Cracked My First Phone Today!

the_Grinch

A few months ago I got brought on as a Mobile Forensic Investigator. Agency has provided me all of my training, which I completed last week. A Detective brought me a phone that they were able to do a physical extraction on, but lacked the password to get into the phone and enable the options needed to do a logical extraction. Took me a few days, but happy to report I was successful in obtaining the password. I have done a number of phone extractions thus far, but this was the first where the phone was locked and were unable to get in.

MitM

congrats on making it happen. Cool stuff

NetworkNewb

So how did you end up getting the password to the phone?

the_Grinch

If I told you, I'd have to kill you.

It was a combo of things, but the important piece was to get a copy of the device_policies.xml. This file will actually tell you the length of the password, how many uppercase letters, lowercase letters, numeric characters and nonnumeric characters. From there I was able to look at some information in the extraction to discern a possible password. I had the hash and salt values so I placed them into another program with a wordlist and bam got the password.

I was utilizing hashcat, but without knowing the length I had to go through each length (with this device 15 characters is the max). With a four and six character length password (utilizing a GPU) it took 48 hours to run through every iteration. With a length of eight characters I was looking at 3 months to go through every iteration. Since I obtained the password I forwarded to a 10 character password length and with one GPU it would take 3 years and 61 days to crack.

Made for a very late night because once I get into something letting it go tends to be an issue.

dhay13

Was this an iphone? IIRC the FBI paid something like $1.5 million to the San Bernardino shooters iphone.

Great job!

the_Grinch

Thanks! Sadly was not an iPhone, though based on a solicitation I received to crack the phone it would have cost $10 to $15k.

JoJoCal19

Awesome to hear! Was it stuff from the XRY course that enabled you to do that?

jamesleecoleman

Good job!!! High five!!!!!!!!

When I read the file, I thought you dropped your phone a broke it lol.

NavyMooseCCNA

I was going to post something snarky, but after reading this all I can say is Bravo Zulu!!

gale_

NavyMooseCCNA wrote: »

I was going to post something snarky, but after reading this all I can say is Bravo Zulu!!

Haha. I thought he broke his iPhone screen.

JasminLandry

Wow, that sounds pretty awesome, good work!

the_Grinch

JoJoCal19 wrote: »

Awesome to hear! Was it stuff from the XRY course that enabled you to do that?

The XRY training I received definitely helped me! Without the physical extraction and analysis training I received I wouldn't have been able to collect the information I needed. Also, from the final course on JTAG and Chip Off I wouldn't have known ahead of time where to obtain the hash and salt values. Hindsight being 20/20 as I was doing research that information is available on the web (for getting the sha and salt), but nice to have done it on a test phone before performing the work on a device possibly containing evidence.

PJ_Sneakers

Nice!! Out of curiosity, why did you need to do a logical when you already pulled a physical extraction? Not questioning your 1337 hax0rng sklz, just curious.