±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 36303
New Yesterday: 2 Visitors: 185

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

LG FORTUNE LG-M153 Screen Lock Bypass?

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

passcodeunlock
Senior Member
 

Re: LG FORTUNE LG-M153 Screen Lock Bypass?

Post Posted: Apr 28, 18 08:11

Axiom (and many other softwares) might be using the same AT commands which Igor posted at the very beginning of the thread Smile
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

RonS
Senior Member
 

Re: LG FORTUNE LG-M153 Screen Lock Bypass?

Post Posted: Apr 28, 18 13:49

- UnallocatedClusters
- RonS
The LG-M153 is supported using the Cellebrite UFED EDL method.

Ron


Hello Ron,

I attempted the EDL method with the newest cable but had no success at all. I will give it a go again.

[EDIT1] I tried every variation of the Generic Qualcomm EDL download mode acquisition but no success. I am able to put the phone in "download mode" by holding the up volume key and then connecting the phone to the USB cable but no success on extracting data. I am able to use Cellebrite Cable 523 per the instructions (option 5) to put the phone in download mode, but a window comes up asking to verify if debugging mode is enabled. Obviously debugging mode is not enabled but I have tried both "yes" and "abort" options with no success. When I search in Phone Detective for this particular model, nothing comes up. [EDIT1]

** This particular phone was found on the hood of my client's car. My client believes her ex-boyfriend left the LG phone after ripping out all of the electrical wiring under her car's hood.

My Pro Bono cases seem to have interesting circumstances like this.

I will have to consult with the legal assistance lawyer who engaged me on this case, but I assume that the phone owner does not have any reasonable expectations of privacy having left the phone at the scene of an apparent crime.

I was able to use Cellebrite to extract the MSISDN number from the SIM card, which I then reported to the attorney and suggested she issue a subpoena to Cricket mobile for information regarding the phone owner (call logs and cell tower data).

It is only a theory at this point that the phone belongs to my client's ex-boyfriend and that the ex-boyfriend was the person who vandalized her car.

I am hoping to extract evidence which LE can then leverage to arrest the ex-boyfriend (I am a civilian forensic specialist and not LE).


You need to put the phone into EDL mode.
If this is not accomplished using our special cable, you might need to short the internal phone eMMC CLK and CMD lines to GND.

I suggest you approach support and ask for the EDL method document that has this in more details.

Multiple customers used this method to get a physical extraction from this specific model.

Best regards,
Ron  
 
  

UnallocatedClusters
Senior Member
 

Re: LG FORTUNE LG-M153 Screen Lock Bypass?

Post Posted: Apr 28, 18 14:19

Many thanks for your reply Ron- I will contact support  
 
  

passcodeunlock
Senior Member
 

Re: LG FORTUNE LG-M153 Screen Lock Bypass?

Post Posted: Apr 29, 18 15:07

@RonS: the problem with this device is that triggering EDL mode with the UFED cable won't work for some reason, so the only option remains shorting the emmc

@UnallocatedClusters: I can confirm that shorting the emmc triggered a fault signal and at the next connect the device went to EDL mode. It is very confusing, because the device screen remains black, like nothing would happening.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

arcaine2
Senior Member
 

Re: LG FORTUNE LG-M153 Screen Lock Bypass?

Post Posted: Apr 29, 18 19:04

- passcodeunlock
@RonS: the problem with this device is that triggering EDL mode with the UFED cable won't work for some reason, so the only option remains shorting the emmc


This was actually considered a security hole and patched by lots of vendors in recent firmwares couple months back so it's even impossible to reboot to edl mode from fastboot (this was a thing for Xiaomi devices) or from working system via adb and testpoint is the only option. From my experience, booting LG (and Huawei) into EDL using only a cable rarely worked anyway.  

Last edited by arcaine2 on Apr 30, 18 18:54; edited 1 time in total
 
  

RonS
Senior Member
 

Re: LG FORTUNE LG-M153 Screen Lock Bypass?

Post Posted: Apr 29, 18 20:39

It is patched in newer devices and newer chipsets.
It does work for 100's of other models including the M153.

Shoring eMMC is simpler than a chipoff or ISP/JTAG, so worth trying.

RonS  
 
  

passcodeunlock
Senior Member
 

Re: LG FORTUNE LG-M153 Screen Lock Bypass?

Post Posted: Apr 30, 18 08:06

For some models there are two EDL testing points, just usually without marks. Shortening those also makes the phone boot into DEL mode next time.

@RonS: true, entering the EDL is way easier then any chip-off/JTAG/ISP, but the real "power" of the factory mode is being able to "read" the encryption keys from the Trusted Zone for almost any Qualcomm based device and make a decrypted acquisition on the fly directly from the device. Some say it's a security hole, but I look at it as a backdoor left there on purpose Smile
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 

Page 2 of 2
Page Previous  1, 2