LockUp
Cellebrite UFED self-defense app
AppID: | io.nekohasekai.lockup |
Author: | nekohasekai |
License: | CC0-1.0 |
InRepoSince: | 2021-05-14 |
LastRepoUpdate: | 2021-05-14 |
LastAppUpdate: | 2021-05-12 |
LastVersion: | 1.0 |
Categories: | Security |
Google Play: | Check if it's there |

LockUp is an Android application that will monitor the device for signs for attempts to image it using known forensic tools like the Cellebrite UFED. Here is a blog I wrote.
- Proof-of-Concept. Not meant as an in-depth defense
- Android API 28, Does not require root
- Relies on RECEIVE_BOOT_COMPLETED to start a Service and AccessibilityService
- Monitors USB events through ACTION_USB_DEVICE, package installations, and known exploit staging locations on the filesystem
- Detects Logical Extractions, File System Extractions, and Physical Extractions leveraging ADB
- Will automatically respond with a factory reset with DeviceAdminReceiver
- Beginning steps to researching more robust anti-forensic techniques
Signature Detection:
- Exploit staging directories and known filenames
- Known file hashes
- Application names and certificate metadata