blackberry raw dump

Depending on the chip (non-BGA), there is no need to remove it from the device. Even those can be removed with a decent hot air gun.

Look for "BGA package remove" videos.

You can get a "hot air pencil" for under $100. For under $500, one can build a real nice desoldering & read station, which would include the tools and setup for removal of a surface mount, and a socket to then read it.

As Cellebrite exposed and demonstrated in one of the sessions at the Mobile Forensics Conference (last week at Myrtle Beach), Cellebrite UFED Physical will soon have BlackBerry physical decoding supported.

This will not include the extraction of the BlackBerry physical image, but will allow to get a very good decoding of BlackBerry chip-offs (or other methods) and will get tons of deleted data.

As stated in one of the previous posts, indeed this is one of the more complex decoding tasks that we did.

RonS

Will these tools get all the deleted data like you would with the chip off procedure? My understanding is that to get a pure read and get as much deleted data as possible chip off is the only way?

it costs around $100,000 for a weeks training and all the hardware you need.

😯

Assuming a going training rate of circa £450 per day (5 x 450 = 2,250), I would be fascinated to learn the list of hardware required that totals £59,000 (using today's exchange rate)…..? Please share.

We provide a complete BGA rework station, software for accurate temperature control and monitoring, chip maintenance equipment (hot plate, etc), as well as chip reader, and chip adapters (there are a lot of adapters for the varying chips). This is the equipment we use in house, and unfortunately it is expensive.
We also provide in house software to analyse the resulting data for a large number of devices.

We don't insist on customers buying our equipment to have the training, as we are aware you can find it cheaper. We will even provide details of our suppliers so you can buy it direct and save the handling fee we charge.

We have trained a customer on their own equipment before, and are happy to do so.

If you are confident you can remove vital chips with a hot air gun with a high success rate then the package we supply is not for you, but for a lot of customers spending more to make the process easier and minimise risk is worthwhile.

There is also no cheap universal chip reading solution. Our kit contains two types of reader and multiple adapters. There are universal readers that can "skim" the bottom of the chip to expose the chips pins, and then probe them, but these are currently not cheap.

gurpreetthathy,

I was referring to decoding of physical data from any source it came from (chip-off or other methods).

Yes, the decoding will get deleted data.

RonS

Thank you very much RonS

From what I've found there's two areas of the BB's memory to dump. there's the user content and executable content. I get varied results with forensic tools dumping the user content, and if the BB's encrypted then this stops me from getting any user data. For the executable content ( even on encrypted BB's) I use BBSAK (an windows app) to dump the COD files. I do this for malware invrstigations.

This thread seems to be based on Unencrytped BB's, but I thought I mention what I've found with encrypted ones. Oxygen & celebrite gets virtually nothing on encrypted BB's. I'd be interested if anyone has tools to work with encrypted BB's.

Tj

Here, this is a little easier on the wallet

http//www.teeltech.com/tt3/chipoff.asp?cid=14

Here, this is a little easier on the wallet

http//www.teeltech.com/tt3/chipoff.asp?cid=14

I agree that this training seems VERY interesting.

I would really like to know what did the students who had the training already think about it. I'm not sure they cover Blackberry devices.

Would really like a review of that training…

Items that are addressed in the training do include BGA chipoff reads from older models of the Blackberry. Teel Tech does offer options to read from chips of newer models but in an effort to keep the costs down, this is not done in class, be aware, this is an expensive endevour to get into.

Example BB 8330 This device carries the Spansion 98WS768PE0FW020 that is a semi-custom made device consists of a S29WS256P or S29WS512P Flash memory and a CellularRAM memory. The S29WS256P or S29WS512P is a non-volatile memory; while the CellularRAM is a volatile memory device, meaning when power is turned off, its contents will be lost. To read this chip it requires a custom adpater that I received a quote of 3000.00 USD and the programmer is worth 1500.00 USB, plus shipping and taxes )-

The course addresses older phones like the flip style models, to iPhones (you do a iPhone 2G chipoff and dump/decode in class), to Android and Blackberry chips. TSOP chips are also processed in class as they are found on older model phones and items like thumb drives, SSD Drives, GPS units, etc.