Hello everybody,
Is there a way to do forensic analysis on Android,
using free tools ?
In order to access personal information stored.
Especially when the device seems damaged, like booting only
in dowload mode or with a broken screen after a fall/hit.
I had a dead N7100 that caused me a lot of headache since
many things where stored there.
My dream is to do a Apple "time-machine" like system in which
I can recover and analyze my device.
Thanks a lot to everyone.
Related
Hi everyone! First of all sorry for my english, second, I'm here because I've a big problem.
I need to lend some tablets to some friends for testing an app. The problem is that I don't complete trust in them (or they are too smart or they aren't very familiar with digital products), so I'm afraid that they can make some trouble voluntarily or not.
I'm searching for something that can block the access to determinate applications of the tablet (for example: phone, settings or other installed apps) and the install of new app. Something like a limited user of the tablet, that allowed you to running only some default apps.
I've tried to test some apps that allow you to open the app just by entering a code or a sequence, but they aren't very safe. I always find a way to bypass them. Moreover this type of application don't block the install of new app.
Do you have any solution? What can I do to create this sort of "Limited User"?
Thanks to everyone
You could try the app called "SwitchMe". It should be able to help.
Ok so this is a question for lets say hardcore developers, lately Ive taken an interest in android security after the Snowden revelations, (not that any of us have anything to hide), but mainly due to the simple principle of privacy in the digital age... anyhow in my research ive found various ways and sites that can help harden ones security on android , and there are also tools that have been developed to purposely get around these same security precautions on android. My question is to various developers that design security related apps, those who design custom recoveries (TWRP, CM, etc), and even those that work on fastboot (Google).
1) I know there are plenty of apps that are made for security, but are developers sure they are cleaning up (read "wiping ram, on say an app FC, a reboot, or upon receiving a fastboot request from a host")? In the age of NSA and everyone else wanting all in your business, are developers making sure that keys, and other secure info is destroyed, and not still in memory or God forbid in some file on the SD card?
2) Is there any way to make/modify the bootloader so that before you could even get to the bootloader menu (ie. fastboot/recovery/boot/etc..) the bootloader either nukes the entire RAM or fills it with random data? Granted there are always ways to get to ones data, but i was just wondering if there was consideration for the lifespan of said 'security' once one is done with some secure app are the keys tossed(?) ram cleared before deallocation, etc?
3) And... in the interim is there a way users can auto clear/wipe deallocated RAM and SD/internal storage space (as well as within the system area on rooted devices) every so often using something like the Tasker app, remote wipe or something similar?
@steve_77 RAM (at least the RAM we have in phones at the moment) is volatile, meaning it only retains data when powered, therefore there's no need to go to any lengths to wipe it. A reboot will do that. Besides, if any data is being loaded into memory at all in the first place, the NSA probably already have it . Just kidding of course, if you have measure in place already like encryption; I don't think it's possible to retrieve data from memory like that anyway, but I'm no expert.
I understand that the measures mentioned are extreme, but there is already a way to break encryption via reading the keys out of the RAM as outlined in the link provided in the previous post from a German university that was able to do it.
I'm sure this is also not the only type of tools designed to hack into peoples phones and bypass encryption, but if exiting an app does not erase/wipe the RAM allocated to that app, all that data is up for grabs. Sure in this particular case someone would have to physically have your phone, but what if there were some new way, say in the future that could use some sort of exploit to access your data, and what can be done now to mitigate this potential pitfall and make our phones more secure?
As you all know, modifying files on microSD card feature like allowing to delete rename move files is not more supported by android kit Kat 4.4.2 and later versions of android...
I already know that there's a solution and it's rooting and installing SDfix app from Google play and solve it all,, but duo to my own concerns Oki don't preffer that way...
Please answere as much questions as I have and u can ??????
1. Why Google just disabled this key fearure?
2. Is there any hope that this key feature will come back in later android version if customers do show their remonstrance ??
3. Is there any where I can email Google official operators about this problem and ask them why whom responsible for deleting this key feature in android developement department of Google? - as I searched didn't found any where to chat or ask my problem...
4. Do HTC, Samsung, Sony and other mobile manufactures have the legal rights to add this key feature to there android builds of their own in the contrast of Google android developers way?
And can they include this key feature (or better to say exclude this crazy ban) from their own android roms and just include it in an update for their phones for us to get rid of his ban ??
Salar.m said:
As you all know, modifying files on microSD card feature like allowing to delete rename move files is not more supported by android kit Kat 4.4.2 and later versions of android...
I already know that there's a solution and it's rooting and installing SDfix app from Google play and solve it all,, but duo to my own concerns Oki don't preffer that way...
Please answere as much questions as I have and u can ??????
1. Why Google just disabled this key fearure?
2. Is there any hope that this key feature will come back in later android version if customers do show their remonstrance ??
3. Is there any where I can email Google official operators about this problem and ask them why whom responsible for deleting this key feature in android developement department of Google? - as I searched didn't found any where to chat or ask my problem...
4. Do HTC, Samsung, Sony and other mobile manufactures have the legal rights to add this key feature to there android builds of their own in the contrast of Google android developers way?
And can they include this key feature (or better to say exclude this crazy ban) from their own android roms and just include it in an update for their phones for us to get rid of his ban ??
Click to expand...
Click to collapse
If you are rooted there is a way around this. Its is not that big of a issues unless you can not obtain root
Google, for the most part, doesn't like external storage expansion. They consider it a security flaw. Keeping everything internal keeps all your data more secure. Plug it into a computer, and you can't access anything unless you unlock the phone (PUT A LOCK CODE OR PATTERN ON YOUR PHONE!), but if there's a microSD card with sensitive data (app info, dirty pics, whatever), all you have to do is take out the card.
I can understand Google's position, but I also hate it too. Especially when so many phones without expandable storage have such limited internal space (ie: Nexus devices). Even if you don't have a bunch of music/video on your phone, it only takes a couple of big games like Asphalt or GTA to use up all your space. IMO, Google should figure out how to move certain apps to SD storage, even if they don't allow all. Keep sensitive data on the device, but allow the hefty stuff to be stored on card.
Planterz said:
Google, for the most part, doesn't like external storage expansion. They consider it a security flaw. Keeping everything internal keeps all your data more secure. Plug it into a computer, and you can't access anything unless you unlock the phone (PUT A LOCK CODE OR PATTERN ON YOUR PHONE!), but if there's a microSD card with sensitive data (app info, dirty pics, whatever), all you have to do is take out the card.
I can understand Google's position, but I also hate it too. Especially when so many phones without expandable storage have such limited internal space (ie: Nexus devices). Even if you don't have a bunch of music/video on your phone, it only takes a couple of big games like Asphalt or GTA to use up all your space. IMO, Google should figure out how to move certain apps to SD storage, even if they don't allow all. Keep sensitive data on the device, but allow the hefty stuff to be stored on card.
Click to expand...
Click to collapse
You mean after all of these experiences they had till releasing Android 4.4.2, Couldn't they find out any other solution to that matter but to restrict the permissions on microSD card??
I don't have any special skill in software and computer programing but there has to be some other solutions like adding firewall, or setting an unbreakable master password (while accepting just NTFS formatted sd cards) on devices using a default app from Google for it (like the condition we see WD uses to secure its external HDDs)
lacoursiere18 said:
If you are rooted there is a way around this. Its is not that big of a issues unless you can not obtain root
Click to expand...
Click to collapse
Rooting is not a permanent solution for this matter at last!!!!
It does look like they're (officially!!) forcing their customers to root their device witch they not approve rooting way by not supporting guarantee conditions... And it doesn't make sense...
I'm completely aware that the rooting highway is widely open and rooting is a piece a cake...
But, the company should establish ways that don't put its customers to rooting highway!! ,, cause it doesn't make sense...
Salar.m said:
You mean after all of these experiences they had till releasing Android 4.4.2, Couldn't they find out any other solution to that matter but to restrict the permissions on microSD card??
I don't have any special skill in software and computer programing but there has to be some other solutions like adding firewall, or setting an unbreakable master password (while accepting just NTFS formatted sd cards) on devices using a default app from Google for it (like the condition we see WD uses to secure its external HDDs)
Click to expand...
Click to collapse
I can't speak as to why that couldn't or can't or aren't. I'm not a programmer or developer. I'm merely repeating information that I've read regarding SD cards and security. Rumor is that Android L might open things back up.
Planterz said:
I can't speak as to why that couldn't or can't or aren't. I'm not a programmer or developer. I'm merely repeating information that I've read regarding SD cards and security. Rumor is that Android L might open things back up.
Click to expand...
Click to collapse
Really? I hope so...
If you heard anything else about it, share it with us...
And, BTW, I heard that Z2 doesn't have this problem with its Android 4.4.2 Rom... Is that true? Why?
Wanted to start a thread on this subject as I have yet to see anything regarding AfW anywhere in these threads.
Does anyone have any information on how the o/s will handle securely wrapping applications and how the o/s creates a second partition/perimeter that is secured from the personal side?
Google Android For Work if you haven't heard about it.
I'm wondering if a rooted device would be able to trick the MDM protected work perimeter to think it has a secure bootrom, recovery partition and valid o/s?
Anyone have a picture of what the filesystem difference looks like?
There's such little information on this, yet it was released with 5.0 lollipop and I'm sure if we reverse engineer the way it functions we could create our own pki enabled MDM open source solution. This would allow end users to freely use there phone without the fear of being snooped on by viruses, corporations for marketing purposes, etc. Overall an open source Mobile Iron solution is what I'm getting to.
Let me know what you guys think.
Recently I lost some (relatively) short amount of text in a UI glitch of some app. Do not know its exact name and where did this piece of crap come from, but it has android.permission.READ_NOTEBOOK and android.permission.WRITE_NOTEBOOK permissions, that suggests it stored my texts in Android’s internal storage. The glitchy app is still running, but the device currently isn’t rooted (yes, I’m miserable and clumsy, but that’s the fact).
Which are prospective directions searching for small amount of data in the system memory of an (unrooted) device? Switch the device off, dismantle it, and search in the flash memory? Or install the rootkit software, reboot, and also search in the flash memory? Or first try to break into memory space of the running process? Or some else action on it?
Any help and/or links to tutorials are appreciated. I’m utterly not an advanced Android user, but have sufficient skills locating and extracting various data from memory dumps, so this part would not pose a great obstacle for me.
If one is interested in helping me with specific problem, then
the device is Explay sQuad 7.82 3G
the OS is Android 4.2.2 kernel 3.4.5 (the one supplied by manufacturer)
In the specific situation files were found in the internal filesystem. See android.stackexchange.com/questions/119256/extracting-data-from-running-app-s-memory-address-space for details.