Cracking Android De...
 
Notifications
Clear all

Cracking Android Devices / Physical Extraction

5 Posts
5 Users
0 Likes
891 Views
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

So I have a locked phone at my disposal, it's a Samsung phone, not the latest on the market but a mid ranged priced one.

I own octopus, SPT, and BEST as cracking tools, but when using the Octopus, sometimes, depending on the device, it warns me that it will wipe the device for removing the password, in which is a problem. My question is, if I DO wipe the phone and remove the password, and then ROOT the phone to be able to acquire a physical extraction using Cellebrite's UFED 4PC, how much of the data will I bring back, and how much will I possibly lose?

Any recommendation's for a better method of removing pass-codes or even pattern's on these sort of devices?

Thanks in Advance!

 
Posted : 27/04/2017 4:14 pm
Mreza
(@mreza)
Posts: 84
Trusted Member
 

You didn't specify the model. I'm sorry, but I don't find your question logical. If you already have Ufed 4PC, why don't you bypass the password and do physical extraction? Why would you wipe the device? In that case you would get very little or no valuable data at all.

 
Posted : 27/04/2017 5:52 pm
(@pacman91)
Posts: 4
New Member
 

Like Mreza said - tell us what model the device you are examining and there may be some methods available that allow you to bypass the security lock and obtain a full physical extraction without formatting the user data.

 
Posted : 27/04/2017 7:32 pm
(@mcman)
Posts: 189
Estimable Member
 

As others have said, give the model number or check if there's a passcode bypass option either in your UFED or anything publicly available. There are quite a few TWRP packages for Samsung devices that will allow you to bypass the passcode. Here's a video I did doing a TWRP bypass of a Galaxy S5 with Magnet ACQUIRE

https://www.youtube.com/watch?v=wrr9FdjQ-04

Totally depends on the device and whether the bootloader is locked or not but worth a shot, way better than wiping the device.

 
Posted : 28/04/2017 12:40 am
Bolo
 Bolo
(@bolo)
Posts: 97
Trusted Member
 

Devices that you describe so GSM boxes are not created for reading pattern/codes - they are strictly for unlocking business but of course in some cases can help. Just note that if they remove code at all does they don't care about data so using it's a little tricky unless you got exact same phone ("donor") to first try on it, for example if phone got encryption by pressing button like Pattern Remove will wipe your device and you will not get back anything even with PA since many phones will wipe phone and put into memory FF FF or 00 00. Unless you will give more info what phone, what SW etc nobody will answer here anything….

P.S
Best method for extraction codes are eMMC ISP - of course if ISP points are available so you are able to get to a place where eMMC are connecting with CPU and tap onto them - you can read full dump and then parse it with PA or if you want to save time and just unlock it for future faster dump over ADB/exploit and you know where you are looking for you can read only choosen offset of data and get code from there directly.

 
Posted : 28/04/2017 12:57 am
Share: