>If you can get the raw data, you can just feed it to one of the
>record classes. I can help you through the code if you need it.
I would need help with the code. I can send you some raw data or you can
just open the simulator, send a text message that is over 10 words long,
exit the simulator, open the "[modelnumber]-fs.dmp" file in the simulator
directory using a hex editor and search for the phone number you used to
send the message too, you will see the compressed SMS message. If the SMS
message is only a few words, it remains uncompressed and in clear text in
the dmp file.
This image is different from a backup IDP file. In the IDP the SMS messages
are uncompressed. You can take a look at the simulator file mentioned above
to view the raw format i'm speaking up. This compression applies to email
also.
On Tue, Feb 23, 2010 at 12:37 AM, Chris Frey <cdf...@foursquare.net> wrote:
> On Mon, Feb 22, 2010 at 11:44:52PM -0500, Jamaal Speights wrote:
> > What are your thoughts about this. If I take the raw dump and modify the
> > header with data from a blackberry simulator fs.dmp file, the simulator
> will
> > actually boot the raw image inside of the simulator. From this point I
> can
> > see the messages uncompressed. Doing this for one device is fine, but if
> I
> > run into 100 devices that need forensics work, this process becomes a
> > problem.
> >
> > Maybe there is a way I can extract this data using the SDK? If this is
> > outside of the realm of this discussion group, at least this information
> > might be important to someone else.
>
> I would not call this outside the realm of this discussion group. :-)
> Please do discuss it here if you like.
>
> If you can get the raw data, you can just feed it to one of the
> record classes. I can help you through the code if you need it.
>
> The first step is extracting the data. I would make a backup of
> a working device using the barrybackup GUI, extract the resulting tar
> backup file, and compare the raw data of a given record there with
> the raw data you can see in the simulator. The raw data you see in the
> backup file is the same data that's on the USB wire. If the data is in the
> same format, or even exactly the same, then it would be worth
> coding something up to help automate the forensic work.
>
> - Chris
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Barry-devel mailing list
> Barry-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/barry-devel
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Barry-devel mailing list
Barry-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/barry-devel
