Notifications
Clear all

Android 11 Phones

FF1984
(@skyccord)
New Member

I'm struggling on finding a way to properly extract Android 11 phones.  These are all extractions with authorization so I have the phone in hand with the device/pin.  I have tried Cellbrite Inspector formely Blacklight, Belkasoft Evidence Center.  None of them have successed in installing their agent and doing an extraction.  I have also manually done an AB backup but the import doesn't work to show any data.  Any ideas of tools that actually work?

Quote
Topic starter Posted : 29/07/2021 12:53 pm
arcaine2
(@arcaine2)
Active Member

What devices do you have a problem with? Some, like Xiaomi does not allow installing apps via ADB if there's no Mi Account on the device so a way to bypass this is to push agent apk to the phone and install it using a file manager. Overall, doing logical extractions from Android 11 phones shouldn't be any different than from Android 10 or 9.

ReplyQuote
Posted : 29/07/2021 6:35 pm
FF1984
(@skyccord)
New Member

@arcaine2 Samsung Galaxy Z Flip 5G or Google Pixel 3.

Both software vendors say Android 11 isn't supported.  Android 11 force device encryption.  It is not longer optional and when you do an extraction it needs a backup password which none of these tools seem to be able to handle.  Previous to 11 you can decrypt the device and take an unecrypted backup essentially.

This post was modified 2 months ago by FF1984
ReplyQuote
Topic starter Posted : 30/07/2021 3:50 pm
arcaine2
(@arcaine2)
Active Member
Posted by: @skyccord

@arcaine2 Samsung Galaxy Z Flip 5G or Google Pixel 3.

Both software vendors say Android 11 isn't supported.  Android 11 force device encryption. It is not longer optional and when you do an extraction it needs a backup password which none of these tools seem to be able to handle.  Previous to 11 you can decrypt the device and take an unecrypted backup essentially.

That's not the whole truth. Android actually forced device encryption for devices that shipped with Android 6, a long time ago. It was optional only for devices that were updated to 6.0, or that were too weak to handle encryption properly.

 

I don't know how Cellebrite Inspector does things, but UFED has no problems handing devices with Android 11 on board, when it comes to logical extractions. I just updated my test Samsung S20 to 11 and done "advanced logical" extraction. It installed its Agent apk and everything went smoothly, the adb backup was made with 12345 as passcode (set automatically) that i'll have to later enter to decode with Physical Analyzer.

 

I don't have any Pixel to test, but i wouldn't expect any other result. Maybe the Inspector or BEC do not set adb backup passcode automatically, and it fails there.

 

 

 

ReplyQuote
Posted : 30/07/2021 6:55 pm
FF1984
(@skyccord)
New Member

@arcaine2 "

"Inspector or BEC do not set adb backup passcode automatically, and it fails there."

Exactly where it fails.

ReplyQuote
Topic starter Posted : 30/07/2021 7:09 pm
arcaine2
(@arcaine2)
Active Member

So it's not so much that Android 11 blocked something and it can't but done anymore, but the tools you're using were not updated yet, or you're using outdated versions. UFED supports it just fine, Oxygen as well, Xry most likely also. Belkasoft has a new, BEC X which may support 11 as well, but i'd suggest asking them about it.

ReplyQuote
Posted : 30/07/2021 7:53 pm
FF1984
(@skyccord)
New Member

@arcaine2 I've spoken to all vendor.  All there latest version do not support.  Seems like Cellebrite is about to do right by me and they said they have planned support for Inspector but it's not done yet.  Part of the problem here is vendors were hiding what they could or could not do.  It wasn't until I kept pressing that they all gave me the proper answer which was "this is not currenlty supported with our tool."  I am on version 11 for BEC X and 10.3 for Inspector.  both the latest versions.

ReplyQuote
Topic starter Posted : 30/07/2021 9:07 pm
arcaine2
(@arcaine2)
Active Member

Looks like Inspector, being focused mostly on computers, is a bit behind their tools for mobile devices extractions then.

 

Have you tried doing the adb backup part manually, proving a passcode and checking if it can be dedoded correctly with the tools you have?

 

Something like this adb backup -apk -shared -all -f your_backup_file.ab still do the job.

ReplyQuote
Posted : 30/07/2021 9:16 pm
Plan_B liked
FF1984
(@skyccord)
New Member

@arcaine2 I really appreciate your replies.  I did that too.  Neither program was able to import.  They did not ask for decryption key.  I even decrypted it to a tar file and neither was able to understand what was imported.

ReplyQuote
Topic starter Posted : 30/07/2021 9:19 pm
Plan_B
(@plan_b)
Junior Member

BEC X is not exactly a tool that should be used for mobile devices. I am not surprised that it is not able to display data. I have tested the software only time and was so not satisfied.

I have worked with Cellebrite UFED products for years.

In the meantime I also use Oxygen very often. They have made very good progress in terms of smartphone support.

For example, I backed up my private OnePlus 6T (Android11) with OxyAgent (manually) because I was interested in the OCR function in Oxygen. The other logical backups also worked very well... even on Android 11.

As I said. Belkasoft should not be used for smartphones... this software is simply not designed for that in my opinion.

Greetings
PlanB

ReplyQuote
Posted : 03/08/2021 2:59 pm
arcaine2
(@arcaine2)
Active Member

@skyccord Belkasoft X had an update today to 1.9. It looks like on of the new features is support for encrypted ADB backups. Give it a go now.

ReplyQuote
Posted : 09/08/2021 5:42 pm
Share: