What are your thoughts about this. If I take the raw dump and modify the
header with data from a blackberry simulator fs.dmp file, the simulator will
actually boot the raw image inside of the simulator. From this point I can
see the messages uncompressed. Doing this for one device is fine, but if I
run into 100 devices that need forensics work, this process becomes a
problem.
Maybe there is a way I can extract this data using the SDK? If this is
outside of the realm of this discussion group, at least this information
might be important to someone else.
Regards
-j
On Mon, Feb 22, 2010 at 8:08 PM, Chris Frey <cdf...@foursquare.net> wrote:
> On Mon, Feb 22, 2010 at 02:37:18PM -0500, Jamaal Speights wrote:
> > I have a raw image of a blackberry I need to analyze, not the actual
> > device. Looking at it in a hex editor, it looks as if the blackberry os
> > uses so form of compression for SMS / Emails that are over a certain
> size.
> > How can I use Barry to extract the compressed data? Im sure if barry can
> > mount the blackberry databases using FUSE, it can also be used to view
> SMS
> > text from a raw image from a blackberry device. Thanks for the help.
>
> Hi Jamaal,
>
> You might have a slight misunderstanding of how the Barry FUSE module
> works.
> It just uses the normal database communication to extract the required
> databases and records on the fly.
>
> Without the BlackBerry firmware to serve the data, you're going to have
> to reverse engineer the compression first, and see if the data formats
> inside the device are the same as what is seen on the USB wire.
> I'm sure there is little guarantee of that, unfortunately. I've already
> seen two different data formats on the USB wire, Barry handles one of
> them, and I'm sure the in-device storage format is probably different.
>
> I don't mean to discourage you, just sharing what I know, and what I
> can guess.
>
> - Chris
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Barry-devel mailing list
> Barry-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/barry-devel
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Barry-devel mailing list
Barry-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/barry-devel
