Hi,
Someone asked me recently whether I knew how to extract the ESN / MEID
from a Blackberry.
Well, after some USB snoops and digging around, it looks like the data
is in the "Handheld Agent" database, specifically in record ID 3000000.
It looks like the Windows software actively searches for this record ID,
grabbing the Record State Table for "Handheld Agent" and searching for
records 3000000, 4000000, and 5000000. I notice there is a 7000000 as
well, but it wasn't retrieved.
Anyway, the quick hack for finding the ESN / MEID number is to dump
the Handheld Agent database and search for the right number:
btool -d "Handheld Agent"
Here's a dump from an older ESN device (ID at the end):
Raw record dump for record: 3000000
00000000: 06 00 98 00 40 03 44 01 03 00 00 00 00 03 01 01 [email protected].........
00000010: 00 64 03 04 00 01 f3 a4 31 3c 04 00 02 04 04 00 .d......1<......
00000020: 04 05 00 03 37 37 35 30 00 04 00 04 6d 00 00 00 ....7750....m...
00000030: 04 00 05 00 00 e0 00 04 00 06 03 00 00 00 14 00 ................
00000040: 07 43 44 4d 41 20 38 30 30 2c 20 43 44 4d 41 20 .CDMA 800, CDMA
00000050: 31 39 30 30 00 04 00 09 01 00 00 00 04 00 0b 5c 1900...........\
00000060: 11 00 00 04 00 0c 5c 11 00 00 04 00 0d f0 00 00 ......\.........
00000070: 00 04 00 0e f0 00 00 00 05 00 0f 43 44 4d 41 00 ...........CDMA.
00000080: 09 00 10 33 30 30 39 65 66 65 33 00 09 00 11 34 ...3009efe3....4
00000090: 63 30 37 30 30 36 38 00 c070068.
And from a newer MEID device:
Raw record dump for record: 3000000
00000000: 06 00 d0 00 40 01 44 01 7e 00 00 00 00 03 01 01 [email protected].~.......
00000010: 00 64 03 04 00 01 41 d5 7f 4c 04 00 02 04 14 00 .d....A..L......
00000020: 0c 05 00 03 39 35 35 30 00 04 00 04 69 00 00 00 ....9550....i...
00000030: 04 00 05 00 00 c8 0f 04 00 06 00 00 00 00 3a 00 ..............:.
00000040: 07 47 53 4d 20 38 35 30 2c 20 47 53 4d 20 39 30 .GSM 850, GSM 90
00000050: 30 2c 20 47 53 4d 20 31 38 30 30 2c 20 47 53 4d 0, GSM 1800, GSM
00000060: 20 31 39 30 30 2c 20 43 44 4d 41 20 38 30 30 2c 1900, CDMA 800,
00000070: 20 43 44 4d 41 20 31 39 30 30 00 09 00 08 35 2e CDMA 1900....5.
00000080: 36 2e 30 2e 33 33 00 04 00 09 01 00 00 00 04 00 6.0.33..........
00000090: 0b 4e 1c 00 00 04 00 0c 4e 1c 00 00 04 00 0d e0 .N......N.......
000000a0: 01 00 00 04 00 0e 68 01 00 00 05 00 0f 43 44 4d ......h......CDM
000000b0: 41 00 09 00 10 33 31 32 62 35 36 37 66 00 0f 00 A....312b567f...
000000c0: 11 61 30 30 30 30 30 31 63 36 62 61 38 36 65 00 .a000001c6ba86e.
The phone number for the device seems to appear in record 4000000 for the
ESN devices. I don't have a SIM card in the MEID one, so that might be why
it's not showing a phone number.
- Chris
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Barry-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/barry-devel
