Galaxy S21 Ultra pa...
 
Notifications
Clear all

[Solved] Galaxy S21 Ultra password brute force

8 Posts
4 Users
0 Reactions
5,215 Views
(@bobsan)
Posts: 7
Active Member
Topic starter
 

I have a Galaxy S21 Ultra (SM-G998U1 Snapdragon 888) with alphanumerical password in hot state but has a limit on the number of attempts to guess the password before it factory resets. Which version of UFED can be used or does this need Premium ES to unlock due to the limiter? 

Thanks

 
Posted : 01/05/2023 3:51 pm
(@arcaine2)
Posts: 237
Estimable Member
 

Regular UFED does not support locked S21, Qualcomm or Exynos variants. If it's in hot state (AFU), Premium should be able to get full filesystem from already. If you reboot it and get BFU state instead, bruteforce would be the only option. For alphanumeric - that's problematic so i'd suggest keeping it in AFU and using Premium, or similar solution to get the data.

 
Posted : 07/05/2023 7:54 pm
(@bobsan)
Posts: 7
Active Member
Topic starter
 

@arcaine2 Thanks, I am aware of most IOS devices being susceptible to AFU extractions, but not sure how that would work on a stock Android 11 with Hardware-Wrapped Keys (storage keys are instead made into hardware-wrapped keys, which can only be unwrapped and used by dedicated hardware.) I thought the idea behind that was to mitigate those types of attacks.

I get there was some issues with the implementation that was patched in May 2021 and beyond (An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.) Not sure how much that plays a role.

Have you had luck with premium accessing (readable data, like texts/chats, pictures and/or videos, etc.) later flagship Androids in AFU states, but with active screen lock of course. Thanks.

 
Posted : 08/05/2023 6:19 pm
(@arcaine2)
Posts: 237
Estimable Member
 

As long as the phone is in AFU state (hot), data is decrypted and available for the user. It's mostly a matter of bypassing the lockscreen and exploiting the phone to be able to pull the whole filesystem, and that's where the Premium comes in with its solutions. It should be able to grab everything, including keys from keystore for supported chat apps if the method will work correctly. In rare cases, the phone might reboot during the process, and you may lose AFU, but it's usually quite stable and supports Samsung devices quite well.

 
Posted : 08/05/2023 9:21 pm
(@bobsan)
Posts: 7
Active Member
Topic starter
 

@arcaine2 Got it - I was under the impression you can't bypass the lockscreen on FBE devices, maybe you meant it in a different context.

 
Posted : 08/05/2023 9:42 pm
(@arcaine2)
Posts: 237
Estimable Member
 

You can, if the phone is in AFU state. If it's in BFU state, it's also possible, but majority of the data will remain encrypted unless you enter to correct passcode, which will decrypt the user data. Simple as that.

 
Posted : 08/05/2023 9:54 pm
(@flabo)
Posts: 12
Eminent Member
 

@arcaine2 I was previously told from an analysis of a friend of mine that there are several models of Cellebrite Premium that cannot be brute-forced.
Is it a confirmed fact that Premium can brute-force the S21 Ultra?
And is brute-forcing possible regardless of the type of chipset?
Please reply.

 
Posted : 10/10/2023 1:48 pm
(@numide47)
Posts: 1
New Member
 

Hello I have S21 FE snapdragon 888 android 14, I want to recovery data but he is pattern lock, I don't know if brute force attack will work.
Thank you

 
Posted : 12/06/2024 2:47 pm
Share: