Samsung Smart Fridge
Kayvon2008 (Talk | contribs) (Undo revision 41396 by Kayvon2008 (talk)) |
Kayvon2008 (Talk | contribs) (→System-data partition) |
||
| Line 165: | Line 165: | ||
</code> | </code> | ||
| + | **Some of these BLOB data can be easily read, like the Wi-Fi BSSID Address that in the provided dataset is 70:2c:1f:41:e2:42 . | ||
| + | *The "\var\lib\connman\settings" file contains information about network services (WiFi, Bluetooth, Wired, Cellular) and if they are enabled or not. | ||
==Links== | ==Links== | ||
* https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-1.html | * https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-1.html | ||
Revision as of 03:47, 27 November 2021
Samsung Smart Fridges with the Family Hub software are smart fridges that run Tizen. A dataset shared by VTO labs has an image of the all of the partitions like the system and data partition. The blog ZENA forensics has analyzed the dataset for evidence. (Just like a historian, EVERYTHING counts for a case to be solved)
Contents[hide] |
Storage format
They use a GPT partitioning schema and it has a total of 21 partitions.
- Partition 19 and 18 contain System data.
- Partition 20 has settings by the user.
- Partition 21 has user data.
RootFS Partition
- \etc\os.release contains details about the installed OS. In the file we see the installed os is Tizen 3.0.
- \etc\tizen-build.conf contains more OS info including build date.
- The "\usr\apps" folder contains the pre-installed applications. This is archivist gold because it has apps.
All apps have a bundle name or a sort-of 10 characters-long GUID.
System-data partition
This partition has settings.
- The "\etc\localtime" file contains information about the timezone set on the device (in the provided dataset America/Denver, where VTO Labs is located)
- The "\dnsmasq.leases" file contains information about leases by the DNSmasq service. The provided dataset contains the following values:
- 1517956504, that translates to 6th February 2018 at 10:35:04 UTC
- 4c:66:41:5c:7e:92, a MAC address manufactured by Samsung Electro-Mechanics
- 192.168.7.61, a local IP address
- Samsung-SM-G930V, a smartphone model
- 01:4c:66:41:5c:7e:92, a MAC address by an unknown manufacturer
- The "\dbspace\5001\.account.db" file contains information about the Samsung account, including username and email address (in the provided dataset "connectedkitchenvto@gmail.com")
- The "\dbspace\.notification.db" file contains notification settings (per app).
- The "\dbspace\.alarmmgr.db" file contains alarm settings (per app).
- The "\var\lib\bluetooth\" folder contains a subfolder apparently named as the Bluetooth MAC Address of the device. In the provided dataset the folder name is 70:2C:1F:41:E2:43, which is a Bluetooth MAC Address manufactured by Wisol, a Samsung company.
- The "\var\lib\bluetooth\<BT_MAC>\settings" file contains the device Bluetooth name (in the provided dataset "[Refrigerator] Samsung").
- The "\var\lib\bluetooth\<BT_MAC>\cache" folder contains various files, named as a Mac Address. In the provided dataset 6 files are stored in the folder. Every file contains a device name. They seem to be "seen" devices, although more testing is needed.
- The "\var\lib\buxton2\system.db" contains information about OS settings. The database needs more research to understand the exact content, but it apparently contains interesting configuration and information embedded in BLOB data. Here follow the full settings list.
db/refrigerator/modelType
db/usb/sel_mode
db/pwlock/factory_boot
db/wifi/country_code
db/setting/country_code
db/pwlock/setup_wizard_started
db/menu_widget/language
db/menu_widget/regionformat
db/privacy_policy/agree
db/refrigerator/ModelSupportedIceMaker
db/account/msg
db/samsungaccount/signin
db/pwlock/setup_wizard
db/menuscreen/numofpages
db/setting/timezone_id
db/setting/cityname_id
db/setting/timezone
db/dnet/statistics/wifi/totalsnt
db/dnet/statistics/wifi/totalrcv
db/softap/hide
db/softap/security
file/private/wifi/wifi_off_by_airplane
db/refrigerator/checkModelId
db/otn/otn_download_version
db/photoalbum/default_album
db/refrigerator/MicomInfoModelIdStr
db/refrigerator/ModelSupportedDoor
db/photoalbum/last_album
db/refrigerator/FirstWarning
db/wifi/wifi_disconnect_count
db/nfc/feature
db/nfc/enable
db/audio/volume/kantmeq/product_model
db/audio/volume/kantmeq/standard
db/audio/volume/kantmeq/music
db/audio/volume/kantmeq/movie
db/audio/volume/kantmeq/speech
db/audio/volume/kantmeq/silver
db/audio/volume/kantmeq/stadium
db/audio/volume/kantmeq/icehockey
db/audio/volume/kantmeq/african_cinema
db/audio/volume/kantmeq/indian_cinema
db/audio/volume/kantmeq/party
db/audio/volume/kantmeq/rugby
db/audio/volume/kantmeq/reserved5
db/refrigerator/MicomInfoLastSwVersion4
db/refrigerator/TchefMode
db/refrigerator/DoorAlarm
db/refrigerator/EnergySaver
db/refrigerator/icetype
db/refrigerator/TemperatureUnit
db/wifi/bssid_address
file/private/wifi/last_power_state
file/private/contacts-service/default_lang
db/pwlock/function_state
db/indicator/rm
db/clogger/global_ID
db/svoice/ref_room
db/svoice/setting/lang
db/isf/input_keyboard_uuid
db/refrigerator/MicomInfoAddr1
db/refrigerator/MicomInfoAddr2
db/refrigerator/MicomInfoAddr3
db/refrigerator/MicomInfoModelId1
db/refrigerator/MicomInfoModelId2
db/refrigerator/MicomInfoModelId3
db/refrigerator/MicomInfoModelId4
db/dnet/statistics/wifi/lastsnt
db/dnet/statistics/wifi/lastrcv
file/private/isf/autocapital_allow
file/private/isf/autoperiod_allow
db/refrigerator/coolselectzoneState
db/refrigerator/stepFreezerTemp
db/refrigerator/setFreezerTemp
db/refrigerator/setPowerFreeze
db/refrigerator/setPowerCool
db/refrigerator/DispenserLock
db/refrigerator/DispenserIceMaking
db/refrigerator/DispenserIceOff
db/refrigerator/DispenserFilter
db/refrigerator/HandleLighting
db/refrigerator/SterilizationCleaner
db/refrigerator/stepFridgeTemp
db/refrigerator/setFridgeTemp
db/refrigerator/CoolingOff
db/refrigerator/RefOption01
db/refrigerator/RefOption02
db/refrigerator/RefOption03
db/refrigerator/RefOption04
db/refrigerator/RefOption05
db/refrigerator/RefOption06
db/energystar/defrost/status
db/energystar/defrost/activate
db/refrigerator/RefOption07
db/refrigerator/RefOption08
db/refrigerator/RefOption09
db/refrigerator/RefOption10
db/refrigerator/RefOption11
db/refrigerator/RefOption12
db/energystar/dr/override
db/refrigerator/MicomInfoYear
db/refrigerator/MicomInfoProject
db/refrigerator/MicomInfoVersion
db/refrigerator/RefOption13
db/refrigerator/ModelDiodeOption
db/refrigerator/MicomInfoSwVersion1
db/refrigerator/MicomInfoSwVersion2
db/refrigerator/MicomInfoSwVersion3
db/refrigerator/MicomInfoSwVersion4
db/refrigerator/MicomInfoType1
db/refrigerator/MicomInfoType2
db/refrigerator/rm_state
db/energystar/dr/level
db/setting/Brightness
db/refrigerator/displayFreezerTemp
db/refrigerator/displayFridgeTemp
db/refrigerator/DeoFilter
db/wifi/wifi_ui_onoff_status
db/browser/user_agent
db/svoice/manager/bos_response
db/svoice/manager/response
file/private/sound/volume/system
db/bluetooth/bt_ui_onoff_status
file/private/bt-core/flight_mode_deactivated
db/bluetooth/lestatus
file/private/libug-setting-bluetooth-efl/visibility_time
db/bluetooth/status
db/bluetooth/dpm
db/refrigerator/MicomUsedMonth
db/isf/input_language
file/private/sound/volume/media
file/private/sound/volume/notification
db/mic_key/status
db/setting/lcd_backlight_normal
- Some of these BLOB data can be easily read, like the Wi-Fi BSSID Address that in the provided dataset is 70:2c:1f:41:e2:42 .
- The "\var\lib\connman\settings" file contains information about network services (WiFi, Bluetooth, Wired, Cellular) and if they are enabled or not.
