A proof-of-concept Android application to detect and defeat some of the Cellebrite UFED forensic toolkit extraction techniques.

mbkore

Last update: Dec 4, 2022

Related tags

Distribution lockup

Overview

LockUp

An Android-based Cellebrite UFED self-defense application

LockUp is an Android application that will monitor the device for signs for attempts to image it using known forensic tools like the Cellebrite UFED. Here is a blog I wrote.

Proof-of-Concept. Not meant as an in-depth defense
Android API 28, Does not require root
Relies on RECEIVE_BOOT_COMPLETED to start a Service and AccessibilityService
Monitors USB events through ACTION_USB_DEVICE, package installations, and known exploit staging locations on the filesystem
Detects Logical Extractions, File System Extractions, and Physical Extractions leveraging ADB
Will automatically respond with a factory reset with DeviceAdminReceiver
Beginning steps to researching more robust anti-forensic techniques

Signature Detection

Exploit staging directories and known filenames
Known file hashes
Application names and certificate metadata

TODO Signatures

Binary-level identifiers
Hardcoded RSA keys used for ADB authentication (requires root)

Installation

I avoided including everything needed to build LockUp, making this application so accessible that it may be easily used to avoid criminal prosecution was not my goal. Instead, my goal was to help support my research into forensic tools in showing how they aren't immune to software issues.

Author

Matt Bergin, KoreLogic

History

Most recently I presented my research at Blackhat Asia 2021.

I've released security advisories for the Cellebrite UFED which you may also be interested in:

License

Creative Commons Zero 1.0

Ghidra Wasm plugin with disassembly and decompilation support

Module to load WebAssembly files into Ghidra, supporting disassembly and decompilation. This plugin borrows loader functionality from this repo: https

Nov 22, 2022

The best plugin to protect anarchy servers and mc servers in general against op attacks.

AdminSecure The best plugin to protect anarchy servers and mc servers in general against op attacks How does it work? When the server detects a player

Sep 2, 2021

Ghidra Plugin for Texas Instrument CC 8051 SOC's especially CC1110 and CC2510

Texas Instruments CCxxxx Ghidra CPU Plugin Ghidra Plugin for Texas Instrument CC 8051 core SOC's especially CC1110 and CC2510 This helps to name the d

Dec 22, 2022

A proof-of-concept Android application to detect and defeat some of the Cellebrite UFED forensic toolkit extraction techniques.

LockUp An Android-based Cellebrite UFED self-defense application LockUp is an Android application that will monitor the device for signs for attempts

Dec 4, 2022

This repo contains a proof-of-concept for 📱🚀👑⚡, a deserialization vuln for local escalation of privilege to system_server in Android 10. This proof-of-concept only activates a privileged intent.

CVE-2020-0082-PoC This repo contains a proof-of-concept for 📱 🚀 👑 ⚡ , a deserialization vuln for local escalation of privilege to system_server in

Oct 11, 2022

STxMobile is a proof of concept of an Android app for remotely controlling the Raymarine ST2000+ tiller pilot from an Android phone.

Sep 1, 2022

A Toolkit for Modeling and Simulation of Resource Management Techniques in Internet of Things, Edge and Fog Computing Environments

The iFogSimToolkit (with its new release iFogSim2) for Modeling and Simulation of Resource Management Techniques in Internet of Things, Edge and Fog Computing Environments. In the new release Mobili Management, Microservice Management, and Dynamic Clustering mechanisms are added as new features.

Dec 17, 2022

A proof-of-concept serverless full-text search solution built with Apache Lucene and Quarkus framework.

Lucene Serverless This project demonstrates a proof-of-concept serverless full-text search solution built with Apache Lucene and Quarkus framework. ✔️

Oct 29, 2022

log4j2 Log4Shell CVE-2021-44228 proof of concept

Log4Shell CVE-2021-44228 proof of concept Requirement Java (JDK/JRE) 8 or later version curl exploitable Simple spring boot application that serves a

Dec 21, 2021

CVE-2021-44228 (Log4Shell) Proof of Concept

CVE-2021-44228 (Log4Shell) Proof of Concept Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect ag

Mar 18, 2022

Log4Shell Zero-Day Exploit Proof of Concept

Log4Shell Zero-Day Exploit if attacker manage to log this string ${jndi:ldap://someaddresshere/param1=value1} to log4j it somehow loads the class/java

Oct 9, 2022

Slueth(Zipkin) 를 통한 SQS Message Tracing POC(Proof of concept) 입니다.

Sleuth AWS SQS POC 해당 프로젝트는 Slueth(Zipkin) 를 통한 메시지 추적 POC(Proof of concept) 입니다. Rest API 를 통해 POST 요청을 받으면, 메시지를 발행/소비 합니다. 이 과정에서 유지되는 TraceId 를 확인

Nov 29, 2022

Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information

Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas

Dec 2, 2022

Public proof-of-concept obfuscator using the MapleIR framework designed by cts & bibl

Skidfuscator: Obfuscation like never seen before. Join the discord: https://discord.gg/QJC9g8fBU9 🕵️ What is Skidfuscator? Skidfuscator is a proof of

Jan 5, 2023

A DJL Algorithm used to detect if a Image contains a person such as Dream, Sapnap, George Not Found, TommyInnit, Tubbo or Ranboo. This Project has been created for a YouTube Video which is not yet finished, and neither is the Algorithm.

PissAI Personal Individuality Security Service Artificial Intelligence A DJL Algorithm used to detect if an Image contains a person such as Dream, Sap

Nov 19, 2022

Comments

Smartphone got wiped

Hello,

my smartphone got wiped on the moment i opened 2 times a .py file in nekogramx(a telegram fork) with the app https://play.google.com/store/apps/details?id=com.rhmsoft.code&hl=gsw&gl=US

Cant provide any logs due to wipe.

Im using Blackview BV9700 Pro with Android 9 Security Patch 5. August 2019

opened by anon97945 1

A proof-of-concept Android application to detect and defeat some of the Cellebrite UFED forensic toolkit extraction techniques.

Related tags

Overview

LockUp

An Android-based Cellebrite UFED self-defense application

Signature Detection

TODO Signatures

Installation

Author

History

License

You might also like...

Comments

Owner

mbkore

An open-source OTP & Call flooding android application with unlimited sending capability.

JitPack is a novel package repository for JVM and Android projects.

This simple Android Studio plugin includes keyboard shortcuts for many common actions.

Android Studio Arctic Fox (Canary) for Apple Sillicon

Packages your JAR, assets and a JVM for distribution on Windows, Linux and Mac OS X

Dead-Simple Packaging and Deployment for JVM Apps

:package: Gradle/Maven plugin to package Java applications as native Windows, Mac OS X, or GNU/Linux executables and create installers for them.

Publish Jenkins performances metrics to an OpenTelemetry endpoint, including distributed traces of job executions and health metrics of the controller.

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

Ask and replay plugin for Mirai-Console