±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32353
New Yesterday: 1 Visitors: 103

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Samsung Galaxy S7 SM-G935F adb backup

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Samsung Galaxy S7 SM-G935F adb backup

Post Posted: Fri May 05, 2017 3:17 am

Hi, I have a Galaxy S7 with Android 7.0.

If someone knows how to root that device with Android 7.0 (1.1.2017, encrypted) please let me know. Cool

In the meantime, I am running the adb backup command to extract data and I am not sure what I am doing wrong.
I did "adb backup -shared" four times and each time the resulting file has a different file size. WTF?

Also, there are several folders missing in that extraction, for example DCIM and WhatsApp.
I have no problem getting the WhatsApp folder via "adb pull /sdcard/WhatsApp" but I don't understand why it isn't contained in the -shared adb backup. I thought the "shared" backup should give me everything from the internal SD Card.
Has anybody had similar experiences?  

SamBrown
Senior Member
 
 
  

Re: Samsung Galaxy S7 SM-G935F adb backup

Post Posted: Fri May 05, 2017 5:24 am

Recent versions of Android applications sometimes specify which data or it's components can be backed up or not.

Rooting the device is not possible if the BL is locked, oem unlock will wipe the device, so don't do it.
_________________
Passcodeunlock - mobile/tablet screen unlocking
passcodeunlock.com 

passcodeunlock
Senior Member
 
 
  

Re: Samsung Galaxy S7 SM-G935F adb backup

Post Posted: Fri May 05, 2017 6:17 am

Yes but I thought that only applies to the "apps" part (/data/data) of the adb backup, not the "shared" (internal SD) part?  

SamBrown
Senior Member
 
 
  

Re: Samsung Galaxy S7 SM-G935F adb backup

Post Posted: Fri May 05, 2017 6:48 am

That's the international model isn't (with the Exynos processor)? If so, the bootloader should be unlocked and I believe there's a TWRP package for it which should get you full access.

forum.xda-developers.c...0-t3334084

Just make sure it's the correct model and chip (the US version with the snapdragon chip is a locked bootloader and won't work as passcodeunlock mentioned) and be careful around the dm-verity step as it can cause problems if you're not careful.

Jamie  

mcman
Member
 
 
  

Re: Samsung Galaxy S7 SM-G935F adb backup

Post Posted: Fri May 05, 2017 7:19 am

Yes, unlocking the boot loader is not the problem, unfortunately the device is encrypted. I could dump it within TWRP but then I'd only get the encrypted storage. Crying or Very sad

So far every tutorial for rooting the G935F I have found wants me to wipe the device in the process.  

SamBrown
Senior Member
 
 
  

Re: Samsung Galaxy S7 SM-G935F adb backup

Post Posted: Fri May 05, 2017 8:07 am

First step first! Please create the physical dump... I sent you a PM Smile
_________________
Passcodeunlock - mobile/tablet screen unlocking
passcodeunlock.com 

passcodeunlock
Senior Member
 
 
  

Re: Samsung Galaxy S7 SM-G935F adb backup

Post Posted: Sun May 07, 2017 11:32 pm

Hello all!

I am really interest about this topic. I have a Galaxy S7 Edge (SM-G935F) with Android Nougat to play with. I also have couple Edges that are our "customers" (Nougat). I am working in law enforcement. I noticed that Cellebrite gives only a Logical extraction option when trying to work with this phone. Logical extraction via Cellebrite works just fine, but there is no apps data of course. Both phones was passcode / pattern locked, but "customers" were willing to give the codes to us.

So I got this test phone and my plan was to root it. Like mentioned above, there is a TWRP available for S7 and S7 Edge running Android 7.0 Nougat. I flashed TWRP to test phone and I used adb pull and got the encrypted user data out from the phone. Then I flashed latest SuperSU and no-verity to phone and just wanted to see if phone boots. Like I already knew, it wont. The Samsung logo just appears and nothing else happens. I rebooted to TWRP and wiped the phone. Then the boot works. I flashed stock Android Nougat and then TWRP again and tried everything that I came up with, but still the same result.

I contacted to our national NBI laboratory and they said that at this moment they are unable to decrypt the encrypted sda.

So at least this moment the root is not and option for me to get physical dump from S7 Edge. I know that this is available via Cellebrite CAIS, but not all crimes are so serious that we will use that option.

So my question is that is there a way to get some info from that encrypted user data? Or can it be decrypted? If I am lucky and I can get some better results or tips, I will post them to here.  

Shaky
Newbie
 
 

Reply to topicReply to topic

Share and Like this forum topic to get more replies




Page 1 of 2
Go to page 1, 2  Next