Using the Android USB Driver to Extract Data as USB Mass Storage Device

[Roman Fiedler <roman.fiedler () unparalleled eu>]

Due to a harware failure I was searching for a conventient
and efficient way to copy all internal storage of a mostly broken,
powered off, hardware locked, encrypted phone. The only things
still working to interact with the phone were the USB connector
and power on/volume keys. It was not possible to use the touch
screen, extract any partition data via fastboot, access the ADB
interface, connect via WIFI or use any other common remote access
methods. As a result of solving this problem a simple program
to inject as initrd into ABOOT to regain full control of the
phone was developed. The main advantage of this solution is to
get a near forensic quality snapshot of the complete storage
including the partition table, boot image, recovery images, all
firmware update slots without running the target system, a replacement
system with ADB or any other generic tools.

exfiltrate-as-mass-storage.c (158 lines) was developed to run
as alternative "/init". The program will make the phone show
up as mass storage device during boot. The complete internal
storage is available for reading including the partition table
and all 42 partitions of the Android system.

Read more at
https://unparalleled.eu/blog/2021/20210626-android-internal-storage-as-mass-storage/
or follow on Twitter @unparalleled_eu
https://twitter.com/unparalleled_eu/status/1408835870485065734

| |  DI Roman Fiedler
| /  roman.fiedler at unparalleled.eu  +43 677 63 29 28 29
/ |  Unparalleled IT Services e.U.     FN: 516074h           VAT: ATU75050524
| |  https://unparalleled.eu/          Felix-Dahn-Platz 4, 8010 Graz, Austria

Attachment: exfiltrate-as-mass-storage.c
Description: exfiltrate-as-mass-storage.c

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/