The phone had the USB connector not working properly and it was only used to recharge the device. It worked out well since we had a case with a Huawei phone.
The hard job was done by the paper's authors, so it was easy to develop the script. In RealityNet I created a python script able to decrypt a Huawei backup, both when created with HiSuite and when created with KoBackup: please remember that they use a different folder structure and, with KoBackup, multimedia files are not encrypted. Worth noting, the HiSuite version used in the paper was 8.0.1.303_OVE and the KoBackup version was not reported, most likely the same version. If not interested in details, jump to the section related to the provided software. It's strongly suggested to read the paper, because in the following lines it's assumed a lot from it, starting from the difference between backups done with HiSuite and backups done with the KoBackup app, up to encryption keys derivations and algorithms. This research goes into great details regarding how the Huawei backups work, from the folder structures to their decryption. Recently on the Digital Investigation Journal Myungseo Park and others had published the paper " Decrypting password-based encrypted backup data for Huawei smartphones" (Volume 28, March 2019, Pages 119-125). So, once the analyst gets the backup, how could he decrypt it? Well, that's good but with one downside: the backups are encrypted with a password chosen by the user or with a sort of device password (not explored in the post). This open a nice scenario for an analyst: the opportunity to grab all the intimate files inside the data/data folders. Yes, exactly what inside the object of desire data/data folder.īy using the HiSuite software solution, thus with the aid of a computer, or directly using the Huawei Backup App(on a SD card or by USB OTG) the user has the choice to backup apps too. The latter has a very nice capability: it's able to include the applications data in the backups. What left? Android vendors often provide their own backup solution, as for example Samsung Smart Switch)and Huawei Backup. Almost totally manual, lots of screenshot, hard to search for keywords, etc.Īpplications downgrade is a chance for some well-known apps, not for everything. Anyone who did that at least once knows how uncomfortable is this approach. In the scenario where device is unlocked or the lock code is known (the only scenario considered in this post), the analyst could use the device itself to make the analysis of the installed applications.
0 kommentar(er)
