You need to add/install the Registry module, this one I believe
http//
https://
OR, as I suggested you earlier, run the other script that uses the contents of the key instead of accessing the Registry hive (and thus needs not the Registry module).
jaclaz
Sorry for the late of that.
thanks all the people who help us and write the python ) ,here is the result
Regards
wonder
Glad you sorted this out but i believe you posted the wrong image 😉
Glad you sorted this out but i believe you posted the wrong image 😉
Naah, the image is fine, just look at the last few lines.
Of course the actual PIN has been masked, you might well understand the serious privacy issues underlying wink .
I would be curious to know anyway if it was
1) [0000]
2) [1234]
3) [yyyy] of birth of user or of his/her partner or of his/her son/daughter
4) [ddmm] of birth of user or of his/her partner or of his/her son/daughter
5) [4444] (a perfectly random number generated through xkcd generator
D
jaclaz
He fixed the image, previously it was one from failed attempt and not, it wasn't as simple as 1111 or 4444, but close.
There's still an issue with the time he has to wait to actually enter the PIN. Not sure if i read it correctly, but it seems to be 232163 minutes. Still, that's one step closer.
He fixed the image, previously it was one from failed attempt and not, it wasn't as simple as 1111 or 4444, but close.
I see. )
There's still an issue with the time he has to wait to actually enter the PIN. Not sure if i read it correctly, but it seems to be 232163 minutes. Still, that's one step closer.
Yep, but that will be 5 months or so before a new attempt is possible. (
I don't recall any method to reset that counter without a hard reset ?
jaclaz
I don't recall any method to reset that counter without a hard reset ?
I don't know any either. I suspect that there's a registry entry that stores that counter but that change could be hard to make (possibly only to edit the registry on PC and then upload whole new partition image via JTAG/ISP) and i don't know which entry it is. Possibly, it's around the same place where HASH and SALT are stored. Comparing registry between 2 devices, one locked and one not _could_ lead somewhere. There is an "ExponentialBackoffUnblockTime" entry and related with that "ExponentialBackoffInitialPenalty", "ExponentialBackoffIncrementalPenalty" and "ExponentialBackoffInitialTreshold" but it would require some experiments on live phone to check how it works.
It can also be due to the wrong time and date set on device. It sometimes reset when battery is out for too long. One way to set the correct time/date would be to insert active sim card so it'll get the current time from GSM network, but it may not always be a possible solution, especially in forensics.
It can also be due to the wrong time and date set on device. It sometimes reset when battery is out for too long. One way to set the correct time/date would be to insert active sim card so it'll get the current time from GSM network, but it may not always be a possible solution, especially in forensics.
I think the time squashing could be possible with synchronization over GSM to a local stingray station, a well configured DNS server and an ntp server answering locally for time.windows.com queries )
Try the above on a test device only, synchronizing over GSM would certainly modify some timestamps, which could be important forensically.
Solution for this are inserting active SIM card into phone and let it synchronise over GSM but it will change timestamps as phone unlock writes
If the timestamps get altered, the procedure is void for forensics analysis.