bootloader data acq...
 
Notifications
Clear all

bootloader data acquisition !!

62 Posts
8 Users
0 Likes
4,201 Views
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

hello all after a long time ….
im working in case with Xiaomi Redmi 4 (4X) model mag138 and the Chipset Qualcomm MSM8940 Snapdragon 435 …. the phone is locked via pin ( and the bootloader is also locked by default … check result via fastboot

C\adb>fastboot oem device-info

(bootloader) Device tampered false
(bootloader) Device unlocked false
(bootloader) Device critical unlocked false
(bootloader) Charger screen enabled true
(bootloader) Display panel
OKAY [ 0.051s]
finished. total time 0.052s

according to Oleg Afonin from elcomsoft
Finally, some devices come with locked bootloaders and no service mode or bootloader exploits. These will be the toughest to acquire, as live imaging will probably be your only option when it comes to physical acquisition.

so what to do ?? is there any exploit for this model to bypass the botloader !! and does the chip-off will help in this case ??

 
Posted : 04/02/2018 12:06 pm
(@arcaine2)
Posts: 235
Estimable Member
 

There should be a testpoint on the mainboard to force phone to boot into EDL/QDLoader 9008 mode and make physical dump in that mode with some tools but encryption will be a problem. I do believe both Redmi 4 and 4x are encrypted by default.

 
Posted : 04/02/2018 12:53 pm
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

There should be a testpoint on the mainboard to force phone to boot into EDL/QDLoader 9008 mode and make physical dump in that mode with some tools but encryption will be a problem. I do believe both Redmi 4 and 4x are encrypted by default.

i think there is a several ways(hardware and software ) to enter EDL mode u can read this

and

but what next !! i dont have UFED ( any free tool to do that ?

 
Posted : 04/02/2018 4:49 pm
(@arcaine2)
Posts: 235
Estimable Member
 

From my experience with newer Xiaomi devices, software methods are already blocked unless you're able to boot the device and use "adb reboot edl". Modified cable (so called edl cable) was blocked in many devices last year. The only working option to enter edl mode is testpoint on mainboard.
I know couple paid hardware (CM2QLM, Volcano, NCK Box etc) or software (Uni-Android etc) methods to make full dump but don't know any free. Best bet would be to look for firmware compatibile with QPST eMMC Download software, load it and use a button called "switch device to DLOAD" which should switch device from 9008 mode to 9006 mode (Qualcomm MMC Storage) that would allow you to make dump with any tool. I'm not sure this will work on those devices since they may not support 9006 mode anymore.

 
Posted : 04/02/2018 6:43 pm
(@qassam22222)
Posts: 155
Estimable Member
Topic starter
 

From my experience with newer Xiaomi devices, software methods are already blocked unless you're able to boot the device and use "adb reboot edl". Modified cable (so called edl cable) was blocked in many devices last year. The only working option to enter edl mode is testpoint on mainboard.
I know couple paid hardware (CM2QLM, Volcano, NCK Box etc) or software (Uni-Android etc) methods to make full dump but don't know any free. Best bet would be to look for firmware compatibile with QPST eMMC Download software, load it and use a button called "switch device to DLOAD" which should switch device from 9008 mode to 9006 mode (Qualcomm MMC Storage) that would allow you to make dump with any tool. I'm not sure this will work on those devices since they may not support 9006 mode anymore.

it did not work my friend ( i cant switch it from 9008 to 9006 mode (
this is the testpoint


\i send an email to salvationdata and they replay
Thanks for you question!

Our Qualcomm physical extraction in SPF can extract data from Redmi 4(4X), but, if the Android version is based on 6.0 or higher and the data extracted is encrypted.

As we don't provide decryption service, so I suggest you do physical extraction by using our SPF

so it's timne to give up or what ?

 
Posted : 05/02/2018 10:29 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Dont Feed Criminals

 
Posted : 05/02/2018 3:55 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Dont Feed Criminals

Again? 😯

We already got your opinion
https://www.forensicfocus.com/Forums/viewtopic/p=6587707/#6587707

It is tiring, besides senselessly hostile towards qassam22222.

jaclaz

 
Posted : 05/02/2018 5:04 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Rolf, we've touched on this kind of thing before but for absolute clarity, comments of this nature are - apart from in exceptional circumstances - unnecessary and unwelcome. The general policy here is to encourage open discussion with the full understanding that the forum is open to all and that a reasonable degree of judgment and common sense should be exercised. I see no reason to believe that the subject matter of this thread contravenes that policy.

Please keep the above very much in mind when posting in future, thank you.

Jamie

 
Posted : 05/02/2018 5:41 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

If the runners of FF do not have to guts to block members - and there were clear indication and reason for that I do not feel obliged to cloth my mouth. I am free to express my opinion.

The term Dont Feed Criminals is my own and no personal name was mentioned within.

You can block me of course.

See as q*xxxx did cross the lines you stayed silent. And now you blame me. Inappropriate jugdement and no word towards q*xxxx in the past.

Weak leadership.

Go ahead.

 
Posted : 05/02/2018 8:08 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

The term Dont Feed Criminals is my own and no personal name was mentioned within.

You should trademark or register it, if you want to claim ownership, like
Dont Feed Criminals™
or
Dont Feed Criminals®

Surely the Dont without the apostrophe (as in Don't) is distinctive, however.

jaclaz

 
Posted : 05/02/2018 8:21 pm
Page 1 / 7
Share: