Hi
I have some Android phone extractions with the SilentPhone app. Both extractions come from phones belonging to the same target.
Phone 1 Samsung SM-G950W, Android 8.0, SilentPhone version 6.3
Phone 2 Samsung SM-G950W, Android 7.0, SilentPhone version 6.3
Both phones were acquired by Cellebrite CAS, so I have full file system extractions.
The "databases" folder contains the following DBs
- dialer.db (not encrypted)
- message_indexes.db (encrypted)
- repo_store_enc.db (encrypted)
- sc_contacts.db (encrypted)
- sc_keystore.db (encrypted)
- <username>_axo_store_enc.db (encrypted)
I tried processing the extractions with UFED PA 7.33 and Oxygen 12.4, and neither was able to pull data from the app. The dialer.db in not encrypted, but it does not contains much pertinent data.
I Googled a bit but there isn't much information on that app and found nothing on how to decrypt the data. I looked in the XML files in the app folder, but I did not find something that may look like a SQLCipher encryption key.
Does anyone have any experience with dealing with data from the SilentPhone app?
Thanks!