I'm running a case presently that I've found a bunch of mms pdu files that contain media such as images audio (RIFF qcp) and video.
Since there is such a number I was wondering if anyone has come across a decoder or quick method of obtaining the data.
Its a slow go because the footer information for the file is not entirely consistant with normal ones found on a phone. I've been getting the data but its been slow and I'm hoping someone has come across a good viewer / decoder etc that will let me see it natively so to speak or identify or parse out the media quicker.
Its a CDMA phone.
Cheers.
Warlock
Have alook at RevEnge to see if it does what you need - if it doesn't I'll be happy to look at modifying it!!!
Thanks sandy711.
I'll try it right now.
It wasn't that helpful in this particular senario.
I've been since able to individually carve out the Jpeg and Qcp files
I was having difficulty in encase quickly exporting the files out due to the numbers.. in addition quicktime didn't like some of the formatting since it did appear to have an non standard footer.
I was hoping to find a emulator / decoder that would parse out these tidbits for me… save me some time but I've since gone on and carved out the data independant and built the report.
However I'm not sure how familiar you are with CDMA phone operating systems. I have been workin on date interpreters and I see you've got a very nice one implemented in your program.
The gsm 7 one did not correctly interpret the timestamps I was looking at but with this phone (LG phone) I'm getting a mix of how the phone stores the time stamp.
As SMS for an example incoming will be stored differently than outgoing.
inbox messages for example interpret the values from straight hex. IE this will be displayed in the logical view of the phone "May 1 1217 PM"
but in the file itself it shows as 09 05 01 12 17 55 which is 09 = year 05 = month 01 = day 12 = hour 17 = minute 55 = second.
However outgoing will be stored encoded as a binary reference.
I found that (in this case) offset 12 would have a single byte "2C" for example and the AOL time stamp was correct but 5 days back of the actual date.. which I'm figuring is a miss interpretation of a bit shift.. but I've been able to find little by way of Binary Run Time date/time data.
It may not be correct but I found in uncanny that all the times were correct and dates 5 days off in all 200 SMS messages I looked at.
BTW that 512 byte blank for the demo really sucks.. makes it hard to evaluate the product..
If the dates are 5 days off then you are looking at GPS dates where the epoch is 6/1/1980 rather than the AOL time which has an epoch of 1/1/1980 .
The last few beta releases of RevEnge have support for this date
Interesting.
So how would I get this to display the times correctly?
The time encoding on phones has been a thorn for a while,
I haven't been able to find a reliable decoding method.
Incoming times are stored differently than outgoing, and SMS can be differently than both of them.
The beta version is only currently available to registered users - you simply select the byte at which the date starts and all selected date types are displayed alongside
