Now it's more and more difficult for forensic tools to extract evidence from smartphone running Android 7 and above. Maybe you could acquire physical image in Bootloader mode or by Smart ADB. Don't celebrate too early. Let me remind you of "FDE". The fact is that if forensic tools could not decode this physical image, such image is just like a meaningless "black box" you have in hand.

No way to gain root privileges from phones running Android 7 and above . What else can be done? Fortunately once you got the pattern/password , you could enable USB debugging and change any settings you want to make "Downgrade extraction" possible. That's the key to get the evidence from certain Apps you want.

Let's take WeChat on a phone running Android Pie for example.

First we hava to download an old version apk file of WeChat. Then we want to uninstall original version of WeChat on this phone without data loss. The most important thing is remember the parameter "-k" when uninstall WeChat . So we could keep all data of WeChat safe and sound.

What the next? Install old version WeChat apk? No, it won't work unless you reboot this phone first.

After rebooting we could use adb command to install older version WeChat apk. What kind of older version of WeChat apk you need? Of course the version enable adb backup permission. What? you are not sure? All you have to do is to take a look at its manifest.xml and you could see the allowBackup permission. Let's install and the result is "success". Is it surprise you? Keep in mind that do not click WeChat now!

Now we could use adb backup to extract WeChat. The output file is a .ab file. You have to convert this .ab to a .tar file.

How to deal with a .ab file? You could take advantage of android backup extractor jar file to unpack .ab file.

Unzip this .tar file and make sure you got the database file containing chat history. Yes, that's it. Don't forget that EnMicroMsg.db is an encrypted file. All you have to do is to look at my earlier post and you will know what to do.

Downgrade extraction on phones running Android 7/8/9的更多相关文章

  1. eclipse - An internal error occurred during: "Running Android Lint"

    概述 也不晓得为什么,编译eclipse,设置打开,就自动报错: An internal error occurred during: "Running Android Lint" ...

  2. Eclipse出现"Running Android Lint has encountered a problem"解决方式

    近期打开Eclipse的时候,总是发生这种一个错误:"Running Android Lint has encountered a problem".截图例如以下: . 可是Ecl ...

  3. How to extract WeChat chat messages from a smartphone running Android 7.x or above

    A friend of mine she was frustarted in extracting WeChat chat messages from suspect's smartphone run ...

  4. Eclipse出现"Running Android Lint has encountered a problem"解决方案

    安装eclipse for android 时候的错误记录,转载自:http://blog.csdn.net/chenyufeng1991/article/details/47442555 (1)打开 ...

  5. 解决启动Eclipse后提示’Running android lint’错误的问题

    打开项目的AndroidManifest.xml文件,android:targetSdkVersion="21"改为“20”或以下的值.由于Android L为预览版本,版本号还是 ...

  6. running android lint has encountered a problem

    最近写学习android编程的的时候,每次保存.java文件的时候,总会跳出如下错误 解决:

  7. Android开发之错误:elicpse运行时弹出Running Android Lint has encountered a problem failed, nullpointerexception

    昨天安装了下Android Studio,把SDK路径指向了ADT目录下的SDK目录.同时FQ出去更新了下SDK.然后今天运行eclipse的时候,弹出错误,同时在工程的名称处有错误提醒,但是代码中没 ...

  8. running android lint has encountered a

    近期写学习android编程的的时候,每次保存.java文件的时候,总会跳出例如以下错误 这个错误不是属于程序错误,把它关掉对于编程没有不论什么影响,但每次见到这个就是不爽,希望大神可以解决一下,谢谢 ...

  9. ADT "Running Android Lint" has encountered a problem

    解决办法: Window--->Preferences----->Android--------> LInt Error Checking----->when saving f ...

随机推荐

  1. 基于百度云的OCR识别(Python)

    2019年7月3日早上,在百度AI开发者大会上,一个来自山西的青年,将一瓶矿泉水浇在了同样来自山西的李彦宏身上. 可以回顾一下 https://b23.tv/av57665929/p1 ,着实让人一惊 ...

  2. [apue] 测试管道容量的一些疑问

    所谓管道的容量,指不消费(读)的情况下,最大能写入的数据量.有两种方式来测试一个管道的容量: 1)使用阻塞写,每次写一个字节,并打印写入的总字节数,最后写入阻塞时,上次打印的就是管道的容量: 2)使用 ...

  3. leadcode的Hot100系列--64. 最小路径和--权值最小的动态规划

    如果这个: leadcode的Hot100系列--62. 不同路径--简单的动态规划 看懂的话,那这题基本上是一样的, 不同点在于: 1.这里每条路径相当于多了一个权值 2.结论不再固定,而是要比较不 ...

  4. Codeforces Gym101503E:XOR-omania(构造+思维)

    题目链接 题意 给出m个数b,这些数是由n个数a两两异或组成的,问初始的那n个数分别是多少. 思路 存在多组解的情况...原来是个构造题. 考虑这样一种情况:b1 = a1 ^ a2,b2 = a2 ...

  5. POJ 3321:Apple Tree + HDU 3887:Counting Offspring(DFS序+树状数组)

    http://poj.org/problem?id=3321 http://acm.hdu.edu.cn/showproblem.php?pid=3887 POJ 3321: 题意:给出一棵根节点为1 ...

  6. Codeforces 757B:Bash's Big Day(分解因子+Hash)

    http://codeforces.com/problemset/problem/757/B 题意:给出n个数,求一个最大的集合并且这个集合中的元素gcd的结果不等于1. 思路:一开始把素数表打出来, ...

  7. Git使用小技巧之多个远程仓库

    想要获取更多文章可以访问我的博客 - 代码无止境. 这是一个普通的工作日,小代正在勤勤恳恳的写代码.这时陈BOSS走到小代身边,跟小代说:"我们的代码需要同时推送到Github和码云两个仓库 ...

  8. extern和static区别

    1. 声明和定义 ​ 当定义一个变量的时候,就包含了对该变量声明的过程,同时在内存张申请了一块内存空间.如果在多个文件中使用相同的变量,为了避免重复定义,就必须将声明和定义分离开来.定义是创建与名字关 ...

  9. NOIP 2004 虫食算题解

    问题 E: [Noip2004]虫食算 时间限制: 1 Sec  内存限制: 128 MB 题目描述 所谓虫食算,就是原先的算式中有一部分被虫子啃掉了,需要我们根据剩下的数字来判定被啃掉的字母.来看一 ...

  10. VC win32 static library静态链接库简单示例

    中午在宿舍闲来没事,看到网上一篇帖子,关于静态链接库的英文示例.它在.Net上开发,我将其移到VC上开发,因此对其代码做了相应修改.帖子内容如下:(代码我已修改).原帖见:http://msdn.mi ...