Anti-Forensics: Reverse Engineering a Leading Phone Forensic Tool

Presented at Black Hat Asia 2021 Virtual, May 7, 2021, 10:20 a.m. (40 minutes)

<span>How can vulnerabilities in forensic software affect cases brought to the courts? That question was the impetus of what kicked off my research on the Cellebrite UFED </span><strong data-stringify->- </strong>a widely-used phone forensic tool. This talk will cover <span>what my </span>reverse engineering process was, <span>what I found, how I went about reporting my findings, and the concerns, hopes, and fears I had along the way. </span>One would think that <span>forensic tools like these are only available under strict non-disclosure agreements </span>and to legitimate buyers.<span> But, that didn't stop me from being able to legally obtain several of these devices. I rooted them and reverse engineered the cryptographic implementation protecting their forensic tools and exploits </span>using public and custom-developed tools.<span> I'll talk about their use of hard-coded authentication keys and what the possible implications of my findings were and how they've been addressed. </span><span>I'll also cover not just how these forensic tools can help law enforcement, but how they can hurt everyone else in the process and how you may be able to defend yourself from them. Join me for a demonstration where my proof-of-concept Android application is able to detect and defeat *some* of the extraction options from the Cellebrite UFED.</span>

Presenters:

• Matt Bergin - Researcher, KoreLogic
  Matt Bergin is an information security researcher focusing on exploiting software vulnerabilities, developing tools for covert network operations, and designing payloads to provide initial footholds for other red team members. Although much of his research is not publicly available, he makes it a personal goal to publish as much as he is authorized to. Matt’s interest in information security began as a teenager and he made it his profession in 2010 after placing 2nd in the then newly created U.S. Cyber Challenge wargame called Netwars. Since he began his career, he has published 58 security advisories.

Links:

• https://www.blackhat.com/asia-21/briefings/schedule/#anti-forensics-reverse-engineering-a-leading-phone-forensic-tool-21789

Similar Presentations:

• Black Hat USA 2022 / RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems
• Black Hat USA 2020 Virtual / A Framework for Evaluating and Patching the Human Factor in Cybersecurity
• Black Hat USA 2019 / Ghidra - Journey from Classified NSA Tool to Open Source