Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data from Android (some Apple iOS & Windows) databases for decoding communications. Extraction and decoders produce reports in HTML and Excel formats.
- Automated data extraction and decoding
- Data extraction of non-rooted without devices by Android Backup (Android versions 4.x, varied/limited support)
- Data extraction with root permissions: root ADB daemon, CWM recovery mode, or SU binary (Superuser/SuperSU)
- Data parsing and decoding for Folder structure, Tarball files (from nanddroid backups), and Android Backup (backup.ab files)
- Selection of individual database decoders for Android apps
- Decryption of encrypted WhatsApp archived databases (.crypt to .crypt12, must have the right key file)
- Lockscreen cracking for Pattern, PIN, Password (not gatekeeper)
- Unpacking the Android backup files
- Screen capture of a device's display screen
- 3.6+
adb
python3-tk
[Ubuntu/Debian] Install from Terminal:
$ sudo apt-get install android-tools-adb python3-tk
[Mac] Install from brew cask:
$ brew cask install android-platform-tools
[Windows] : Included.
$ pip install andriller -U
$ pip install -e .
$ python -m andriller
MIT License
Contributions are welcome, please make your pull requests to the dev
branch of the repository.
Bugs and issues can be submitted in the (Issues) section.
You may make donations to the projects, or you can also just buy me a beer: