Oxygen Forensic Detective Ramps Up Huawei Capabilities

Huawei’s advancements and technology have solidified its position as one of the world’s most used and well-known device manufacturers. Oxygen Forensics was the first company to introduce physical bypass capabilities to the public for Huawei devices running OS 10, and we continue to stay on the forefront by expanding our support for Huawei devices to this day.

Oxygen Forensic Detective 12.6 is no exception. This update comes equipped with variety of Huawei improvements, such as enhanced Huawei dump method, additional extraction options for Huawei Cloud, and added support for the latest Huawei backups.

Huawei Android Dump Enhancements

Earlier this year, Oxygen Forensics introduced features to include: screen lock bypass, physical extraction, and physical dump decryption for Huawei devices with Android OS 9-10 and based on Kirin 980, 970, 710 and 710F chipsets. The latest Oxygen Forensic® Detective 12.6 adds support for 5 more Kirin chipsets: 659, 810, 960, 990 and 990 5G. Overall, our support now covers 134 Huawei devices released within the last two years. Additionally, we have significantly improved the process of dump decryption, making it smoother and easier for investigators to obtain a decrypted image.

New Extraction Methods for Huawei Cloud

The updated Cloud Extractor introduces two new methods for investigators to perform data acquisitions from the Huawei Cloud. 

First, we have added the ability to authorize and extract data from the Huawei Cloud using a phone number and SMS code. This will allow investigators to conduct a comprehensive acquisition of all Huawei Cloud data, including photos, contacts, calendar events, messages, and more. It should be noted that this method can only be used to log into accounts which have a phone number linked to them. 

When logging in using a phone number and SMS code, two-factor authentication is also supported. The following methods can be selected:

  • Account password
  • Phone number
  • E-mail address

 In addition to authenticating via phone number, token, or login credentials, investigators now have the option to authorize and extract data by simply scanning a QR code. 

To perform this function, the investigator must install the Huawei ID Account Management app onto the Huawei device.

Once that is finished, select the Huawei ID in the phone’s account settings and log in to Account center.

Next, click on the QR code scanning button in the upper-right corner. This will prompt the QR code scanner. 

Once the QR code scanner is enabled, scan the OFCE-generated QR code with the device. This will start the extraction.

Support for the Latest Huawei Backups

We’ve added support for the latest Huawei backups v. 9.1.0.300 made in a mobile device.

Acquiring data via Huawei backup is a great alternative when direct data extraction is not possible. The evidence set includes a tremendous amount of useful data, such as contacts, calls, messages, calendar events, and file system artifacts. In addition, our software allows all the major applications like WhatsApp, Facebook Messenger, Gmail, Instagram, and more, to be fully parsed. It should be noted that a standard Android ADB backup most likely will not include these apps. 

Previously, Huawei backup encryption was only possible if the user had set a password. Oxygen Forensic Detective offers 3 options to resolve this issue. Investigators can either enter a known password, use the built-in brute force engine, or take advantage of the custom dictionaries. It’s important to note that various versions of Huawei backups can be encrypted with different encryption algorithms. 

At Oxygen Forensics, we know there is no singular path towards finding the necessary evidence an investigator may be looking for. Investigative work requires a lot of trial and error. For that reason, we continue to add features that give our users as many avenues as possible to uncover valuable evidence to help solidify their case and make the world a safer place.

Leave a Reply

Your email address will not be published. Required fields are marked *