Hi Tom, Have you seen the cellebrite gear and their forensics tools?
My understanding is that their UFED gear attempts to exploit various bugs in phones. https://wikileaks.org/spyfiles/list/company-name/cellebrite.html Here is one of their people talking about exploiting 0day bugs to gain access to Android phones: http://thetrainingco.com/Techno-2013-PDF/TUESDAY/T1%20Horesh%20-%20Android%20Forensics.pdf Also I'd encourage you to see these documents as well: http://www.ume-update.com/UFED/AndroidPhysicalExtractionFAQJune.pdf https://www.cellebrite.com/images/stories/support%20files/UME36_Manual.pdf They also appear to host events to discuss their bootloader exploitation techniques: http://www.eventbrite.com/o/cellebrite-usa-2029526933 There are lots of other vendors that are similar. I've also had people approach me about Cold Boot attack weaponizing - I always decline. However - some of those people are certainly offering "boutique" forensics services. Here is a good overview: https://csg.utdallas.edu/ wp-content/ uploads/ 2013/ 02/ UTDCSG-Forensics-Week-2.pptx This is perhaps the most interesting document - it shows the phone by phone, model by model capabilities for UFED Ultimate as of ~2013 (~3036 phone models): https://csg.utdallas.edu/wp-content/uploads/2013/01/Phones.xlsx It lists the OS, the apps that they target, if they can reconstruct the full system, and so on: Vendor Model Physical Extraction Bypass Lock File System Extraction Password Extract Platform File system Reconstruction SMS Contacts Call log MMS Bluetooth locations Notes Bookmarks Email Accounts cookies Dictionary Viber facebook FaceBook Messanger WhatsApp Google Plus Skype Google Talk twitter PingChat Gesture Decoding calendar BBM Tasks Chat Passwords Web History MotionX VoiceMail Application Usage WiFi Installed Applications Garmin TextNow TigerText Fring twitterrific TextFree Yahoo Messenger foursquare Ping Chat Waze dropbox User Code Good times! All the best, Jacob On 3/2/14, Tom Ritter <t...@ritter.vg> wrote: >> ---------- Forwarded message ---------- >> From: "shawn wilson" >> How about a dictionary and rules. Even if you choose an alphanumeric > "strong" pass, you're kinda limited to the phone's keyboard - you're not > going to want to switch case or between letters and special too often. > Also, IIRC Android limits length to 15 chars. I also don't think the screen > lock can be different than the boot pass (so everything I said above should > hold true). >> >> Basically what I'm saying is use hashcat. > > In regular use I agree completely. But in my threat model (what I'm > preparing for) is 'prepared use' - you're knowingly crossing a border or > attending a protest, want/need your phone, and are willing to have a > painful password for a short bit. > > -tom > _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
