Difference between pages "List of Cyberspeak Podcast Interviews" and "JTAG Huawei TracFone M865C"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(2007)
 
(Created page with "== JTAG Huawei TracFone M865C (Ascend II) == This phone is supported by the Cricket Network and Tracfone. This uses a Qualcomm 7627 600 MHz (S1) Processo and comes standard...")
 
Line 1: Line 1:
The [[Cyberspeak podcast]] usually features at least one interview per show. The guests on each show are listed below.
+
== JTAG Huawei TracFone M865C (Ascend II) ==
  
=== 2005 ===
 
  
* 18 Dec 2005: [[Nick Harbour]], author of [[Dcfldd|dcfldd]]
 
* 31 Dec 2005: [[Jesse Kornblum]], author of [[foremost]] and [[md5deep]]
 
  
=== 2006 ===
+
This phone is supported by the Cricket Network and Tracfone. This uses a Qualcomm 7627 600 MHz (S1) Processo and comes standard with Android version 2.3. This phone is unsupported by RIFF Box for the JTAG process for resurrector.
  
* 7 Jan 2006: [[Drew Fahey]], author of [[Helix]]
 
* 18 Jan 2006: [[Simple Nomad]]
 
* 21 Jan 2006: [[Johnny Long]]
 
* 28 Jan 2006: [[Kevin Mandia]]
 
  
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[ File:huawei-tracfone-m865c-front.png | 400px ]]
 +
| [[ File:huawei-tracfone-m865c-back.png | 400px ]]
 +
|-
 +
|}
  
* 4 Feb 2006: [[Brian Carrier]]
 
* 11 Feb 2006: [[Jesse Kornblum]]
 
* 18 Feb 2006: [[Bruce Potter]] of the Shmoo Group
 
* 25 Feb 2006: [[Kris Kendall]] speaks about malware analysis
 
  
  
* 4 Mar 2006: [[Dave Merkel]]
+
=== Getting Started ===
* 11 Mar 2006: [[James Wiebe]] of [[Wiebe Tech]]. Also [[Todd Bellows]] of [[LogiCube]] about [[CellDek]]
+
* 18 Mar 2006: [[Kris Kendall]]
+
* 25 Mar 2006: (No interview)
+
  
  
* 1 Apr 2006: [[Harlan Carvey]], creator of the [[Forensic Server Project]]
+
What you need:
* 8 Apr 2006: (No interview)
+
* 15 Apr 2006: (No interview), but first to mention the [[Main_Page|Forensics Wiki]]!
+
* 22 Apr 2006: [[Jaime Florence]] about [[Mercury]], a text indexing product
+
  
  
* 6 May 2006: [[Mark Rache]] and [[Dave Merkel]]
+
# Riff Box
* 13 May 2006: [[Steve Bunting]]
+
* 21 May 2006: [[Mike Younger]]
+
* 29 May 2006: [[Mike Younger]]
+
  
 +
# USB to Micro USB cord
  
* 3 Jun 2006: [[Jesse Kornblum]] about [[Windows Memory Analysis]]
 
* 10 Jun 2006: (No interview)
 
* 17 Jun 2006: [[Mike Younger]]
 
* 24 Jun 2006: (No interview)
 
  
  
* 1 Jul 2006: (No interview)
+
=== NAND Dump Procedure ===
* 9 Jul 2006: [[Johnny Long]]
+
* 18 Jul 2006: [[Dark Tangent]]
+
* 30 Jul 2006: [[Jesse Kornblum]] about [[Ssdeep|ssdeep]] and [[Context Triggered Piecewise Hashing|Fuzzy Hashing]]
+
  
 +
# Disassemble the phone down to the PCB.
 +
# Connect the RIFF box to the PC via USB.
 +
# Connect the RIFF box to the PCB via the JTAG pins.
 +
# Connect the PCB to a Micro USB cord and power via a power supply.
 +
# Start the "RIFF box" software.
 +
# Power the PCB.
 +
# Dump the NAND.
  
* 10 Aug 2006: [[Brian Contos]] discusses his book ''Insider Threat: Enemy at the Watercooler''
+
The TAPS are located under the battery, behind the Huawei phone label.  The phone will be powered by a Micro USB cord from an AC battery charger.
* 13 Aug 2006: [[Richard Bejtlich]] discusses his book ''Real Digital Forensics''
+
* 27 Aug 2006: [[David Farquhar]]
+
  
 +
The TAPS order is as follows:
  
* 3 Sep 2006: [[Keith Jones]]
+
# 1=Not Used
* 10 Sep 2006: (No Interview)
+
# 2=TCK
* 17 Sep 2006: (No Interview)
+
# 3=GND
* 24 Sep 2006: (No Interview)
+
# 4=TMS
 +
# 5=TDI
 +
# 6=TDO
 +
# 7=RTCK
 +
# 8=TRST
 +
# 9=NRST
  
  
* 1 Oct 2006: [[Brian Kaplan]], author of [[LiveView]]
 
* 8 Oct 2006: [[Tom Gallagher]] discusses his book ''Hunting Security Bugs''
 
* 15 Oct 2006: (No Interview)
 
* 29 Oct 2006: (No Interview)
 
  
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[ File:huawei-tracfone-m865c-taps.png | 400px ]]
 +
|-
 +
|}
  
* 12 Nov 2006: [[Jesse Kornblum]] discusses his paper ''Exploiting the Rootkit Paradox with Windows Memory Analysis''
 
* 19 Nov 2006: [[Kris Kendall]] discusses unpacking binaries when conducting malware analysis
 
* 26 Nov 2006: (No Interview)
 
  
  
* 3 Dec 2006: [[Brian Dykstra]]
+
For the TAPs, the Huawei-8650 was utilized, pictured above. The TAPS on the M865C are located in the same location as the 8650. See below for TAPS locations.
* 10 Dec 2006: [[Mike Younger]]
+
* 17 Dec 2006: [[Mike Younger]] and [[Geoff Michelli]]
+
  
=== 2007 ===
 
  
* 7 Jan 2007: [[Jamie Butler]]
 
* 17 Jan 2007: [[Chad McMillan]]
 
* 28 Jan 2007: [[Jesse Kornblum]]
 
  
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[ File:huawei-tracfone-m865c-soldered-taps.png | 400px ]]
 +
|-
 +
|}
  
* 11 Feb 2007: [[Scott Moulton]]
 
* 18 Fen 2007: [[Phil Zimmerman]], creator of [[PGP]] discussing his new [[Zfone]]
 
* 25 Feb 2007: [[Mark Menz]] and [[Jeff Moss]]
 
  
  
* 4 Mar 2007: No show due to technical difficulties
+
After the wires are connected to the board, the phone is powered by the USB connection. Plug the Micro USB into the USB connection on the device and then plug the phone into a wall outlet. The phone should respond with the vibrator switch activating for less than a second.
* 12 Mar 2007: [[Trevor Fairchild]] of [[Ontario Provincial Police Department]] discussing [[C4P]] and [[C4M]], both add-ons to [[EnCase]]
+
* 18 Mar 2007: [[Tony Hogeveen]] of [[DeepSpar]] Date Recovery Systems
+
* 25 Mar 2007: Shmoocon broadcast
+
  
 +
Launch the Riff Box JTAG Manager and use the following settings:
  
* 1 Apr 2007: [[Kevin Smith]] from LTU Technologies about [[Image Seeker]]
+
* JTAG TCK Speed = RTCK
* 15 Apr 2007: [[Jim Christy]] from the [[Defense Cyber Crime Center]]
+
* Resurrector Settings= Huawei U8650
* 22 Apr 2007: [[Jesse Kornblum]] all about the [[Main_Page|Forensics Wiki]]!
+
* Auto FullFlash size
* 29 Apr 2007: [[Harlan Carvey]] discusses his new book
+
  
  
* 13 May 2007: [[Russell Yawn]]
 
* 20 May 2007: No interview
 
  
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[ File:huawei-tracfone-m865c-riff-settings.png | 400px ]]
 +
|-
 +
|}
  
* 2 June 2007: No interview
 
* 10 June 2007: [[Paul Ohm]]
 
* 17 June 2007: No interview
 
* 24 June 2007: No interview
 
  
  
* 1 July 2007:  
+
Advanced Settings:
* 22 July 2007: Didier Stevens
+
 
* 29 July 2007:
+
* Ignore Target IDCODE during Resurrection and DCC Loader operations
 +
 
 +
 
 +
 
 +
{| border="1" cellpadding="2"
 +
|-
 +
| [[ File:huawei-tracfone-m865c-riff-advanced-settings.png | 400px ]]
 +
|-
 +
|}
 +
 
 +
 
 +
 
 +
Then connect and get the ID, you should receive the dead body signal. Then read the memory.  JTAG complete.
 +
 
 +
 
 +
=== Notes ===
 +
 
 +
 
 +
 
 +
The phone has a 512 MB NAND flash memory chip which should take approximately 30 minutes to download.

Revision as of 20:29, 11 September 2013

JTAG Huawei TracFone M865C (Ascend II)

This phone is supported by the Cricket Network and Tracfone. This uses a Qualcomm 7627 600 MHz (S1) Processo and comes standard with Android version 2.3. This phone is unsupported by RIFF Box for the JTAG process for resurrector.


400px 400px


Getting Started

What you need:


  1. Riff Box
  1. USB to Micro USB cord


NAND Dump Procedure

  1. Disassemble the phone down to the PCB.
  2. Connect the RIFF box to the PC via USB.
  3. Connect the RIFF box to the PCB via the JTAG pins.
  4. Connect the PCB to a Micro USB cord and power via a power supply.
  5. Start the "RIFF box" software.
  6. Power the PCB.
  7. Dump the NAND.

The TAPS are located under the battery, behind the Huawei phone label. The phone will be powered by a Micro USB cord from an AC battery charger.

The TAPS order is as follows:

  1. 1=Not Used
  2. 2=TCK
  3. 3=GND
  4. 4=TMS
  5. 5=TDI
  6. 6=TDO
  7. 7=RTCK
  8. 8=TRST
  9. 9=NRST


400px


For the TAPs, the Huawei-8650 was utilized, pictured above. The TAPS on the M865C are located in the same location as the 8650. See below for TAPS locations.


Huawei-tracfone-m865c-soldered-taps.png


After the wires are connected to the board, the phone is powered by the USB connection. Plug the Micro USB into the USB connection on the device and then plug the phone into a wall outlet. The phone should respond with the vibrator switch activating for less than a second.

Launch the Riff Box JTAG Manager and use the following settings:

  • JTAG TCK Speed = RTCK
  • Resurrector Settings= Huawei U8650
  • Auto FullFlash size


400px


Advanced Settings:

  • Ignore Target IDCODE during Resurrection and DCC Loader operations


400px


Then connect and get the ID, you should receive the dead body signal. Then read the memory. JTAG complete.


Notes

The phone has a 512 MB NAND flash memory chip which should take approximately 30 minutes to download.