[Solved] Galaxy S21 Ultra password brute force
I have a Galaxy S21 Ultra (SM-G998U1 Snapdragon 888) with alphanumerical password in hot state but has a limit on the number of attempts to guess the password before it factory resets. Which version of UFED can be used or does this need Premium ES to unlock due to the limiter?
Regular UFED does not support locked S21, Qualcomm or Exynos variants. If it's in hot state (AFU), Premium should be able to get full filesystem from already. If you reboot it and get BFU state instead, bruteforce would be the only option. For alphanumeric - that's problematic so i'd suggest keeping it in AFU and using Premium, or similar solution to get the data.
@arcaine2 Thanks, I am aware of most IOS devices being susceptible to AFU extractions, but not sure how that would work on a stock Android 11 with Hardware-Wrapped Keys (storage keys are instead made into hardware-wrapped keys, which can only be unwrapped and used by dedicated hardware.) I thought the idea behind that was to mitigate those types of attacks.
I get there was some issues with the implementation that was patched in May 2021 and beyond (An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.) Not sure how much that plays a role.
Have you had luck with premium accessing (readable data, like texts/chats, pictures and/or videos, etc.) later flagship Androids in AFU states, but with active screen lock of course. Thanks.
As long as the phone is in AFU state (hot), data is decrypted and available for the user. It's mostly a matter of bypassing the lockscreen and exploiting the phone to be able to pull the whole filesystem, and that's where the Premium comes in with its solutions. It should be able to grab everything, including keys from keystore for supported chat apps if the method will work correctly. In rare cases, the phone might reboot during the process, and you may lose AFU, but it's usually quite stable and supports Samsung devices quite well.
@arcaine2 Got it - I was under the impression you can't bypass the lockscreen on FBE devices, maybe you meant it in a different context.
You can, if the phone is in AFU state. If it's in BFU state, it's also possible, but majority of the data will remain encrypted unless you enter to correct passcode, which will decrypt the user data. Simple as that.