Hacking a Samsung S3 to recover a Bitcoin wallet

[dkbit98]

As you said yourself, those are privacy concerns, not security concerns. A security concern would be someone finding a vulnerability in the OS to break into your PC, online accounts, or anything else on your computer due to vulnerabilities in your Windows installation. Microsoft and other third parties spying on you is bad for privacy, but it doesn't necessarily make your security worse. If Windows 11 is also worse in terms of security than Windows 10, that's a different topic.

I was not speaking literally, and I was saying that releasing new things doesn't mean they are better in any way.
Companies often release new consumer stuff every year only for profit and not for improving security, privacy and anything else.
Just compare computer processors from 2012 to 2022, you only have two or three serious jump in performance/security, while all the rest are only cosmetic changes.
As for Win11 I could argue that security is also lower on Windows 11, than on older windows or linux operating systems, because you can't disable some hidden services that are enabling backdoor access, but that's a different topic.

[1715055119]

1715055119

[1715055119]

1715055119

[1715055119]

1715055119

[n0nce]

Would in this case not be a lot safer if Joe had his Mycelium wallet locked by a very strong password?  I personally have my phone locked with a pretty easy password for quick access, but all my Cryptocurrency apps are secured with very strong passwords so in case my phone is ever stolen, they can get some data off it but not my wallets.

For attacks like this, where memory is copied directly out of the device, what matters is if the data is encrypted. I have no idea whether the Mycelium application encrypts the seed with the password or if it's just a protection to be able to open the app, with the seed still stored unencrypted on disk.

According to Walletscrutiny, Mycelium provide reproducible open-source builds, so this is something that can be checked in their code.

It's not just about fixing bugs; these are actual completely new security mechanisms that can kill whole 'families' of attacks and make certain things completely impossible.

Ok, let me give you few examples that are not directly connected with smartphones but can be applied for them as well, do you think that Windows 11 is more secure than Windows 10 or Windows 8 OS?
- I think that each new windows os is worse and it provides less privacy than previous versions.
Second example, do you think that modern laptops are better and more secure than proven older modular laptops?
- New laptops are mostly not modular, you can't replace or fix anything yourself, and they are made from cheaper materials.

As long as Windows 10 and 8 are still supported by Microsoft, they should all get the same security updates. After that, the old versions indeed, automatically become less secure. For instance, ATMs still running Windows XP are a big security concern and some banks pay insane sums of money for Microsoft (or other companies) patching XP for the latest vulnerabilities.

Also, newer operating systems will get new security mechanisms, such as I've shown with iOS and Android introducing ASLR at a certain point in time, which automatically makes anything older, less secure due to just not having ASLR.
The other two points don't relate to security, but privacy and serviceability which are different topics. I prefaced my previous statement by saying that security and privacy don't always (have to) go in tandem.

New stuff is not always better, and it often times just opens a big new can of worms after each new releases.
Yes I know Linux OS doesn't mean something is safe, but I just want clean open source stuff without extra crap on top.

Oh absolutely! I love clean, open source machines with as little bloat as possible, too; just like simple vehicles without unnecessary loads of electronics in them. But again, that's another topic.. But operating systems do get more secure (big picture) overall. What else do you think security professionals were doing in the last 10 years?

[pbies]

If you root your phone, you may be able to dump all data partitions to a desktop/laptop.
Then, later, you can scan these partitions with keyhunter to recover private keys.

[BitMaxz]

If you root your phone, you may be able to dump all data partitions to a desktop/laptop.
Then, later, you can scan these partitions with keyhunter to recover private keys.

Actually, you don't need to root the phone you can use a tool/software that can bypass patterns temporarily without data loss.

I have experience with my old Samsung phone before it can easily bypass using a tool I can't remember the name but they called it a one-click pattern removal tool. It was an old tool since 2015 and it is very useful for temporarily bypassing patterns. But the only problem is it is not permanent every time the screen is off the pattern will popup again.

The only problem with Joe is he did disassemble the unit and make some jumper it could be for tx, rx and gnd or jtag pinouts to directly have access to nand/emmc data. But it's too much work compared to using a one-click pattern for removing the pattern temporarily and then you can able to do what you want to like accessing the wallet and then back up the wallet.

[Pmalek]

<Snip>

I searched around a bit and I did find a software with that name. One Click Pattern Unlock v3.0.2 seems to be the newest version. Could it be that one? I don't recommend anyone to download or install the software on the below links unless you know what you are doing! I am just posting it as a reference. Use it at your own risk!

https://firmwarecare.com/one-click-pattern-unlock-v3-0-2
https://cruzersoftech.com/one-click-pattern-unlock-tool-v3-0-2-free-download-working-100/

There is also a YouTube video that shows how a similar software works but it's mostly for Chinese brands. However, Samsung is also on the list.

[dkbit98]

The only problem with Joe is he did disassemble the unit and make some jumper it could be for tx, rx and gnd or jtag pinouts to directly have access to nand/emmc data. But it's too much work compared to using a one-click pattern for removing the pattern temporarily and then you can able to do what you want to like accessing the wallet and then back up the wallet.

This is the only way he could make longer promotional video like this
I am sure he knows about easier way to break into phone but since he didn't find $6M like in his clickbait title, he needed to create some drama.

There is also a YouTube video that shows how a similar software works but it's mostly for Chinese brands. However, Samsung is also on the list.

Hahaha so much about security and safety for your super-smartphones   and btw all phones are manufactured in China.
I bet someone created similar one-click software for breaking regular pins and passwords, and you can only imagine what real hackers and gov agents have in their toolboxes.
I have few old chinese smartphones and I may test if pattern breaking works for them.

[BitMaxz]

I searched around a bit and I did find a software with that name. One Click Pattern Unlock v3.0.2 seems to be the newest version. Could it be that one?
~link snip~

Based on the image from your source the UI is different from what I used before and the tool that I used before only supports Samsung phones and no Chinese phones the UI background is black and only has 3 buttons that exactly what I remember I got them from repair phones/mobiles forum or maybe in XDA forum.

This is the only way he could make longer promotional video like this
I am sure he knows about easier way to break into phone but since he didn't find $6M like in his clickbait title, he needed to create some drama.

I think yeah he knows the easier way based on his video he is using the medusa box which is a well-known tool for phone technicians I don't think if it's hacking that's the normal use for that box and can be bought for around $40 to $50.

[Pmalek]

and btw all phones are manufactured in China.

I know that, but I was talking about proper Chinese brands like OPPO, Huawei, Meziu, etc.

I bet someone created similar one-click software for breaking regular pins and passwords, and you can only imagine what real hackers and gov agents have in their toolboxes.

Let's just say that if you are involved in any kind of criminal activities, you shouldn't carry your smartphone with you when you are spending time with or talking to your criminal syndicate. And consider everything you have ever stored on your phone as retrievable in many cases. 

[n0nce]

<Snip>

I searched around a bit and I did find a software with that name. One Click Pattern Unlock v3.0.2 seems to be the newest version. Could it be that one? I don't recommend anyone to download or install the software on the below links unless you know what you are doing! I am just posting it as a reference. Use it at your own risk!

https://firmwarecare.com/one-click-pattern-unlock-v3-0-2
https://cruzersoftech.com/one-click-pattern-unlock-tool-v3-0-2-free-download-working-100/

There is also a YouTube video that shows how a similar software works but it's mostly for Chinese brands. However, Samsung is also on the list.

Yes, be extra extra careful with any 'hacking tool' or 'unlocker' type software in general. In most cases, what's going to be hacked (if anything) is your own machine.

There are even reports about legit / real hacking tools being reuploaded with trojans in them:
Hackers are getting hacked via trojanized hacking tools

[PrivacyG]

I was wondering, how easy could it get years from now to bypass a fingerprint or face scan?  I still think the safest and most secure one is by using a password instead of PIN, face lock, fingerprint or pattern.  A strong password seems the safest option for both long and short term.  Plus, I had even extremely long passwords on my phone's lock screen before and after a few days, at most weeks, you get used to typing it out really fast if you wish.

Unless a backdoor exists (I remember there was a story about FBI breaking into iPhones years ago?) or some vulnerability that makes even the strongest password an easy break through.

-
Regards,
PrivacyG

[Lucius]

I was wondering, how easy could it get years from now to bypass a fingerprint or face scan? 

As for fingerprint locks, I've been reading for years that this protection can be bypassed very easily, without having to cut off someone's finger or something similar. However, you need a picture of the victim's fingerprint and some glue.

The report says a fingerprint scanner can be "hacked" by using a picture of the target's fingerprint, creating a negative in Photoshop, printing the resulting image, and then putting some wood glue on top of the imitated fingerprint so it can be used to trick many commercial scanners.

When it comes to hacking protection using facial recognition, experts say that in most cases it can work with a simple photograph of the victim. In most commercial software, the technology is not so advanced that it can distinguish between a living person and a photo.

[n0nce]

The report says a fingerprint scanner can be "hacked" by using a picture of the target's fingerprint, creating a negative in Photoshop, printing the resulting image, and then putting some wood glue on top of the imitated fingerprint so it can be used to trick many commercial scanners.

When it comes to hacking protection using facial recognition, experts say that in most cases it can work with a simple photograph of the victim. In most commercial software, the technology is not so advanced that it can distinguish between a living person and a photo.

It depends heavily on the implementation. I remember years ago when the first smartphones added face unlock, it was indeed possible to unlock them with the user's profile picture from a social media account, even without printing it on paper.
Nowadays, at least on iPhones, you do need a three-dimensional model of the victim's face, since it's not just a picture match, but infrared dots are projected on the face, which allows the device to map the 3d texture of whatever is held in front of it.

[dkbit98]

Nowadays, at least on iPhones, you do need a three-dimensional model of the victim's face, since it's not just a picture match, but infrared dots are projected on the face, which allows the device to map the 3d texture of whatever is held in front of it.

It's not really that hard to trick those biometrics, both for fingerprint and for face scans even for newer smartphone models.
I could come up with few ideas using right materials (3d printed head comes first in my mind), and I even saw bunch of cases on internet with new phones being unlocked by twin brothers/sisters, so it's far from perfect.
I don't like biometric protections and I wouldn't suggest them for smartphones or hardware wallet protection.

[n0nce]

Nowadays, at least on iPhones, you do need a three-dimensional model of the victim's face, since it's not just a picture match, but infrared dots are projected on the face, which allows the device to map the 3d texture of whatever is held in front of it.

It's not really that hard to trick those biometrics, both for fingerprint and for face scans even for newer smartphone models.
I could come up with few ideas using right materials (3d printed head comes first in my mind), and I even saw bunch of cases on internet with new phones being unlocked by twin brothers/sisters, so it's far from perfect.
I don't like biometric protections and I wouldn't suggest them for smartphones or hardware wallet protection.

Yes, but as you can see, 3D printing someone's head in a fairly accurate and to-scale way is a lot more involved than someone might assume (e.g. assuming a printed image suffices - a lot easier to acquire and produce).

Of course, nobody should store a big percentage of their wealth on a mobile phone in general, but I do think that Bitcoin's purpose is to be used and that using it through a mobile phone makes it most accessible for the vast majority of people. So holding a 'wallet-sized' amount on a mobile phone directly or on a hardware wallet that you use with a mobile phone, would be something I endorse, as I like to see Bitcoin be used and not just stored for decades.

In the rare case that you are the victim of a targeted attack (i.e. whoever steals your device has access to a 3-dimensional model of your face or a picture of your fingerprint), for one, you have a bigger issue on your hands than worrying about a few sats, and secondly you can go home, take your seed words, and may be able to sweep the wallet before the attacker manages to do that first.

[dkbit98]

Yes, but as you can see, 3D printing someone's head in a fairly accurate and to-scale way is a lot more involved than someone might assume (e.g. assuming a printed image suffices - a lot easier to acquire and produce).

I think that modern biometric passports all contain 3d scan of human head and eyes, so if anything would to happen with that documents you know what would happen, and we all know how (un)professional governments can be for security citizens private information.
Simple hacker attack could gain access to all data, and I think China recently had one major leak with all information from millions of people being sold online.
Biometrics can be copied.

There is Forbes video from 2018 showing that 3d printed head model worked for unlocking smartphones:
https://www.youtube.com/watch?v=ZwCNG9KFdXs

In the rare case that you are the victim of a targeted attack (i.e. whoever steals your device has access to a 3-dimensional model of your face or a picture of your fingerprint), for one, you have a bigger issue on your hands than worrying about a few sats, and secondly you can go home, take your seed words, and may be able to sweep the wallet before the attacker manages to do that first.

I know, and I was talking about overall security, not just about bitcoin sats.
Problem is that once your biometric data is leaked you can't unfix it, unless you make drastic plastic operation, or making something stupid with your body like Black Alien Project did (search that term on youtube).

[Fivestar4everMVP]

This is quite a story, I believe the reason why they could even gain access into the phone was because the phone is a very old one, and its security components are not as updated as the phones that are being produced nowadays.
This made me remember an experience I had with Samsung A30, a friend of mine bought the phone from someone he didn't know, after resetting the phone to its factory mode, the phone became totally unusable, it was asking my friend to sign in with the email and password that the first owner registered the phone with, my friend did not know the email address neither does he have a clue what the password is, he had no means of contacting the person he bought the phone from, he later brought the phone to me, me thinking the issue was minor decided to buy the phone from him, I thought a simple flashing and reinstalling the phone OS would fix the problem, but surprisingly, after several flashes and reinstalling the phone's operating system, the issue persisted, I later contacted an engineer who after checking the phone, told me that the phone is permanently locked and its only the first owner who has the key to unlocking it.

• Never forget to make multiple physical backups of your recovery phrases so you can gain access to your crypto whenever you need to.
• Don’t be reckless with your coins, no matter how small the amount is. One day it can amount to something big.
• Don’t forget passwords, PINS, swipe patterns, and other important details that could cause a loss of money.

And also would add that we all should learn to follow our investments up, don't just invest and abandon it, i believe that if the guy in the story followed the his investment up, at least, checking on a monthly basis, he would have be able to get his Bitcoins from Bit Blender before they shut down.