oxygen failed to ex...
 
Notifications
Clear all

oxygen failed to extract certain parts of filesystem...

5 Posts
2 Users
0 Likes
426 Views
(@rampage)
Posts: 354
Reputable Member
Topic starter
 

Hello everyone,
i know this is not the official support forum for oxygen, and maybe not even the proper section to post.
i was just wondering if anyone ever had the same issue i'm experiencing, and eventually found a workaround.

apparently the software failed to extract content of /private/ directory from nokia filesystem.
I know that part of filesystem is locked, but the agent installed on the device should be able to extract its content anyway.

weird thing is that the software exported some SMS messages from the handset, so i'd say it can read the content of /private/ since messages are stored there.

as i wanted to check files manually (index and other files related to call log) i was wondering why i can't read them (

 
Posted : 20/10/2012 8:52 pm
CopyRight
(@copyright)
Posts: 184
Estimable Member
 

What Version of Oxygen are you running?
What device are you operating on ?

What i know is.. Oxygen 4.0.1 Onwards had some problems with NOKIA 40 Series phones, as it doesn't extract all the messages on the handset.

If you're operating on an Android, you will have to root the device before your install the agent, if you have registered for the oxygen + rooting add on , then oxygen will do the rooting for you automatically before it installs the agent. If you havent registered for that add-on then you will have to root the device manually. then try to get a logical extraction.

Goodluck

 
Posted : 18/12/2012 2:37 pm
(@rampage)
Posts: 354
Reputable Member
Topic starter
 

it was a nokia device it was a N95-01.

Oxygen version was 2012 standard edition.

the agent installed successfully on the device and started properly, but even if it was able to read messages ( i don't think all of them tho) it wasn't able to perform a full filesystem extraction.

i worked it out using FBUS connectivity and third party software for extracting the content of /private/

 
Posted : 18/12/2012 10:05 pm
CopyRight
(@copyright)
Posts: 184
Estimable Member
 

For Series 60/Symbian/Belle devices we also read the deleted messages information from the phone's log. The conditions are the same (logs stores the data for 30 days, it is wiped on a SIM card change etc.), but it also stores first 80 symbols of the the SMS message (Series 40 doesn't store any text in the log).

Also if you manage to hack the phone's capabilities you will be able to find temporary files for deleted SMS messages and get the access to ms_del.dat file as well (in Symbian BB5 phones this file is stored in a protected area that is not available without AllFiles capabilities). You can read more about Symbian capabilities here

http//www.developer.nokia.com/Community/Wiki/Capabilities_(Symbian_Signed)/AllFiles_Capability
http//www.symlab.org/wiki/index.php/Capabilities_(Symbian_Signed)/AllFiles_Capability
http//symbianresources.com/tutorials/general/security/PlatformSecurity.pdf
http//www.symbian-freak.com/news/008/03/s60_3rd_ed_feature_pack_1_has_been_hacked.htm
http//www.allaboutsymbian.com/
http//www.my-symbian.com/

If you manage to escalate the phone's privileges and get an access to C\Private\ folder you will be able to find the deleted messages parts in C\Private\1000484b\Mail2 and in MS_del.dat file. You can analyze these files with built-in HEX viewer.

Hope This Helps..

 
Posted : 20/12/2012 2:41 pm
(@rampage)
Posts: 354
Reputable Member
Topic starter
 

Thanks for your kind reply, i spent some time researching but i honestly couldn't find a way to access /private/ using oxygen, i've also tried going via FBUS cable, sending the device in local mode, but i couldn't find any tool that was able to access the filesystem for extracting arbitrary files, even if i'm pretty sure it's possible to avoid OS privileges restriction by accessing the device in test/local.

heading back to the oxygen capabilities, i dunno if the issue i'm having when trying to extract the content of /private/ is due to a failure of the agent or what else, maybe the exploit it uses has been fixed in N95?

 
Posted : 24/12/2012 2:13 pm
Share: