USB Port Monitoring and Flasher Boxes

By Article Posted: August 18, 2010

Printer Friendly Forward to a Friend Share this

Introduction
I consider myself to be a heavy flasher box user. From the early days I explored these cell phone maintenance boxes and “abused” them for forensic purposes. A flasher box adds flexibility to the forensic analysis of mobile devices and gives you the opportunity to take that extra step in your investigation.

The Risks
There is at present no device that can compete with the possibilities that flasher boxes offer. However, this comes with a warning: try before you die.

Learn how a flasher box works and what it does with the cell phone data. Familiarize yourself with the user interface of the software that comes with the flasher box. The “read” buttons are great, but there are also a lot of “wipe the data” buttons. There is only one way to learn all this and that is by using reference phones. Make a hex dump, change something, and dump the handset again. Look in the binary file for the differences and what they mean.

Bear in mind that no two flasher boxes are the same; that applies to the different handset brands and models as well. Even using the same brand and model, but with different firmware, the outcome can be different.

There are four ways flasher boxes can allow you to bypass the handset lock code:

  1. Read the handset lock code
  2. Overwrite the handset lock code, existing code is overwritten with a new code (for example, 12345)
  3. Wipe the handset lock code, existing code is wiped with zeros
  4. Disable the handset lock code

 

If two flasher boxes can each bypass the handset lock code, it is essential to work out how this is done because reading a lock code is much preferable to wiping the lock code.

Some flasher boxes are able to access the handset in a less destructive way than commercial tools can. They do not require a full phone boot process and reduce the amount of altered data. There is at present only one way to get the most out of a handset without altering the data and that process is chip extraction.

Methods that alter data on the handset are:

  • booting or rebooting the phone’s handset
  • installing third party application software
  • wear levelling

Interferences that alter data during (forensic) analysis are:

  • Bluetooth paring
  • changing to infrared settings
  • changing menu settings to establish a handset connection
  • allowing handsets to connect to the cell phone network
Related Topics: Mobile Devices
Related Articles