Join Us!

Sony Xperia E5 Acqu...
 
Notifications
Clear all

Sony Xperia E5 Acquisition  

  RSS
Thomass30
(@thomass30)
Active Member

Hello colleagues,
I have Sony Xperia E5 with Boot level protection to run Android, USB Debugging mode disabled and locked bootloader.
Based on gsmarena.com it is Mediatek MT6735 so I tried MTK Hack in MobilEdit Forensic Express but nothing happened ( even if it works I know it will be encrypted)

I think It will be very difficult to do anything with this right know because JTAG or Chip-off methods are not the options right now (the raw image will be encrypted anyway).

Any other ideas what could be done with this?

Quote
Posted : 20/08/2018 6:25 pm
kastajamah
(@kastajamah)
Member

Without knowing how many devices were seized at one time, have you considered extracting the other devices to try and determine the PIN or passphrase. My experience has been people reuse the same ones from phone to phone.

ReplyQuote
Posted : 20/08/2018 7:34 pm
passcodeunlock
(@passcodeunlock)
Senior Member

@Thomass30 I know a way, but I need physical access to the device. You know my email address, so please drop me a mail…

@kastajamah true, but logically people wouldn't be asking for help if they would have other ways around already )

ReplyQuote
Posted : 20/08/2018 7:48 pm
thilizardo
(@thilizardo)
New Member

Hi folks,
I am working in a case with Sony Xperia XA(model F3216). Did you guys got success with Sony Xperia Acquisition? Even with bootloader pin code enabled…

Thanks in advance.

ReplyQuote
Posted : 06/12/2018 10:25 pm
passcodeunlock
(@passcodeunlock)
Senior Member

For Secure Startup enabled devices brute force should be the first step before anything else, once the PIN / pattern / password is found, you know the user lock as well )

Secure Startup has nothing to do with locked boot loader (stage 1), many people misuse the term for some reason.

ReplyQuote
Posted : 07/12/2018 10:09 am
mshibo
(@mshibo)
Junior Member

Well, I believe there's a way around and it starts with unlocking BL.
Fortunately, using Sony Flash Tool, we can unlock BL without triggering userdata wipe. After BL is unlocked we can flash any custom binary files using fastboot mode and in our case, we need to flash TWRP. Data will be encrypted for sure, but we can do something about it. From TWRP, we can mount /system and then delete systemui from /app folder. Now when we reboot phone, you'll find no locks and no system ui but you can access the data on the phone and continue your work.
Any further details needed about the whole process, just let me know.

ReplyQuote
Posted : 09/12/2018 2:32 pm
mshibo
(@mshibo)
Junior Member

For Secure Startup enabled devices brute force should be the first step before anything else, once the PIN / pattern / password is found, you know the user lock as well )

Would you, sir explain the method used to brute-force Secure Startup password?

ReplyQuote
Posted : 09/12/2018 2:43 pm
passcodeunlock
(@passcodeunlock)
Senior Member

If Secure Startup is set, it does't matter much if the BL is locked or unlocked, the early stage mount is an encrypted loop device, which must be passed first. There are several tools (and boxes) for brute force of screen locks, use what fits your needs.

ReplyQuote
Posted : 09/12/2018 7:27 pm
Share: