Sony Xperia E5 (F33...
 
Notifications
Clear all

Sony Xperia E5 (F3311)

9 Posts
4 Users
0 Likes
1,305 Views
(@gromit29)
Posts: 5
Active Member
Topic starter
 

Hi,

I'm sitting on Sony Xperia E5 (F3311) protected by a 4digit lock code (when I try a pin the phone automatically hits "OK" after 4 digits is entered. It does only hit "OK" the first 15 tries after that I can enter more than 4 digits and I have to hit "OK" manually. After a restart its back to hitting "OK" for me the first 15 tries). USB-debugging is not turned on and so I can not access it though ADB. The phone does not support USB-OTG I think, at least I can not get it to work.

There are a 30 sec. delay between the times when you can enter a code. Since it does not support OTG I can not use my arduino device that I have used in the past and get it to send codes to the phone for me. Since the device isn't showing up using "adb devices" I cant use some sort of Pythonscript to help me with the codes. I'm left with manual work I think or does anyone have a suggestion. A 4 digit code will take (long) time but its possible to do. The xpinclip relies on OTG right?

Two questions
1. When the phone stops to hit "OK" by itself after 15 tries does it still accept the 4 digit code? Or does it just stop to accept? (even the right code will result in a fail). WOuld be good to know if someone were to do this manually.

2. Lets say that I was able to get a physical dump of only the user/datapartition from the phone and it was encrypted. Is it possible to bruteforce the dump? Its tied to the HW in the phone on some level right? Or how would I go about to decrypt the dump? The phone is using Android 6.01 I think

Best regards.

 
Posted : 19/10/2017 9:29 am
(@sasha)
Posts: 16
Active Member
 

Had several xperia E5, non of them was encrypted.

 
Posted : 19/10/2017 10:07 am
Bolo
 Bolo
(@bolo)
Posts: 97
Trusted Member
 

Hi,

XPIN in standard edition works over OTG but this phone not support OTG (white paper http//dl-developer.sonymobile.com/documentation/whitepapers/Xperia_E5_WP_1.pdf) so such BF attack over otg is not an option. There is solution to crack it using special motorised add-on for XPIN but for now it's not available as a tool for sale…. still in testing.

By default phone is not encrypted as Sasha writes. If this is non forensic case you can ask customer if he encrypt storage or not - if YES only option is BF attack over digitizer if NO then
other solution is to get code directly from phone - you can get this code over ISP - you will get Gatekeeper file which you will need to brute force (its using SCRYPT algo so it's not simple SHA1 with 1024 iterations). You can of course also make full dump over ISP or as a last resort perform Chipoff.

Answering to questions
Answer #1 We got F3311 purchased for ISP track down - in free time we can assembly back eMMC and check but faster solution for you will be purchasing same donor and try after getting to known code how it's react.

Answer #2 It's not possible for now to crack it (previous 4.x/5.x can be cracked but not 6.x/7.x). Key is stored in TEE and using symmetric key so if you perform any low-lowel access over ISP or CHipOff and data are encrypted by Marshallow or Nugat you will not get data and you will be not able to crack it in meaning of years over BF.

P.S
Don't try to unlock BL to load Custom Recovery/root since by unlocking it will wipe device.

P.S#2
In case you got Gatekeeper file and problem to crack it contact me privately and send only the file - I will help you.

P.S#3
Post please photo of your lock screen - there are boot-level protection for Marshallow which also require PIN - for many users is looks same as normal PIN but this is PIN to run Android (boot process). If you got such situation then data is 100% encrypted and situation is even worse since key here is created dynamically from randomly data.

 
Posted : 20/10/2017 6:42 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Something like this
http//www.sastrarobotics.com/project/sc-scara-pro/
would be handy, but no idea if something similar exists in an affordable version (I believe that the above costs a lot of money, being a professional in-factory test machine)

Maybe the Tapster is affordable enough?

https://www.tindie.com/products/hugs/tapster/

jaclaz

 
Posted : 21/10/2017 4:36 pm
(@gromit29)
Posts: 5
Active Member
Topic starter
 

Hello again,

Thank you for your valuable input. It turns out that the information IS encrypted so it seems as if im left with BF attack over digitizer.

@Bolo i will send you a picture of the lockscreen as soon as im back in the office.

BR

 
Posted : 23/10/2017 11:02 am
Bolo
 Bolo
(@bolo)
Posts: 97
Trusted Member
 

@jacklaz yes - something like this but specially dedicated for phones… I don't know if this brake rules on forum so I'm not posting here photo.

@gromit29 yes - just PM me

 
Posted : 23/10/2017 4:52 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

@jacklaz yes - something like this but specially dedicated for phones… I don't know if this brake rules on forum so I'm not posting here photo.

Actually the mentioned Tapster is "specially dedicated for phones", still at US$ 750+ shipping, while not "extremely expensive", it is not exactly "cheap", so if there are better (possibly cheaper) solutions they are - I believe - welcome.

And no, no rule breaking if you post info on alternatives, it's perfectly OK, it is only when someone promotes his/her own product WITHOUT making clear that he/she is involved in the product that some eyebrows may be raised, but only because of the astroturfing aspect (i.e. misleading the reader into believing that the specific recommendation/appreciative opinion comes from a "neutral" third party), if someone is proud of what he/she produces (or sells or both) there is no rule against citing the tool and/or explaining its features and capabilities, as long as it does not become a mere "advertisement".

jaclaz

 
Posted : 23/10/2017 5:50 pm
Bolo
 Bolo
(@bolo)
Posts: 97
Trusted Member
 

@jaclaz Tapster system is ready for phone but it's only hardware - it's not suitable to do anything without proper code and i'ts not suitable for BF attack. There still need customisation be made or in case you can program C++/Java you can write own software for it to allows PIN attack or Pattern (then swipe, moves needs to be adjusted) - check on page how much system customisation cost if you will change option for 10 hours of coding + hardware 😉

By meaning of ready solution I mean something like this

Real photos will come when testing finished 😉

@Gromit29 We reballed back eMMC chip and assembled phone and got apply for it PIN password. Below photos - at what stage you asking for ability to enter codes ?

Photo 1 of locked screen

Photo 2 of entering PIN code

Photo 3 of reaction phone after entering uncorrect code

Photo 4 of reaction of phone after few times entering code

???

 
Posted : 24/10/2017 7:35 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

@jaclaz Tapster system is ready for phone but it's only hardware - it's not suitable to do anything without proper code and i'ts not suitable for BF attack. There still need customisation be made or in case you can program C++/Java you can write own software for it to allows PIN attack or Pattern (then swipe, moves needs to be adjusted) - check on page how much system customisation cost if you will change option for 10 hours of coding + hardware 😉

Yep, but it is not targeted to a final user, only to highly specialized technicians.

How many hours of programmers are needed to write a program that issues
0000
0001
0002
0003

Anyway, it was just an idea, most probably *any* similar robot can be used for the same task (when adequately programmed), even a half-@§§ed 😯 mostly wooden one (example)
the Monkeybot
https://www.youtube.com/watch?v=6ZJ5rViVc_Y
Or a "printable" robodraw/robotouch
https://www.youtube.com/watch?v=v2p83Qgp5N8
https://github.com/Obijuan/RoboDraw
woudl be just fine.

When your product will be ready (and hopefully will work out of the box) it will surely be very useful ) .

JFYI, and as a side-side note once upon a time, small, el-cheapo "scribers" existed (besides pen plotters) that could have made the specific task very easy, nowadays I would probably go for an AxiDraw
https://www.axidraw.com/
https://shop.evilmadscientist.com/productsmenu/846

jaclaz

 
Posted : 25/10/2017 10:28 am
Share: