saman2 Posted August 16, 2019 Share Posted August 16, 2019 Hi, I am working on Forensic (System Forensic, Mobile Forensic, Network Forensic, Live Forensic, ...) issues from 4 years ago. I worked on a lot of tools (Mobile Boxes, Cellebrite products like UFED 4PC, Physical Analyzer, ... in mobile forensics and Belkasoft, Magnet, FTK, and so on.) during this time and I developed some tools in this area too. During my work, I bought a lot of software and the software's price was too high (for example, UFED 4PC starts from 9000$). (Recently I bought a dongle emulation of UFED 4PC from very very cheap and it works very well 😄 😄 I bought it for version 7.15 but it works for 7.16, 7.18 and the last version, 7.21.) In this post I have decided to explore mobile forensics techniques (focusing on UFED 4PC) and find the ways it bypasses phone lock, removes phone lock, extracts physical image from locked phone, and so on. In this post I want to describe any technique I found from UFED 4PC (for example) or other Phone Forensic tools. Please share anything you know in this area. Link to comment Share on other sites More sharing options...
digininja Posted August 16, 2019 Share Posted August 16, 2019 Go on then, describe your techniques. Link to comment Share on other sites More sharing options...
saman2 Posted August 16, 2019 Author Share Posted August 16, 2019 As you now, UFED 4PC is one of the the powerful tools in Mobile Forensic. One of its technique is "ADB Root" that roots devices and get image from it. Unlike other techniques that UFED 4PC has, this technique remained unchanged during time. Because of that, this tech. only works on old devices. in following post, I will send the methods it uses to root devices. Link to comment Share on other sites More sharing options...
saman2 Posted August 16, 2019 Author Share Posted August 16, 2019 UFED 4PC uses following methods to root device: rosecure zergRush fourrunnerStatic MTKRoot CowGirl psneuter PingRoot django Link to comment Share on other sites More sharing options...
saman2 Posted August 16, 2019 Author Share Posted August 16, 2019 It uses a subset of these methods based on Android version and Brand. For example for android 5, it follows these steps: First it uses CowGirl64BitSam If the previous didn't work, uses MTKRoot If MTKRoot didn't work, it uses PingRoot If PingRoot didn't work, it restarts the phone (to clear previous changes), then uses CowGirl32BitSam If CowGirl32BitSam did not work too, it restarts the phone again, and uses RootSpot as a last method. If RootSpot didn't work, it shows a message to the user that "the device is not rooted" Link to comment Share on other sites More sharing options...
gnews Posted October 20, 2021 Share Posted October 20, 2021 Please can you share the UFED4PC with emulator? regards. Link to comment Share on other sites More sharing options...
digininja Posted October 20, 2021 Share Posted October 20, 2021 Isn't that a commercial tool? Link to comment Share on other sites More sharing options...
Bigbiz Posted October 27, 2021 Share Posted October 27, 2021 And only $9000 go for it! Link to comment Share on other sites More sharing options...
gnews Posted November 2, 2021 Share Posted November 2, 2021 On 10/20/2021 at 2:14 PM, digininja said: Isn't that a commercial tool? I would buy a tool even with 100,000$ if i have the money. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.