±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34601
New Yesterday: 4 Visitors: 181

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Xiaomi Redmi 4X Acquisition

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Xiaomi Redmi 4X Acquisition

Post Posted: Wed Jul 18, 2018 2:04 am

Hello colleagues,
I have Xiaomi Redmi 4x.
I got PIN so I have access to the phone.
The bootloader is locked.
The USB Debugging is ON.

I was reading that unlocking bootloader in xiaomi doesn't wipe the user data?
Have any of you got experience with xiaomi phones and can confirm this is true ?

Also I want to get logical acquisition with mobiledit forensic express, but I cant install mobil edit connector on that Redmi4x to establish connection because it is said on MobilEdit support website that it is require to turn on in Developer Options additional settings like (beside usb debugging which is on) "Install via USB - allow installing aps via USB" and "USB Debugging Security Settings - allow granting permissions ans simulating input via USB debugging". Turning on the first option requires to login on xiaomi account and the second option requires network connection.
The phone is evidence so I cannot connect this to mobile or internet network.

Magnet Acquire also gives me nothing.

Any suggestion how to get at least logical acquisition ?

I dont have Cellebrite Ufed.  

Thomass30
Senior Member
 
 
  

Re: Xiaomi Redmi 4X Acquisition

Post Posted: Wed Jul 18, 2018 6:59 am

I can't recall but either the Redmi 4 or 5 doesn't have ADB installed if I remember correctly, can anyone else confirm that? I could be getting devices mixed up since I don't see too many of them but I recall only getting what the content providers could pull. For ACQUIRE that should be just what the agent gets and for Cellebrite I believe it's just a logical (not file system).

Again, I could be wrong with this, it's early and I don't have one here to confirm.

And yes, many of these phones require account authentication to turn on USB debugging which is a big problem quite often. Until you get USB debugging, you won't get much in the way of logical acquisitions from any tool.

Jamie  

mcman
Senior Member
 
 
  

Re: Xiaomi Redmi 4X Acquisition

Post Posted: Wed Jul 18, 2018 12:06 pm

- Thomass30

I was reading that unlocking bootloader in xiaomi doesn't wipe the user data?
Have any of you got experience with xiaomi phones and can confirm this is true ?


Not sure how Redmi 4x behave but older Xiaomi always did a factory reset after unlocking bootloader. It is possible that there is a bug and factory reset is not triggered (old Huawei P8 Lite ALE-L21 acts like that and can be unlocked with no data loss for example) but i wouldn't risk it.

- Thomass30

Also I want to get logical acquisition with mobiledit forensic express, but I cant install mobil edit connector on that Redmi4x to establish connection because it is said on MobilEdit support website that it is require to turn on in Developer Options additional settings like (beside usb debugging which is on) "Install via USB - allow installing aps via USB" and "USB Debugging Security Settings - allow granting permissions ans simulating input via USB debugging".


From my experience, mobilEDIT tend to bug out when trying to install connector. Sometimes restarting mobilEDIT itself helps, sometimes installing the app manually. With the message you get it seems that extra security is enabled just because someone had Xiaomi account added on the device but i'd still suggest installing it manually ("adb install whatever_the_name_is.apk") which at least give you some error message. There may not be enough free space on the device for example.

Have you tried with new UFED update? They do support decryting some (including snapdragon 435) devices in EDL mode. Redmi 4x is not on the list, but maybe it'll work.  

arcaine2
Senior Member
 
 
  

Re: Xiaomi Redmi 4X Acquisition

Post Posted: Wed Jul 18, 2018 2:32 pm

use UFED and Smart ADB option
_________________
Multi-COM - Bogusław Rzepka
multi-com.eu 

Bolo
Senior Member
 
 
  

Re: Xiaomi Redmi 4X Acquisition

Post Posted: Thu Jul 19, 2018 3:20 am

Thanks for replies.

Like I said I dont have access to UFED.
Is there a way to get the trial version of UFED ?

In order to install connector manually ("adb install whatever_the_name_is.apk") I think I need to turn on one of this option I mentioned - "Install via USB - allow installing aps via USB" which leads me to login to xiaomi account.

Installing this like "adb install MEConnector_1_2_1.apk" gives me error "Failure [INSTALL_FAILED_USER_RESTRICTED: Install canceled by user]  

Thomass30
Senior Member
 
 
  

Re: Xiaomi Redmi 4X Acquisition

Post Posted: Thu Jul 19, 2018 6:28 am

Hello Thomas,
If you have the SD card you can download the apk file from the installation folder of the software
(C:\Program Files\MOBILedit Forensic Express\Connectors)
and install it to the phone from the SD card. Please, try it.  

EXFsupport
Newbie
 
 
  

Re: Xiaomi Redmi 4X Acquisition

Post Posted: Mon Jul 23, 2018 3:41 am

Thanks EXFsupport, it works...

Before I start this thread I installed apk connector downloaded from MobilEdit website directly on the phone but after installation there wasnt link connection between running mobiledit forensic express and that installed connector.

I installed the connector which I found in the path C:\Program Files\MOBILedit Forensic Express\Connectors like you said and this time the phone sucessfully connect with the program.

Thanks again.  

Thomass30
Senior Member
 
 

Page 1 of 1