[amerix]

Citiraj:

Pulling Data from an .LBF file (LG Phone Backup)

Things you'll need (all freeware):
HxD - Hex Editor
7Zip
Mozilla Firefox
SQLite Manager Add-On
VideoLAN Media Player

This procedure gets very technical, but bear with me and you'll find what you're looking for.

I've posted a video on YouTube going over the process if you prefer watching rather than reading: watch?v=HGwX7lFtd4s

Contacts
Right click the .LBF file and open it with 7Zip, you can navigate through the folders to find the database file. Extract the .DB file somewhere (it's usually called "contact2.db"). Now open Mozilla Firefox, and open your SQLite Manager. In the options at the top, click "Connect Database" and navigate to your newly extracted .DB file. It won't see it natively, make sure you set the filter to "All files" in the open file dialogue menu to see it, then click OK. Here you can go through all of the different tables containing account information, contacts, call history, phone numbers, etc.

Text Messages
Much trickier than pulling contacts. There are two kinds of text messages we are looking for: SMS & MMS. These files will be compressed in a ZIP file, so we need to isolate the ZIP file in HxD before we can continue. Open the .LBF in HxD, hit CTRL+F to search, and type ".vmsg" into the box as a text-string searching forward, then hit enter. It should jump you to a file usually called "sms.vmsg". This is where the SMS text messages begin in the ZIP file. Now to identify the beginning of the ZIP file, look a few characters back for a string called "PK. ."; this is the universal identifier for ZIP files, it stands for Phil Katz, the creater of the ZIP file header. There will be other PKs on the screen, so just focus on the first one you come to going backwards from the "sms.vmsg". Highlight the PK, and note the offset in the lower left corner of the HxD window, record that number for later. Now, searching forward once again, look for the next instance of "sms.vmsg", this is the end of the SMS area of the ZIP file, and it leads to the beginning of where the MMS messages are stored. MMS files are stored in the "PDU" file container when they are sent, so you will be searching the document for .PDU files until you come to the last one (when you hit search again, and a window pops up saying HxD has finished searching the document with negative results). That tells you you have reached the end of the MMS message area, and now you need to find where the ZIP file ends. Search forward for PK [HEX: 50 4B], until you see the PK that's right before the next database declaration, usually called "tasks.db". The PK before "tasks.db" is the beginning of the ZIP containing that database (and we're not interested in that right now), so look for the very next occurrence of PK going backward from that one to find the ending declaration of the ZIP file containing the text messages. The pattern for ending a ZIP file is difficult. You will be looking for:

PK {followed by 17 bytes} {followed by 00 00 00}
Keep in mind: 1 byte = 2 hex characters (00 = 1 byte worth of data)

SO! At the ending PK we are at, count forward 17 groups of hex characters, then three groups of 00s. Highlight the six zeros and that is your end of ZIP file. Now Hit CTRL+E to select a block of data. Remember that offset I told you to record? Enter that as the beginning address, the end address should already be at the 00 00 00 you highlighted, then hit Enter. Now CTRL+C, CTRL+N, CTRL+V, CTRL+S to make a new file containing those highlighted bytes, and to save it. Make sure you save it with the ".ZIP" file extension. Now extract that zip file using whatever program you like, and you will find a "sms.vmsg" file and a bunch of .PDUs. I'm not going to get into .PDUs in this post. You can open "sms.vmsg" in a text editor to view the contents. If you want a prettier version of it, you can try converting it online, or what I did, was download an android emulator, imported the .VMSG file into that, and used a random app to export the text messages to .PDF format.

Photos
JPEGs are way easier to carve out than text messages. The problem is that there are usually TONS OF THEM. I will show you how to do this manually, but if you would like to automate the process, you may have to consider writing a bit of code. JPEGs always start and end the exact same way. They start: FF D8 FF E0 xx xx 4A 46 49 46 00 in Hexadecimal, or in ANSI text: ˙Ř˙ŕ..JFIF

If you find that string, you've found the beginning of a JPEG file. Highlight it and write down the offset. JPEGs for the most part all end consistently, too. They end: FF D9 in Hexadecimal, or in ANSI text: ˙Ů

Select the FF D9, hit CTRL+E to select a block, enter the beginning offset (where FF D8 FF E0 was) and hit OK. Then the CTRL+C, CTRL+N, CTRL+V, CTRL+S combo, and save it with the .JPEG file extension.

ovo?