Sony Xperia E5 Acqu...
 
Notifications
Clear all

Sony Xperia E5 Acquisition

8 Posts
5 Users
0 Likes
1,662 Views
(@thomass30)
Posts: 110
Estimable Member
Topic starter
 

Hello colleagues,
I have Sony Xperia E5 with Boot level protection to run Android, USB Debugging mode disabled and locked bootloader.
Based on gsmarena.com it is Mediatek MT6735 so I tried MTK Hack in MobilEdit Forensic Express but nothing happened ( even if it works I know it will be encrypted)

I think It will be very difficult to do anything with this right know because JTAG or Chip-off methods are not the options right now (the raw image will be encrypted anyway).

Any other ideas what could be done with this?

 
Posted : 20/08/2018 5:25 pm
kastajamah
(@kastajamah)
Posts: 109
Estimable Member
 

Without knowing how many devices were seized at one time, have you considered extracting the other devices to try and determine the PIN or passphrase. My experience has been people reuse the same ones from phone to phone.

 
Posted : 20/08/2018 6:34 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

@Thomass30 I know a way, but I need physical access to the device. You know my email address, so please drop me a mail…

@kastajamah true, but logically people wouldn't be asking for help if they would have other ways around already )

 
Posted : 20/08/2018 6:48 pm
(@thilizardo)
Posts: 1
New Member
 

Hi folks,
I am working in a case with Sony Xperia XA(model F3216). Did you guys got success with Sony Xperia Acquisition? Even with bootloader pin code enabled…

Thanks in advance.

 
Posted : 06/12/2018 10:25 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

For Secure Startup enabled devices brute force should be the first step before anything else, once the PIN / pattern / password is found, you know the user lock as well )

Secure Startup has nothing to do with locked boot loader (stage 1), many people misuse the term for some reason.

 
Posted : 07/12/2018 10:09 am
(@mshibo)
Posts: 34
Eminent Member
 

Well, I believe there's a way around and it starts with unlocking BL.
Fortunately, using Sony Flash Tool, we can unlock BL without triggering userdata wipe. After BL is unlocked we can flash any custom binary files using fastboot mode and in our case, we need to flash TWRP. Data will be encrypted for sure, but we can do something about it. From TWRP, we can mount /system and then delete systemui from /app folder. Now when we reboot phone, you'll find no locks and no system ui but you can access the data on the phone and continue your work.
Any further details needed about the whole process, just let me know.

 
Posted : 09/12/2018 2:32 pm
(@mshibo)
Posts: 34
Eminent Member
 

For Secure Startup enabled devices brute force should be the first step before anything else, once the PIN / pattern / password is found, you know the user lock as well )

Would you, sir explain the method used to brute-force Secure Startup password?

 
Posted : 09/12/2018 2:43 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

If Secure Startup is set, it does't matter much if the BL is locked or unlocked, the early stage mount is an encrypted loop device, which must be passed first. There are several tools (and boxes) for brute force of screen locks, use what fits your needs.

 
Posted : 09/12/2018 7:27 pm
Share: