Need to get data fr...
 
Notifications
Clear all

Need to get data from locked Motorola XT862 Verizon ASAP

15 Posts
6 Users
0 Likes
734 Views
(@olifer)
Posts: 63
Trusted Member
Topic starter
 

I've got a Motorola XT862 that has either a password lock, pin lock, or pattern lock on it that I need to get into. This phone is in my custody as the result of a death and I do not know the code, or even the method used. Furthermore, I don't know the email account or password associated with this phone.

I have a Cellebrite UFED, and various other tools but cannot seem to find a way to get into the phone.

Any and all help is greatly appreciated!

Thanks in advance.

 
Posted : 24/04/2013 10:42 pm
(@rampage)
Posts: 354
Reputable Member
 

you said you have cellebrite so i guess you already checked the compatibility list and features? if pattern lock can be bypassed?

what do you meain by "i don't know the security method used"?

you don't know if it's pattern lock?

 
Posted : 25/04/2013 1:28 am
(@olifer)
Posts: 63
Trusted Member
Topic starter
 

Right, It's my understanding that there are four ways it can be locked Pattern, Pin, or Password. I don't currently have the phone in front of me but will again tomorrow. The last time we tried to access it with the Cellebrite it was unsuccessful. At that time, the potential data on it was not deemed to be that important. In light of recent developments it now is.

Thanks again.

 
Posted : 25/04/2013 2:35 am
(@rampage)
Posts: 354
Reputable Member
 

Do you know any further detail about the device?
like the version of android installed on it?

it might be important to determine if a pattern lock attack can be effective or the partitions are scrumbled.

 
Posted : 25/04/2013 2:37 am
(@olifer)
Posts: 63
Trusted Member
Topic starter
 

I don't know anymore about it such as the version of Android that are on it. I know that there are various ways to perform a pattern lock attack, is there one method that stands out over others?

 
Posted : 25/04/2013 2:45 am
(@rampage)
Posts: 354
Reputable Member
 

methods vary depending on the status of the device and the android version.

generally if the device is rooted then ADB is enabled and therefore you should be able to simply delete the gesture file.

if the bootloader is unlocked i THINK it's possible to use a custom recovery image with ADB enabled to mount and access the partitions to bypass the pattern lock.

yet i don't know and i'm therefore curious

if i have a factory device and i can send it into download mode, can i flash a custom recovery (like let's say clockworkmod or whatever, even a forensically oriented custom ROM) and then use it to access the device partitions? i think not if partitions are scrumbled, but for that i think the only chance is to try a cold boot attack as a last resort.

 
Posted : 25/04/2013 2:57 am
(@olifer)
Posts: 63
Trusted Member
Topic starter
 

Thanks for all of the information. I really appreciate it. I'll work with these suggestions and cross my fingers!

 
Posted : 25/04/2013 3:00 am
(@paperclip_cce)
Posts: 6
Active Member
 

The Motorola XT862 was added to the Cellebrite UFED Logical list of supported devices on 4/5/2011

Have you tried calling Cellebrite?

Headquarters
Cellebrite Ltd.
94 Derech Em Hamoshavot St.
Petah Tikva 49130, P.O.B 3925
Israel
Tel. +972 3 926 0900
Fax. +972 3 924 7104

USA
Cellebrite USA Inc.
266 Harristown Rd., Suite 105
Glen Rock, NJ 07452
U.S.A.
Tel. +1 201 848 8552
Fax. +1 201 848 9982

Germany
Cellebrite GmbH
Am Hoppenhof 32a
33104 Paderborn
Germany
Tel. +49 52 51 54 64 90
Fax. +49 52 51 54 64 9 49

– Good luck!!

 
Posted : 25/04/2013 3:06 am
(@rampage)
Posts: 354
Reputable Member
 

my general suggestions tho are

- try to find an equal spare device
- try everything on it before "attacking" the real evidence
- the techniques are generally invasive when it comes to flashing and dealing with custom recovery etc.

if the informations are really important AND you can't find a software valid extraction approach, consider the JTAG approach and the chip-off as a last resort.
in this case
- check if cellebrite UFEDPA supports jtag extractions from such specific model.
- consider that if android is version > 4 you can discover the filesystem is encrypted and therefore it's gonna be painful.

 
Posted : 25/04/2013 3:06 am
(@trewmte)
Posts: 1877
Noble Member
 

I don't know this particular model but if you look to taking the JTAG route perhaps look at something along the lines of Medusa Box to extract a chip image and search using keyword/s? CCL put out a script ( http//digitalinvestigation.wordpress.com/2012/02/20/cracking-android-pins-and-passwords/ ), try that and see if it works. You did mention in you post Password, Pattern, PIN, so perhaps the search could include terms e.g.

password.key
pinlock.key
lockdown.password_salt

 
Posted : 25/04/2013 11:01 am
Page 1 / 2
Share: