0

i have a binary file of mobile, in this binary file msgs and contacts of phone-book are stored i have extracted msgs from it but now have to extract contacts saved in phone book.in this binary file the data is stored in sqlite format as i found this string 53514C69746520666F726D617420330000 in my binary file. now how to extract list of contacts saved in phone book.

sms247
  • 4,404
  • 5
  • 35
  • 45

1 Answers1

1

You need to first work out the format of the file from which you are extracting information, then write code to extract it. A good starting point would be The SQLite Database File Format.

The first part of that string you give (53514C69746520666F726D6174203300) is ASCII hex for SQLite format 3<nul>, which matches the header shown in that link above, so that may go some way toward helping you figure out how best to process it.

Although, given the fact it appears to be just a normal SQLite database file, you may get lucky and be able to use it as-is with a normal SQLite instance. That would be the first thing I'd try since you can then use regular SQL queries to output the data in a more usable form.

For example, if the file is called pax.db, simply run:

sqlite pax.db

to open it, then you may find you can use all the regular investigative commands like .databases, .schema, .tables and so on.

paxdiablo
  • 854,327
  • 234
  • 1,573
  • 1,953
  • how can i find end of file? – sms247 Mar 26 '15 at 05:36
  • @sms247, it's usually at the end of the file :-) Sorry, couldn't resist. But you should make your question more explicit, I'm not entirely certain what you're asking. – paxdiablo Mar 26 '15 at 05:38
  • actually i have a huge binary file, from this file i have to extract sqlite db, i know string above mentioned shows the start of sqlite db but how can i find end of db file. i know after the mentioned string next two bytes shows page size but how from page size i can guess the exact index on which db ends. – sms247 Mar 26 '15 at 08:59
  • @sms247, why don't you try my preferred suggestion, simply trying to open the file with a PC-based SQLite instance. If it's a normal DB file, it should open just fine and you won't have to _worry_ about decoding it (or finding the end). – paxdiablo Mar 26 '15 at 09:04
  • tried in sqlite browser but it said incorrect file format – sms247 Mar 26 '15 at 09:07
  • You might try a hex editor to trim everything from the beginning of the file before that binary string. That being said, binary files are sometimes also compressed, which means it looks for information that is repeated multiple times and then puts a placeholder there to insert it later. If it is compressed, removing the info before the header still may not work. – Alan Oct 05 '18 at 22:30