[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: Accessing files on an android phone with broken screen

To: Tom <list@xxxxxxxxxxxxx>
Subject: Re: [LUG] OT: Accessing files on an android phone with broken screen
From: "Dom Rodriguez/shymega" <shymega@xxxxxxxxxxxxxx>
Date: Fri, 01 Oct 2021 22:20:40 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1618045561; h=Sender:Content-Transfer-Encoding: Content-Type:Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe: List-Id:Subject:To:From:Date:References:In-Reply-To:Message-Id:Mime-Version: Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Owner:List-Archive; bh=KAoLBWkWpVgld+NFGO24HFvfBo5i1nhMqQPL4JwYFEI=; b=NWQoHm3qcVdLMGEcVzOxCucFzU gT76Df++nCK2rxdXYi/22owyW3uOKtLwp865+Z4Oka7fY1BCIPs6YiMA02t9Egkf7J2PbFsxs8xTf gYLmqv2ZYUxEKEqst9lLllgVjI2pdHAvV6RCXtayXaeMR0nTItXEGz7zZtvzJxb6wiPU=;
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=00pYMUDD+ErwBrJgb/4d1sFzeV+ef8AiZphhAl4EH c0=; b=esXsC96GEB8BhJ36m045re4gtBC8tS4ML1NO2eQ7yiJQbBNqBoppSQXni NpWFF4Hgf6vkNFzHgxMEN3J8JJyAAN0E1cKB7DDug/pdpZjKqux7bL1lIaRQr3L3 n492u08qjgpVjNzKm+oyJkFKcaNfxg/8KUxzuupdquw69A+t9C0mnvH251UhjUMK yJAzbCp/7HYI+59D5Xm93AQZS9OUEcyi0P3sG+jpBebVSGXfDdSv4CX5eXtEGqLq M+IpyF/nh9/yKLku/VMDLC7VkcoPR1XHOE9zp1ZhyNsAvzNFqSGeXCz7lxUfxfNb 4PWydE7Mr1G/tyXQ7kTvmSll3Ji+Q==

On Thu, Sep 30, 2021, at 9:49 PM, comrade meowski wrote:
> On 30/09/2021 20:36, Dom Rodriguez/shymega wrote:
>> Unlikely. You would need adb to access the phone, and if it's not enabled, and 
>> trusts the computer accessing the phone, there's no way you can get in.
>
> In the same vein if the phone's bootloader has been previously unlocked 
> - which it should have been on day one - you can use the hardware reset 
> keys to access download and recovery modes, remotely unlock the 
> encrypted /data partition and retrieve your data via root access adb 
> (this trumps adb access to a running phone as a user). You can perform 
> this operation "blind" on a phone with a non-responsive screen as well.
>
> You can even boot a custom TWRP recovery image via fastboot - much like 
> booting a live CD on a PC - to aid the process but the whole chain 
> depends on having unlocked the bootloader first. The catch 22 is if you 
> haven't then unlocking the bootloader now (which once again can be done 
> blind) triggers a complete wipe ¯\_(ツ)_/¯
>
> I recover a lot of phones professionally so run into this a lot. The 
> first thing I do with all phones I build for clients is unlock the 
> bootloader, enable adb and enroll my main PC's adb keys on it. Of course 
> this can't help you now, you either did it or you didn't.
>
> You're still not screwed though - the final option is the most fun 
> anyway. That device is way past EOL and hasn't had security fixes in 
> forever. The phone is on your network so you know it's IP address: 
> Metasploit time.

imo, phones bootloaders shouldn't be unlocked on day one ;) i wouldn't be able to 
access my Starling account or GPay. Other apps too. Although if you use Magisk, I 
suppose it wouldnt matter. Having said that, if bootloaders were unlockable w/o 
needing to get authorisation or fight for access to unlock (my keyone for example 
doesn't allow me to flash any ROM, ugh) - that'd be a great milestone.

although i agree, i think the final option really is Metasploit, if Tom hasn't 
enrolled his keys with adb.

-- 
Kind regards,
--
Dom Rodriguez (also known as shymega)

-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dcglug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] OT: Accessing files on an android phone with broken screen
- From: comrade meowski

Next by Date: Re: [LUG] OT: Accessing files on an android phone with broken screen
Next by thread: Re: [LUG] OT: Accessing files on an android phone with broken screen
Index(es):
- Date
- Thread