The chipset is a Spreadtrum SPD6631E, the NOR binary image was extracted successfully.
- UFED PA 7.29 isn't parsing the binary dump, their support was already contacted
- Oxygen Forensic Detective isn't parsing the binary dump
- Belkasoft Evidence Center isn't parsing it
Any suggestions are welcome!
Are you able to determine what filesystem is present on the device? Just a hunch, but it may be one that the standard tools do not support, such as YAFFS/JFFS2/SQUASHFS.
Have you run binwalk across it? If not, perhaps doing so and posting the output of that tool here may help others figure out what's going on.
Thanks,
Ben
Most probably there is an FTL, I will post later on the binwalk results as well.
I am guessing this was a SPD6531 rather than a SPD6631? I've never heard of 6631 but 6531 is a very common Spreadtrum chip which XRY has good support for so if you have access to XRY importing the binary with the Spreadtrum USB Generic profile is certainly worth a shot!
It is SPD6631E, as I wrote it. Maybe it is a fake name, but still, this is what the chipset reading reports.
binwalk finds 9 LZMA parts, but not able to open them, could it be that the content is encrypted ?!
Possibly, but not necessarily. If you run binwalk with the "-eM" options, it will attempt to unpackage content based on other dependencies you have installed that are compatible (and - caveat - that it knows about). Assuming you're usung a Linux system and have tools like tar/untar installed then this may succeed.
If all you get is lzma blocks, then you can always attempt to unpackage them yourself with the untar command, or perhaps by using "lzma -d" at the command line.
If unpackaging fails altogether, use dd to manually extract the lzma blocks based on the offset and count values provided by binwalk.
Hope this helps!
Ben