3.4 KiB
Android Forensics
Support HackTricks and get benefits!
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
Discover The PEASS Family, our collection of exclusive NFTs
Get the official PEASS & HackTricks swag
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
Share your hacking tricks submitting PRs to the hacktricks github repo.
Locked Device
To start extracting data from an Android device it has to be unlocked. If it's locked you can:
- Check if the device has debugging via USB activated.
- Check for a possible smudge attack
- Try with Brute-force
Data Adquisition
Create an android backup using adb and extract it using Android Backup Extractor: java -jar abe.jar unpack file.backup file.tar
If root access or physical connection to JTAG interface
cat /proc/partitions
(search the path to the flash memory, generally the first entry is mmcblk0 and corresponds to the whole flash memory).df /data
(Discover the block size of the system).- dd if=/dev/block/mmcblk0 of=/sdcard/blk0.img bs=4096 (execute it with the information gathered from the block size).
Memory
Use Linux Memory Extractor (LiME) to extract the RAM information. It's a kernel extension that should be loaded via adb.
Support HackTricks and get benefits!
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
Discover The PEASS Family, our collection of exclusive NFTs
Get the official PEASS & HackTricks swag
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
Share your hacking tricks submitting PRs to the hacktricks github repo.