lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 26 Jun 2021 17:17:33 +0000
From: Roman Fiedler <roman.fiedler@...aralleled.eu>
To: Full-Disclosure <fulldisclosure@...lists.org>
Subject: [FD] Using the Android USB Driver to Extract Data as USB Mass
	Storage Device

Due to a harware failure I was searching for a conventient
and efficient way to copy all internal storage of a mostly broken,
powered off, hardware locked, encrypted phone. The only things
still working to interact with the phone were the USB connector
and power on/volume keys. It was not possible to use the touch
screen, extract any partition data via fastboot, access the ADB
interface, connect via WIFI or use any other common remote access
methods. As a result of solving this problem a simple program
to inject as initrd into ABOOT to regain full control of the
phone was developed. The main advantage of this solution is to
get a near forensic quality snapshot of the complete storage
including the partition table, boot image, recovery images, all
firmware update slots without running the target system, a replacement
system with ADB or any other generic tools.

exfiltrate-as-mass-storage.c (158 lines) was developed to run
as alternative "/init". The program will make the phone show
up as mass storage device during boot. The complete internal
storage is available for reading including the partition table
and all 42 partitions of the Android system.

Read more at
https://unparalleled.eu/blog/2021/20210626-android-internal-storage-as-mass-storage/
or follow on Twitter @unparalleled_eu
https://twitter.com/unparalleled_eu/status/1408835870485065734

| |  DI Roman Fiedler
| /  roman.fiedler at unparalleled.eu  +43 677 63 29 28 29
/ |  Unparalleled IT Services e.U.     FN: 516074h           VAT: ATU75050524
| |  https://unparalleled.eu/          Felix-Dahn-Platz 4, 8010 Graz, Austria

View attachment "exfiltrate-as-mass-storage.c" of type "text/plain" (4984 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ