[Linux] Android Acquisition using ADB, root, netcat and DD

DFIRScience

21 Apr 201718:16

Summary

TLDRThis tutorial guides viewers through the process of imaging an Android phone using root privileges and the 'dd' command, specifically on a Linux system with ADB. It covers setting up ADB, downloading necessary APKs like Kingo Root and BusyBox, and successfully gaining root access. The video details how to create a disk image by connecting the phone to the computer and using 'dd' to transfer data. Emphasizing caution when using rooting software, the tutorial concludes with clean-up steps to ensure the device's safety after imaging, promising further insights in future videos.

Takeaways

😀 Rooting an Android phone requires caution, as rooting software can potentially contain malware.
🔧 ADB (Android Debug Bridge) is essential for accessing the Android device from a Linux computer.
📦 Tools such as Kingo Root and BusyBox APK are necessary for gaining root access and adding Linux utilities to the device.
📱 Ensure the Android device is compatible with the rooting software, especially regarding the Android version.
🖥️ Use the command 'adb devices' to confirm that the Android phone is properly connected to the computer.
⚙️ To install APKs on the device, use the command 'adb install <path_to_apk>'.
🔒 After rooting, verify root access through the Superuser app, which manages permissions for root applications.
📊 Imaging the device involves identifying the correct block device (usually /dev/block/mmcblk0) to create a disk image.
🌐 Netcat (nc) is used to transfer the disk image over a network connection set up via ADB.
🧹 Post-imaging, it's important to uninstall rooting tools and revoke root access to maintain device security.

Q & A

What is the main objective of the tutorial?
-The main objective of the tutorial is to demonstrate how to image an Android phone using root privileges and the `DD` command through a Linux computer.
What operating system is primarily used in the tutorial?
-The tutorial primarily uses a Linux operating system, although it mentions that ADB can also be set up on Windows.
What tools are required to root the Android device?
-The required tools are Kingo Root and BusyBox APKs, which provide the necessary functionalities for rooting and adding Linux utilities to the device.
Why is caution advised when using Kingo Root?
-Caution is advised because Kingo Root has been flagged by several antivirus programs as potentially malicious, and it is important to ensure the software does not compromise the device.
How can you confirm that ADB is properly installed?
-You can confirm that ADB is properly installed by running the command `adb help` in the terminal, which should display the help menu.
What command is used to forward a TCP port for data transfer?
-The command used to forward a TCP port for data transfer is `adb forward tcp:8888 tcp:8888`.
What command is used to start imaging the disk on the Android device?
-The command used to start imaging the disk on the Android device is `dd if=/dev/block/mmcblk0 | busybox nc -l -p 8888`, which reads the physical disk and prepares it for transfer.
What command is used on the computer to receive the disk image from the phone?
-The command used on the computer to receive the disk image is `nc 127.0.0.1 8888 > Samsung_Note2.dd`, which connects to the phone's listening port and saves the output to a file.
What should be done after the imaging process is complete?
-After the imaging process is complete, you should uninstall the BusyBox and Kingo Root applications from the phone and remove root access through the Kingo Root settings.
How can you verify if root access was successfully obtained?
-You can verify if root access was successfully obtained by checking for the presence of the Super User app and ensuring you can access restricted directories on the device.