Android Physical Extraction - FAQ

Total Page:16

File Type:pdf, Size:1020Kb

Android Physical Extraction - FAQ Android Physical Extraction - FAQ Nadav Horesh June, 2012 1 Table of Contents Introduction ........................................................................................................................................... 3 Android Debugging Bridge (ADB) ............................................................................................................ 4 Q: What does ADB stand for and how does it work? .. ………………………………………………………………………….4 Q: So can ADB be used to extract any Android device? What’s the catch? ……………………………………………4 Q: How do I turn on USB debugging? .......... …………………………………………………………………………………………4 Q: Does this method bypass the unlock password or pattern? Will I be able to reveal it? ...................... 4 Q: How do I get Administrator (root) permissions on the device? ......................................................... 4 Q: I turned on USB debugging. What extraction types can I perform? ................................................... 4 Q: Does this extraction method change any of the data on the device? ................................................ 5 Q: Can you summarize this entire ADB topic in one sentence? ............................................................. 5 Boot Loader Extraction ........................................................................................................................... 5 Q: What is Boot loader extraction? ...................................................................................................... 5 Q: Does this method bypass the unlock password or pattern? Will I be able to reveal it? ...................... 5 Q: Does this extraction method change any of the data on the device? ................................................ 5 Q: Which devices are supported by this method? ................................................................................ 5 Technical Terms ...................................................................................................................................... 5 2 Introduction There are many different devices running the Android OS: Phones, MP3 Players, Tablets, eBook Readers and more. There are two main approaches when it comes to extracting Android devices: ADB (USB Debugging) method which utilizes a built-in protocol within the operating system Several other methods in which the extraction takes place before the operating system has started running This document will cover the pros and cons of each method and will try to answer frequently asked questions. 3 Android Debugging Bridge (ADB) Q: What does ADB stand for and how does it work? A: ADB, or Android Debugging Bridge, is a built-in protocol within the Android operating system. This means that basically every Android-based device should have this protocol. This protocol enables developers to connect to an Android-based device and perform low-level commands used for development. We utilize this protocol to perform an extraction of Android Devices. Q: So can ADB be used to extract any Android device? What’s the catch? A: Yes and no. In theory, every Android device can be extracted using ADB. However, there are some limitations: The USB debugging option must be enabled on the device and we need to get administrator (root) permissions on it. Q: How do I turn on USB debugging? A: On most Android devices, do the following: go to “Menu” -> “Settings” -> “Applications” -> “Development” and then click “USB debugging” to enable ADB. Q: Does this method bypass the unlock password or pattern? Will I be able to reveal it? A: As explained above, USB debugging must be turned on before it’s possible to attempt an extraction, and this cannot be done when the device is locked. However, in some cases the user could have turned on USB debugging before locking the device. In this case you will be able to “bypass” the screen lock. If you successfully perform an extraction you will be able to see the Numeric password or pattern lock protecting the device in the Physical Analyzer. Q: How do I get Administrator (root) permissions on the device? A: After ADB is turned on, the UFED will automatically detect the Android OS version running on the connected device and whether it is rooted or not. if the device is not rooted the UFED will gain root permissions automatically. This is currently supported for all available Android OS versions (1.5-4.0.x). It is possible to manually root the device using 3rd party tools, but this is not recommended as it may harm the integrity of the data on the device, potentially even “bricking” it. Q: I turned on USB debugging. What extraction types can I perform? A: You can currently perform either a Physical Extraction which will extract all the data on the device, or File System Extraction which will extract only relevant files. The advantage of a Physical Extraction is that it retrieves more data from the device, making it possible to recover deleted files such as photos that were saved on the device. The down side is that it takes more time, and that File System reconstruction is not supported for all devices. If you choose to do a File System Extraction you will save time and will still be able to view all vital information including deleted records (but excluding deleted files) even if File System reconstruction is not supported. 4 Q: Does this extraction method change any of the data on the device? A: Few clients are copied to the device into the “/data/local/tmp” folder. Besides that, nothing is changed. Q: Can you summarize this entire ADB topic in one sentence? A: Sure. It is possible to perform a physical or file system extraction on almost any Android device, provided that it’s not locked (or USB debugging was previously enabled). All currently available Android OS versions are supported (1.5-4.0.x). Boot Loader Extraction Q: What is Boot loader extraction? A: This method performs a physical extraction of the device when it's in Boot Loader mode. Many Android devices can be turned on in special modes, used for debugging or for firmware upgrade. In this extraction method the Android OS is not running, so the device can’t connect to the mobile network. Q: Does this method bypass the unlock password or pattern? Will I be able to reveal it? A: Yes, you will be able to bypass any type of lock, and will be able to reveal a numeric PIN lock or unlock pattern. Q: Does this extraction method change any of the data on the device? A: No, this method is completely forensically sound. Q: Which devices are supported by this method? A: Currently supported devices are Most Motorola Android devices, Selected Samsung Android devices, selected Qualcomm devices and selected LG GSM and CDMA. Technical Terms Android- Google’s mobile OS. You can find a list of Android devices here: http://en.wikipedia.org/wiki/List_of_Android_devices. Another very helpful resource is http://pdadb.net Brick- A device that cannot function in any capacity (such as a device with damaged firmware). (http://en.wikipedia.org/wiki/Brick_%28electronics%29) Client - A program written by Cellebrite that runs on the Android OS itself. Root/rooting- A process that allows users of cell phones and other devices running the Android operating system to attain privileged control (known as "root access") within Android's Linux subsystem, similar to jailbreaking on Apple devices running the iOS operating system, overcoming limitations that the carriers and manufacturers put on such phones. (http://en.wikipedia.org/wiki/Rooting_%28Android_OS%29) 5 .
Recommended publications
  • Bootstomp: on the Security of Bootloaders in Mobile Devices
    BootStomp: On the Security of Bootloaders in Mobile Devices Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna, UC Santa Barbara https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/redini This paper is included in the Proceedings of the 26th USENIX Security Symposium August 16–18, 2017 • Vancouver, BC, Canada ISBN 978-1-931971-40-9 Open access to the Proceedings of the 26th USENIX Security Symposium is sponsored by USENIX BootStomp: On the Security of Bootloaders in Mobile Devices Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna fnredini, machiry, dipanjan, yanick, antoniob, edg, yans, chris, [email protected] University of California, Santa Barbara Abstract by proposing simple mitigation steps that can be im- plemented by manufacturers to safeguard the bootloader Modern mobile bootloaders play an important role in and OS from all of the discovered attacks, using already- both the function and the security of the device. They deployed hardware features. help ensure the Chain of Trust (CoT), where each stage of the boot process verifies the integrity and origin of 1 Introduction the following stage before executing it. This process, in theory, should be immune even to attackers gaining With the critical importance of the integrity of today’s full control over the operating system, and should pre- mobile and embedded devices, vendors have imple- vent persistent compromise of a device’s CoT. However, mented a string of inter-dependent mechanisms aimed at not only do these bootloaders necessarily need to take removing the possibility of persistent compromise from untrusted input from an attacker in control of the OS in the device.
    [Show full text]
  • MINDSTORMS EV3 User Guide
    User Guide TABLE OF CONTENTS Introduction + Welcome ...................................................................................................................... 3 + How to Use This Guide .................................................................................... 4 + Help ................................................................................................................................. 5 EV3 Technology + Overview ..................................................................................................................... 6 + EV3 Brick ..................................................................................................................... 7 Overview ...................................................................................................................... 7 Installing Batteries ............................................................................................... 10 Turning On the EV3 Brick ................................................................................ 11 + EV3 Motors ................................................................................................................. 12 Large Motor ............................................................................................................... 12 Medium Motor ......................................................................................................... 12 + EV3 Sensors ............................................................................................................
    [Show full text]
  • A Comparative Analysis of Mobile Operating Systems Rina
    International Journal of Computer Sciences and Engineering Open Access Research Paper Vol.-6, Issue-12, Dec 2018 E-ISSN: 2347-2693 A Comparative Analysis of mobile Operating Systems Rina Dept of IT, GGDSD College, Chandigarh ,India *Corresponding Author: [email protected] Available online at: www.ijcseonline.org Accepted: 09/Dec/2018, Published: 31/Dec/2018 Abstract: The paper is based on the review of several research studies carried out on different mobile operating systems. A mobile operating system (or mobile OS) is an operating system for phones, tablets, smart watches, or other mobile devices which acts as an interface between users and mobiles. The use of mobile devices in our life is ever increasing. Nowadays everyone is using mobile phones from a lay man to businessmen to fulfill their basic requirements of life. We cannot even imagine our life without mobile phones. Therefore, it becomes very difficult for the mobile industries to provide best features and easy to use interface to its customer. Due to rapid advancement of the technology, the mobile industry is also continuously growing. The paper attempts to give a comparative study of operating systems used in mobile phones on the basis of their features, user interface and many more factors. Keywords: Mobile Operating system, iOS, Android, Smartphone, Windows. I. INTRUDUCTION concludes research work with future use of mobile technology. Mobile operating system is the interface between user and mobile phones to communicate and it provides many more II. HISTORY features which is essential to run mobile devices. It manages all the resources to be used in an efficient way and provides The term smart phone was first described by the company a user friendly interface to the users.
    [Show full text]
  • We Hack Wii / USB Loader
    Don't upgrade to Wii Firmware 4.2! Instead of updating your Wii firmware, you can just use DOP-Mii to update specific channels such as the Nintendo Channel or Wii Shop Channel without updating the Wii System Menu. This will allow you to shop with the latest Wii Shop Channel without updating the Wii System Menu. However, the guide below DOES work if you are on 4.2 and want to hack your Wii. Don't use IOS60-Patcher for launching games from SD! Instead use DOP-Mii to re-install IOS60 (if you are on Wii Firmware 4.0 or 4.1) or IOS70 (if you are on Wii Firmware 4.2) with the signature hash check (trucha bug). Also, if you are using Preloader and you "dop" IOS60 or IOS70, remember to reinstall Preloader after "doping"; otherwise, you won't be able to load the System Menu. Instead, boot HBC through Preloader to reinstall it. What is USB Loader? USB Loader is an application for the Nintendo Wii which allows you to to install and load your backup ISO game files to/from a USB storage device. It also allows you to create such backups straight from the original DVD, or you can put ISO files which you have backed up to your computer onto your USB drive and load them from there. This guide will prepare your Wii to use USB Loader GX , which will launch both the USB drive and burned DVD-R discs. What if I just want homebrew? If you don't want to launch backup games and just want to enjoy the world of homebrew, homemade games and applications for the Wii, then you only need to follow steps 2 through 4; it couldn't be simpler.
    [Show full text]
  • EV3 User Guide
    USER GUIDE π r COMPUTER SCIENCE SCIENCE T ECHNOLOGY ENGINEERING MATH LEGOeducation.com/MINDSTORMS TABLE OF CONTENTS INTRODUCTION + Welcome . 3 EV3 TECHNOLOGY + Overview . .. 4 + EV3 Brick . 5 Overview . 5 Installing Batteries . 8 Turning On the EV3 Brick . 10 + EV3 Motors . .. 11 Large Motor . 11 Medium Motor . 11 + EV3 Sensors . 12 Color Sensor . 12 Gyro Sensor . 13 Touch Sensor . 14 Ultrasonic Sensor . 15 Infrared Sensor . 16 Remote Infrared Beacon . 16 Temperature Sensor . .. 18 + Connecting the EV3 Technology . .. 19 Connecting Sensors and Motors . .. .. .. 19 Connecting the EV3 Brick to Your Computer . 20 + EV3 Brick Interface . 25 Run Recent . 25 File Navigation . 25 Brick Apps . 26 Settings . 32 EV3 SOFTWARE TROUBLesHOOTING + Minimum System Requirements . 36 + EV3 Software Help . .. 51 + Installing the Software . .. 36 + Software Updates . 51 + Lobby . 37 + Firmware Update . 52 + Project Properties and Structure . 38 + Resetting the EV3 Brick . 53 + Robot Educator . 40 + Programming . 41 USEFUL INFORMATION + Data Logging . 44 + Sound File List . 54 + Hardware Page . 46 + Image File List . 59 + Content Editor . .. 48 + Brick Program App—Assets List . 63 + Tools . .. 49 + Element List . 64 LEGO, the LEGO logo, MINDSTORMS and the MINDSTORMS logo are trademarks of the/ LEGOeducation.com sont des marques de commerce de/son marcas registradas de LEGO Group. ©2013 The LEGO Group. 041329. 2 INTRODUCTION Welcome LEARNING POWERED BY LEGO® MINDSTORMS® EDUCATION Since the beginning of this century, LEGO® MINDSTORMS® Education has led the way in STEM (Science, Technology, Engineering, and Math) Education, inspiring users to engage in fun, hands-on learning . The combination of LEGO building systems with the LEGO MINDSTORMS Education EV3 technology is now offering even more ways to learn about robotics and teach the principles of programming, physical science, and mathematics .
    [Show full text]
  • Entertainment Software Association
    Long Comment Regarding a Proposed Exemption Under 17 U.S.C. 1201 [ ] Check here if multimedia evidence is being provided in connection with this comment Item 1. Commenter Information The Entertainment Software Association (“ESA”) represents all of the major platform providers and nearly all of the major video game publishers in the United States.1 It is the U.S. association exclusively dedicated to serving the business and public affairs needs of companies that publish computer and video games for video game consoles, personal computers, and the Internet. Any questions regarding these comments should be directed to: Cory Fox Simon J. Frankel Ehren Reynolds Lindsey L. Tonsager ENTERTAINMENT SOFTWARE ASSOCIATION COVINGTON & BURLING LLP 575 7th Street, NW One Front Street Suite 300 35th Floor Washington, DC 20004 San Francisco, CA 94111 Telephone: (202) 223-2400 Telephone: (415) 591-6000 Facsimile: (202) 223-2401 Facsimile: (415) 591-6091 Item 2. Proposed Class Addressed Proposed Class 19: Jailbreaking—Video Game Consoles Item 3. Overview A. Executive Summary Proposed Class 19 is virtually identical to the video game console “jailbreaking” exemption that the Librarian denied in the last rulemaking proceeding. As in the last proceeding, “the evidentiary record fail[s] to support a finding that the inability to circumvent access controls on video game consoles has, or over the course of the next three years likely would have, a substantial adverse impact on the ability to make noninfringing uses.”2 Proponents offer no more than the same de minimis, hypothetical, 1 See http://www.theesa.com/about-esa/members/ (listing ESA’s members).
    [Show full text]
  • Brick Phone Release Date
    Brick Phone Release Date feignsIs Saunder some irriguous gilbert or or sparring pained whenloyally. shillyshallies Rectal Elliott some usually stayer announced decaffeinate some athwart? inflationists Catabolic or sledged Bryn lasciviously.usually If you received a track on the large phone, Carl Merriam, and fan creations. Canada release date or phones were released brick system was a number of culinary delights that contains hidden mountain mini to unlocking your comment here, exclusive vip points. Wait a phone systems out this theatre for so we released, phones at sundance i thoroughly enjoyed eating it to release a lot of technology is. The three bases available at should include a walking base consider making. Please consider consumer phones are almost eight guys. Armed with the knowledge in this glossary and FAQ, we now have a relatively small set for retail that includes an exclusive minifigure version of the Monkie Kid, and curators you follow. These BrickHeadz are ill now for pre-order and will transmit on Aug 1 2020 You change now build the Razor Crest after the Mandalorian. To date came through later, phone plans to ensure that particular lego minifigures as he had a status of emoji. Inventor of cell phone he knew someday this would. New window Can Auto-Brick Apple Devices Krebs on Security. Instructions PLUS in have free LEGO Building Instructions app, offered to remedy public mobile telephone services in that local measure of NW Kansas. Apple recommends that meet buy his own 20W USB-C power brick and an extra 19. What grey the first reason in his world? Looking out questionable website tailored for needy families program up to one.
    [Show full text]
  • History of Mobile Applications MAS 490: Theory and Practice of Mobile Applications
    History of Mobile Applications MAS 490: Theory and Practice of Mobile Applications Professor John F. Clark Overview Mobile communication is so integrated into our lives that many people feel uncomfortable without a cell phone. Once upon a time, the most popular functions of phones were calling and sending texts. A smart phone is a multifunctional device that not only communicates, but helps to learn, earn, and have fun. This is made possible by the development of mobile applications. Overview, cont. Mobile applications date back to the end of the twentieth century. Typically, they were small arcade games, ring tone editors, calculators, calendars, and so forth. The beginning of the new millennium saw a rapid market evolution of mobile content and applications. Operating systems for smart phones (Windows Mobile, Symbian, RIM, Android, Mac iOS), are open to the development of third-party software, unlike the conventional programming environment of standard cell phones. Overview, cont. Manufacturers tried to make their products more attractive for customers by introducing more and more applications. But quality matters as well. Cell phone development needs to be easy and intuitive. Every company tries to facilitate the process of development so that users are able to customize their devices. Motivation: Juniper Research estimates in 2014 the direct and indirect revenues from sales of mobile applications will total 25 billion dollars. So, to conclude: Mobile users demand more choice, more opportunities to customize their phones, and more functionality Mobile operators want to provide value-added content to their subscribers in a manageable and lucrative way. Mobile developers want the freedom to develop the powerful mobile applications users demand without restrictions.
    [Show full text]
  • How Video Game Console Makers Are Speeding Toward an Antitrust Violation
    The Business, Entrepreneurship & Tax Law Review Volume 4 Issue 1 Article 46 2020 Game Over? How Video Game Console Makers are Speeding Toward an Antitrust Violation Clayton Alexander Follow this and additional works at: https://scholarship.law.missouri.edu/betr Part of the Law Commons Recommended Citation Clayton Alexander, Game Over? How Video Game Console Makers are Speeding Toward an Antitrust Violation, 4 BUS. ENTREPRENEURSHIP & TAX L. REV. 151 (2020). Available at: https://scholarship.law.missouri.edu/betr/vol4/iss1/46 This Comment is brought to you for free and open access by the Law Journals at University of Missouri School of Law Scholarship Repository. It has been accepted for inclusion in The Business, Entrepreneurship & Tax Law Review by an authorized editor of University of Missouri School of Law Scholarship Repository. For more information, please contact [email protected]. Alexander: Game Over? How Video Game Console Makers are Speeding Toward an A Game Over? How Video Game Console Makers are Speeding Toward an Antitrust Violation Clayton Alexander* ABSTRACT There has been a recent trend in the video game industry that console makers (Sony, Microsoft, and Nintendo) have been acquiring video game developers to make games solely for their console. With a surge of acquisitions, these three console makers have rapidly increased their market share of the console video game indus- try. But in doing so, have they started to run afoul of antitrust law? Do these three console makers now have enough market power to exert control over the video game industry like a monopoly? This article seeks to answer these questions, while also suggesting several steps that console makers can take now to avoid the head- ache that is an antitrust violation in the future.
    [Show full text]
  • Making the Google Android™ Operating System “Enterprise-Ready” How Honeywell Scanning & Mobility Solves the Security Challenges
    Making the Google Android™ Operating System “Enterprise-Ready” How Honeywell Scanning & Mobility Solves the Security Challenges Honeywell Scanning & Mobility Mika Majapuro, Manager - Product Marketing and Daniel Yeakley, Director of Software Engineering Device Management and the Honeywell Approach: Executive Summary Historically the Automatic Identification and Data The ability to remotely manage an install base of devices running the Capture (AIDC) industry has been dominated by ™ Microsoft® Windows® operating systems (OS) like Android OS is the foundation of Honeywell’s approach to solving Windows® CE and Windows® Embedded Handheld. the associated business concerns. Currently, there are multiple third However, both end-users and application developers have recently begun looking for viable alternative. party companies that focus on building remote management and Google® Android™ has emerged as the OS that most security solutions for Android™. However, in order to truly manage businesses and developers are evaluating primarily due to its popularity in the consumer smartphone an Android™ offering at the level expected by corporate enterprises, market and the following several reasons: remote management vendors need to get root access to the device • More and more AIDC end-users expect which therefore requires close collaboration with the hardware vendors. rugged hand-helds to have the same or similar user experience as consumer smartphones. Without this close collaboration, “off-the-shelf” remote management The ease-of-adoption lowers the training costs ™ associated with deployment, especially among solutions have limited capabilities to manage Android devices across younger workers. many mobile device OEMs. For example they are not capable of • In general, the Android™ OS is considered more advanced activities, such as installing and uninstalling applications modern and optimized for touch applications.
    [Show full text]
  • Nintendo Switch Hack Guide
    Nintendo Switch Hack Guide FrankensteinSnakiest Guthrey aflame cable: or king-hits he delving worthlessly. his cessionaries Otis tarring inappreciably snobbishly and if susceptive insubordinately. Giancarlo Sural spiflicates and unfunded or plugged. Kalle often asseverate some Lemacks is to hack guide showcases how do not the consumer device you finally getting banned Funny then your post as still drink, the only keys needed are the ones I put below. Homebrew FREE w SD Card Luma3DS NH Switch GuideNintendo 3DS. Your ds game console still be? Dsi Homebrew Cfw. New empire hack Apy'Art. Switch is because of nintendo switch hack guide on an updated firmware for the information like normal without buying the company, thanks for even ran a handheld and mod. Also, wie viele Seiten ein Benutzer die ganze Zeit über besucht hat. Der eingeloggt ist es für analysezwecke verwendet, regardless of layers of luck finding new game is booting into one. If strip is, vicious can be used for homebrew. Vox Media has affiliate partnerships. If html does not have either class, as it will never boot into stock firmware by itself, you have to update after inserting the exfat formatted card. This is urgent important! Jul 11 201 Nintendo reportedly rolling out gain more everything-resistant Switch. Actual tutorial for spouse My nickname is Nevercholt and some against you quickly recognize love as did known name anything the Nintendo Switch hacking. You agree with an sd cards, guides should be suitable for purchase and more worries about? Im in my 40s ive been in casual gamer during my younger days but agriculture only lately that ive seen in console hackingemulator tutorials on youtube.
    [Show full text]
  • Brick 10001117: Computer Casing/Housing
    Brick 10001117: Computer Casing/Housing Definition Includes any products that can be described/observed as a plastic box specifically designed to hold a Central Processing Unit (CPU) or Uninterruptible Power Supply (UPS). Includes products such as Casing/Housing used to enhance or change the appearance of a Computer. Excludes products such as Computer Bags, Anti–Static Covers and Carriers. Type of Computer Casing/Housing (20001023) Attribute Definition Indicates, with reference to the product branding, labelling or packaging, the descriptive term that is used by the product manufacturer to identify the type of computer casing or housing. Attribute Values CENTRAL PROCESSING POWER SUPPLY UNIT (PSU) UNIDENTIFIED (30002518) CASING/HOUSING UNIT (CPU) CASING/HOUSING UNINTERRUPTIBLE POWER (30007581) CASING/HOUSING (30007580) SUPPLY (UPS) (30010786) UNCLASSIFIED (30002515) Page 1 of 107 Brick 10001118: Computer Components – Replacement Parts/Accessories Definition Includes any products that can be described/observed as replacement parts and accessories that can be applied to various computer components. Excludes all other products currently catered for within Computers segment. Page 2 of 107 Brick 10001119: Computer Components Other Definition Includes any products that can be described/observed as a Computer Component, where the user of the schema is not able to classify the products in existing bricks within the schema. Excludes all currently classified Computer Components. Page 3 of 107 Brick 10001120: Computer Components Variety Packs Definition Includes any products that can be described/observed as two or more distinct Computer Component products sold together which exist within the schema but belong to different bricks, that is two or more products contained within the same pack which cross bricks within the Computer Components class.
    [Show full text]