By: Robert Cepero

Research and Tutorial

DEVICESTOOLSTUTORIALS

Motorola Moto X – Motorola Droid Maxx – Samsung Galaxy Note 3

As part of the competition, Motorola has been on the race to dominate mobile devices, however they encounter limited help from competitors. To complete, they launched MOTO X and Droid Maxx, which brings a big surprise in the industry by being assemble in the US. At the same time Samsung has been successfully getting market shares with products that appeal to the consumers.

Base on the market research Samsung, Apple, LG, Huawei, and ZTE make up to the top five smartphone manufacturers, with some of the traditional manufacturers pushed down to lower rankings, as they go through transformation strategies: Sony (6th), BlackBerry (7th), Nokia (8th), HTC (9th). LG's better than expected figures are a result of strong sales of the Nexus 4 and L series product line. The following two tables reflect the market share and the shipment throughout the 2012 and the beginning of the 2013. They show the growing business that Samsung has push for in the mobile arena.

Vendor Q1 2013 Unit Shipments

Q1 2013 Market Share

Q1 2012 Unit Shipments

Q1 2012 Market Share

Year-over-year Change

Samsung 70.7 32.7% 44.0 28.0% 60.7%Apple 37.4 17.3% 35.1 23.0% 6.6%LG 10.3 4.8% 4.9 3.2% 110.2%Huawei 9.9 4.6% 5.1 3.3% 94.1%ZTE 9.1 4.2% 6.1 4.0% 49.2%Others 78.8 36.4% 57.5 37.7% 37%Total 216.2 100.0% 152.7 100.0% 41.6%

Base on the IDC market report, Samsung and Apple are dominating the market, as a result companies like Motorola have found themselves the in problem when releasing devices such as Moto X and Maxx.

By: Robert Cepero

Motorola Moto X

The Moto X is a fairly new device that clearly can’t compete with Samsung or Apple. At the same time is a phone for the everyday use, and this mean that is targeted for the masses; in other world when looking at the point of view of forensics is important to understand, decode and take a part every important part of this or the family of Motorola phones. This being said, that a good strategy coming from Google who’s is the parent company for Motorola. For this it reason they a pushing themselves to produce flagship devices. Along with Google as a parent company, Motorola has develop and family of devices that include Moto X, Android Mini Ultra and Maxx.

The newest being the Motorola Moto X, the first to bring the Google experience of “for you” type of phone; A little bit of background on the physical part of the phone before we get under the hood is the obvious; the screen measures 4.7 inches and offers 1280 x 720 resolution, is powered by a dual-core Snapdragon S4 Pro from Qualcomm, with each core rated at 1.7 GHz. The processor is paired with 2 GB of RAM. The Moto X might not have a quad-core powerhouse under the hood, but its a (Zeman)additional X8 architecture includes two more cores, one for graphics and another for sensor-intensive tasks. The Moto X has a 2200-mAh battery that is sealed into the phone. Motorola says it provides enough power for 24 hours of continuous use. It comes with either 16 or 32 GB of storage. There is no memory expansion slot, with is one of the turning point for potential buyers, but like I previously mention this phone is not for the data junkies but for the everyday users that are not interested in big storage space. The really plus is on the operating system, the X is distrituted with android 4.2 and in the past semtember was upgrade to android 4.4 kitkat adding a multiples new feature to the device, for example

Touch-less control: The Moto X is able to learn its owner's voice and respond to voice commands. Say, "OK Google now" and a command, and the phone can perform various functions such as initiate a voice call, map directions or do a Google search.

Quick capture: The camera can be opened with a quick flick of the wrist. Google believes this will help users get their cameras -- smartphones -- out and ready to shoot images faster. The idea is to help users get shots they might otherwise miss when trying to capture a fleeting moment.

Active display: The revised notification system on the Moto X brings more actionable information to the lock screen. Moto X owners will be able to see emails, text messages

By: Robert Cepero

and call history notifications without fully unlocking their device or even turning on the display.

Another item to mention about he X is about the marketing tools with ability to customize all the item of the device; in this case they call it Moto Maker. For most people, the Moto X is available only in black and white. AT&T customers, however, using the Moto Maker online tool to customize the look of their device is making it unique for individuals. Users can choose from 14 different back panel colors and a half-dozen accent colors and even add personal messages to the back of the phone. Moto Maker customizations are free and because the devices are assembled in Fort Worth, Texas, most orders ship within four days.

Getting under the hood of Moto X the operation system is what us forensics analysis are more interested, also the data that the phone store in combination with user operations. In order to obtain more information from the phone analysis, imaging or further test needs to be preformed on the devices. And in order to preformed theses test rooting the devices in many cases is the best option. Rooting the operating system is what we are after. Android 4.2 was originally rooted on the while with tools such as ROOTMYMOTO, ROOTMYMOTO, but with the new release of kitkat operation system 4.4 the preview rooting mechanism is now useless.

Rooting the version 4.4 is done with the vulnerability found on bug 9695860 that violate master key and write permission are bypass to obtained root access. A full description of the bug reveals that vulnerability on the signature verification and allows seemingly innocent APKs to include a potentially dangerous payload.

“The nature of the exploit is fairly complicated and relies on some tricky modifications to the APK. Basically, two versions of the classes.dex file are placed inside of the package, the original and a hacked alternative. By overlapping the valid version (which begins with the characters 'dex') with part of the filename (which ends with 'dex'), it becomes invisible to the extraction process. The container is then modified to trick Android into examining the original. This bait-and-switch tactic depends on an oversight in the signature

check process where the system reads a pair of values (the length of the filename and extra field) to determine how far to skip to get to the actual file data. By providing a negative number

By: Robert Cepero

here, the valid version is checked. Google's fix for the problem was to simply force the values to be interpreted as positive numbers, making it impossible to use this particular method for misdirection.”

The following is Google’s fix showing the old source code and the modification.

As a result of the vulnerability found much other developer have been able to develop software that can root the device other the air, this method being one of the favorites for IOS devices. When looking at it from the forensic point of view, is good to know that many of the Android operation system have hole used to open a back door to the OS. For example, the following is the rooting method that was develop base on this specific vulnerability.

Motorola Droid Maxx ,Ultra, and Mini

Another creation of Motorola is the Droid Maxx and the Ultra, very similar that share many components. They run Android 4.2 Jelly Bean with very similar architecture to Moto X or any other phone running 4.2.2, but now running 4.4 KitKat thanks to over the air update that in many parts has wipe out any previews form of unhooking Jelly Bean. The Maxx and the Ultra are very similar phones apart from the there internal storage, in one hand the Maxx comes with 16GB internal storage and the Ultra comes with 32GB internal storage. From the processor point of view, they are not the best flagship phones when comparing it with the heavy lifter phone maker such are Apple and Samsung.

When it comes to review the forensic along with the security of the phones, there are many aspects to review. To start, there are not mush different from the Motorola X, all the firmware are across the board including X, Ultra, Maxx and Mini are can be rooted with forensic tools. But the idea being the write-up is to do it with tools that are available to the public or to any forensic specialist. Also is important to mention that for the general public rooting the device is to install a custom recovery image, like CWM or TWRP recovery, update the system ROM (which represents a custom port of Android OS, modified in order to obtain better performances), flash a custom kernel, make the CPU faster by overclocking it, look under the hood of the CPU and lot more. The mentioned operations are being used for customizing the performances, improving the speeds and web browsing experience, change the looks and the default Android interface, upgrade the battery life and so on. But in many cases is not done for this same purpose, is to basically retrieve and information such as messages, email, picture, etc. By rooting the phones allows many forensic analysis can review one of the key component of the device especially for law enforcing agencies – the where about.

By: Robert Cepero

Basically all the phones are unwanted tracking devices. In this case the GPS technology are silently recording every users. For example, after reversing and analyzing all the logs from android devices using “Android Tracker LE” I can see that not only the GPS signal is an importan factor in locating a device but also a WiFi connection helps, see below findings

And they can map out like this

Lastly, another benific from unlocking your devices is the ability to see what’s the device snding out the cloud or any other location, see how is monitor below

By: Robert Cepero

Root Motorola X, Ultra, Mini, Maxx running Android 4.4 KitKat Firmware All carriers

1. First of all, on your computer you need to download the Android SDK. Also download and install Cydia Impactor file, and also obtained the latest version of Slap My Moto.

2. Now, connect your Moto X with your computer via USB cable3. On your computer open a command prompt window (go to “start -> run -> type cmd”).4. On the cmd window type the following command:

a. adb push SlapMyMoto.jar/sdcard/SlapMyMoto.jar5. Also, on the same cmd window enter

a. adb shell getprop dhcp.wlan0.ipaddress (the IP address of your phone will be displayed)

6. Good, now from your computer open the Cydia Impactor program and select the “”# start telnetd as system on port 2222? option.

7. Click on start.8. Return to the cmd window and enter the following commands (replace IPADDRESS with

your phone’s own IP address that has been provided before): a. telnet IPADDRESS 2222b. dalvikvm -cp /sdcard/SlapMyMoto.jar SlapMyMoto

9. When the system will prompt you to reboot your phone, in cmd enter a. adb reboot

10. Now reboot your handset in bootloader mode by typing in cmd a. adb reboot bootloader

By: Robert Cepero

11. Once your Moto X has been entered the bootloader mode, on the cmd window you need to enter:

a. fastboot flash partition gpt.binb. fastboot flash motoboot motoboot.imgc. fastboot flash logo logo.bind. fastboot reboot

12. Up next, your handset will reboot; then you will have to type the command (again on the same cmd window):

a. adb push su /data/local/tmp/sub. adb push install.sh /data/local/tmp/install.shc. adb push rec.sh /data/local/tmp/rec.shd. adb push install-recovery.sh /data/local/tmp/install-recovery.she. adb push setup.sh /data/local/tmp/setup.shf. adb reboot

13. Once your phone reboots type in cmd:a. Adb shellb. echo /data/local/tmp/rec.sh > /sys/kernel/uevent_helper

Samsung Note 3

Looking at the Samsung Note 3, the latest version of the Samsung line up of “heavy hitter” devices, the only thing I see is greatness in comparison with other manufacture like Motorola, LG, RIM, etc. Is running the Android version 4.3 with the modern Samsung firmware version that for rooting purpose is bit harder to root that must of my previous experiences rooting phones. Since we are describing all the feature and advantages of the phone, is better to take the opportunity to go over the software that un-root them. The software used, is a combination of tools in combination witch Samsung software that allows you to update and install custom ROMs and perform other complex operations. The software is used by Samsung in its authorized service centers for repairing and upgrading Galaxy devices, although it is equally useful for other Android devices on my experience I only use it for Samsung Notes 3 firmware. The tool used is ODim, and the current version is v3. Many users will ask themselves how is that connect to the computer, and is by via Samsung drivers that in many cases needs to be upgraded before any rooting takes place. The best solution is installing Samsung KIES which is the similar to iTunes with apples, all drives are installed base on the devices being used. Below is the KIES screen shoots

By: Robert Cepero

Connecting KIES to the phone

Odim has different type of configuration and mechanism that help the rooting; furthermore it can help with in recovery sytuaton or when the phone simply corrupted and unoperational. For example the following are the type of operation that can be done Boot-loader, Update, and Full imaging. Making one or the other will depend on the number of files from the ROM we may have modify

File “_HOME_” Files “CSC”, “_MODEM_”, “_CODE_”, “PIT” Files “CSC”, “_MODEM_”, “_CODE_”, “_APBOOT_”, “PIT”

In addition these are the files sorted when doing any of the operations. Boot-loader needs of _APBOOT_ Update / Upgrade requires a file “_HOME_” Complete needs the 4 files “CSC”, “_MODEM_”, “_CODE_”

By: Robert Cepero

In addition these are the modification in the software itself • PIT: PIT FILE• PDA = CODE• PHONE = MODEM• CSC = CSC• Boot-loader = apbootThe boot-loader rewrites the boot sector including official “Recovery” from Samsung. The upgrade does not remove your personal data, only upgrades the operating system. The full flash repartitions the internal Storage space and installs the entire operating system. But at the same time knowing the order of files, the file field relationship and the final outcome of each, already you can choose what to do in every moment. For example, these are full flash • Upgrade

◦ Auto Reboot ◦ F. Reset Time ◦ Re-Partition

• Full◦ Auto Reboot ◦ F. Reset Time ◦ Re-Partition

• Boot-loader◦ Auto Reboot ◦ F. Reset Time ◦ Re-Partition

By: Robert Cepero

The boot-loader flashing is performed as shown in this picture