How are some SMS en...
 
Notifications
Clear all

How are some SMS encoded within blackberry memory?

5 Posts
3 Users
0 Likes
547 Views
(@topsirloin)
Posts: 45
Eminent Member
Topic starter
 

I'm attempting to locate some SMS text from a Physical extraction of a blackberry bold 9780 using the latest version of Cellebrite PA. I'm trying to figure out how some of the extracted text messages are encoded though, so I can do a keyword search. Here is an example of a text that has already been parsed out.

Parsed text is
Let me know when we can have a phone conversation.

In Hex, this phrase is stored as

03 29 00 17 32 A4 8C 4F 28 DB 69 84 E7 23 C6 41 0F B7 8E 31 EA 76 FB 6E 4C 2B 0E B8 70 75 CE 25 DC 1D 0C 00 00 00 03 29

Other text messages are stored in plain ASCII but I can't figure out what the pattern is, as it appears that both sent and inbox messages are encoded either way. Usually I can sweep the parsed text messages, and look up in the values tab to see how the message is encoded. Most times it's some form of 7Bit PDU encoding.

Is there something else I should be looking for to properly decode this?

Any insight is appreciated!

 
Posted : 05/12/2012 11:28 pm
(@timbo4664)
Posts: 12
Active Member
 

It is my understanding that BB sometimes uses some sort of compression when it transmits data back and forth. I was told that they do this to minimize the size of data being transmitted. With that said, I do not know why this sometimes happens and other times it doesn't. I also do not know what kind of algorithm is being used. If I had to make an educated hypothesis, I would surmise that it is likely proprietary, knowing RIM.

I have learned this through my contacts and friends from the Northland (Canada), who see BBs much more than we do.

This may be what you are seeing. Just a thought.

Tim Moniot
Detective, Las Vegas Metro Police Department
Instructor - TeelTech

 
Posted : 05/12/2012 11:56 pm
 RonS
(@rons)
Posts: 358
Reputable Member
 

it is indeed the case and also in some cases they are also encrypted

 
Posted : 06/12/2012 5:08 pm
(@topsirloin)
Posts: 45
Eminent Member
Topic starter
 

Interesting.. thanks for the replies everyone.

So RonS, I'm not sure if you can speak to this, but is there a publicly released method for identifying some of these texts? I've been asked to see if I can find fragments of deleted texts, but I'm not getting any hits, even on keywords that are in allocated SMS already parsed. So I can't do a proper search not knowing how the texts are encoded. Are you able to speak to how Cellebrite PA identifies SMS and decodes it, so that I can attempt to do it myself within Cellebrite PA? I'd understand if you can't release that info.

Thanks.

 
Posted : 06/12/2012 10:01 pm
 RonS
(@rons)
Posts: 358
Reputable Member
 

You are correct. I can't.

 
Posted : 07/12/2012 1:22 pm
Share: