±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34489
New Yesterday: 1 Visitors: 144

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

bootloader data acquisition !!

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9 
  

Re: bootloader data acquisition !!

Post Posted: Tue Mar 13, 2018 11:44 am

- passcodeunlock

Anyway, for this kind of tasks it is almost impossible having a general price list (public or not), since each task is unique.


I know, usually this kind of work is proposed (and carried on) on a fiduciary basis (like most if not all consulting work), but anyway with a preliminary estimation.

Example:

The rate for Software Recovery Technician, including the use of hardware ad software needed is US$ 150.00 per hour of fraction, with fractions rounded to the next quarter of hour.

The rate for Hardware Laboratory Techinician, including the use of laboratory equipment is US$ 200.00 per hour or fraction, with fractions rounded to the next quarter of hour.

We expect, to carry the recovery on a xxxxxxyyyyyyy device to need:
Software Recovery Technician 12 hours
Hardware Laboratory Technician 4 hours

For a typical zzzzzzwwwww device we expect:
Software Recovery Technician 81 hours
Hardware Laboratory Technician 28 hours

For a wwwwwxxxxxxx device we expect instead:
Software Recovery Technician 11 hours
Hardware Laboratory Technician 24 hours

The above is only indicative and may vary up to +/- 50%.

Shipping and handling from our Laboratory of the device, via primary courier, US$ 100.00 within EU and US$ 200.00 rest of the world.

Reimburse of the cost of physical media used to store the recovered data, that we estimate as:
US$ 5 per GB of data up to 50 GB
US$ 2 per GB of data up to 500 GB
US$ 0.50 per GB of data over 500 GB

To the above costs you will need to add:
Costs for shipping the device to our laboratory address, which remains your sole responsibility.
VAT, local sales taxes, duty and whatever other tax or tariff applicable.


This way a customer (or prospective customer) can easily understand if it is worth it (or if he/she/they can afford it) and take a decision, before calling (and making you - and the caller BTW - lose time).

I may find "acceptable" the example costs for a device xxxxxxyyyyyyy that, set apart shipping, taxes and storage would presumably cost me between 2,600 and 3,900 US$ and find unaffordable costs for a device wwwwwxxxxxxx which recovery at list price would go between 17,750 and 26,625 US$ (again besides shipping, taxes, etc.).


jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: bootloader data acquisition !!

Post Posted: Tue Mar 13, 2018 3:45 pm

Reference of pasted content missing!  

RolfGutmann
Senior Member
 
 
  

Re: bootloader data acquisition !!

Post Posted: Wed Mar 14, 2018 10:33 am

@jaclaz: please find me a similar price list like you mentioned for exploiting the TrustedZone for extracting the encryption keys, then use the keys to decrypt aes-xts.essiv:sha256 encrypted data from an offline dump, without having the device... I'm really anxious to read your answer regarding these prices Smile

Your previous sample is non-sense at this level. Even if you would be a Zerodium trader, Asimuth developer, crypto-reversing guru or a long-time known or unknown blackhat or whitehat knowing everything, etc. - you still couldn't estimate what could be the costs for the next task you would get...
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 

passcodeunlock
Senior Member
 
 
  

Re: bootloader data acquisition !!

Post Posted: Wed Mar 14, 2018 12:36 pm

- RolfGutmann
Reference of pasted content missing!

I just made it up, what reference are you asking for? Question

- passcodeunlock
@jaclaz: please find me a similar price list like you mentioned for exploiting the TrustedZone for extracting the encryption keys, then use the keys to decrypt aes-xts.essiv:sha256 encrypted data from an offline dump, without having the device... I'm really anxious to read your answer regarding these prices Smile

Your previous sample is non-sense at this level. Even if you would be a Zerodium trader, Asimuth developer, crypto-reversing guru or a long-time known or unknown blackhat or whitehat knowing everything, etc. - you still couldn't estimate what could be the costs for the next task you would get...


It seems to me like you are missing the point I was trying to make.

Loosely speaking the idea is that someone is willing to sell a service (i.e. their knowledge, experience and time, besides specialized equipment and tools) and (hopefully) someone else is going to spend money in order to acquire that service.

The idea is that the one selling the service is:
a) an expert in the matter at hand
b) thus (by comparison with N previous similar cases) has - even loosely - an idea of how much of his/her time will be needed to provide the service
c) knows how much money (per unit time of work) that particular work might be either valued on the market or alternatively how much money he/she wants to make (irrelevant from the market price)

The only thing the prospective buyer/customer is qualified for is normally:
1) how much money he/she has
2) how much of this money he/she can afford for the specific service

Set aside whether list prices exist and are published, a (private) preventive estimation would be IMNSHO needed.

It is only logical that a correspondence *like*:
Q:Hi, I am interested in your service, how much will it cost to frumble a squirghoyle?
A: No idea, although we already frumbled hundreds of squirghoyles, besides gryntrembling tens of vestriggers, we cannot provide an estimation.
Customers usually send us besides the device, an unlimited credit card number (or irrevocable authorization to draw funds from their multi-billion US$ bank account) then we charge on it as much as we see fit along the progress of the operation, until we hopefully succeed.
No two cases are the same.

Is *very unlikely* to end in an actual transaction.

Anyway my original note was only about having public list prices and contract agreements being "not professional" (which is what you stated), whilst I find having them public an added sign of professionalism and a way to save time to BOTH the seller and the prospective buyer.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: bootloader data acquisition !!

Post Posted: Wed Mar 14, 2018 12:49 pm

@jaclaz: the customer was informed in a private manner about the expected price BEFORE anything, none of your theories apply.

Starting with your theories, the thread got nothing technically related to the original post, from my point of view, this thread is closed.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 

passcodeunlock
Senior Member
 
 
  

Re: bootloader data acquisition !!

Post Posted: Wed Mar 14, 2018 3:40 pm

- passcodeunlock
@jaclaz: the customer was informed in a private manner about the expected price BEFORE anything

Which is fine, cool, dandy Smile and professional.

From how the thread came on it seemed like the price came up as a total surprise.


Anyway, case closed.


jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 

Page 9 of 9
Go to page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9