lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 16 May 2007 14:52:26 +0100
From: "Robert McArdle" <robertmcardle@...il.com>
To: "Davide Del Vecchio" <dante@...ghieri.org>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Retrieving "deleted" sms/mms from Nokia phone
	(Symbian S60)

I downloaded the latest Version of Nokia PC Suite from the Nokia site (6.8.3Rel
14.1). I then sent a message to myself and deleted it after it arrived.
Backing up my phone created a single .ndu file (not multiple dats). I
analyzed the strings in the file (file uses no compression/packing) and
although I can see all my other Messages/Contacts - the test message was not
present.

The test was carried out on a Nokia N73 running Symbian 9.X

Robert McArdle
-- 
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings

On 5/15/07, Davide Del Vecchio <dante@...ghieri.org> wrote:
>
> Hello list,
>
> During some research, I found an intersting "feature"
> on my Nokia mobile phone; I was able to retrieve any
> apparently deleted sms/mms.
> Letting aside some paranoid thoughts about WHY this
> sms are not deleted, I think that, while this represents
> an high risk for our privacy, this discover could give some
> hint into mobile phone forensics and anti-forensics field.
>
> First, I would like to tell you that I tested this on
> my Nokia N-gage and on a Nokia 6600 but I am quiete sure
> that this procedure works on every Nokia Symbian S60
> (maybe other vendors). So I strongly incite you to test
> it on your mobile phone and share the results.
>
>
> Tested products:
>
> Nokia N-gage, firmware version: V 4.03 26-11-2003 NEM-4
>
> Nokia 6600
>
> Maybe the whole S60 series.
>
>
> Procedure:
>
> Download the Nokia PC Suite for your mobile phone and make
> a backup on your local hd.
> I used PC Suite for Nokia N-Gage Version 1.0.0
> http://www.nokia.com/pcsuite
>
> It will create a huge number of ".dat" files in a specified
> directory.
>
> Download, install and start Cygwin. This is not required but
> suggested, you could use an hexadecimal editor and a bit of
> patience but using Cygwin is surely faster.
> http://www.cygwin.com
>
>
> Move into the backup directory.
>
>
> $ ls -al | less
>
> total 6016
> drwx------+ 2 Administrator Nessuno      0 Feb  6 01:35 .
> drwx------+ 7 Administrator Nessuno      0 Feb  5 23:00 ..
> -rwx------+ 1 Administrator Nessuno   2972 Nov 27  2003 1.dat
> -rwx------+ 1 Administrator Nessuno  22913 Nov 27  2003 10.dat
> -rwx------+ 1 Administrator Nessuno   1062 Feb 16  2005 100.dat
> -rwx------+ 1 Administrator Nessuno   3912 Aug  9  2005 1000.dat
> -rwx------+ 1 Administrator Nessuno   2750 Aug 25  2005 1001.dat
> -rwx------+ 1 Administrator Nessuno   8741 Dec 15  2005 1002.dat
> -rwx------+ 1 Administrator Nessuno   9926 Dec 20  2005 1003.dat
> -rwx------+ 1 Administrator Nessuno     63 Dec 30  2005 1004.dat
> -rwx------+ 1 Administrator Nessuno  23988 Jan 13  2006 1005.dat
> -rwx------+ 1 Administrator Nessuno     18 Jan 23  2006 1006.dat
> ...
> ...
> etc etc (files created by the nokia pc suite).
>
>
> Choose a file to examine.
>
> $ ls -al 3102.dat
> -rwx------+ 1 Administrator Nessuno 666569 Feb  5 23:59 3102.dat
>
> Use the command "strings" to find printable characters.
>
> $ strings 3102.dat | less
>
> Ciao! Auguro a te ed alla tua fa@...ica Farlonesi
> ...
> ...
> etc etc
>
>
>
> This is part of an sms I deleted and that I don't see on my phone.
> So, just grep every file in the directory to find the complete sms:
>
> $ grep -i "Auguro a te ed alla" *
>
> Binary file 1770.dat matches
> Binary file 3102.dat matches
>
> The sms has been found in 1770.dat file, let's see what's inside it:
>
> $ strings 1770.dat
>
> Ciao! Auguro a te ed alla tua famiglia un felice anno nuovo! E.
> 4+393915253350
> 4+393922378986
>
> Got it! The complete sms, with the phone number of the sender (phone
> numbers have been changed).
> In earlier versions of Nokia PC Suite it just creates a ".nbu" file and
> you can just edit it with an hexadecimal editor.
>
> I mailed the Nokia support and they told me they didn't know about this
> bug and would like to know more informations about impacted models but
> they don't have any intention to release some kind of patch.
> I contacted Symbian too, they told me that Symbian sources are
> distributed to mobile phone vendors and so they cannot release any
> final-user patch.
>
> This description is also avaiable here:
> http://www.alighieri.org/advisories/retrieving_deleted_sms.txt (ENG)
> http://www.alighieri.org/advisories/recuperare_sms_cancellati.txt (ITA)
>
> Regards,
>
> Davide Del Vecchio.
>
> --
> http://www.alighieri.org
>



-- 
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ