Hallo
Device: Huawei G7
Cpu: qualcomm
OS: Android 4.4
Status: Freeze on logo
I readed partition userdata, it result crypted with truecrypt.
Decryption code is the same as phone usercode/pattern?
Any way for decrypt userdata.bin with method different than bruteforce?
Sorry, how did you come top the conclusion that the userdata partition is encrypted using truecrypt? One of the main purposes of truecrypt partitions is that they are indestingisable from a partition overwitten with random data. There are no paintext truecrypt header information etc. so how did you come to the conclusion it was Truecrypt?
See point 2 of Plausable Deniability on page 37.
Hallo
Device: Huawei G7
Cpu: qualcomm
OS: Android 4.4
Status: Freeze on logo
I readed partition userdata, it result crypted with truecrypt.
Decryption code is the same as phone usercode/pattern?
Any way for decrypt userdata.bin with method different than bruteforce?
What tool did you use to image this phone?
What type of image did you create? Physical or Logical?
Was the phone rooted when you imaged it?
Did a person rooting the phone put the phone in a boot loop (Freeze on logo)?
Have you tried Huawei HiSuite to image the phone?:Â https://consumer.huawei.com/en/support/hisuite/
phone received in bootloop, i not known the reason. Replaced battery, removed volume keys, still bootloop. I not known if owner tryed to root phone, they never say the true 🙂
Owner need photos, readed userdata.bin in edl mode