I have downloaded the flash memory of two PIN locked Sony Xperia's (models LT18i & LT15i) using a Medusa Box we recently bought. The software outputs the files in a .ful format, which appears to be proprietary format and not the usual .bin format i was hoping for. Looking at the dumps in hex, the headers start with 'OCTOPUS'.
Is there a way of converting these to a standard bin file which could be decoded with Cellebrite etc?
Thanks
Mark
This dump is encrypted using the flasher box software is encrypting the dump. The only way to get around it is to beg the dev for a decoder or port scan
If I recall properly, when you are saving your dump file, there is a drop down box for file type. You can save it as a proprietary encrypted file, or as a plain binary file. Doesn't help decrypt your file, but check next time you save, the file type you saving it as.
Cheers for the replies guys.
I checked the drop down menu again and the only file-type option is 'Full Flash Read .FUL' unfortunately.
I've tried the port scan method, using a trial copy of 'Device Monitoring Studio' (USB version, selecting 'Raw Data View' in the monitoring window). I then saved the hex data from the 'Read' window and imported it into Cellebrite (trying a couple of profiles). They all recover the same thing, 400 calls, 5 chat conversations,1 Email, 3429 SMS Messages, however none of them decode the file system.
I tried to carve the PIN code but nothing happened. I tried a couple of PIN recovery scripts (such as CCL's) and they also failed, they find a SALT but no HASH.
Try the Octoplus Box, it gives you the option of either file type, the .bin option will give you what you need…..B