Can anyone help please?
I am trying to establish the imei number of a handset in my possession. The handset is locked with a password
A physical extraction using both Cellebrite and XRY has retrieved data from the device but neither report the IMEI.
I have the hex data from the exam
Can anyone tell me where the imei is recorded within this data?
Many thanks
Do you speak about Samsung GT-I9300 (original) or Samsung GT-I9300 (Chinese phone)?
From what I can see its an original it is however in a poor state.
You can use data from field 'Unlock Pattern' UFED's report for unlock this phone .
After that you can get IMEI.
Hi Igor, Thanks for the response,
I have tried using both the unlock pattern and unlock pattern carver from ufed without success.
It appears that as the password is complex it is not being recovered which is why I ask if anuyone knows the location or how the imei is stored
I have tried a regular search for the TAC in the hex data but without knowing how it is coded I am struggling.
any suggestions?
Having carried out further research and comparing the files with another device it would appear that the IMEI field is not encrypted however on my device reads as a row of 0's ( probably why I couldnt find the TAC)
I am assuming that the imei has been manually altered / reprogrammed at some stage.
any thoughts would be welcome.
Simply,
Send you a private message.
Ron
True, this could be the solution. Having a corrupted EFS partition (the partition network related stuff is stored in) usually shows up as a generic IMEI number readnig like "004900xxxx.." or just "000000xxxx.."
Attention, this does not necessarily indicate intentional tampering but may also happen to people flashing their device incorrectly or applying Custom Roms. Everything else except Radio reception, Bluetooth- and Wifi connections would still work though.
Maybe it is possible finding out whether a Custom Rom or Stock Rom has been installed.