data remains there .

Did i get it right?

What do you guys think is the best JTAG brand, or atleast the one that supports more devices.

 
Posted : 20/12/2012 3:05 pm
(@coligulus)
Posts: 165
Estimable Member
 

I don't think you've quite hit the nail on the head yet.

You use the JTAG interface to read the memory of the device, at all costs you want to avoid writing anything to it if you can. If you had read the article which I linked to you would see that the conclusion is not the removal of the password/PIN/pattern but the recovery of it. Once recovered you can unlock the UI and access the device further.

Is the original question relating to a forensic examination of said device?

 
Posted : 20/12/2012 8:21 pm
CopyRight
(@copyright)
Posts: 184
Estimable Member
Topic starter
 

Yes it is,

 
Posted : 21/12/2012 9:03 am
(@mobileforensicswales)
Posts: 274
Reputable Member
 

Buy yourself the same device and do it on there first. If you don't know what you are doing its not fair on your client or your own reputation to do it on the original exhibit.

You do not want to flash ANY firmware in a JTAG method. You are looking to download a raw copy of the nand and deduce the hash of the password that way

 
Posted : 23/12/2012 2:28 pm
sideshow018
(@sideshow018)
Posts: 84
Trusted Member
 

The JTAG process is very safe if you do the process right. The boxes that we use to JTAG phones are meant to program/unlock from service provider/erase phones and selecting any of these options in the interface will alter the data on the phone. Just like the Flasher boxes did, these tools function the same way.

The JTAG process allows you to grab a physical dump from the memory on the phone. This dump helps you in two ways one, it allows you to use the CCL Scripts (or Cellebrite PA/XACT) to carve out the pattern lock; two, you have a physical dump of the phone's memory that includes the deleted items easily decoded using HEX Editors.

Once you have the passcode from the CCL Scripts, you can then unlock the phone, turn on USB Debugging and then acquire the phone using any of the forensic tools that support the phone.

The first JTAG training class will be presented in the UK in April/May of 2013, watch for dates on the Teel Technologies website.

 
Posted : 25/12/2012 9:13 am
CopyRight
(@copyright)
Posts: 184
Estimable Member
Topic starter
 

Very well explained, is there any JTAG tool that you'de recommend that supports a majority number of phones?

or i'de have to purchase a lot of separate JTAGS depending on the phone i'de like to examine on?

 
Posted : 15/01/2013 9:51 am
Share: