Difference between pages "Micro Systemation" and "Chip-Off BlackBerry Curve 9320"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
(Created page with "== Tear Down == <ol start="1"> <li>Remove the back panel.</li> </ol> {| border="1" cellpadding="2" |- | 300px |- |} <ol start="2"> ...")
 
Line 1: Line 1:
{{expand}}
+
== Tear Down ==
  
[[Category: Vendors]]
+
<ol start="1">
 +
<li>Remove the back panel.</li>
 +
</ol>
  
Micro Systemation (MSAB) is a public company based in Stockholm, Sweden who specialize in producing a mobile forensics product called XRY.
+
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:1-bb9320-BackPanelRemoved.jpg| 300px ]]
 +
|-
 +
|}
  
The company which was founded in 1984 has a long history of involvement in mobile communications and their first product SoftGSM was designed to help early mobile phones uers connect to their computers to back up important information.
+
<ol start="2">
 +
<li>Remove the SIM and SD Memory Card.</li>
 +
</ol>
  
In 2002 work with the Swedish Police led to the identification of a need for forensic software which could assist law enforcement to recover data from mobile phones and in 2003 XRY was created. Originally called .XRY after the unique file extension the reports create, the product is now generally referred to and branded as XRY.
+
<ol start="3">
 +
<li>Using a torx-6 screw driver remove the 2 visible screws on the back of the phone.</li>
 +
</ol>
  
The companies early success was in promoting the product to law enforcement agencies in Western Europe who were early adopters of the product. The company now has offices in Europe and the USA, as well as a network of distributors globally.  
+
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:2-bb9320-ScrewRemoval.jpg| 300px ]]
 +
|-
 +
|}
  
XRY is used by Police, Law Enforcement, Military, Government Intelligence Agencies and Forensic Laboratories in over 60 countries worldwide to investigate crime, gather intelligence, investigate fraud and fight corruption. In May 2011 they claimed to supply over 95% of Police Forces in the United Kingdom with XRY.
+
<ol start="4">
 +
<li>Remove the screen protector using a shim, guitar pick, or prying tool.</li>
 +
</ol>
  
The company is listed on the Swedish Stock Exchange.
+
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:3-bb9320-ScreenRemoval.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="5">
 +
<li>Remove 2 torx-5 screws.</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:4-bb9320-ScrewRemoval.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="6">
 +
<li>Use the shim to detach the outer bezel/keyboard from the device.</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:5-bb9320-TopPlate.jpg| 300px ]] 5-1-bb9320-TopPlate.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="7">
 +
<li>Remove 4 additional torx-6 screws. The main board will now easily be separated from the back plate</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:6-bb9320-ScrewRemoval.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="8">
 +
<li>Peel off the vendor sticker.</li>
 +
</ol>
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:7-bb9320-VendorPlate.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="9">
 +
<li>Remove the plastic cover protecting the track pad ribbon cable, and disconnect the track pad.</li>
 +
</ol>
 +
 
 +
<ol start="10">
 +
<li>Remove the final torx-4 screw located beneath the plastic protector, to remove the plastic keyboard overlay.</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:8-bb9320-ScrewRemoval.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="11">
 +
<li>Disconnect the ribbon cable connected to the LCD. Then using a pick separate the display from the main board.</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:9-bb9320-ScreenRemoval.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="12">
 +
<li>The tear down is now complete</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:9-1-bb9320-TearDownComplete.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
eMMC Removal
 +
 
 +
<ol start="1">
 +
<li>The eMMC is located beneath the heat shield directly above the Micro SD card slot.</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:10-bb9320-EMMC-Location.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="2">
 +
<li>Place the main board in a stand or holder and position it approximately 2 1/2" - 3" inches away from a heat gun or device the blows super hot air.</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:11-bb9320-HeatShield.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="3">
 +
<li>Monitoring the temperature the heat shield will come off easily between 190-200 Centigrade.</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:12-bb9320-HeatShield.jpg| 300px ]] 13-bb9320-HeatShieldRemoved.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="4">
 +
<li>Continue working under the high heat. With the 9315/9320's I've worked on the eMMC has been ready to lift off of the main board using tweezers immediately after removing the heat shield.</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:14-bb9320-EMMC-Removed.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="5">
 +
<li>Using liquid flux, or flux paste and a soldering iron clean the pads on the eMMC in preparation for a read</li>
 +
</ol>
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[File:15-bb9320-EMMC-Cleanup.jpg| 300px ]]
 +
| [[File:16-bb9320-EMMC-Clean.jpg| 300px ]]
 +
|-
 +
|}
 +
 
 +
<ol start="6">
 +
<li>The eMMC is now ready to read using the appropriate adapter/programmer and software.</li>
 +
</ol>
 +
 
 +
At the time of this writing (2013OCT29) the eMMC that was removed in this example was read using an UP828 programmer via the "VBGA169E" adapter. The resulting image was then parsed via the CelleBrite Physical Analyzer (V. 3.8.5.108).

Revision as of 12:26, 30 October 2013

Tear Down

  1. Remove the back panel.
1-bb9320-BackPanelRemoved.jpg
  1. Remove the SIM and SD Memory Card.
  1. Using a torx-6 screw driver remove the 2 visible screws on the back of the phone.
2-bb9320-ScrewRemoval.jpg
  1. Remove the screen protector using a shim, guitar pick, or prying tool.
3-bb9320-ScreenRemoval.jpg
  1. Remove 2 torx-5 screws.
4-bb9320-ScrewRemoval.jpg
  1. Use the shim to detach the outer bezel/keyboard from the device.
5-bb9320-TopPlate.jpg 5-1-bb9320-TopPlate.jpg| 300px ]]
  1. Remove 4 additional torx-6 screws. The main board will now easily be separated from the back plate
6-bb9320-ScrewRemoval.jpg
  1. Peel off the vendor sticker.
7-bb9320-VendorPlate.jpg
  1. Remove the plastic cover protecting the track pad ribbon cable, and disconnect the track pad.
  1. Remove the final torx-4 screw located beneath the plastic protector, to remove the plastic keyboard overlay.
8-bb9320-ScrewRemoval.jpg
  1. Disconnect the ribbon cable connected to the LCD. Then using a pick separate the display from the main board.
9-bb9320-ScreenRemoval.jpg
  1. The tear down is now complete
9-1-bb9320-TearDownComplete.jpg

eMMC Removal

  1. The eMMC is located beneath the heat shield directly above the Micro SD card slot.
10-bb9320-EMMC-Location.jpg
  1. Place the main board in a stand or holder and position it approximately 2 1/2" - 3" inches away from a heat gun or device the blows super hot air.
11-bb9320-HeatShield.jpg
  1. Monitoring the temperature the heat shield will come off easily between 190-200 Centigrade.
12-bb9320-HeatShield.jpg 13-bb9320-HeatShieldRemoved.jpg| 300px ]]
  1. Continue working under the high heat. With the 9315/9320's I've worked on the eMMC has been ready to lift off of the main board using tweezers immediately after removing the heat shield.
14-bb9320-EMMC-Removed.jpg
  1. Using liquid flux, or flux paste and a soldering iron clean the pads on the eMMC in preparation for a read
15-bb9320-EMMC-Cleanup.jpg 16-bb9320-EMMC-Clean.jpg
  1. The eMMC is now ready to read using the appropriate adapter/programmer and software.

At the time of this writing (2013OCT29) the eMMC that was removed in this example was read using an UP828 programmer via the "VBGA169E" adapter. The resulting image was then parsed via the CelleBrite Physical Analyzer (V. 3.8.5.108).