Oxygen Forensic put out an article about this
http//articles.forensicfocus.com/2011/11/18/android-forensics-study-of-password-and-pattern-lock-protection/
You can get at the required files if you have root access for are able to perform a JTAG read of the device.
Doug,
When an Android phone is password/pattern locked and debugging is not enabled, there is no regular way to get root access.
Indeed JTAG and chip-off are a possible solution, and then you need a tool that will decode this full flash extraction and as far as I know UFED PA is the only tool that currently has that capability since this is also the output format (full flash including spare area) for those Android phones that UFED can bypass a password/pattern locked while debugging disabled.
Other tools capability is to extract the active partition (YAFFS2, EXTx …) and then decoding is less complicated, but is limited to devices that root access is possible (in one of several methods), but not for locked devices. This method is also supported by UFED.
Ron
I was successful in getting a search warrant that ordered Google to reset the gmail account, thereby using the pattern lock account login bypass. However, on the phone model I seized, Huawei (can't recall the #), all password verifications are stored locally, and they do not download the new password from the network. That was one downside. The other, as mentioned above, is that a network connection is needed and the wipe possibility becomes very real. The analyst at google said that he does several of these a week and they are about 75% successful, but certain phones will not work. Now that the UFED PA works on some models, I will try that soon.
Good Luck
Ron
Is the current bypassing of the pattern lock just with phones with the USB debugging on?
There are about 30 Android models that will work when phone is locked and debugging disabled.
We will soon add about 60-80 additional mainly from Samsung, Motorola and few from other vendors.
For most Android devices with debugging enabled, it is trivial to perform the extraction, both physical and file system extraction that will also decode you the pattern and then you can unlock.
Ron
I have been having the sam problem with locked Androids. I understand the UFED PA can access some of these phones but that means there is a way around the passcode. Does anyone have experiance gaining access without UFED PA? We don't have the money for one and can't run to another agency everytime we come across a locked Android, which is increasing.
If anyone is interested, we've just a posted a blog detailing how we've been getting the pattern lock from raw flash dumps (usually acquired via JTAG).
The blog is here http//
And you can get the scripts mentioned in the post here http//
Nice,
A similar approach is implemented in the Cellebrite UFED PA version that will be released on Monday.
Great minds think alike )
RonS
Cellebrite
http//
Worth a look, requires a JTAG acquisition first……B
We've added a second blog post about PIN locks and Passwords that might also be of interest
http//