Warning: Unknown: Unable to allocate memory for pool. in Unknown on line 0

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/index.php on line 54

Warning: Cannot modify header information - headers already sent in /usr/local/www/mediawiki/includes/WebStart.php on line 63

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/WebStart.php on line 94

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/WebStart.php on line 97

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/WebStart.php on line 100

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/WebStart.php on line 103

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/Defines.php on line 187

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/WebStart.php on line 115

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/WebStart.php on line 134

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/LocalSettings.php on line 137

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/LocalSettings.php on line 139

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/LocalSettings.php on line 144

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/LocalSettings.php on line 145

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/LocalSettings.php on line 153

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/WebStart.php on line 150

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/WebStart.php on line 157

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/Setup.php on line 381

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/Setup.php on line 382

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/Setup.php on line 383

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/Setup.php on line 384

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/languages/Language.php on line 20

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: include_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/Skin.php on line 153

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/skins/Vector.deps.php on line 11

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/Skin.php on line 155

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: Cannot modify header information - headers already sent in /usr/local/www/mediawiki/includes/WebResponse.php on line 38

Warning: Cannot modify header information - headers already sent in /usr/local/www/mediawiki/includes/WebResponse.php on line 38

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: include(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/resourceloader/ResourceLoader.php on line 201

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require_once(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/json/FormatJson.php on line 12

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007
Samsung Smart Fridge - Just Solve the File Format Problem

Samsung Smart Fridge

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007
(System-data partition)
(System-data partition)
 
(21 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Samsung Smart Fridges with the Family Hub software are smart fridges that run Tizen. A dataset shared by VTO labs has an image of the all of the partitions like the system and data partition. The blog ZENA forensics has analyzed the dataset for evidence. (Just like a historian, EVERYTHING counts for a case to be solved)
+
{{FormatInfo
 +
|formattype=physical
 +
|subcat=Networked devices
 +
}}'''Samsung Smart Fridges''' with the Family Hub software are smart fridges that run Tizen. A dataset shared by VTO labs has an image of all of the partitions like the system and data partition. The blog ZENA forensics has analyzed the dataset for evidence. (Just like a historian, EVERYTHING counts for a case to be solved)
 
==Storage format==
 
==Storage format==
 
They use a GPT partitioning schema and it has a total of 21 partitions.
 
They use a GPT partitioning schema and it has a total of 21 partitions.
Line 12: Line 15:
 
== System-data partition ==
 
== System-data partition ==
 
This partition has settings.
 
This partition has settings.
 +
 +
*The "\etc\localtime" file contains information about the timezone set on the device (in the provided dataset America/Denver, where VTO Labs is located)
 +
*The "\dnsmasq.leases" file contains information about leases by the DNSmasq service. The provided dataset contains the following values:
 +
**1517956504, that translates to 6th February 2018 at 10:35:04 UTC
 +
**4c:66:41:5c:7e:92, a MAC address manufactured by Samsung Electro-Mechanics
 +
**192.168.7.61, a local IP address
 +
**Samsung-SM-G930V, a smartphone model
 +
**01:4c:66:41:5c:7e:92, a MAC address by an unknown manufacturer
 +
*The "\dbspace\5001\.account.db" file contains information about the Samsung account, including username and email address (in the provided dataset "connectedkitchenvto@gmail.com")
 +
*The "\dbspace\.notification.db" file contains notification settings (per app).
 +
*The "\dbspace\.alarmmgr.db" file contains alarm settings (per app).
 +
*The "\var\lib\bluetooth\" folder contains a subfolder apparently named as the Bluetooth MAC Address of the device. In the provided dataset the folder name is 70:2C:1F:41:E2:43, which is a Bluetooth MAC Address manufactured by Wisol, a Samsung company.
 +
*The "\var\lib\bluetooth\<BT_MAC>\settings" file contains the device Bluetooth name (in the provided dataset "[Refrigerator] Samsung").
 +
*The "\var\lib\bluetooth\<BT_MAC>\cache" folder contains various files, named as a Mac Address. In the provided dataset 6 files are stored in the folder. Every file contains a device name. They seem to be "seen" devices, although more testing is needed.
 +
*The "\var\lib\buxton2\system.db" contains information about OS settings. The database needs more research to understand the exact content, but it apparently contains interesting configuration and information embedded in BLOB data. Here follow the full settings list.
 +
 +
<pre style="white-space: pre-wrap;
 +
white-space: -moz-pre-wrap;
 +
white-space: -pre-wrap;
 +
white-space: -o-pre-wrap;
 +
word-wrap: break-word;">
 +
 +
db/refrigerator/modelType
 +
db/usb/sel_mode
 +
db/pwlock/factory_boot
 +
db/wifi/country_code
 +
db/setting/country_code
 +
db/pwlock/setup_wizard_started
 +
db/menu_widget/language
 +
db/menu_widget/regionformat
 +
db/privacy_policy/agree
 +
db/refrigerator/ModelSupportedIceMaker
 +
db/account/msg
 +
db/samsungaccount/signin
 +
db/pwlock/setup_wizard
 +
db/menuscreen/numofpages
 +
db/setting/timezone_id
 +
db/setting/cityname_id
 +
db/setting/timezone
 +
db/dnet/statistics/wifi/totalsnt
 +
db/dnet/statistics/wifi/totalrcv
 +
db/softap/hide
 +
db/softap/security
 +
file/private/wifi/wifi_off_by_airplane
 +
db/refrigerator/checkModelId
 +
db/otn/otn_download_version
 +
db/photoalbum/default_album
 +
db/refrigerator/MicomInfoModelIdStr
 +
db/refrigerator/ModelSupportedDoor
 +
db/photoalbum/last_album
 +
db/refrigerator/FirstWarning
 +
db/wifi/wifi_disconnect_count
 +
db/nfc/feature
 +
db/nfc/enable
 +
db/audio/volume/kantmeq/product_model
 +
db/audio/volume/kantmeq/standard
 +
db/audio/volume/kantmeq/music
 +
db/audio/volume/kantmeq/movie
 +
db/audio/volume/kantmeq/speech
 +
db/audio/volume/kantmeq/silver
 +
db/audio/volume/kantmeq/stadium
 +
db/audio/volume/kantmeq/icehockey
 +
db/audio/volume/kantmeq/african_cinema
 +
db/audio/volume/kantmeq/indian_cinema
 +
db/audio/volume/kantmeq/party
 +
db/audio/volume/kantmeq/rugby
 +
db/audio/volume/kantmeq/reserved5
 +
db/refrigerator/MicomInfoLastSwVersion4
 +
db/refrigerator/TchefMode
 +
db/refrigerator/DoorAlarm
 +
db/refrigerator/EnergySaver
 +
db/refrigerator/icetype
 +
db/refrigerator/TemperatureUnit
 +
db/wifi/bssid_address
 +
file/private/wifi/last_power_state
 +
file/private/contacts-service/default_lang
 +
db/pwlock/function_state
 +
db/indicator/rm
 +
db/clogger/global_ID
 +
db/svoice/ref_room
 +
db/svoice/setting/lang
 +
db/isf/input_keyboard_uuid
 +
db/refrigerator/MicomInfoAddr1
 +
db/refrigerator/MicomInfoAddr2
 +
db/refrigerator/MicomInfoAddr3
 +
db/refrigerator/MicomInfoModelId1
 +
db/refrigerator/MicomInfoModelId2
 +
db/refrigerator/MicomInfoModelId3
 +
db/refrigerator/MicomInfoModelId4
 +
db/dnet/statistics/wifi/lastsnt
 +
db/dnet/statistics/wifi/lastrcv
 +
file/private/isf/autocapital_allow
 +
file/private/isf/autoperiod_allow
 +
db/refrigerator/coolselectzoneState
 +
db/refrigerator/stepFreezerTemp
 +
db/refrigerator/setFreezerTemp
 +
db/refrigerator/setPowerFreeze
 +
db/refrigerator/setPowerCool
 +
db/refrigerator/DispenserLock
 +
db/refrigerator/DispenserIceMaking
 +
db/refrigerator/DispenserIceOff
 +
db/refrigerator/DispenserFilter
 +
db/refrigerator/HandleLighting
 +
db/refrigerator/SterilizationCleaner
 +
db/refrigerator/stepFridgeTemp
 +
db/refrigerator/setFridgeTemp
 +
db/refrigerator/CoolingOff
 +
db/refrigerator/RefOption01
 +
db/refrigerator/RefOption02
 +
db/refrigerator/RefOption03
 +
db/refrigerator/RefOption04
 +
db/refrigerator/RefOption05
 +
db/refrigerator/RefOption06
 +
db/energystar/defrost/status
 +
db/energystar/defrost/activate
 +
db/refrigerator/RefOption07
 +
db/refrigerator/RefOption08
 +
db/refrigerator/RefOption09
 +
db/refrigerator/RefOption10
 +
db/refrigerator/RefOption11
 +
db/refrigerator/RefOption12
 +
db/energystar/dr/override
 +
db/refrigerator/MicomInfoYear
 +
db/refrigerator/MicomInfoProject
 +
db/refrigerator/MicomInfoVersion
 +
db/refrigerator/RefOption13
 +
db/refrigerator/ModelDiodeOption
 +
db/refrigerator/MicomInfoSwVersion1
 +
db/refrigerator/MicomInfoSwVersion2
 +
db/refrigerator/MicomInfoSwVersion3
 +
db/refrigerator/MicomInfoSwVersion4
 +
db/refrigerator/MicomInfoType1
 +
db/refrigerator/MicomInfoType2
 +
db/refrigerator/rm_state
 +
db/energystar/dr/level
 +
db/setting/Brightness
 +
db/refrigerator/displayFreezerTemp
 +
db/refrigerator/displayFridgeTemp
 +
db/refrigerator/DeoFilter
 +
db/wifi/wifi_ui_onoff_status
 +
db/browser/user_agent
 +
db/svoice/manager/bos_response
 +
db/svoice/manager/response
 +
file/private/sound/volume/system
 +
db/bluetooth/bt_ui_onoff_status
 +
file/private/bt-core/flight_mode_deactivated
 +
db/bluetooth/lestatus
 +
file/private/libug-setting-bluetooth-efl/visibility_time
 +
db/bluetooth/status
 +
db/bluetooth/dpm
 +
db/refrigerator/MicomUsedMonth
 +
db/isf/input_language
 +
file/private/sound/volume/media
 +
file/private/sound/volume/notification
 +
db/mic_key/status
 +
db/setting/lcd_backlight_normal
 +
 +
</pre>
 +
**Some of these BLOB data can be easily read, like the Wi-Fi BSSID Address that in the provided dataset is 70:2c:1f:41:e2:42 .
 +
*The "\var\lib\connman\settings" file contains information about network services (WiFi, Bluetooth, Wired, Cellular) and if they are enabled or not.
 +
*In the provided dataset there is a subfolder named wifi_702c1f41e242_436f6e6e65637465644b69746368656e56544f32_managed_none which contains a settings file with information about the Wi-Fi network the device was connected to. In the provided dataset the Wi-Fi network name is ConnectedKitchenVTO2 and the last assigned IP address is 172.16.42.126.
 +
 +
==User partition==
 +
The user partition contains most of the user data.
 +
===Tizen Glaze Camera===
 +
 +
*The Glaze Camera is a built-in camera solution for a refrigerator that supports food management. I was not able to find a lot of technical details about this service, but the GitHub opensource script Python Family Hub mentions it. Some non-technical details about the service are also available here.
 +
 +
*The application stores its data in the "\user\home\owner\apps_rw\org.tizenglazecamera\". In the provided dataset three JPG pictures of the content of the fridge were found in the "\shared\trusted\"subfolder. All of them were taken on 7th February 2018 at 18:41:12 UTC.
 +
===Tizen Browser===
 +
 +
*The Tizen OS 3.0 has a default browser named "Tizen Browser", based on Chromium. Details about the browser are available on the tvmode.org website. The Tizen Browser stores information in 2 main locations in the user partition: the "\user\home\owner\apps_rw\org.tizen.browser\" folder and the "\user\data\browser-provider\database\" folder.
 +
*The "\user\data\browser-provider\database\.browser-provider-history.db" file contains browser history, including visit date, URL and page title for each visited website. In the provided dataset we can find 4 Google searches ("funny cats", "thug life cats", "starman live", "best of he man") and two viewed YouTube videos (https://m.youtube.com/watch?v=M-P3l9ezaF8 and https://m.youtube.com/watch?v=bMjVvg8jOO4).
 +
*The "\user\data\browser-provider\database\.browser-provider-tabs.db" contains information about opened tabs. In the provided dataset you can find a single in entry in the "tabs" table, as shown in picture: it includes an URL (https://m.youtube.com/watch?v=bMjVvg8jOO4) and a creation date value (2018-02-07 18:18:30).
 +
*The "\user\home\owner\apps_rw\org.tizen.browser\data\chromium-elf\cache" folder contains browser cache items. As the Tizen Browser is based on Chromium, the Cache can be parsed with ChromeCacheView or Hindsight.
 +
===Glympse Family Map===
 +
*The Glympse Family Map is a location-sharing service "which allows users to seamlessly share their location using a variety of devices within the Tizen ecosystem".
 +
*This app is based on Chromium and it also uses a Cache folder ("\user\home\owner\appr_rw\gfamilymap\data\chromium-elf\cache\") that can be parsed with ChromeCacheView or Hindsight.
 +
*By analyzing the images stored in the cache folder I was able to find some Google Maps images geolocated at the VTO Labs headquarter, where probably the fridge was used and then acquired.
 +
*Some logs files about the Glympse service are stored in the "\user\home\owner\appr_rw\com.glympse.tizen.frapp.service\data\glympse". They seem to contain information about sync with the Glympse service, but more research and testing is needed.
 +
===Samsung Connect===
 +
*The "\user\home\owner\apps_rw\com.samsung.samsung-connect" folder contains Samsung Connect App data. This app "provides users a simple, unified way to control and monitor smart devices in one app".
 +
*The "\user\home\owner\apps_rw\com.samsung.samsung-connect\shared\data\sc.db" file contains references to other devices: in the provided dataset a "SAMSUNG SM-G930V" and a "Pixel 2" (table "device_table").
 +
===Energystar===
 +
*The "\user\home\owner\apps_rw\org.tizen.energystar" folder contains energy information. The "\user\home\owner\apps_rw\org.tizen.energystar\shared\trusted\usage.db" seems containing information about power usage with hourly timestamps ("power_usage_table" table).
 +
===iHeart Hub Radio===
 +
* The "\home\owner\apps_rw\4GKFs7KtEh\" folder contains the iHeartHub Radio app data. This app is based on Chromium and it also uses a Cache folder ("\user\home\owner\appr_rw\4GKFs7KtEh\data\chromium-elf\cache\") that can be parsed with ChromeCacheView or Hindsight.
 +
* The app seems to suggest radios based on the fridge location (Denver, Colorado).
 +
===Media folder===
 +
*The "\home\owner\media\" folder contains user media files. The internal structure seems self explicative, even though the provided dataset only contains predefined documents and pictures.
 +
===Other stuff===
 +
 +
Some other possibly interesting files are:
 +
*\home\owner\.applications\dbspace\.context-service.db
 +
*\home\owner\.applications\dbspace\privacy\.calendar-service.db
 +
*\home\owner\.config\chromium-efl\IconDatabase\WebpageIcons.db
 +
*\home\owner\media\Documents\.calendar_rotate.db
 +
*\home\owner\apps_rw\org.tizen.browser\data\.browser.settings.db
 +
*\home\owner\apps_rw\org.tizen.browser\data\.browser.bookmark.db
 +
*\home\owner\apps_rw\org.tizen.browser\data\.browser.certificate.db
 +
*\home\owner\apps_rw\org.tizen.menu-screen\data\dbspace\menu_screen.db
 +
*\home\owner\apps_rw\org.tizen.setting\data\setting.cfg
 +
*\home\owner\apps_rw\org.tizen.smarthome.service\data\subscriptionDB
 +
*\home\owner\apps_rw\org.tizen.smarthome.service\data\pref.db
 +
*\home\owner\share\.svoice_da_db.db
  
 
==Links==
 
==Links==
 
* https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-1.html
 
* https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-1.html
 +
 +
[[Category:Samsung]]

Latest revision as of 06:52, 31 December 2021

File Format
Name Samsung Smart Fridge
Ontology

Samsung Smart Fridges with the Family Hub software are smart fridges that run Tizen. A dataset shared by VTO labs has an image of all of the partitions like the system and data partition. The blog ZENA forensics has analyzed the dataset for evidence. (Just like a historian, EVERYTHING counts for a case to be solved)

Contents

[edit] Storage format

They use a GPT partitioning schema and it has a total of 21 partitions.

  • Partition 19 and 18 contain System data.
  • Partition 20 has settings by the user.
  • Partition 21 has user data.

[edit] RootFS Partition

  • \etc\os.release contains details about the installed OS. In the file we see the installed os is Tizen 3.0.
  • \etc\tizen-build.conf contains more OS info including build date.
  • The "\usr\apps" folder contains the pre-installed applications. This is archivist gold because it has apps.

All apps have a bundle name or a sort-of 10 characters-long GUID.

[edit] System-data partition

This partition has settings.

  • The "\etc\localtime" file contains information about the timezone set on the device (in the provided dataset America/Denver, where VTO Labs is located)
  • The "\dnsmasq.leases" file contains information about leases by the DNSmasq service. The provided dataset contains the following values:
    • 1517956504, that translates to 6th February 2018 at 10:35:04 UTC
    • 4c:66:41:5c:7e:92, a MAC address manufactured by Samsung Electro-Mechanics
    • 192.168.7.61, a local IP address
    • Samsung-SM-G930V, a smartphone model
    • 01:4c:66:41:5c:7e:92, a MAC address by an unknown manufacturer
  • The "\dbspace\5001\.account.db" file contains information about the Samsung account, including username and email address (in the provided dataset "connectedkitchenvto@gmail.com")
  • The "\dbspace\.notification.db" file contains notification settings (per app).
  • The "\dbspace\.alarmmgr.db" file contains alarm settings (per app).
  • The "\var\lib\bluetooth\" folder contains a subfolder apparently named as the Bluetooth MAC Address of the device. In the provided dataset the folder name is 70:2C:1F:41:E2:43, which is a Bluetooth MAC Address manufactured by Wisol, a Samsung company.
  • The "\var\lib\bluetooth\<BT_MAC>\settings" file contains the device Bluetooth name (in the provided dataset "[Refrigerator] Samsung").
  • The "\var\lib\bluetooth\<BT_MAC>\cache" folder contains various files, named as a Mac Address. In the provided dataset 6 files are stored in the folder. Every file contains a device name. They seem to be "seen" devices, although more testing is needed.
  • The "\var\lib\buxton2\system.db" contains information about OS settings. The database needs more research to understand the exact content, but it apparently contains interesting configuration and information embedded in BLOB data. Here follow the full settings list.

db/refrigerator/modelType
db/usb/sel_mode
db/pwlock/factory_boot
db/wifi/country_code
db/setting/country_code
db/pwlock/setup_wizard_started
db/menu_widget/language
db/menu_widget/regionformat
db/privacy_policy/agree
db/refrigerator/ModelSupportedIceMaker
db/account/msg
db/samsungaccount/signin
db/pwlock/setup_wizard
db/menuscreen/numofpages
db/setting/timezone_id
db/setting/cityname_id
db/setting/timezone
db/dnet/statistics/wifi/totalsnt
db/dnet/statistics/wifi/totalrcv
db/softap/hide
db/softap/security
file/private/wifi/wifi_off_by_airplane
db/refrigerator/checkModelId
db/otn/otn_download_version
db/photoalbum/default_album
db/refrigerator/MicomInfoModelIdStr
db/refrigerator/ModelSupportedDoor
db/photoalbum/last_album
db/refrigerator/FirstWarning
db/wifi/wifi_disconnect_count
db/nfc/feature
db/nfc/enable
db/audio/volume/kantmeq/product_model
db/audio/volume/kantmeq/standard
db/audio/volume/kantmeq/music
db/audio/volume/kantmeq/movie
db/audio/volume/kantmeq/speech
db/audio/volume/kantmeq/silver
db/audio/volume/kantmeq/stadium
db/audio/volume/kantmeq/icehockey
db/audio/volume/kantmeq/african_cinema
db/audio/volume/kantmeq/indian_cinema
db/audio/volume/kantmeq/party
db/audio/volume/kantmeq/rugby
db/audio/volume/kantmeq/reserved5
db/refrigerator/MicomInfoLastSwVersion4
db/refrigerator/TchefMode
db/refrigerator/DoorAlarm
db/refrigerator/EnergySaver
db/refrigerator/icetype
db/refrigerator/TemperatureUnit
db/wifi/bssid_address
file/private/wifi/last_power_state
file/private/contacts-service/default_lang
db/pwlock/function_state
db/indicator/rm
db/clogger/global_ID
db/svoice/ref_room
db/svoice/setting/lang
db/isf/input_keyboard_uuid
db/refrigerator/MicomInfoAddr1
db/refrigerator/MicomInfoAddr2
db/refrigerator/MicomInfoAddr3
db/refrigerator/MicomInfoModelId1
db/refrigerator/MicomInfoModelId2
db/refrigerator/MicomInfoModelId3
db/refrigerator/MicomInfoModelId4
db/dnet/statistics/wifi/lastsnt
db/dnet/statistics/wifi/lastrcv
file/private/isf/autocapital_allow
file/private/isf/autoperiod_allow
db/refrigerator/coolselectzoneState
db/refrigerator/stepFreezerTemp
db/refrigerator/setFreezerTemp
db/refrigerator/setPowerFreeze
db/refrigerator/setPowerCool
db/refrigerator/DispenserLock
db/refrigerator/DispenserIceMaking
db/refrigerator/DispenserIceOff
db/refrigerator/DispenserFilter
db/refrigerator/HandleLighting
db/refrigerator/SterilizationCleaner
db/refrigerator/stepFridgeTemp
db/refrigerator/setFridgeTemp
db/refrigerator/CoolingOff
db/refrigerator/RefOption01
db/refrigerator/RefOption02
db/refrigerator/RefOption03
db/refrigerator/RefOption04
db/refrigerator/RefOption05
db/refrigerator/RefOption06
db/energystar/defrost/status
db/energystar/defrost/activate
db/refrigerator/RefOption07
db/refrigerator/RefOption08
db/refrigerator/RefOption09
db/refrigerator/RefOption10
db/refrigerator/RefOption11
db/refrigerator/RefOption12
db/energystar/dr/override
db/refrigerator/MicomInfoYear
db/refrigerator/MicomInfoProject
db/refrigerator/MicomInfoVersion
db/refrigerator/RefOption13
db/refrigerator/ModelDiodeOption
db/refrigerator/MicomInfoSwVersion1
db/refrigerator/MicomInfoSwVersion2
db/refrigerator/MicomInfoSwVersion3
db/refrigerator/MicomInfoSwVersion4
db/refrigerator/MicomInfoType1
db/refrigerator/MicomInfoType2
db/refrigerator/rm_state
db/energystar/dr/level
db/setting/Brightness
db/refrigerator/displayFreezerTemp
db/refrigerator/displayFridgeTemp
db/refrigerator/DeoFilter
db/wifi/wifi_ui_onoff_status
db/browser/user_agent
db/svoice/manager/bos_response
db/svoice/manager/response
file/private/sound/volume/system
db/bluetooth/bt_ui_onoff_status
file/private/bt-core/flight_mode_deactivated
db/bluetooth/lestatus
file/private/libug-setting-bluetooth-efl/visibility_time
db/bluetooth/status
db/bluetooth/dpm
db/refrigerator/MicomUsedMonth
db/isf/input_language
file/private/sound/volume/media
file/private/sound/volume/notification
db/mic_key/status
db/setting/lcd_backlight_normal

    • Some of these BLOB data can be easily read, like the Wi-Fi BSSID Address that in the provided dataset is 70:2c:1f:41:e2:42 .
  • The "\var\lib\connman\settings" file contains information about network services (WiFi, Bluetooth, Wired, Cellular) and if they are enabled or not.
  • In the provided dataset there is a subfolder named wifi_702c1f41e242_436f6e6e65637465644b69746368656e56544f32_managed_none which contains a settings file with information about the Wi-Fi network the device was connected to. In the provided dataset the Wi-Fi network name is ConnectedKitchenVTO2 and the last assigned IP address is 172.16.42.126.

[edit] User partition

The user partition contains most of the user data.

[edit] Tizen Glaze Camera

  • The Glaze Camera is a built-in camera solution for a refrigerator that supports food management. I was not able to find a lot of technical details about this service, but the GitHub opensource script Python Family Hub mentions it. Some non-technical details about the service are also available here.
  • The application stores its data in the "\user\home\owner\apps_rw\org.tizenglazecamera\". In the provided dataset three JPG pictures of the content of the fridge were found in the "\shared\trusted\"subfolder. All of them were taken on 7th February 2018 at 18:41:12 UTC.

[edit] Tizen Browser

  • The Tizen OS 3.0 has a default browser named "Tizen Browser", based on Chromium. Details about the browser are available on the tvmode.org website. The Tizen Browser stores information in 2 main locations in the user partition: the "\user\home\owner\apps_rw\org.tizen.browser\" folder and the "\user\data\browser-provider\database\" folder.
  • The "\user\data\browser-provider\database\.browser-provider-history.db" file contains browser history, including visit date, URL and page title for each visited website. In the provided dataset we can find 4 Google searches ("funny cats", "thug life cats", "starman live", "best of he man") and two viewed YouTube videos (https://m.youtube.com/watch?v=M-P3l9ezaF8 and https://m.youtube.com/watch?v=bMjVvg8jOO4).
  • The "\user\data\browser-provider\database\.browser-provider-tabs.db" contains information about opened tabs. In the provided dataset you can find a single in entry in the "tabs" table, as shown in picture: it includes an URL (https://m.youtube.com/watch?v=bMjVvg8jOO4) and a creation date value (2018-02-07 18:18:30).
  • The "\user\home\owner\apps_rw\org.tizen.browser\data\chromium-elf\cache" folder contains browser cache items. As the Tizen Browser is based on Chromium, the Cache can be parsed with ChromeCacheView or Hindsight.

[edit] Glympse Family Map

  • The Glympse Family Map is a location-sharing service "which allows users to seamlessly share their location using a variety of devices within the Tizen ecosystem".
  • This app is based on Chromium and it also uses a Cache folder ("\user\home\owner\appr_rw\gfamilymap\data\chromium-elf\cache\") that can be parsed with ChromeCacheView or Hindsight.
  • By analyzing the images stored in the cache folder I was able to find some Google Maps images geolocated at the VTO Labs headquarter, where probably the fridge was used and then acquired.
  • Some logs files about the Glympse service are stored in the "\user\home\owner\appr_rw\com.glympse.tizen.frapp.service\data\glympse". They seem to contain information about sync with the Glympse service, but more research and testing is needed.

[edit] Samsung Connect

  • The "\user\home\owner\apps_rw\com.samsung.samsung-connect" folder contains Samsung Connect App data. This app "provides users a simple, unified way to control and monitor smart devices in one app".
  • The "\user\home\owner\apps_rw\com.samsung.samsung-connect\shared\data\sc.db" file contains references to other devices: in the provided dataset a "SAMSUNG SM-G930V" and a "Pixel 2" (table "device_table").

[edit] Energystar

  • The "\user\home\owner\apps_rw\org.tizen.energystar" folder contains energy information. The "\user\home\owner\apps_rw\org.tizen.energystar\shared\trusted\usage.db" seems containing information about power usage with hourly timestamps ("power_usage_table" table).

[edit] iHeart Hub Radio

  • The "\home\owner\apps_rw\4GKFs7KtEh\" folder contains the iHeartHub Radio app data. This app is based on Chromium and it also uses a Cache folder ("\user\home\owner\appr_rw\4GKFs7KtEh\data\chromium-elf\cache\") that can be parsed with ChromeCacheView or Hindsight.
  • The app seems to suggest radios based on the fridge location (Denver, Colorado).

[edit] Media folder

  • The "\home\owner\media\" folder contains user media files. The internal structure seems self explicative, even though the provided dataset only contains predefined documents and pictures.

[edit] Other stuff

Some other possibly interesting files are:

  • \home\owner\.applications\dbspace\.context-service.db
  • \home\owner\.applications\dbspace\privacy\.calendar-service.db
  • \home\owner\.config\chromium-efl\IconDatabase\WebpageIcons.db
  • \home\owner\media\Documents\.calendar_rotate.db
  • \home\owner\apps_rw\org.tizen.browser\data\.browser.settings.db
  • \home\owner\apps_rw\org.tizen.browser\data\.browser.bookmark.db
  • \home\owner\apps_rw\org.tizen.browser\data\.browser.certificate.db
  • \home\owner\apps_rw\org.tizen.menu-screen\data\dbspace\menu_screen.db
  • \home\owner\apps_rw\org.tizen.setting\data\setting.cfg
  • \home\owner\apps_rw\org.tizen.smarthome.service\data\subscriptionDB
  • \home\owner\apps_rw\org.tizen.smarthome.service\data\pref.db
  • \home\owner\share\.svoice_da_db.db

[edit] Links

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox

Warning: Cannot modify header information - headers already sent in /usr/local/www/mediawiki/includes/WebResponse.php on line 38

Warning: Cannot modify header information - headers already sent in /usr/local/www/mediawiki/includes/WebResponse.php on line 38

Warning: Cannot modify header information - headers already sent in /usr/local/www/mediawiki/includes/WebResponse.php on line 38

Warning: require(): Unable to allocate memory for pool. in /usr/local/www/mediawiki/includes/AutoLoader.php on line 1007