Hacking a Samsung Galaxy for $6,000,000 in Bitcoin!?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

Smartphones are inherently not secure.

👍︎︎ 1 👤︎︎ u/Mr_P_Nissaurus 📅︎︎ Jul 22 2022 🗫︎ replies

It's the same guy that hacked a cold wallet before

👍︎︎ 1 👤︎︎ u/Ground_Lazy 📅︎︎ Jul 22 2022 🗫︎ replies
Captions
okay all right now we are on the way [Music] yeah i'm nervous uh you know it's a lot can a lot can go wrong it's always a little nerve-wracking you know i try not to think about it but in the back of my head i know that there's this pressure you know in this hope joe grant has been helping people get into their bitcoin wallets and he joins us now joe thanks so much for being with us how hard is it to get into a bitcoin wallet how do you do it really anything is hackable if you put in uh enough time and enough resources part of hacking is you never really know what's gonna happen even if you've done it multiple times it always feels like magic there's always a risk of something going wrong especially with the type of attack i was doing yeah you know i never expected the response uh from a video like that before i've gotten hundreds of emails from people that need help i'm driving up to seattle to see someone named lavar and he has locked himself out of a phone that could potentially have a lot of money like multi millions of dollars yeah good seeing you by the way um how's everything everything's beautiful everything is really good this project has a bunch of different steps uh that we have to do and everything has to go right even before we get to the point of seeing if there's cryptocurrency in the wallet my question is the data that's being extracted is that just the swipe pattern yes so the gold is just to get the swipe pattern which should give you access to the wallet in this case i need to extract memory from the phone this is the device that we want to get the contents off of that plug plugs into the connector on the phone try to find where his swipe password is stored we are successfully reading the entire memory device see if we can then figure out what the swipe password is gesture.key is the actual swipe password and then get access to the wallet and then see if there's money on it we have to unlock the phone and then we have to see how much is on it so it's going to be like this kind of intense thing yeah i'm gonna fight and if any of those steps goes wrong uh you know we're gonna potentially leave empty-handed uh i appreciate you guys and i cannot wait for this you know this is gonna be life-changing so yeah yeah yeah don't don't commend us yet let's yeah you're right right right i got you but i got faith in you my man sure okay i am in seattle and i gotta get to the hotel set up my lab levar is coming over and we're gonna try to hack this phone we're finally here let's check out the room i don't know um i need a place to set up my stuff so maybe we do we'll have to set up all my equipment over here because this is the biggest table so i'm going to be hacking in the bedroom [Music] for those who are worrying if i am esd safe yes [Music] [Music] all of these things i hope i won't have to use [Music] some nice ambiance lavar is going to be here in 10 minutes everybody get ready [Music] now i'm ready hey hey good i can't believe we're doing it here i love it i love it and then i write i drive like all the worst routes people say really yeah yeah like man you're a glutton for punishment that's like man i i'm a people person though yes that's probably why they put you on those yeah yeah so basically um about the bitcoin at the time we were super sketchy met a guy at uh a coffee shop at starbucks actually and purchased the bitcoin from him had no idea of what i was doing didn't even know if this guy was legit so i got all this money of giving him the money i'm like well how do i know i have this bitcoin so he goes well as long as we get three completions then you're good so i'm like okay i have no idea what you mean but okay i got the completions through my wallet and transaction was completed all of this it just makes me more comfortable to know i have like everything right right that i might need like having the basketball shoes with the gym shorts the basketball yeah that's got a divorce you know i'm gonna do a divorce and everything so when i moved i put the phone in the box and i knew i put the phone in safekeeping i just couldn't remember seven years goes by and then the whole bitcoin craze hits i'm hopeful because i've tested it a bunch of times as long as your phone matches what i've been testing and that's what we don't know too right it's like another unknown yeah i appreciate you guys yeah well i appreciate you even finding us yeah that was john you're supposed to be here hopefully that's right they had one of my friends she took me to get the big one as a matter of fact she calls me out she's oh my god oh my god you're a millionaire you're a millionaire man i don't know where this phone is one day i was going to look for my server and i go on this computer box that i haven't man long behalf boom there's the phone right there you this phone so that way if someone ever got it they wouldn't be able to get into it if they tried too many times it would just erase all the data so by the fourth time of trying i think i had like six or seven tries left because you get ten i said okay i'm done i don't wanna try anymore i don't want to lose the phone so there for about another year i've just been on a hunt trying to find somebody i said man somebody's going to be able to get into this funnel somebody has to be able to get into this phone um but yeah i was about to explain to lavar the whole process and then just start doing it all right yeah make yourself at home you do art like art work gonna do a little bit of everything i'm clothing design to everything i'm wearing from hoodie pants socks a couple of years ago actually he told me that he had a phone but we really didn't like put too much into it around november he actually gave me a call and he was just telling me like yo like i want to figure out how to get this bitcoin like i was checking the price i was like well you know he's he's an out-of-the-box thinker he's looking and he's like here try this try this i posted on reddit you know i looked at different forums and then for one time the one time in my life where the youtube algorithm actually did something for my life was that time and then that's when joe's video popped up he sends me this video and he's like man i think this dude can get it to the phone you need to hit it look i was like man who's this crazy guy with the long hair you know what i'm saying talking about he's hacking a bitcoin wallet yeah when i seen that i was like this is the guy i'm a really good judge of character so i can just tell that this this guy knew what he was doing there's people who have services online and they're like send me the phone and you know that's not gonna happen like yeah i'm not gonna do that i felt more comfortable with them guys coming up here you know we talked to joe he kind of like made it seem like you know like we're gonna do this the right way we got our paperwork in order so this potentially like i i'm telling joe telling everybody this this potentially could be millions of dollars on here because i bought the bitcoin back in end of 2013. i spent about a few thousand i want to say it was just you know so volatile you just don't know what the price was so since my daughter was born um and she's turning eight that's how long i've had this phone what you think about it she's like ah well she doesn't really know so until i tell her baby we're a millionaire spin the globe we can go anywhere in the world you want to she's not gonna really understand the reason that i wanted to help lavar so bad with the you know the project because ever since i've known him he's been a hard worker and even if he has to learn something on himself like you know studying to get his real estate license studying you know different things for small business i've always seen him trying to better his life for himself and his kids so when he said you know i need help with something you know it was easy for me to help anytime i've ever asked him for help in the in the past um he was definitely there to help me so i think if anybody deserves to you know randomly have the algorithm send them to jail i think it's good that that happened to lavar okay so the overall concept of what we're doing is opening up your phone there's one memory device on the board the operating system all of your data everything that is like personal storage is in that device the goal of the attack is to copy that entire memory onto my computer analyze that memory see if i can figure out where your swipe password is stored you can find that decode what that password is put phone back together log in and see your wallet my first plan of attack for hacking this phone was to take advantage of something called a jtag interface basically is like a debug interface designed for engineers or manufacturers to work with the cpu that's on the board and through the jtag interface we can actually access external memory on the phone there's a little connector on the board that's um basically all you do is pop the cover off and unscrew it and it's right there so through that jtag interface from here i can connect to the cpu which then connects to the memory so i can read the memory through that interface the problem is it's really slow it could take anywhere if we use that method from eight hours to 20 hours but i had heard that some versions of the samsung phone that we were hacking don't have that connector soldered on the board i have this adapter that plugs directly onto the connector on your phone so if we open up your phone and there's no connector there okay then we go oh no for every step in the process i've thought of like a couple other ways to do it just in case something goes wrong right because you never know there are some risks with it um one of them being it is susceptible to noise and interference you know as we're copying the data off something might copy incorrectly it shouldn't matter for us because we're really just looking for one little section of this giant file system all right so you ready for the phone yeah let's do it all right this is the moment of truth look at that oh this is the phone that is the phone has potentially millions of dollars all right let's go let's go hack it so first thing i'm actually gonna do is powered on do we know does the battery battery charge or might be charged okay okay i'm gonna power it on just to make sure it actually works okay [Music] anything anything yeah all right here let's plug it in with the charger okay red light comes on so it detects it nothing my time being on this earth i know that things can go wrong a lot of times so when the phone didn't turn on it's like no not a not a barrier like right here no the red light came on it might be so dead that it's not okay let's use my let's use my battery then so i'm gonna pop the back cover off it looks like my test phone so that's good i'm gonna take out your battery put this in come on why is it not turning on that's good oh here we go it's a slow phone uh i knew it would come off we were all a little sketched out but it came up the swipe password screen that came up on his phone is exactly what i was seeing on my test phones hopefully the same version of android operating system on his phone that i was using online i have to unscrew one two three four five six seven eight screws we should be able to see if the connector is there or if it's just the footprint that we have to solder a connector onto [Music] the screw is done all right this is ready to open so now i can take off the frame this section that covers all of the circuitry when i take that off we'll be able to see that connector or no connector yeah that's right [Music] okay are we ready to take the cover off yes let's go all right ready just there oh thank god yeah i was looking at the wrong spot oh it's not there okay okay so now i can take all of my hardware plug it in let's go start copying that memory let's get this money all right all i had to do is plug in my pre-existing cable that i had plug that into my jtag debugging hardware this is called the octo plus pro it's basically like an engineering or you know mobile phone repair tool that has software on here that knows how to send the right data to the phone plug that into my computer okay so this is set up so i'm gonna plug this in run the tools and we'd be fine but that wasn't quite the case the jtag access is only granted in like the first quarter second or half second when you power up the phone we basically need to like power it up catch it and then send a command to halt the cpu to stop doing stuff so that we have complete control of it so yeah so i can run the software on here all right that's on what's up with the what's up with that pretty much right away things just weren't working it's blinking it's like not i think my usb port doesn't have enough power to power it on its own so let's hook this up ah almost got it i was just getting these weird error messages in my software tool really right away what i thought was going to be an easy task turned into this kind of snowball effect of trying to get everything working come on you can do it once i started seeing these errors with the cable i started fussing around with some of my other devices and trying a hard-wired version that i had that bypassed the plug-in cable my hard-wired version connects so this is what we should be seeing so we know that the interface works the software works so i came to the conclusion that there was some connectivity issue with my cable which had worked fine two days ago like a couple days ago when i was like i could just use this cable so i didn't even have time to buy a second one like normally i would buy two of things put on my magnifying glasses started looking at the tiny little connectors on that interface re-soldered everything touched it all up make sure there is no shorts i just couldn't figure out what was wrong with the cable and uh yeah so we had to switch gears and go for a little more of a hardware hacking effort so for some reason i think my jtag interface cable has to bed so we had to have a talk and i laid out all the options but i really wanted lavar to be part of this process there's a couple ways that we can go that was the first option of four this device that he was going to just plug into the jtag that didn't work of course murphy's law so joe had numerous options the other option is using jtag with hardwired connections soldering to that is tricky there's nine connections i need to do both the third and fourth options are with the memory simple and slow method using jtag there was a faster and slightly more risky method of physically connecting to the memory itself to extract the memory and then there were variations of those uh john what'd you think i'm slow steady yes but for me slow and steady wins the race so you know as long as we got the time i don't see a reason why we shouldn't try all the other options i mean the other thing we could do too is go the slower route try to hardwire to the connector give that a try if it works it's going to come up right away the connection will and then we just wait for it to dump from my perspective that is by far the most difficult of all of the four possibilities of attacking this phone nobody wants to do micro soldering in a hotel room okay all right let's do it so now i have the connector side that plugs into my jtag hardware i am going to need light solder looks so gigantic [Music] [Music] wires are so fine it looks like horse hair i had the thinnest tip that i could find for my soldering iron and it looked like a hammer coming down on these tiny little pins as he was trying to solder the different pins like me just even trying to look at him and do that i had to look away because it just like gave me a bunch of anxiety but we had to do like what eight or nine of them or something like that so all right oh that was a leg right there as well every time i would try to solder a wire on my iron tip would hit a different pin in a different wire and that would fall off oh it's not on it or they would short circuit together and i'd have to clean it up very nerve-wracking i commend joe in every way anybody who has anything to say about the soldering um try it yourself 12 30 at night everybody had claimed a role within the room light holder encourager like whatever you were to make sure that joe got it done [Music] okay i think that's it doesn't look very pretty all right but uh i think they're all there and i don't think they're touching i'm gonna move this out of the way it's a bit without having to lift too much come on something has to go right okay so something must not be connected if it doesn't see that it could be that ground isn't connected or something else isn't connected so i'm just sitting there like no yeah so you know started to go through do his redundancy checks check them one by one it's the same behavior as the cable and then i really started worrying what is going on like a piece of metal there that's conductive so if those are touching down on that then that could be causing the problem the phone actually has a certain process that you have to go through where jtag is really only enabled for like the first half a second when the phone boots up and then it gets disabled so if you don't hit the spot at just the right time to essentially open the door then that door gets locked are you ready i'm ready again i kind of messed around with the process a little bit of powering it with my power supply with my usb cable with my battery and just one of the times after getting error error error it just i was just clicking it over and over again because it was like failed failed failed and now it says connect successful and it is actually showing us the whole 14 gigs [Music] but we should start it um so i'm going to do a full flash read so it's reading right now so now we don't touch any of this and this is this is like what could potentially take 8 hours 20 hours but i'm so wired right now like i'm tired if i see the password and i've got i'm gonna be a little upset because i know something easy but i just can't remember what it was but you know it is what it is in there yeah i'm gonna be up till five o'clock anyway that's just me that's crazy yeah sitting in bed right next to all of the hardware i'm actually paranoid enough that i don't want to turn off any lights to cause any sort of like electromagnetic spike data is about two percent complete i'm gonna see if i can actually get some sleep but i'm gonna keep one eye open and make sure that this file transfer works that we get all of the data off of his phone because if we do we can go to the next phase get his swipe password and get to that cryptocurrency good night see you tomorrow it's the next morning already that seemed to go by really quick so the data has already been copying for just over eight hours it could take up to 20 hours depending on how much data is on that phone the problem is the hotel needs this room so it's nine o'clock in the morning right now and we have to be out by two which seems like a lot of time seems like it should totally work but sometimes it goes slow sometimes it goes fast hopefully things will go our way my fingers continue to be crossed i can actually tell when the uh data is being transferred slower fast on the opto plus box when the light is blinking kind of slowly it's the slow data transfer and when it's like fully on it's blasting i keep looking over because i'm hoping for it to be a solid light but man it's stressful welcome back good morning let's check it out yes just jumped up and came straight here same clothes apologize that's that that's the hacker way right 55 another eight to 10 hours we'll get comfortable now we wait yes [Music] so this thing is cranking along it's at 75 and it looks like at this speed we're getting like five percent every 20 minutes we have like an hour and 40 minutes we basically are getting kicked out of this room in an hour and 10 minutes so it's only gonna be like another 20 or 30 minutes past that do you think if i bribe them like could i either you think i could give them cash because this seems to work on tv [Laughter] yeah if we can if we can get till three i think they're after too that's going to be the right application oh hello hello hi oh um so i talked to the front desk and they said that we could stay until 2 but i'm wondering if there's any way i'm running an experiment in here with my computer everything else is clean i moved everything out um wait is there anybody can stay until three you can see how clean it is but um can i can i do this to you um 95 it's 2 45 so we're going to hit exactly at 3 o'clock once this hits 100 and it's done we got to get out of here and go to the other room close the software disconnect this and then i'll carefully just carry this over as is as long as the data is there i don't care what happens if you think about it 550 megs 96 it's amazing going from seeing you on youtube cracking us up in person i exist saying like i'm so caffeinated and excited that i'm shaking 257 100 megs to go out of 16 gigs the hard part is done now yeah yeah you're about to be rich oh you're an optimist aren't you okay i know the final ten come on for the final two seven six five four three two one [Music] yeah done yes [Music] [Applause] i'm going to disconnect from the box close the program and we did may 7th right there it is it's going to run a program on it that will look for printable text within the file yeah see there's like words and stuff so all the data [Music] okay let's pack up and go next door okay got that [Music] how are you feeling i feel good nervous no not at all now the nervous part is over with now i just want to see what it is yeah i get excited after yes sir let's go let's look at this file so this is a 16 gig giant binary file of that entire memory what i can do is mount that binary and it actually the operating system will read that file that we can actually like browse through all of the content on your phone now i will show the partition table so this is going to let us know if we have the entire memory file and we're looking for the user partition which is where all the user data is so this should show our partitions nice all right so we see them all user data that's the biggest one yeah i'm using a different tool to map each partition to its own like disk and then i can mount it 0p15 and then we're going to mount it to our own drive name so i'm going to mount it mount the user partition onto our disk okay no error there's a bunch of files that's good yeah there's a whole bunch of stuff what we want is in system okay if it's there gesture.key oh i was looking at is not the direct pattern but it's called a cryptographic hash okay so in theory if you have the 20 byte thing the sha hash you're not supposed to convert it back like mathematically you can't do that but because android's open source you can run through every possible gesture combination and compute what the hash is so i have a database of every hash pattern and what it corresponds to okay so now we can use a binary because it's a binary image so we're gonna look at it so that's the sha-1 hash of your particular swipe pack so it's actually there so now we have to look it up so this list it's massive of every possible swipe pattern so what we're going to do is search for those bites in here six five six a e6 zero seven i'm gonna start with just a couple three two one okay e6 e and ends in f5 okay so that's let's see if there's any others nope so there's only one pattern two five eight nine two five eight does that ring a bell no i guess that's why you forgot it i'm gonna write it down on here two five eight it's an l for levar yeah are you serious did you ever try that one are you freaking serious that's amazing are you serious yeah that's it like that's the easiest thing ever like let's put this back together power it up let you log in i'm gonna have the phone down here if there's a lot of money you're not gonna drop the phone right here right so if you pass out you'll fall right right all right let's do it let's try it we'll put this in since this thing's gonna actually power up with all these wires here vibrated [Music] it's loading okay all right you can have the honors of unlocking your phone [Applause] okay okay so what are we gonna do you're gonna go right to the app is the bitcoin blockchain mycelium look at all those wow look at that look at that okay this is it this is the money shop how much is what it it say 0.003 what is that lavar oh no bro this is from 2016. i thought it was 13 14. 105 that corresponds to no oh what the now i'm stressed last known value for currency 653 back in a while ago so that maybe that's like one bitcoin or something but your pin is it's encrypted in here so that's the only one that we can't that we haven't gotten into [Music] well right now i'm a little devastated it was a good journey um wish we could have been more successful but we still have a little bit of hope we have one more wallet to get into joe's going to try to get into that and we're going to stay optimistic and hopefully everything goes well and the coins are there i think you know like you said the journey was amazing um you know kind of you know it's obviously a letdown to not be able to be as successful but you know there's still a little bit of hope um it's all its own little adventure so you know i'm happy and whatever the outcome is didn't make money but we definitely made new friends i don't even know how to start it it is like a gold rush right and sometimes you hit it and sometimes you don't and definitely was a learning experience if nothing else and i don't know i mean there is one last encrypted wallet on his device so maybe i can crack that pin to get access to it but yeah i mean that's the nature of this business you know we got into this to use our skills to help people unlock and get access to their cryptocurrency and unfortunately a lot of times the value isn't there the money is not there i guess all we can do is go on to the next wallet such a bummer of an ending isn't it like for lavar i did a little bit of research so i think if nothing else we'll kind of have some closure i i basically traced your original purchase definitely july 2016 instead of 2013. and then the investment amount was four hundred dollars a lot of it though unfortunately went to a place called bit blender problem is that website went down in 2019 i believe so that major portion is gone the good news there is 75 milli bitcoin 1800 or 2 000 which is still better than your investment going in yeah i mean yeah um i i appreciate you guys man this has been a wild ride i just wish it would have turned out way better um definitely fun though i i was i was rich for this this short period of time that's right before we before we knew do you ever hack a wallet and it's empty
Info
Channel: Joe Grand
Views: 2,863,941
Rating: undefined out of 5
Keywords: joe grand, electronics, hacker, Crypto, Cryptocurrency, Bitcoin, BTC, ETH, Ethereum, hacking, hardware wallet, samsung, mobile phone, galaxy, jtag, emmc, swipe, password, recovery, kingpin, octoplus
Id: icBD5PiyoyI
Channel Id: undefined
Length: 36min 24sec (2184 seconds)
Published: Thu Jun 23 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.