Twinkle on iPhone being used for Online Solicitation

This is an interesting yet regrettable discovery by a fellow forensic examiner…like he says guess it was just a matter of time

http://www.binint.com/2009/02/twinkle-future-of-online-enticement.html

Electronic Frontier Foundation/Apple Weigh in on iPhone Jailbreaking

EFF says DMCA shouldn’t bar you from the iPhone….Apple says Jailbreaking is illegal….what’s that mean for forensic analysts employing the method and those making their names touting the method?

Read the story here

http://www.eff.org/deeplinks/2009/02/apple-says-jailbreaking-illegal

iPhone and Terrorism

This is an interesting article found in the Register on the iPhone and the Taliban

http://www.theregister.co.uk/2009/02/13/iphone_taliban/

iPhone Forensic Course Livonia MI December 08

I normally don’t plug stuff that my side company puts out but I’d thought I’d give everyone the opportunity to view this upcoming course for iPhone Forensics.

IDFS is offering two US based iPhone Forensic Course at the Livonia Police Department on Dec 8-11.
Cost for LEO is $1600 with a copy of WOLF ($25 discount if practitioners already have a codemeter dongle)
Cost for Non-LEO is $1800 with a copy of WOLF ($25 discount if practitioners already have a codemeter dongle)

Demand is likely to be high for the course, so please send your pre-registration intentions** to orders@hex-dump.com with the subject line iPhone Training Livonia Dec 08

Please see the attached flyer and visit http://www.sixthlegion.com or http://www.hex-dump.com for more details.

I’ve attached the course flyer for anyone who wants a copy.

iPhone Forensic Course Flyer

iPhone Forensics – A Series #2

Though many phone examiners are traditional electronic forensic analysts who have been trained to examine phones, this is certainly not a foregone conclusion. A phone examiner may not be, to be tongue in cheek, “classically trained” in forensics. Up until just recently, little was needed to examine a phone other than the current toolset that is on the market and a handful of free tools.

 

Examining phones became harder with the iPhone. Apple’s revolutionary phone has garnered at least 28% of the Smart Phone market and is poised to snatch even more. Spawning many imitators and challenging the once thought invulnerable RIM Black Berry, Apple has raised the bar on the technical skill required by the phone examiner.

 

This series of posts on iPhone Forensic Examinations, is meant to help level the playing field for the phone examiner who may not also be a traditional forensic analyst of electronic evidence. The first post began by examining what is meant by the term “jailbreaking” and its forensic implications. This post will continue with the discussion and will be concentrating on the makeup of the iPhone’s filesystem.

 

Brief Overview of the iPhone Hardware

 

As I stated in the introduction to this post, the iPhone has raised the bar on the technical skill required by the phone examiner. The iPhone is much more than a device that is used for voice communications, it truly is a handheld computer. Below are listed some of the hardware specifications for the device.

 

• CPU : Samsung/ARM S5L8900B01 512 Mbit SRAM

• DISK: Samsung 65-nm 8/16 GB (K9MCG08U5M), 4 GB (K9HBG08U1M) MLC NAND Flash

• FLASH MEMORY: Intel PF38F1030W0YTQ2 (32 MB NOR + 16 MB SRAM)

 

Early reports of the CPU clock speed put the iPhone’s ARM processor running at about 400 MHz with a bus speed at 100 MHz (Hockenberry). It is speculated that the ARM CPU can run at 600 MHz or more but is underclocked to provide for heat dissipation and battery life. Further firmware updates are believed to begin providing this capability as the code and hardware are refined and optimized.

 

So as you can see from the above, you have what amounts to a full fledged computer running with impressive CPU speeds (given its small form factor) and a massive amount (for a hand held device and for mobile forensics) of Flash storage. 

 

The non “classical trained” phone examiner, such as the narcotics officer or border patrolman, is now faced with a device that now at the very least requires an appreciation of its capabilities and may indeed require the acquisition of more advanced knowledge of computers and a deeper skill-set in the area of traditional electronic forensics.

 

The iPhone Hard Disk 

 

Now that we have had a glimpse of the iPhone’s impressive hardware array, lets begin examining how the iPhone’s Disk is arranged.

 

The iPhone runs a a mobile build of Mac OS X Leopard (10.5). Schematically the OS is designed like the below graphic.

 

Since OS X is built upon a BSD Unix foundation (please see http://en.wikipedia.org/wiki/Berkeley_Software_Distribution for a discussion of BSD Unix), and this is used in the iPhone it is necessary to cover some of concepts of the operating system.

 

All Operating Systems use what is called a kernel. The kernel is the the nerve center of the OS and is responsible for managing the systems resources (such as communication between the hardware and the software of a device. The iPhone uses what is called a signed kernel to limit tampering with its function (though as we saw in the first post jailbreaking is accomplished through the exploitation or hacking of the kernel).

 

The iPhone also borrows how it partitions its hard disk from the Unix OS conventions as well. In order to store files on a hard disk, that raw physical device must first be prepared with partitions, or contiguous sections of a disk to store common groups of information. The difference in between the iPhone’s partitioning and a physical hard disk is that the iPhone uses solid state memory as its hard disk (flash).

 

There are two partitions on the iPhone. The first partition is 300 MB in size and is the system or root partition(not to be confused with the root folder which will be seen in the second partition). This partition contains the operating system and the default applications that are delivered with a factory fresh iPhone. This partition is designed (unless jailbroken) to be in this pristine state for the life of the phone.

 

The remaining space of the hard disk is partitioned as the user-space (or media) partition. This space is where all music, videos contacts, SMS etc are stored.

 

Another computer science concept that is also important to understand is the concept of mounting. A file system must be “mounted” or made available to the Operating System for use. Unix type Operating Systems (such as OS X) use mount points or the location in the directory structure where the particular partition (filesystem) is available for use.  The Windows equivalent to this concept is drive mapping.

 

Since the iPhone uses a mobile build of OS X , it follows that the two partitions is has will have mount points. This is indeed the case as can be seen from the output of the fstab file( file system table) of a jailbroken iPhone. The fstab file usually lists all available disks and disk partitions, and their mount points.

 

# cat fstab

^{/dev/disk0s1 / rw 0 1}

^{/dev/disk0s2 /private/var hfs rw,noexec 0 2}

 

A discussion of the fstab is too lengthly and complicated to go into in this this post so readers are directed to http://en.wikipedia.org/wiki/Fstab for a thorough explanation of the output. It should suffice for our purposes here to state that the first (root partition) is mounted at the top of the directory tree (”/”) and that the media partition is mounted at /private/var. It is also of forensic importance to note that the root partition here is mounted read/write. This is the result of the jailbreaking technique.

 

The other thing to note on the output above is that the media partition is formated in the HFS file format, and is not allowed to execute files (the “noexec” option).

 

Depending on whether a user is Windows based or Macintosh based the iPhone will be formatted accordingly. In the case of Windows with a FAT filesystem (http://en.wikipedia.org/wiki/FAT_32) or HFS (http://en.wikipedia.org/wiki/Hierarchical_File_System) if formatted on a Macintosh.

 

 

Data Storage

 

 

Now that we know the partition structure of how the iPhone stores data, how it is mounted for user access by the Operating System, and what filesystem formating it employs, we can look at where the most relevant files for a forensic examiner might reside. Bear in mind that the tools mentioned in the first post obtain most, if not all,  of these files and report on them. The single advantage that the jailbreaking method has (offset by its non ACPO compliant forensic implications) is that the jailbrekaing method comes very near to a true forensic image and can therefore obtain possible what I have oft termed the Holy Grail of Mobile Forensics – deleted data.

 

As was said in the previous section the root partition is designed to stay “factory fresh” for the life of the iPhone and contains the default applications and the untampered OS of the device. It should contain most of the following if not jailbroken.

 

• SMS
• Calendar
• Photos
• Camera
• Youtube
• Stocks
• Maps
• Weather
• Clock
• Calculator
• Notes
• Setting
• ITunes
• Phone
• Mail
• Safari
• IPod

 

 

Shown below is a graphic image of a jailbroken iPhone showing the media partition of a jailbroken iPhone. It was obtained by a jailbreaking the iPhone, setting up a wireless network and then using the “dd” command over the network. The resulting image was then mounted read only under OS X It should be noted that in a non jailbroken iPhone iTunes in its jailed access is only allowed to get to files mounted in private/var/mobile/Media or /private/var/root/Media depending on the generation of the firmware.

 

The iPhone stores the information most valuable to a forensic examiner, e.g. Contacts,SMS, Call Registers in Sqllite databases. In addition, the iPhone in sharing with the full fledged version of OS X stores additional information in XML like  lists called Plists. Plists store a lot of cool forensic information but are beyond this post. Readers interested in Plists can find more information at http://en.wikipedia.org/wiki/Plist. 

 

Below is a list of the plists and sqlite databases that are downloaded to a computer during an iTunes sync process.

 

• Library_AddressBook_AddressBook.sqlitedb
• Library_AddressBook_AddressBookImages.sqlitedb
• Library_Calendar_Calendar.sqlitedb
• Library_CallHistory_call_history.db
• Library_Cookies_Cookies.plist
• Library_Keyboard_dynamic-text.dat
• Library_LockBackground.jpg
• Library_Mail_Accounts.plist
• Library_Mail_AutoFetchEnabled
• Library_Maps_Bookmarks.plist
• Library_Maps_History.plist
• Library_Notes_notes.db
• Library_Preferences_.GlobalPreferences.plist
• Library_Preferences_SBShutdownCookie
• Library_Preferences_SystemConfiguration_com.apple.AutoWake.plist
• Library_Preferences_SystemConfiguration_com.apple.network.identification.plist
• Library_Preferences_SystemConfiguration_com.apple.wifi.plist
• Library_Preferences_SystemConfiguration_preferences.plist
• Library_Preferences_com.apple.AppSupport.plist
• Library_Preferences_com.apple.BTServer.plist
• Library_Preferences_com.apple.Maps.plist
• Library_Preferences_com.apple.MobileSMS.plist
• Library_Preferences_com.apple.PeoplePicker.plist
• Library_Preferences_com.apple.Preferences.plist
• Library_Preferences_com.apple.WebFoundation.plist
• Library_Preferences_com.apple.calculator.plist
• Library_Preferences_com.apple.celestial.plist
• Library_Preferences_com.apple.commcenter.plist
• Library_Preferences_com.apple.mobilecal.alarmengine.plist
• Library_Preferences_com.apple.mobilecal.plist
• Library_Preferences_com.apple.mobileipod.plist
• Library_Preferences_com.apple.mobilemail.plist
• Library_Preferences_com.apple.mobilenotes.plist
• Library_Preferences_com.apple.mobilephone.plist
• Library_Preferences_com.apple.mobilephone.speeddial.plist
• Library_Preferences_com.apple.mobilesafari.plist
• Library_Preferences_com.apple.mobileslideshow.plist
• Library_Preferences_com.apple.mobiletimer.plist
• Library_Preferences_com.apple.mobilevpn.plist
• Library_Preferences_com.apple.preferences.network.plist
• Library_Preferences_com.apple.preferences.sounds.plist
• Library_Preferences_com.apple.springboard.plist
• Library_Preferences_com.apple.stocks.plist
• Library_Preferences_com.apple.weather.plist
• Library_Preferences_com.apple.youtube.plist
• Library_Preferences_csidata
• Library_SMS_sms.db
• Library_Safari_Bookmarks.plist
• Library_Safari_History.plist
• Library_Voicemail_.token

 

Many of these tools are obtained and reported on by the logical analysis tools mentioned in the first post. 

I will detail ways of analyzing the sqllite databases obtained in a computer sync in the next post.

References

As always, I stand upon the shoulders of others. Acknowledgement goes out to the following sources

 

iPhone Forensics, by Jonathan Zdziarski. Copyright 2008 Jonathan Zdziarski, 978-0-596-15358-8

 

Craig Hockenberry, http://furbo.org/2007/08/21/what-the-iphone-specs-dont-tell-you/

 

http://www.uninnovate.com/2007/07/11/dear-iphone-give-me-my-data/

 

and of course the several wikipedia citations in the post

iPhone Forensic Examinations – A Series

 

 

The Apple iPhone has been generating a huge amount of buzz lately both from the consumer and business customer and now from the forensic community. Several forensic companies have released tools to forensically examine iPhones; Radio Tatics LTD(Aesco), Cellebrite, Paraben (Device Seizure) and myself ( Sixth Legion, WOLF) to name a few. Each of these applications retrieves SMS, Call Records, Contacts as well as other information. And as you undoubtedly have heard it is always a good idea to have more than one tool in your toolbox for validation, preference and detail of information obtained. Each of the applications above have their place in your forensic arsenal.

 

However different and effective at obtaining the basics of a mobile forensic examination(Contacts, SMS, Calls) each the above applications are, they all share one commonality. None of the above mentioned products obtain what is considered the Holy Grail of Mobile Forensics, a true physical image and the ability to get deleted information out of the iPhone.  There is one method however that can get very near to a physical image of the iPhone and this image can be data mined for deleted information. However, this method has two particular sticking points. One, it involves a fairly complicated process that relies on a knowledge of the command line interface and unix tools. Two it involves the breaking into the filesystem of the iPhone and injecting a toolkit to get this image, which is arguably not forensic and violates Apple’s intellectual property.

 

In this first of several posts on iPhone forensics, I am going to examine what is meant by the term “jailbreaking”, which is the term used for changing of the iPhone filesystem  and allowing the injection of a forensic rootkit that will allow the examiner to use more traditional digital forensic tools to get as close to a physical image as possible. My goal in writing these posts is to try to demystify and bring technical language about this method down a notch so that phone examiners that may not also be cross trained in traditional electronic forensics can attempt this method particularly if the case is very important ( such as in terrorism or homicide) and the method is justified.

 

How the iPhone Communicates with a Computer

The iPhone is designed to communicate (read backed up) with a computer via an interface called the Apple File Communication Protocol (AFC). This protocol is a serial port protocol that uses a framework called MobileDevice that is installed with iTunes (default on Apple’s OS X). The protocol uses the USB Port and cable when it is connected to the computer and is responsible for things such as copying music and photos and installing firmware upgrades. 

 

However, the AFC and iTunes are not allowed to communicate with the entire iPhone memory area. Instead access is limited to certain files on the iPhone, namely those located in the Media folder on the second partition of the device (I will detail the filesystem and partition layout of the iPhone in a follow-up article).

 

In other words, iTunes is allowed access to a “jailed” or limited area of the device memory. While the AFC can be used for transferring files, it is not effective for reading information from raw devices which is essential to obtaining a physical image. Therefore,some modification needs to occur to the filesystem in order to make access to the raw device and get a truer physical bitstream copy.

 

Jailbreaking

 

So iTunes accesses the iPhone in a jailed environment; what exactly does this mean? The idea of a jailed environment is actually borrowed from the Unix world ( Unix for those of you that don’t know is an operating system-see http://en.wikipedia.org/wiki/Unix). Simply put jailed access means that access to certain areas of memory and files is restricted and that access allowed is not of an administrative or root level. This is generally done to prevent damage to a system.

To recap, the system partition an iPhone, the partition where the OS and the default applications live on the flash memory, is protected from low level access by iTunes or processes unless modified in some way ( the partition layout I will again detail in another post). This “protection” is done through something called a jailed environment or sometimes called a  ‘chroot jail’  which is, again, borrowed from the linux/unix lexicon. 

When a Chroot occurs, it changes the apparent root directory. Any program that is re-rooted to another directory cannot access or name files outside that directory. This re-rooted directory is called the chroot jail or the jailed environment. 

In reference to the iPhone, the chroot jail directory is Media folder (detailed in another post). 

The term “jailbreaking” in reference to the iPhone refers to the breaking open of this chroot jail to allow read/write access to the entire device; not just the Media folder. This, coincidentally, is exactly what occurs in the computer world when a hacker breaks into an unauthorized system and gains root access.

What Occurs When an iPhone is Jailbroken

In essence, what occurs when an iPhone is “jailbroken” for forensic examination is that select Apple File Protocol is used to boot what is called a Ram Disk (An area of RAM that acts as if it were a disk drive) into the iPhone’s running memory. This Ram Disk then mounts the iPhones filesystem and the forensic payload is copied into the filesystem. The iPhone is then rebooted and the payload executes its tasks (for instance, installing traditional Unix tools such as DD and SSH for making disk images and secure networking).

This is of course a simplified explanation, readers who seek more detailed and thorough discourse are invited to read Jonathan Zdziarski excellent book on the subject that is cited at the end of this post.

Forensic Implications of Jailbreaking

You may find yourself in a situation with an iPhone where “Desperate Times Call For Desperate Measures” and need to use the jailbreaking method of examining the iPhone. However, one needs to bear in mind that it isnt really and truly forensically sound and does in fact violate Apple’s copyright and ACPO. Remember the four principal tenets of the ACPO guidelines

1. No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may be subsequently be relied upon in court.
2. In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
3. An audit train or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
4. The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principals are adhered to.

As you can clearly see, jailbreaking an iPhone violates at least the first of these tenets, and it is incumbent upon the examiner to understand thoroughly the method and report on it per the second. There is also a potential problem with the third tenet as well. The examiner should strongly consider whether the applications named in the beginning of this post obtain what is necessary before taking the steps outlined in the jailbreaking method so as to not only follow the ACPO guidelines but avoid possibly destroying evidence.

While effective and very clever the jailbreaking method can be dangerous, especially to examiners that are not used to the command line interface and manually carving data out of an image.

I hope that this post has been informative for the mobile forensic community. In follow-up posts, my goal is to help you with the jailbreaking method of examination as well as looking at iPhone backups, the structure of the filesystem and databases.

Please post commentary about this guide and what you may like to see on follow-up posts.

 

Reference Work

I am indebted to Jonathan Zdziarski for his work in iPhone Forensics. I highly recommend his book for all those interested in the iPhone.

 

iPhone Forensics, by Jonathan Zdziarski. Copyright 2008 Jonathan Zdziarski, 978-0-596-15358-8.

UK Outsource Group

Are you are a looking for a good outsource firm for your mobile phone forensics in the UK?

Check out DGI in Leeds. Headed up by Stephen Hirst (Ret. HTCU West Yorkshire Police Force) an innovator and leader in the mobile forensics field, DGI is a full service forensic shop that gets the job done quickly and efficiently.

Phone Codes

My apologies, Its been a long time since I’ve posted. Here are some service codes for several handset manufacturers

LG

 

*6861#  factory reset

*8375#

#668#

*#3646633#

*0#

*3241#

*3240#

*0008# language

*0009# language

*0000# language

*7674#

*76863#

*77463#

*72337#

*79763#

*7245786#      check read FFS

*762442#        GVCMMI Magic

###765*02#

###765*05#

###765*08#

###765*07#

###765*78#

1945#*5101#  sim lock menu

2945#*5100#

 

 

Nokia

 

*#06#                IMEI

*#0000#            view Software Version

*#746025625#    [*#sim0clock#]

*#92702689#      [*#war0anty#]   secret menu:

 1. Displays Serial Number

 2. Displays the Month and Year of Manufacture (0997)

 3. Displays (if there) the date where the phone was purchased

 4. Displays the date of last repairment – if found (0000)

 5. Makes you capebel of transferring user data

 6. Shows how many hours the phone has been on

 

*3370#      Enhanced Full Rate Codec (EFR) activation

#3370#     Enhanced Full Rate Codec (EFR) deactivation

*4370#      Half Rate Codec activation

#4370#     Half Rate Codec deactivation

xx# – xx position in Phone Book

 

NOKIA 9000

 

*#06#   IMEI

*#682371158412125#  soft version

*#3283#    prod. date

 

NOKIA 7650

 

*#7979#    phone reset

*#7470#    hard reset

*#7370#    master reset (like new phone)

 

 

Motorola

 

*#06#      IMEI

 

in permament test mode

(* hold 2 sec)

***113*1*[OK] net monitor

 

T205/T19x (ACER)

 

*#300# OK    List the Software and Hardware version

*#301# OK    Full Keypads functional Test

*#303# OK    Set Default Language to English

*#304# OK    Set OFF engineering mode

#304*19980722# OK    Set ON engineering mode

*#305# OK    Location: 1 OK

*#307# OK    Engineering Test Mode

*#311# OK    Phone code changed to default code

*#400# OK    ADC, Cal val*

*#402# OK    Adjust Display Intensity / Contrast

*#403# OK    List the Manufacturing Informations

19980722 OK   Master Unlock code for Phone and Sim Lock

*#302# OK    Acoustic test*

7.1 Greeting

7.2 Main VlmGain

7.3 Input Cal

7.4 Output Cal

7.5 Side In Gain

7.6 Vox Gain

7.7 Min Mic Engy

7.8 More

(a) In Vlm Gain

(b) Aux Vlm Gain

(c) Silence Prd

(d) Supp Prd

(e) In Volume

(f) Out Volume

(g) Icon

(h) Image

(i) Animation

*3370#   EFR ON (enhanced full rate)

#3370#  ERF OFF

*#72837726# OK  Confirm ?, Data saver

1234 OK      Phone code default

*#0000# OK   Setting saved, restore set phone do default language

*#0048# OK   Fast change polish langpack

*#0007# OK   Fast change russian langpack

 

 

MOTOROLA 3xx

 

*#06# and quick ‘menu-key’ and 048263* (Push the key quickly!)

and entering at field “OPTCODE” you must try several times.

If not working try with MOTO TEST CARD inserted.

 

Security code – 32*118*1*0*0

Model – 32*279*1*0*8

Flex ver – 32*383*1*0*0

Master Reset – 18*0

Master Clear – 18*1

Set band GSM 900 – 10*0*3

Set band DCS 1800 – 10*0*4

Set band PCS 1900 – 10*0*5

Set dual band GSM 900/1800 – 10*0*6

Read band – 10*1*0   => 3-GSM, 4-DCS, 5-PCS, 6-GSM/DCS

User code – 32*116*1*0*0 /coded:00310032003300340000 – 1234/

Read imei – 32*4*1*0*0 “OK” /coded:083a05092700247709 – 350907200427799/

 

47*4*1*0*9*081A32547698103254 => IMEI=123456789012345

it is possible to change IMEI

 

 

Sony Ericsson

 

*#7465625*12*12345678#, 7465625 means SIMLOCK and 12345678 is number

                                        that you get from the unlock program

 

For SIM code: *#7465625*XX*(8-digit received SIMcode)#

 

XX can be:

12 for NCK lock

22 for Provider lock

32 for Network lock

42 for SIM code lock

52 for Subset lock

62 for Corporate lock

72 for IMSI personal

99 for IMSI range

 

For WAP code: *#9275625*11*(8-digit received WAP code)#

 

*#06#      IMEI number

*#00xx#   Changes language (xx is your country code)

*#0000000#  Resets language to auto selection

*#8378       *#TEST Reset your phone

*#7465625#  *#simlock# -> Displays SIM lock status

*#7353273#  *#release# -> Display firmware version

*#39482633#  *#EXITCODE# -> Shows phone latest failure causes

*#78737322867973738#  *#superfactoryreset#

                                     -> Reset personal data (remove SIM card first)

*#73287489263373738#  *#securitycodereset#

                                     -> Reset security code to 0000 (remove SIM card first)

*#8654#   Test phones keystroke

*#77343#  *#PREGE# -> Activates MONITOR MODE on J5/J6

*#7669666#  *#SONYMON# -> Activates MONITOR MODE on J7/70/27

*#275781#  *#ASKRT1# -> Still unknown

*09*(PIN code)# -> Turns PIN code on

#09*(PIN code)# -> Turns PIN code off

 

Samsung

 

*#06#        Show IMEI

*#9999#    Show Software Version

*#0837#    Show Software Version (instructions)

*#0001#    Show Serial Parameters

*#9125#    Activates the smiley when charging

*#0523#    LCD Contrast

 

*#9998*228#    Battery status (capacity, voltage, temperature)

*#9998*246#    Program status

*#9998*289#    Change Alarm Buzzer Frequency

*#9998*324#    Debug Screens

*#9998*364#    Watchdog

*#9998*377#    EEPROM Error Stack – Use side keys to select values

*#9998*427#    Trace Watchdog

*#9998*523#    Change LCD contrast

*#9998*544#    Jig detect

*#9998*636#    Memory status

*#9998*746#    SIM File Size

*#9998*778#    SIM Service Table

*#9998*785#    RTK (Run Time Kernel) errors – if ok then phn is reset,

                       info is put in memory error

*#9998*786#    Run, Last UP, Last DOWN

*#9998*837#    Software Version

*#9998*842#    Test Vibrator – Flash the screenlight during 10 sec

                       and vibration activated

*#9998*862#    Vocoder Reg – Normal, Earphone or Carkit

*#9998*872#    Diag

*#9998*947#    Reset On Fatal Error

*#9998*999#    Last/Chk

 

*#9998*9266#   Yann debug screen (Debug Screens?)

*#9998*9999#   Software version

 

*0001*s*f*t#   Changes serial parameters (s=?, f=0.1, t=0.1)

*0002*?#   unknown

*0003*?#   unknown

 

FOR NEW SGH (R210, T100, A300…)

if code is in format *#9998*xxx#

try write in this       *#0xxx#

 

SGH-600

SGH-2100

 

*2767*3855#   Full EEPROM Reset (THIS CODE REMMOVES SP-LOCK! 

                      but also changes IMEI to 447967-89-400044-0

*2767*2878#   Custom EEPROM Reset

 

 

SGH E700

 

*2767*688#   remove USER CODE and SIMLOCK

 

 

SGH V200

 

Unlocking:

Power on the phone without SIM card and type these codes:

 

*2767*63342#  and press green button

*2767*3855#    and press green button

*2767*2878#    and press green button

*2767*927#      and press green button

*2767*7822573738# press button

 

Phone will be unlocked, but all trims are reseted !!!

Mobile phone must be fully charged

 

 

SGH S500

 

Unlocking

 

*2767*MVT# (*2767*688#) E2P MVT Reset

*#SIMLOCK# (*#7465625#)

Susteen Error Fix

The bug I identified in this post has been fixed. Cheers to Susteen for getting on the issue once identified and fixing it. 

Passcode Workaround for Iphone

My good friend Troy Lawrence from Ft. Worth P.D. wrote this white paper on how to get around a passcode on an Iphone. In Troy’s own words

“We had an iPhone come in this week that was involved in a Homicide case.  Of course, the phone had a passcode on the hand set.  With the help of someone at the FBI, I was able to get passed the passcode.”

Thanks for sharing Troy!

Iphone Passcode Work Around