Posted on

How to root a HTC Wildfire

The following steps will void the warranty of the device and there is no guaranty that it will work on your device!

  • First of all you will need to know what version of HBOOT the device is using and the serial number of it
  • If HBOOT is not 1.01.0001 you have to downgrade to HTC Froyo WWE for Revolutionary
  • Download & install the HTC Sync drivers
  • Make sure USB debugging is enabled on the device
  • Download Revolutionary 0.4pre4
  • Connect the HTC Wildfire to the computer via USB
  • Launch the Revolutionary software and enter in the beta key you got from the revolutionary website
  • Revolutionary will now root the device, set S-OFF and install clockwork recovery. The device will reboot on its own afterwards
  • Now you can flash a custom ROM with the help of clockwork recovery

If all these steps are finished successfully you are root and, if you have flashed a new custom ROM, you are running a newer version of Android.

Posted on

Android devices and JTAG

Today I got some new toys to improve the forensic investigation process on smartphones. These tools allow to connect directly to the JTAG interface on the smartphone and so it should be possible to get a real dump of the memory.

I’m really excited how this works out 🙂

Posted on

Decoding cache.cell and cache.wifi files

As everybody knows, Android is maintaining two cache files with location information. One is cache.wifi (a wifi router database with MAC and GPS of the router) the other is cache.cell (a database with mobile communication cells and their GPS). Due to the fact, that these files are in binary format the following Python code-snippet should help to encode the actual data: 

cacheFile = open("cache.wifi", 'rb')
version, entries = struct.unpack('>hh', cacheFile.read(4))
i = 0
while i < entries:
   key = cacheFile.read(struct.unpack('>h', cacheFile.read(2))[0])
   (accuracy, confidence, latitude, longitude, readtime) = struct.unpack('>iiddQ', cacheFile.read(32))
   outputFile.write('%25s %7d %5d %10f %10f %s \n' % (key,accuracy,confidence,latitude,longitude,time.strftime("%x %X %z", time.localtime(readtime/1000))))
   i=i+1
cacheFile.close()

The cache files are located at:
/data/data/com.google.android.location/files/

This snippet works for both cache files, just change the filename 🙂

Posted on

Status Meeting at the Federal Ministry of Education and Research

As our work is sponsored by the Federal Ministry of Education and Research we had the chance to give a presentation of our ongoing work at a status meeting of the ministry in Bonn last week. It was a really interesting two day meeting because many other sponsored projects were invited, too.

Due to the fact that our Mobile-Sandbox attracted a lot of attention there were many interesting discussions afterwards. Let’s see how these discussions will influence the further development of the system.

We also had the chance to present our forensic framework – ADEL – in a poster session. The presented poster can be viewed here:

Posted on

Sources of location information on Android phones

We investigated several well-known apps from the Android market with respect to the amount of location data stored. Some of these apps, their corresponding databases as well as the location data retrieved can be found in the following table.

App Storage Location Content
system cache.cell last 50 mobile telecommunication cells
system cache.wifi last 200 wifi routers
camera JPG pictures latitude and longitude of picture location
browser CachedGeopositions.db latitude, longitude, accuracy and timestamp
twitter author_id.db -> statuses latitude and longitude of status message
twitter author_id.db -> search_queries latitude, longitude and radius of location search queries
facebook fb.db -> user_statuses latitude and longitude of status message
facebook fb.db -> user_values latitude, longitude and timestamp of last checkin
google maps da_destination_history latitude and longitude of navigation start and destination