Join Us!

S7 Edge secure star...
 
Notifications
Clear all

S7 Edge secure startup  

  RSS
pcook8198
(@pcook8198)
New Member

Samsung S7 Edge Android 7.0
G935FXXS2DRC3

Handset requires PIN on Boot

Any suggestions much appreciated.

Ive tried
1 to 6 Digit pin
4,5,6 and 7 digit pins

Was partially through 8 digits

Very time consuming

Thoughts / ideas much appreciated

Quote
Posted : 14/06/2018 3:18 pm
shahartal
(@shahartal)
Junior Member

Cellebrite CAS can support this case.

ReplyQuote
Posted : 15/06/2018 4:52 pm
the_Grinch
(@the_grinch)
Active Member

HD-Box could brute force that for you

ReplyQuote
Posted : 15/06/2018 6:52 pm
passcodeunlock
(@passcodeunlock)
Senior Member

What did you use to brute force ?!

7+ PINs are rare, since they are hard to type - while driving for example )

Are you sure it is not asking for password instead of PIN ?!

ReplyQuote
Posted : 15/06/2018 8:45 pm
pcook8198
(@pcook8198)
New Member

CAIS has been used.

I was wondering if anyone had heard of anything else.

ReplyQuote
Posted : 18/06/2018 7:34 am
pcook8198
(@pcook8198)
New Member

Re the PIN

I totally agree, 7+ digits seems a little to long as studies show 11 digits is roughly the max the human mind is capable of.

Its certainly a PIN as the keyboard is only set to allow Digits , I can not input an Alpha Numeric / Symbol password.

ReplyQuote
Posted : 18/06/2018 7:37 am
athulin
(@athulin)
Community Legend

I totally agree, 7+ digits seems a little to long as studies show 11 digits is roughly the max the human mind is capable of.

I'm not sure what studies you're referring to, but I would expect them to say '11 *random* digits' as well as specify clearly what sample population the observations are valid for. Most are valid only for students at a particular university…

In a file with cracked passwords that I have collected (thus very probably PINs that someone has remembered), I find the majority of PIN entries (i.e. digits only) to be 11 or less, as you state, but I have more than 6000 16-digits PINS, and around 100 24-digit pins. The longest are 255 digit PINs, but as some are all the same digit ('00000…', '1111…' and '5555…') – I suspect an effect of a max-length of 255 characters in PIN together with auto-repeat keyboard press key until it beeps (or for x seconds, leading to string truncation), or something like that, but no exceptional memory.

Very many long PINs have an initial sequence of '0000…', followed by a 7-digit (or longer) more random sequence. ('1111…' are also present, but less common.)

So throwing all remaining long PINs found in any of the 'standard' password leaks (such as the rockyou leak files, for example) might be an idea.

Or … start with 'numbers' from personal relation social security numbers, say, or phone numbers or dates … or just possibly credit card numbers. (I would do all 8-digit dates before I did any more random 8-digit sequences, for example, and I might start by looking at 'nearby' years first). And possibly extend with '0000…' .

ReplyQuote
Posted : 18/06/2018 8:47 am
passcodeunlock
(@passcodeunlock)
Senior Member

Well, you should look for a signed eng. boot which disables the PIN for your device and flash it.

If CAS failed opening it, that is the next thing I'd do )

ReplyQuote
Posted : 18/06/2018 12:11 pm
shahartal
(@shahartal)
Junior Member

No, this will never work on a Secure Startup phone (given it was properly identified as one).
Secure Startup means it is actually encrypted with the user passcode, therefore there is no way around discovering the passcode, and engboot will give you root but a fully encrypted user data partition.
If you have a valid brute force method, that’s the only way in.

ReplyQuote
Posted : 21/06/2018 6:03 am
nightworker
(@nightworker)
Active Member

Dont trust cellebrite advanced support because i want to send them a telephone and they sait we can do everything but when my customer said them we will go to telaviv and we can gave you money whatever you want they didnt answer us.

ReplyQuote
Posted : 21/06/2018 9:08 am
pcook8198
(@pcook8198)
New Member

Thank you for all your input and suggestions

Im currently finishing the 8 digit pin dictionary as i type.

Moving on to 9 digit dictionary soon.

Oh the joys

I'll keep you informed of my progress.

OR

The sun will burn out before i finish and it will not matter -)

ReplyQuote
Posted : 21/06/2018 11:06 am
passcodeunlock
(@passcodeunlock)
Senior Member

No, this will never work on a Secure Startup phone (given it was properly identified as one).
Secure Startup means it is actually encrypted with the user passcode, therefore there is no way around discovering the passcode, and engboot will give you root but a fully encrypted user data partition.
If you have a valid brute force method, that’s the only way in.

That is the only way in known by you maybe )

If there is an encrypted binary dump, we can decrypt in many cases the encryped user data partition, no matter of the Android version.

We also fail sometimes, that's part of the game, but at least we don't pretend knowing everything!

ReplyQuote
Posted : 21/06/2018 12:59 pm
shahartal
(@shahartal)
Junior Member

You are free to take my words or not )
Yes, some cases can be decrypted offline, but *not* on phones where the encryption key is derived from a hardware key and the user passcode (= Secure Startup).
People usually confuse Secure Boot with Secure Startup, they are not the same thing.

ReplyQuote
Posted : 22/06/2018 8:42 am
passcodeunlock
(@passcodeunlock)
Senior Member

shahar I know pretty well the difference between Secure Boot and Secure Startup )

Sometimes you don't need to deal with the Trusted Zone, the encryption key derived from the hardware key and the user lock can be found inside of a physical dump.

Whoever is reading this, please don't get me wrong, I don't say that this is always possible, that is why I wrote "Sometimes".

ReplyQuote
Posted : 23/06/2018 10:17 am
Share: