User avatar
Jared
Forum Admin
Posts: 3517
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Any JTAG Experts on Here?

Sun Jul 02, 2017 2:20 pm

I'm just curious if anyone on here is an expert when it comes to using JTAG for reading memory from phones, tablets, etc. I've got a few questions as I'm looking at possibly getting into this more.

pc3000
Data Recovery Novice
Posts: 92
Joined: Sun Jun 19, 2016 3:00 pm

Any JTAG Experts on Here?

Sun Jul 02, 2017 6:00 pm

I do not think I'm called an expert, but I do it.
I prefer to work with a broken smartphone than a smart phone that works

jol
Data Recovery Pro
Posts: 655
Joined: Thu Jan 29, 2015 11:31 pm

Any JTAG Experts on Here?

Sun Jul 02, 2017 7:25 pm

what type of OS are you talking about ?

User avatar
Jared
Forum Admin
Posts: 3517
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Any JTAG Experts on Here?

Mon Jul 03, 2017 8:38 am

pc3000 wrote:I do not think I'm called an expert, but I do it.
I prefer to work with a broken smartphone than a smart phone that works


So just a few questions.

What JTAG boxes have you found to be most effective? (Medusa Pro, Riff box, Easy-Jtag, other)

How often are you able to actually read the memory via jtag?

When you dump memory via jtag, is it in a liner format or is it like dumping a NAND?

I usually have avoided phone recoveries because most people aren't willing to pay a reasonable rate, but perhaps jtag could make this easy enough to do it for a lower rate than actually removing/dumping the memory chip.

jol wrote:what type of OS are you talking about ?


Android phones/tablets mainly, maybe some older ios/blackberry devices. Obviously the newer stuff is all encrypted so it'll be useless there. Though in the case of encrypted devices, an entire re-write of the memory from a broken device to a new device might result in a working phone with transferred memory.

pc3000
Data Recovery Novice
Posts: 92
Joined: Sun Jun 19, 2016 3:00 pm

Any JTAG Experts on Here?

Mon Jul 03, 2017 7:11 pm

i have gpg emmc, gpg jtag, octopls+medusa pro. octoplus-medusa is good and easy jtag too
because they has updates .(for samsug & lg, this phones that i used work with.) If it will be profitable I'll add more boxes to my collection, at least not for now.
in most of cases, costumers not pay like in hdd.
In the chip off / broken device, you do not have to worry abut customer's device will not damaged during work
Actually you work harder not for more money
just to keep the customer's cell so it usually It's unprofitable
Except if you're dealing with forensic case (forensic tools cost extra money..)

chip off:
win mobile = liner format, could be encrypted
iPhone- ?. Should be encrypted but i have no experience with those phones
android = liner format but not exactly-For example there is a problem to find a video in ROW and this is depend on couple parameters, like version, encryption, etc'
newer android has no the usual emmc chip, there is reder that can read this cihp - https://multi-com.eu/,details,id_pr,217 ... u,gsm.html

User avatar
Jared
Forum Admin
Posts: 3517
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Any JTAG Experts on Here?

Tue Jul 04, 2017 9:42 am

RIght, I've got all the equipment for chip off recovery of pretty much any eMMC or NAND. I'm more wondering about if JTAG is any easier for data recovery than chip off. Or, if it can be used to extract data from phones that are still functional, but have some sort of glitch preventing access.

For example, I had a Motorola phone a while back that was essentially bricked by a firmware update that would allow the phone to boot to the OS but never would load the login screen. A factory reset could probably fix the phone but would lose all data in the process. So for a case like that, perhaps JTAG could have been the magic bullet to read the data w/o destroying the phone.

Had another case more recently that was a Verizon branded Samsung phone with a deleted video the customer was willing to pay to have recovered. However, the Verizon model was the only one where a root solution hasn't been found yet. So w/o root my only option would be to remove the eMMC and direct read it. Unfortunately, the customer wasn't willing to both lose the phone and pay for recovery, and I wasn't about to make any promises that the phone would still work after I remove/re-ball the eMMC. So again, maybe JTAG could offer a solution to read it w/o destroying the phone.

pc3000
Data Recovery Novice
Posts: 92
Joined: Sun Jun 19, 2016 3:00 pm

Any JTAG Experts on Here?

Sat Jul 29, 2017 8:27 pm

evey pone is different. but this is can help in some cases.
Jared wrote: So w/o root my only option would be to remove the eMMC and direct read it.

you can read the whole memory without remove the chip by isp, just find the right pin out.

Hidden Content
This board requires you to be registered and logged-in to view hidden content.

hddguy
Data Recovery Novice
Posts: 94
Joined: Thu Jan 22, 2015 8:21 am

Any JTAG Experts on Here?

Wed Aug 30, 2017 11:33 am

Do you have ISP pinmap for S6/S7 Note5 (with UFS chips)?

Arcain
Data Recovery Noob
Posts: 1
Joined: Fri Dec 22, 2017 3:06 pm

Any JTAG Experts on Here?

Fri Dec 22, 2017 3:15 pm

@pc3000, i might be recovery old thread but in general, JTAG is old thing, no longer supported in most modern phones (locked) and very, very slow. I used to work with RIFF and Easy-JTAG. Both worked fine, but data transfer speeds were at about 50-150kB/s. Dump was just plain, raw disk image, but dumping 8GB chip took about 2 days and connection wasn't quite stable. I even once managed to read data out of 32GB chip (Xperia S) - took a week. It still is usable, but only for older devices and if there's no other option.
Modern phones (with eMMC) can be connected by ISP (like on picture above) and you'll get speeds up to 2MB/s with 1 bit connection. With chip-off and 8 bit connection you're getting aruond 20MB/s depending on the chip you're reading. In case if customer wants the data but doesn't care about the phone, this can still be profitable and extracting the memory chip then is rather easy.
I don't think you can use ISP with UFS based phones - well, maybe you can, but UFS uses different protocol and there's currently no box/reader capable of reading it like that, so only chip-off and using programmers like nuprog.

Return to “Phones, Tablets, and Other Device Data Recovery”

Who is online

Users browsing this forum: No registered users and 1 guest