We have/had a Huawei P30 that we had access to for a matter of hours in which time we managed to get a UFED logical only as we could not root the phone to get a physical. The logical did not get the WeChat data. In a last ditch effort we also employed HySuite (Huawei's own backup suite) to get a backup which does include the WeChat data files albeit they are encrypted ie tar.enc.
Working in Python we can get out images but not the message content which is critical.
Anything we can do? We have access to the WeChat account holder and they will give us the password to the WeChat account.
Time is of the essence now for us as this case is moving quickly.
Thanks in advance.
If you set a password on the Huawei backup maybe this can be of help.
https://
It decrypts the Huawei backup and then you should be able to put it into Physical Analyzer. )
So the script you note is the one we are using. We also cannot create a HySuite backup without a password so this is in place also.
Can you elaborate on your understanding of processing this in PA?
Thanks for your assistance.
I shall try to explain, but as I am stuck at home I do not physically have access to one of our PA dongles.
In PA you can open a new case and then select open advanced.
(Think its ctrl + shift +o)
From there you can select the profile of the phone you have acquired or which often works is to open it as "Generic Android".
It will then most likely ask you for what kind of extraction it is, Filesystem or Logical or what not.
Then it will ask you for either a binary file or a folder, where you point to the folder you already have decrypted.
PA should then hopefully run the plugin to parse the WeChat.
If not you might be able to use the SQL wizard to manually parse the database file )
Hope this at least is a bit helpful!
since the custodian is willing to share the credentials. get a burner Galaxy S5. Get the latest WeChat APK. Login to the account and let it sync everything from the Cloud. Then take a physical image of the Galaxy S5 (Can be imaged in UFED without root). Load it into UFED PA and kick out a report on WeChat.
since the custodian is willing to share the credentials. get a burner Galaxy S5. Get the latest WeChat APK. Login to the account and let it sync everything from the Cloud. Then take a physical image of the Galaxy S5 (Can be imaged in UFED without root). Load it into UFED PA and kick out a report on WeChat.
You will have a hard time at court if this was pulled off. If you do so please use proper documentation and have good sense of explanation.Â
Â
Goodluck.
What is the exact model of the P30 and Android version you got ? I might have a way for decrypted full filesystem dump even if you don't know the user lock...
since the custodian is willing to share the credentials. get a burner Galaxy S5. Get the latest WeChat APK. Login to the account and let it sync everything from the Cloud. Then take a physical image of the Galaxy S5 (Can be imaged in UFED without root). Load it into UFED PA and kick out a report on WeChat.
You will have a hard time at court if this was pulled off. If you do so please use proper documentation and have good sense of explanation.Â
Â
Goodluck.
of course it's not ideal. but it does work. as with anything you do take good documentation, photographs, etc.. With certain apps you may be left with limited choices if you need to capture the data.