Physical Data Acqui...
 
Notifications
Clear all

Physical Data Acquisition Advice SM-930F

4 Posts
2 Users
0 Likes
782 Views
(@bellerophon)
Posts: 2
New Member
Topic starter
 

Hi Everyone,

I am looking for advice on the safest way to get a physical data acquisition for a Samsung S7 running Android 7 patched in December 2017. I have the pin code and ADB Debug access to the device, encryption is enabled thus I cannot unlock the bootloader without wiping the user data. I originally was going to put a custom recovery TWRP and using CF-Auto-Root.

Tech details for the device are below

Samsung S7 SM-G930F
Firmware Version (G930FXXU1DQL8)
BootLoader Details SWREV B1 K0 S0 FRP ON
Patch Level December 2017

I am thinking the best approach would be using Odin and a eng-root bootloader is the best option http//eng-root.firmware.ir/sm-g930ffd/

 
Posted : 16/02/2020 3:12 pm
(@arcaine2)
Posts: 235
Estimable Member
 

G930F doesn't come with locked bootloader. Samsung started to lock bootloaders by default for international variants in 2019 with models like S10, new A and M series etc.

In your case, you could enable OEM Unlocking in developers menu and flash TWRP but this would trip Knox and make any data protected by Knox inaccessible.

You seem to be running a very old firmware on this one so using eng-root would be much better option and a way to go, assuming the file you find is a valid one.

 
Posted : 16/02/2020 5:38 pm
(@bellerophon)
Posts: 2
New Member
Topic starter
 

Thanks for the advice arcaine2, when you say the Knox encrypted data is lost do you mean everything in the /data/data/ internal storage will be lost?

Do you know of any reputable places to get eng-root bootloaders? Guess the other option is invest time / hope someone develops this root kernal exploit CVE-2019-2215 for the S7. That should give me the access I need.

Key data I am trying to recover is the WhatsApp data unfortunately the app is stuck with an error stating the date / time is wrong. The date is correct but the app is old so I think that is the issue it appears to be common according to some googling.

The phone is not connected to a Google account anymore so cannot update the app via play services. I have considered uploading the latest WhatsApp APK to the phone sd card then installing the updated version of the app. However I don't know if updating the app from the sd card will force the app to force a SMS verification due to it not being from a trusted location. The sim card has been deactivated in the device so it's not possible to get the SMS code.

 
Posted : 16/02/2020 11:17 pm
(@arcaine2)
Posts: 235
Estimable Member
 

Thanks for the advice arcaine2, when you say the Knox encrypted data is lost do you mean everything in the /data/data/ internal storage will be lost?

Nothing will be wiped, but data stored in knox "container" won't be accessible.

Do you know of any reputable places to get eng-root bootloaders?

To be honest, no, except for paid servers with files for flashing and repairing phones, like easy-firmware etc. The one you found may work and i remember having this on my disk months ago. The good thing is, that if you have OEM Unlocking disabled (default), you shouldn't be able to write any unsigned image. If file you'll try to flash with Odin won't be signed by Samsung, it just won't flash and do any harm.

EFT Dongle has some working eng-root files included, in case of G930F even up to U5 firmware and they do work.

Guess the other option is invest time / hope someone develops this root kernal exploit CVE-2019-2215 for the S7. That should give me the access I need.

Based on what you wrote before, phone you have is running Android 7, this exploit works on 8.x and from what i remember, has to be adapter per device.

 
Posted : 17/02/2020 6:58 pm
Share: