Notifications
Clear all

Tom Tom Go Live 825

8 Posts
7 Users
0 Likes
607 Views
triran
(@triran)
Posts: 99
Trusted Member
Topic starter
 

Not sure where to post this….

We have a Tom Tom Go Live 825 in but UFED nor XRY support the device. We understand its a network based device for connectivity.

Any ideas?

 
Posted : 12/06/2012 3:00 pm
(@ludlowboy)
Posts: 71
Trusted Member
 

We have had exactly the same problems with the TomTom Go Live models.

I am unaware of a solution at present.

 
Posted : 12/06/2012 6:05 pm
(@armresl)
Posts: 1011
Noble Member
 

What is it that you need from the unit?

There are plenty of other ways to get the same data that unit has inside of it, just takes much more investigation.

Not sure where to post this….

We have a Tom Tom Go Live 825 in but UFED nor XRY support the device. We understand its a network based device for connectivity.

Any ideas?

 
Posted : 13/06/2012 3:19 am
triran
(@triran)
Posts: 99
Trusted Member
Topic starter
 

What is it that you need from the unit?

There are plenty of other ways to get the same data that unit has inside of it, just takes much more investigation.

Not sure where to post this….

We have a Tom Tom Go Live 825 in but UFED nor XRY support the device. We understand its a network based device for connectivity.

Any ideas?

Good old -> historical journeys and destinations.

 
Posted : 13/06/2012 10:57 am
Differentlayer
(@differentlayer)
Posts: 10
Active Member
 

Maybe not much help but….

I am examining a Tomtom GO Live 1000. The only thing I have managed to extract so far, is "Favorites". With the help of the software "MyTomtom", I saved the .ov2 file from the gps.
Next step is to figure out how to extract the information from the .ov2 in a nice and clean way.

When connected the gps does not show up as a drive (ie x). It would be nice to have some sort of SDK or similar to be able to connect to the gps. Have googled a lot but did not come up with anything relevant.
XRY and Cellebrite does not work with Tomtom GO Live 1000.

Could anybody point me in the right direction or give me a hint?

Best regards
//D

 
Posted : 13/06/2012 2:46 pm
(@bacchero)
Posts: 7
Active Member
 

I've been told that there is no solution at the moment for this problem. The people of UFED are working on it.
Some people already posted some usefull tips
* you can open your webbrowser and type htttp//169.254.255.1/pcmi/
The favourites file can be downloaded from here
* some other commands
http//169.254.255.1/mpnd/status
http//169.254.255.1/mpnd/progress
http//169.254.255.1/mpnd/trigger
http//169.254.255.1/mpnd/logintoken
http//169.254.255.1/mpnd/assocpreconf
http//169.254.255.1/mpnd/settings
http//169.254.255.1/sa/hello
http//169.254.255.1/sa/goodbye.

Greetz,

 
Posted : 18/06/2012 2:28 pm
(@dickpeake)
Posts: 1
New Member
 

I have carried out TomTom Forensics on a number of devices over the last few years quite successfully. Today I thought I'd try my own, 1 year old TomTom Go Live 1005 in order to refresh my knowledge.
Nothing I do will allow it to connect to my forensic workstation in a visible state in order to image it.

Forensic Wiki (and other resources) all say something along the lines of
"… The newer TomTom models do not appear as a mass storage device when connected to Windows. They run a Linux operating system and are only accessed via their built in Webserver using the myTomTom program (a replacement for TomTomHome). They cannot currently by examined forensically…"

Running the web browser commands given in this thread work and allow me to copy out the Favourites OV2 file. That file contains Favourites that are current and favourites that have been deleted buts so far, I cannot establish any markers that identify which is which.

The settings file gives me the device serial number and my email address as the registered user.

Beyond that, I cannot get anything else out of the TomTom.

Are we seriously saying that my TomTom Go Live 1005, which is packed full of information about where I have been, A to B itineraries that have been planned and sometimes deleted, what phone I have, etc., cannot be imaged or examined, forensically or otherwise?

 
Posted : 07/06/2013 7:54 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Are we seriously saying that my TomTom Go Live 1005, which is packed full of information about where I have been, A to B itineraries that have been planned and sometimes deleted, what phone I have, etc., cannot be imaged or examined, forensically or otherwise?

More or less, yes. (

The bad news is that Android is going the same way (using another approach, but to the same effect).

Having the "mass storage device" of the thingy accessible as "mass storage device" was evidently too simple and straightforward for the good engineers and programmers that deal with these devices.

Of course these devices can be imaged with chip-off (and possibly also with JTAG), but the chip-off while being a possibility for forensics is not a good replacement for simply connecting and get an image or accessing the files wink .

jaclaz

 
Posted : 07/06/2013 11:04 pm
Share: