.rem Blackberry fil...
 
Notifications
Clear all

.rem Blackberry files

10 Posts
6 Users
0 Likes
2,213 Views
triran
(@triran)
Posts: 99
Trusted Member
Topic starter
 

Has anyone has any luck decoding / decrypting these files?

We are trying to look at a selection files left by an uninstalled Blackberry application.

 
Posted : 28/11/2012 12:13 pm
(@astro)
Posts: 33
Eminent Member
 

Self-ping.

Since BlackBerry uses the AES, and the device password is instrumental in encrypting the data, I would think decrypting/decoding the data would have to be done by brute force method, and the degree of difficulty would be directly proportional to the length of the password used to encrypt the data.

 
Posted : 13/05/2013 7:52 am
Bulldawg
(@bulldawg)
Posts: 190
Estimable Member
 

The encryption key method is selectable by the user. Password only (probably a short, easy to break password), device key (a randomly selected key unique to the device), or a combination of the two. The password only method should be breakable as the password has to be typed on a mobile keyboard and is likely to be simple. If the device key is involved, you're probably out of luck.

Here's a somewhat out of date document from BlackBerry's knowledge base http//btsc.webapps.blackberry.com/btsc/viewdocument.do?noCount=true&externalId=KB16088&sliceId=1&cmd=&forward=nonthreadedKC&command=show&kcId=KB16088&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

I have had no luck decrypting them, but I haven't really tried that hard.

 
Posted : 15/05/2013 7:05 pm
(@astro)
Posts: 33
Eminent Member
 

Yes, Elcomsoft makes a program that can brute force the micro sd card and obtain the Blackberry password if the card was encrypted using the Device Password mode. It doesn't work if a Device Key is in use.

I use "Device Password & Device Key," but the "Device Password" mode is still useful. I temporarily switch the mode to "Device Password" if I want to move the card to a different BlackBerry or if I want to perform a security wipe on my BlackBerry. It's the only way encrypted files will remain meaningfully accessible if the BlackBerry undergoes a security wipe. I even recommend the "Device Password" only mode to beginner users who don't have good backup habits and want some level of security and for whom the likelihood of someone trying to crack his BlackBerry with a media card software attack is minimal and unlikely.

 
Posted : 29/05/2013 8:41 am
nsbuck
(@nsbuck)
Posts: 91
Trusted Member
 

Hi all,

If the encryption was made on the device, you can decrypt the files on-the-fly using BlackBerry Desktop Manager (with write blocking on) and as the files are being transferred from the phone to the PC, they are decrypted.

The .REM bit should be removed, although you might have to manually rename files.

Neil

 
Posted : 29/05/2013 1:56 pm
(@astro)
Posts: 33
Eminent Member
 

Hi all,

If the encryption was made on the device, you can decrypt the files on-the-fly using BlackBerry Desktop Manager (with write blocking on) and as the files are being transferred from the phone to the PC, they are decrypted.

The .REM bit should be removed, although you might have to manually rename files.

Neil

What is write blocking?

Also, the BlackBerry that was used to encrypt the files has to be unlocked and the password has to be known for this to work. When I connect my BlackBerry to Desktop Software using the USB cable, Desktop Software prompts me for the BlackBerry's password in order to connect even if my BlackBerry is unlocked. (It even has the maximum of ten tries feature.) If the BlackBerry is locked, Desktop Software tells me to unlock it before it will proceed.

Once you've hooked up the BlackBerry to Desktop Software, .rem files that you drag and drop from the media card to your pc using Desktop Software will be decrypted. You won't be able to decrypt a .rem file without Desktop Software; if you use the USB ("mass storage mode") method and drag the files to the pc without Desktop Software, they'll still have the .rem extension.

Elcomsoft's software brute forces one file from the BlackBerry's media card if the card was encrypted using the "Device Password" mode. If successful, it provides the user the password that was used to encrypt the card. If that password is still in use on that BlackBerry, the user can unlock it. I would think that if it can crack the password using the card, someone could find a way to decrypt all the .rem files on the card even if the device password has been changed or there isn't a device, only the card.

As for the OP, I don't think Desktop Software would help in his situation. It sounds like the .rem files he's looking to decrypt are not ordinary user accessible files that Desktop Software could reach, rather they're some kind of system files left over from an uninstalled application. I hope he follows up and posts how he made out with that.

 
Posted : 30/05/2013 12:03 am
nsbuck
(@nsbuck)
Posts: 91
Trusted Member
 

Astro,

Yes you will not be able to remove the .REM without the Desktop Manager but you will also need to remove the encryption settings beforehand (I forgot to mention that in my previous post).

If the handset is locked, the passcode maybe (long shot) stored on the memory card, however we never needed to travel this route and we have so far been given the passcode for phones with encryption enabled.

We use write blocking software which ensures data cannot be written to USB device (however the device needs to be plugged in to a USB port after you have enabled this feature).

 
Posted : 30/05/2013 8:45 pm
(@ursdestiny)
Posts: 47
Eminent Member
 

Hello,
I have a blackberry whose access with desktop manager is blocked through IT policy. I have made a switch device backup and I know the password. How can I get the emails?

Thanks

 
Posted : 14/12/2013 1:01 pm
(@gabby30)
Posts: 2
New Member
 

@bulldawg Hello, I know my password or I have a very good idea of what password I used in my blackberry.

I don't have the SD card and blackberry anymore, I have the .rem files only. But I don't know how to try to decode the files like what program to use or something like that.

 

Help me if you still active here.

 
Posted : 02/06/2022 11:09 am
(@gabby30)
Posts: 2
New Member
 

@astro what about single file .rem?

 
Posted : 02/06/2022 11:29 am
Share: