±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 35628
New Yesterday: 2 Visitors: 139

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Downgrade extraction on phones running Android 7/8/9

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

gorvq7222
Senior Member
 

Downgrade extraction on phones running Android 7/8/9

Post Posted: Mar 17, 19 15:31

Now it's more and more difficult for forensic tools to extract evidence from smartphone running Android 7 and above. Maybe you could acquire physical image in Bootloader mode or by Smart ADB. Don't celebrate too early. Let me remind you of "FDE". The fact is that if forensic tools could not decode this physical image, such image is just like a meaningless "black box" you have in hand.

No way to gain root privileges from phones running Android 7 and above . What else can be done? Fortunately once you got the pattern/password , you could enable USB debugging and change any settings you want to make "Downgrade extraction" possible. That's the key to get the evidence from certain Apps you want.

Let's take WeChat on a phone running Android Pie for example. You guys could take a look at my blog and see what's going on.
www.cnblogs.com/pieces...49374.html  
 
  

UnallocatedClusters
Senior Member
 

Re: Downgrade extraction on phones running Android 7/8/9

Post Posted: Mar 17, 19 18:20

Thank you for the step by step instructions to install a downgraded version of WeChat to enable the .ab backup and extraction.

Question: How are you achieving “once you got the pattern/password?”?  
 
  

passcodeunlock
Senior Member
 

Re: Downgrade extraction on phones running Android 7/8/9

Post Posted: Mar 17, 19 22:29

- gorvq7222
No way to gain root privileges from phones running Android 7 and above .


Not true, it is possible. Not everybody knows how, but that's something else...

- gorvq7222
Fortunately once you got the pattern/password , you could enable USB debugging and change any settings you want to make "Downgrade extraction" possible. That's the key to get the evidence from certain Apps you want.l


"In case of devices with know user lock" would fit better.

In case of locked devices, contact me Very Happy
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

gorvq7222
Senior Member
 

Re: Downgrade extraction on phones running Android 7/8/9

Post Posted: Mar 18, 19 03:39

Yes, you guys are right. In my opinion, law enforcement should try every effort to get username/password. If suspect'd like to cooperate with LE, we could ask suspects to tell us what the username/password is. That will be easier, right?

Of course we all know that it's not easy to unlock phones running Android 7 or above. That's why such services like CAIS costs lots of money not everyone could afford.

More and more phones got Bootloader Lock so we only got few chances to gain root access on Android 7 or above. Why bother to take risk of losing data? I suggest we take advantage of qualcomm EDL mode to bypass BootLoader and remove pattern/password lock. A very interesting video about removing pattern lock under so called qualcomm 9008 mode as below.
v.qq.com/x/page/w0827zlv5gw.html  
 
  

qassam22222
Senior Member
 

Re: Downgrade extraction on phones running Android 7/8/9

Post Posted: Mar 18, 19 10:07

[quote="passcodeunlock"]
- gorvq7222
No way to gain root privileges from phones running Android 7 and above .


Not true, it is possible. Not everybody knows how, but that's something else...


how !!!  
 
  

armresl
Senior Member
 

Re: Downgrade extraction on phones running Android 7/8/9

Post Posted: Mar 19, 19 07:55

Send him phone and money and voila!


[quote="qassam22222"]
- passcodeunlock
- gorvq7222
No way to gain root privileges from phones running Android 7 and above .


Not true, it is possible. Not everybody knows how, but that's something else...


how !!!

_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 
 

Page 1 of 1