Morning.
I'm currently battling with a Windows Surface RT running on the old ARM chipset. (The Surface is from 2013)
There is no boot to BIOS/UFEI. So I've had to boot to Windows (8.1 I think) but I can't run FTK Imager lite or command line because they are not signed by Microsoft and the exe's wont run.
I found a dd.exe to try, but same as above again.
Does anybody know or any tools that I can use to get an image of this 32GB eMMC. (Chip off is not an option…yet!)
Any help much appreciated.
4F
Volume+ and power key should get you to the UEFI. If this doesn't work on your ARM tablet you may still be able to boot from USB.
Secure Boot only allows 'trusted' OSs, of which Ubuntu is one of them. You'll need to edit the boot config files from your Kali/Backtrack bootable USB to resemble the trusted Ubuntu ones. Fingers crossed, the Surface you have is set to try to boot from USB first.
Also try Volume- and power key to get to the boot menu.
Thank you. Maybe it wasn't working because I was trying with a Paladin USB. I'll try with my Kali USB and see if that works. I did try booting with the Vol up and Vol down to no affect.
Thanks.
Try connecting the Paladin USB with a powered USB hub. That has worked for me in the past - obviously with any Secure Boot etc disabled.
Thank you. Maybe it wasn't working because I was trying with a Paladin USB. I'll try with my Kali USB and see if that works. I did try booting with the Vol up and Vol down to no affect.
Thanks.
Hello,
Did you have any success acquiring this Surface? I have Surface RT Model 1516 and the device just wont to boot into UEFI when Vol+ and Power button are pressed.
Any suggestions would be appreciated.
Cheers
You can use YUMI to create a UEFI compatible Live USB with Kali Linux that will work with Surfaces
https://
I have multiple working 8GB Live USB Kingston brand drives I can image to a DD file and upload to you if you wish. You will need to write the DD image to your own USB drive, but once done correctly, you will be able to boot your Surface to Kali and then use Guymager within Kali to make a forensic image of the Surface.
My experience with Surfaces is that Surfaces come from the factory Bitlocker encrypted standard and Microsoft does NOT provide the Bitlocker keys!!!!!
So, you might be left with capturing a live forensic image.
Thanks for the info, would appreciate if you could create a DD image of them.
Cheers
My experience with Surfaces is that Surfaces come from the factory Bitlocker encrypted standard and Microsoft does NOT provide the Bitlocker keys!!!!!
Workaround for the factory BitLocker encryption
1. Copy the DD image bit-for-bit onto a blank USB drive.
2. Attach the USB to a Windows machine via a USB write-blocker.
3. Windows will automatically decrypt the drive.
4. Use FTK Imager to re-image as a logical drive.
Workaround for user-encrypted BitLocker encryption
1. After you get your physical DD image, boot the Surface normally and login (you'll need a local Admin account).
2. Launch CMD and run manage-bde -protectors C -get -type RecoveryPassword
3. Make a note of the long numerical password.
4. You can use EnCase or Nuix to decrypt your physical DD image, or continue below
5. Copy the DD image bit-for-bit onto a blank USB drive.
6. Attach the USB to a Windows machine via a USB write-blocker.
7. Windows will prompt for the recovery password - enter it here to decrypt the drive.
8. Use FTK Imager to re-image as a logical drive.
You can't boot any other OS than Windows RT on those ARM devices. Microsoft have made sure that the secure boot will stay on at all times. There have been some successful attempts in the past at disabling the secure boot (e.g. this discussion - https://
If it is a fully up to date Windows RT 8.1 device, your chances of booting any other OS are very, very slim. Even if you would suceed, you would need an OS that can run on an ARM CPU, and some custom drivers most likely D
You can use YUMI to create a UEFI compatible Live USB with Kali Linux that will work with Surfaces
https://
www.pendrivelinux.com/yumi-multiboot-usb-creator/ I have multiple working 8GB Live USB Kingston brand drives I can image to a DD file and upload to you if you wish. You will need to write the DD image to your own USB drive, but once done correctly, you will be able to boot your Surface to Kali and then use Guymager within Kali to make a forensic image of the Surface.
My experience with Surfaces is that Surfaces come from the factory Bitlocker encrypted standard and Microsoft does NOT provide the Bitlocker keys!!!!!
So, you might be left with capturing a live forensic image.
I Currently have a Surface 1 (RT) on my desk as part of a job.
Ive also managed to acquire a test device which is doing a good imitation of a brick as far as booting into anything other than it's onboard copy of windows 8.1 😯
Before I resort to switching on the subject one and copying the files to a pen drive…. would you be so kind as to send me the DD ? any tips for turning off the safe boot switch would be most welcome (I've tried (with a test device) volume up while powering on, all I get is a black screen, requiring a 30 second power button hold to power down)
Many Thanks
Ian