Hi,
Probably we all know Cellebrite has some options to create a physical dump of an android phone.
One of them is the Cellebrite bootloader, but how does this bootloader work?
Anyone got information about this?
The bootloader is on the sd card inside the UFED but how they boot this bootloader?
Is it possible to boot other bootloaders too?
Couldn't find anything on the web maybe it is a Cellebrite secret………
I would guess that they boot the device into either boot loader or fast boot mode in order to temporarily place their own tools on the device to secure the acquisition. It will remain their secret I'm sure.
Of course there are all sorts of other boot loaders you could use, but those would be for rooting the device and not necessarily forensically sound.
I have not used the updated UFED approach yet so others may be able to shed more light on it.
kbertens,
What I can share is that Cellebrite use different methods to get into these locked Android devices (those that UFED support). There is no one generic way to get into a pattern locked device.
The core of this, is finding a way to have our bootloader run on the phone.
The challenges are
1) Some phones only allow vendor signed bootloaders
2) Some phones don't allow any bootloader to be loaded
3) Make the implementation without any changes to the phone original firmware/bootlaoder)
In all solutions thus far, we are NOT performing any changes to the original phone firmware/bootloader (we are NOT flashing/updating the bootloader but load ourselves to RAM).
Hope this helps. There are limits to what can be said in an open forum.
Ron
The point is
unless the exploit used by cellebrite to gain access to the device/bypass restrictions isn't public (the vuln i mean, not the code itself) you can achieve the same result with what you find online and some adaption to the code for accomplishing best practice requirements.
rooting kits are invasive, but they actually work, bypass protections and load custom stuff.
if you can adapt such codes to NOT alter the device you are almost done.
of course it requires time and effort, you have to work on your toolchain, test it on spare devices, and validate it so that you can prove what you did is forensically sound, else your results can be trashed on trial.
so, since time is money it's up to you, you can buy the gear from companies that invest their time in developing (actually) mobile phone hacking techniques and reverse engineering, and get monkey-proof tools that do the extraction for you.. or you can invest your own time in researching and adapting things you find online to fit your needs.
I say this because i like experimenting and researching on my own, BUT 99% of the times i don't use my home-developed tools for real evidence analysis, except there is no other way.