How to decrypt PIN-Based encrypted backup data of Samsung smartphones

Abstract

Smartphones, which are a necessity for modern people, have become important to forensic investigators, as they have a lot of user information which can be potential evidences. In order to obtain such evidences, forensic investigators should first extract the data from the smartphone. However, if the smartphone is lost or broken, it would be difficult to collect the data from the phone itself. In this case, the backup data can be very useful because it stores almost all information that the smartphone has. Nevertheless, since the backup data is basically encrypted by applications provided by vendors, the encrypted backup data which acts as anti-forensic is difficult to use. Therefore, it is crucial to decrypt the acquired encrypted backup data in order to effectively use it.In this paper, we propose a method to decrypt the Samsung smartphone backup data which is encrypted by a user input called PIN (Personal Identification Number) and a Samsung backup program called Smart Switch. In particular, we develop algorithms to recover the PIN and to decrypt the PIN-based encrypted backup data as well. We have experimentally verified the PIN recovery backup data decryption up to 9 digits of PIN. Our implementation using a precomputed PIN-table with memory 30.51 GB takes about 11 min to recover a 9-digit PIN. To the best of our knowledge, this is the first result of decrypting PIN-based encrypted backup data of Samsung smartphones.