hello,
i dont know, if msab understand to decode the samsung om/swift - cellebrite can do it, but they decode only one type (just a moment: buhhh@cellebrite - dont ignore us <img src="images/smiles/icon_exclaim.gif" alt="Exclamation" title="Exclamation" /> ).
cellebrite extract imho the right filesystem, thats the good message, but the lowcost-samsung (4-8mb-dump) have more as this one type. i dont know, but i think i know 4 or 5 types for know, thats the bad msg. <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" /> the only problem is a other offset inside the entries. look in the filesystem and u will find all, but its binary. for the calllist u must look in the heecall* (hope its correct, i write from home). the nice thing is, that u inside the files the activ entrys will find. for the passive entrys look in the rawdump. search in hex for (ascii) 4321 and u will find more. as example u can search the imei with the following string: "3433323135". the 3 or 4 bytes in front of the 4321 will help u to find the rest. decoding is relativ simple, its only hex, unicode and ascii. only problem was thetimestamp, but this link will help and for sms the really nice 7bit <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" />
to understund the timestamp u need only 2 bytes in bits. the month and the year was clear in hex, also the example, from the link "29 48 91 7D", i mean here " 91 7D" = january 2007. in "29 48" u will find day, hour and minutes. THERES NO PLACE FOR SECOND (dont know, if cellebrite have change it in the right format)!
hope my english is ok, i prefer german <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" />
greetz from berlin
↧