Extracting Data fro...
 
Notifications
Clear all

Extracting Data from an SM-G550T1

Azryael
(@azryael)
New Member

Hi all, new here, but have a question concerning retrieving data from a Samsung Galaxy On5 (SM-G550T1) that's apparently had some rooting attempts or something done with it (perhaps bad update) and it never fully boots. Safe mode does not work either.

Upon entering recovery mode the console outputs a dm-verity verification failure, which as I understand it means it's a soft-brick to "protect" the device. FRP is enabled, so using AXIOM's recovery images don't work either because loading of custom binaries is blocked.

I know I can load a fresh ROM using some tools (Odin3) but that results in a factory reset wiping all that data. I've tried to access the phone as is, via Cellebrite to make an image of any data I can, but assuming that the phone is unable to boot into the OS all the way, Cellebrite is unable to actually access the device even at a file system level.

The goal was to keep this non-destructive, and as anything beyond Android 6 typically has encryption on the modules, a chip-off is likely not the answer either.

I've been able to get it to show a "MetroPCS" splashscreen three times, but each time the device freezes at that screen and nothing else happens even after allowing several minutes to an hour pass.

We did order a factory replacement battery as I know they can sometimes cause boot issues if a cell is bad or some other internal component has given up the ghost.

Looking for some feedback on a way forward. Thank you!

Quote
Topic starter Posted : 11/05/2022 10:58 pm
Di Do
(@didodzx)
New Member

Hi there is the device stuck on the logo or it's never boot (fully dead) ?

This post was modified 1 week ago by Di Do
ReplyQuote
Posted : 12/05/2022 9:13 am
Azryael
(@azryael)
New Member
Posted by: @didodzx

Hi there is the device stuck on the logo or it's never boot (fully dead) ?


Good morning! The device usually freezes up after the black screen with white text that says "Samsung Galaxy On5". Only three times did it get beyond that to display the second animated "Samsung" text and then the subsequent carrier logo where it would also freeze up.

ReplyQuote
Topic starter Posted : 12/05/2022 3:39 pm
Azryael
(@azryael)
New Member

To clarify, the intial startul text will go away and I'm left with a pure black screen, but it's obvious the backlight is on.

ReplyQuote
Topic starter Posted : 12/05/2022 7:13 pm
arcaine2
(@arcaine2)
Active Member
Posted by: @azryael

I know I can load a fresh ROM using some tools (Odin3) but that results in a factory reset wiping all that data. I've tried to access the phone as is, via Cellebrite to make an image of any data I can, but assuming that the phone is unable to boot into the OS all the way, Cellebrite is unable to actually access the device even at a file system level.

Not quite. Those exploits for older FDE devices were quite low-level and did not fully boot the phone to Android. It may still work, although if i recall correctly, there were some issues with this model.

 

Verify the Knox status in bootloader screen as both dm-verity and freezing may be related with eMMC giving up and not rooting attempt. For this to work, it should have OEM Unlocking enabled and based on your description it's disabled.

 

While the phone shipped with Android 6.0.1, there are reports of ISP method working so shouldn't be encrypted. Pinout for ISP for G550T and T1 is the same.

 

 

ReplyQuote
Posted : 13/05/2022 3:36 pm
Azryael
(@azryael)
New Member

As I've been doing my research on this particular model, I've come to discover this particular phone model suffered from a host of issues...

Attempting to boot into the bootloader from the recovery mode just results in the same black screen.

Another "expert" who has far more experience than I do in this respect is adamant that because it shipped with Android 6, it's going to be encrypted.

I'm still able to occasionally get the phone to the carrier splash screen, where it freezes up, so I'm assuming that this is indeed more than just a software issue and perhaps a hardware issue.

Unfortunately, my time with the device is running out, and we'll be turning it over to the aforementioned expert this weekend if I can't make any progress today.

Can't win them all, but it was worth a shot!

 

ETA: I wonder if Cellebrite Premium could handle this (I don't have access to that) or if they'd ask for the phone to be shipped to them as is often the case with newer iOS devices.

This post was modified 6 days ago 2 times by Azryael
ReplyQuote
Topic starter Posted : 13/05/2022 3:50 pm
arcaine2
(@arcaine2)
Active Member
Posted by: @azryael

Another "expert" who has far more experience than I do in this respect is adamant that because it shipped with Android 6, it's going to be encrypted.

 

Most devices that shipped with Adroid 6 are factory encrypted, but not all. The same model, but a differnt variant - a SM-G5500 variant actually shipped with 5.0.1. There's a pinout for ISP available on mobile forensics google group, made and tested by well known and trusted member, it won't hurt to try that route. You can also find reports of dumping it usin TWRP, also suggesting no encryption, but that won't work for you since FRP lock is enabled.

 

My guess is that's the eMMC is giving up and there is a data corruption. Trying to dump the eMMC either using ISP or via chip-off may be the only possible method to get the dump.

This post was modified 4 days ago 2 times by arcaine2
ReplyQuote
Posted : 15/05/2022 9:43 pm
Azryael
(@azryael)
New Member

I would have loved to have tried, but I was told to keep my attempts non-destructive. The device is out of my hands now, but I will definitely keep this in mind if I find myself in a similar situation.

I appreciate the info, however! Bothers me I couldn't get into it, but you can't win them all.

ReplyQuote
Topic starter Posted : 15/05/2022 9:48 pm
Di Do
(@didodzx)
New Member

If it's a software problem you can flash the boot img partition maybe you get lucky and the phone turns on.

ReplyQuote
Posted : 16/05/2022 10:17 am
Azryael liked
Azryael
(@azryael)
New Member

@didodzx 

Would have been worth a try, but isn't there a concern of it wiping the whole phone? As I understand it, the failsafes in lots of these devices are meant to make data irrecoverable if such actions are performed.

I'm still fairly new this process on mobile devices. Give me a hard drive and I can do a head swap blindfolded, or fix a popped resistor on a logic board that took a bit too much juice, but I'm a fish out of water in this terriory.

ReplyQuote
Topic starter Posted : 16/05/2022 3:44 pm
Azryael
(@azryael)
New Member

Update - the other guy couldn't get into it either. I'm 99% sure this is now a hardware fault.

We'll see what happens from here. If I get the device back, I'll take some time to examine the circuitry myself to look for any obvious damage, if nothing can be readily found, I'll look at both Dido's and Arcaine's suggestions.

ReplyQuote
Topic starter Posted : 17/05/2022 2:10 am
Share:
Share to...