A proof-of-concept Android application to detect and defeat some of the Cellebrite UFED forensic toolkit extraction techniques.

Related tags

Spring Boot lockup
Overview

LockUp

An Android-based Cellebrite UFED self-defense application

LockUp is an Android application that will monitor the device for signs for attempts to image it using known forensic tools like the Cellebrite UFED. Here is a blog I wrote.

  • Proof-of-Concept. Not meant as an in-depth defense
  • Android API 28, Does not require root
  • Relies on RECEIVE_BOOT_COMPLETED to start a Service and AccessibilityService
  • Monitors USB events through ACTION_USB_DEVICE, package installations, and known exploit staging locations on the filesystem
  • Detects Logical Extractions, File System Extractions, and Physical Extractions leveraging ADB
  • Will automatically respond with a factory reset with DeviceAdminReceiver
  • Beginning steps to researching more robust anti-forensic techniques

Signature Detection

  • Exploit staging directories and known filenames
  • Known file hashes
  • Application names and certificate metadata

TODO Signatures

  • Binary-level identifiers
  • Hardcoded RSA keys used for ADB authentication (requires root)

Installation

I avoided including everything needed to build LockUp, making this application so accessible that it may be easily used to avoid criminal prosecution was not my goal. Instead, my goal was to help support my research into forensic tools in showing how they aren't immune to software issues.

Author

Matt Bergin, KoreLogic

History

Most recently I presented my research at Blackhat Asia 2021.

I've released security advisories for the Cellebrite UFED which you may also be interested in:

License

Creative Commons Zero 1.0

You might also like...

Budget Proof Key for Code Exchange (PKCE) implementation using Java Spring-boot

Low Budget Proof Key for Code Exchange (PKCE) Implementation using Java Spring-boot Just for fun, low budget implementation of PKCE Auth Flow using a

Dec 11, 2022

The application consists of a web page with a list of some movies. The page allows user interaction through ratings of movies listed in the web app.

The application consists of a web page with a list of some movies. The page allows user interaction through ratings of movies listed in the web app.

DSMovie About the project https://matheus-maia-alvarez-dsmovie.netlify.app/ DSMovie is a full stack web and mobile application built during the Spring

Jul 21, 2022

APIKit:Discovery, Scan and Audit APIs Toolkit All In One.

APIKit:Discovery, Scan and Audit APIs Toolkit All In One.

APIKit:Discovery, Scan and Audit APIs Toolkit All In One.

Jan 9, 2023

An powerful enhanced toolkit of MyBatis for simplify development

An powerful enhanced toolkit of MyBatis for simplify development

Born To Simplify Development 企业版 Mybatis-Mate 高级特性 What is MyBatis-Plus? MyBatis-Plus is an powerful enhanced toolkit of MyBatis for simplify developm

Jan 10, 2023

Hexagon is a microservices toolkit written in Kotlin

Hexagon is a microservices' toolkit (not a framework) written in Kotlin. Its purpose is to ease the building of server applications (Web applications, APIs or queue consumers) that run inside a cloud platform.

Jan 5, 2023

Easy-Es is a powerfully enhanced toolkit of RestHighLevelClient for simplify development

Easy-Es is a powerfully enhanced toolkit of RestHighLevelClient for simplify development

Easy-Es is a powerfully enhanced toolkit of RestHighLevelClient for simplify development. This toolkit provides some efficient, useful, out-of-the-box features for ElasticSearch. By using Easy-Es, you can use MySQL syntax to complete Es queries. Use it can effectively save your development time.

Dec 31, 2022

Android application made during an introduction class to mobile application development.

Reflex Revolution Android application made during an introduction class to mobile application development. Contributors Hailey Savoie Carter Moore Fre

Aug 27, 2022

Bank Statement Analyzer Application that currently runs in terminal with the commands: javac Application.java java Application [file-name].csv GUI coming soon...

Bank Statement Analyzer Application that currently runs in terminal with the commands: javac Application.java java Application [file-name].csv GUI coming soon...

May 21, 2022

A React Native project starter with Typescript, a theme provider with hook to easy styling component, a folder architecture ready and some configs to keep a codebase clean.

React Native Boilerplate Folder structure : src ├── assets │   ├── audios │   ├── fonts │   ├── icons │   └── images ├── components │   ├── Layout.tsx

Sep 1, 2022
Comments
  • Smartphone got wiped

    Smartphone got wiped

    Hello,

    my smartphone got wiped on the moment i opened 2 times a .py file in nekogramx(a telegram fork) with the app https://play.google.com/store/apps/details?id=com.rhmsoft.code&hl=gsw&gl=US

    Cant provide any logs due to wipe.

    Im using Blackview BV9700 Pro with Android 9 Security Patch 5. August 2019

    opened by anon97945 1
Owner
levlesec
Infosec researcher
levlesec
GitHub
log4j2 Log4Shell CVE-2021-44228 proof of concept

Log4Shell CVE-2021-44228 proof of concept Requirement Java (JDK/JRE) 8 or later version curl exploitable Simple spring boot application that serves a

Seshu Pasam 2 Dec 21, 2021
Slueth(Zipkin) 를 통한 SQS Message Tracing POC(Proof of concept) 입니다.

Sleuth AWS SQS POC 해당 프로젝트는 Slueth(Zipkin) 를 통한 메시지 추적 POC(Proof of concept) 입니다. Rest API 를 통해 POST 요청을 받으면, 메시지를 발행/소비 합니다. 이 과정에서 유지되는 TraceId 를 확인

Hyunjin Jeong 10 Nov 29, 2022
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information

Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas

Johannes Jäger 181 Dec 2, 2022
Public proof-of-concept obfuscator using the MapleIR framework designed by cts & bibl

Skidfuscator: Obfuscation like never seen before. Join the discord: https://discord.gg/QJC9g8fBU9 ??️ What is Skidfuscator? Skidfuscator is a proof of

Shanyu Juneja / Thibaut Gautier 386 Jan 5, 2023
A DJL Algorithm used to detect if a Image contains a person such as Dream, Sapnap, George Not Found, TommyInnit, Tubbo or Ranboo. This Project has been created for a YouTube Video which is not yet finished, and neither is the Algorithm.

PissAI Personal Individuality Security Service Artificial Intelligence A DJL Algorithm used to detect if an Image contains a person such as Dream, Sap

Presti 5 Nov 19, 2022
Data extraction from smartphones and GPS and Accelerometer data "fusion" with Kalman filter.

This is library for GPS and Accelerometer data "fusion" with Kalman filter. All code is written in Java. It helps to increase position accuracy and GP

Rahul Goel 4 Nov 22, 2022
Detect any Team Shipping Element for the FTC 2021-2022 Freight Frenzy season

ShippingElementDetector Idea/algorithm created and implemented by Allen Wu, code provided by FTC 18225 High Definition NOTE: EXTRA CHANGES WILL NEED T

High Definition 12 Sep 25, 2022
Programming Services and Processes - 04 Secure Programming Techniques

Programación de Servicios y Procesos - 04 Técnicas de Programación Segura Tema 04. Técnicas de Programación segura. Curso 2021/2022. Contenidos Introd

José Luis González Sánchez 5 Dec 27, 2022
Duel Threads - Concurrency techniques duel it out for the championship (and bragging rights)

Duel Threads Concurrency techniques duel it out for the championship (and bragging rights) Phases: Argue over rules, challenges and the grand prize Se

Jason Sipula 2 May 9, 2022
Android Auto Apps Downloader (AAAD) is an app for Android Phones that downloads popular Android Auto 3rd party apps and installs them in the correct way to have them in Android Auto.

Android Auto Apps Downloader (AAAD) is an app for Android Phones that downloads popular Android Auto 3rd party apps and installs them in the correct way to have them in Android Auto.

Gabriele Rizzo 865 Jan 2, 2023