Who has experience in Samsung Gear S2 Classic 3G with eSIM chip-off
forensics? The CSP (Communications Service Provider) runs a cloud-based
customer profile configurable over an Android app.
Which eSIM manufacturer is in-designed in this model? Opening and
probably damaging the device may cause harm, so 1st trying to image
data for evidence out, but how to get the eSIM profile out of the eSIM?
Asking the CSP is 2nd choice we want to collect the profile out ourselfs.
Here a chinese teardown site
Inside a Qualcomm Snapdragon 400 chip with LTE cpability
http//
Running OS should be Tizen OS
Which forensics suite can dump Tizen OS?
Mainboard side with Qualcomm WTR2605 LTE. Kind of confused LTE in Snapdragon or WTR now? Who knows?
http//
Any advice very appreciated.
This chip is supported by our systems - http//
As for Tizen, I'll be honest - we haven't had anything in running it, so I don't know which forensic tools will or won't parse data from it. We've got a wide range of tools that we could try though…
Let me know if you want our help - zj@3ef.co.uk )
Great offer and thank you! To understand the DeepTech and train our own skills we fight daily )
The setup changed finally to Tizen OS and Samsung Exynos CPU dual core. As VoLTE is possible standalone (in opposite Apple Watch requires iPhone 6/6S/plus's for calling) how does the Tizen OS logs the calling process?
From the Communications Service Provider (CSP) side the eSIM on-board how looks the User Agent String (transmitted) besides the IMEI? The IMSI will not reveal the eSIM as MCC, MNC and MSISDN as triple ingredients give no hint.
Who has Tizen OS artifacts investigated profoundly?
By scanning the QR-code on the eSIM voucher the linked URL behind downloads the eSIM profile and transmits it from the Android phone over bluetooth to the eSIM in-watch. Will the artifacts of the profile be found in the bluetooth log?
Here the gsma provisioning architecture
http//
For Vodafone (D) Giesecke & Devrient reported to deliver the eSIM chip with asym crypto. See here
https://
Vodafone explained the secure packet in short here on slideshare (be aware Vodafone slides!
The ETSI TS 102 225 for secure packet provisioning here
http//
profile activation on the eUICC (embedded Universal Integrated Circuit Card) is specified in ETSI TS (Technical Specification) 103 383 V13.0.0 (2015-10). Is this the most accurate doc for the Subscription Management (SM)?
See page 22 for best overview graphically
http//
Remote Provisioning Architecture for Embedded UICC Technical Specification Version 3.1 27 May 2016
Embedded UICC Protection Profile Version 1.1 25/08/2015
http//
Good connections to the technical background…thanks Rolf
Best piece of beacon comes here! 524 pages eUICC Test Specification (now I can relax)
SGP.11_v3.1 31 May 2016
On the voucher the QR code and the the SIM-PIN or SIM S/N is the appropriate authentication. We googled the voucher QR codes of Vodafone and tried to open with the Samsung Gear app the URL related to. How many attempts are possible to enter the PIN or S/N until the application Backend closes?
Who has a Gear S2 3G in lab too?