Hi there,
I have a Samsung Galaxy A21s (SM-A217F/DSM, Exynos 850, And. 10, Patch-Lvl. 1. Jan 2021) where FFS backup with UFED 4PC was impossible but XRY managed to back it up the Physical way (known passcode).
Is it possible to decode the extracted eMMC image (export is possible with Elements) and process it with Physical Analyzer?
Â
Thanks!
Nico
Is it possible to decode the extracted eMMC image (export is possible with Elements) and process it with Physical Analyzer?
I'm not using Xry daily, but i belive there's an option to export filesystem to a directory in XAMN. You can then select that directory as data source in PA.
Hey nic
Â
The functionality to do this is built into XAMN, but it's hidden in a right-click option at the data source option.
If you have access to MSAB Customer Portal there is a quick video guide to show you how to do this:
MSAB Customer Portal > Video/Webinars > XAMN & Analysis > XAMN in 5 - Quick Views - Exporting a Binary File - This video will show you two ways to export a Physical extraction binary file using XAMN Elements.
Basically you go to the Data Source view in XAMN and right-click the mouse for "Export to .bin"
Â
Its worth a try to import the .bin into PA with the right phone profile.
Â
Greetz
So you can export the physical image using the method described above but as far as I can tell XAMN doesn't give you an option to export the decryption keys. AP also doesn't include an option when loading the physical to load the keys required to decrypt the file based encryption.
Â
That means that although it is possible to export the physical from XAMN and import it into PA there is no way for PA to decrypt the encrypted file system. Therefore PA will only be able to analyse some system files that are not encrypted. All the useful user data will remain encrypted.
That means that although it is possible to export the physical from XAMN and import it into PA there is no way for PA to decrypt the encrypted file system. Therefore PA will only be able to analyse some system files that are not encrypted. All the useful user data will remain encrypted.
It's possible to do it the other way around, but it's quite time-consuming. In XAMN, once everything loads, you can switch to filesystem view, and then export the whole decrypted filesystem to a directory. Once that's done, you can point that directory to PA, or better compress that exported data to .zip and process it with PA. https://imgur.com/a/twNvmyZ
Â
Â