I am doing my research in android phone forensics. i want to access android phone internal memory using open() and read() linux call. I implemented these calls in c using NDK. This is my native C code:
jint fd;
jlong ReadMemory(jbyte* buf, jint bufflength){
jlong size=0;
system("su");
fd=open("/dev/block/mmcblk0",O_RDONLY);
size=read(fd,buf,bufflength);
return size;//fd;
}
So when i tried to open the memory, fd got -1 value. Please help me to overcome this situation.
This is a filesystem special block device. You can read it from inside the system (on the device, in a shell). You can use the Linux command:
to copy entire filesystem, compress it with gzip and put in mounted /emmc folder to a file with name "copy".
You can choose the folder and filename for the compressed image. And be aware that on 700MHz devices it can take very long (few hours) to read and compress entire filesystem.