Difference between pages "AT Commands" and "List of Cyberspeak Podcast Interviews"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Reference Links)
 
(Added recent interviews)
 
Line 1: Line 1:
<ul><li>AT and AT+ commands can be used to manually collect simple information. This is an ideal choice for "full control" over the communications that are sent and returned from the phone. These can also be used when there is no tool available to communicate with the phone. These commands were tested using a Motorola v551 GSM phone using Bluetooth and USB data cables. It is important to note that not all of these commands are supported by all phones, but the AT+CLAC command (usually) displays all of the available commands the GSM phone can respond to.</li>
+
The [[Cyberspeak podcast]] usually features at least one interview per show. The guests on each show are listed below.
<li>With Motorola phones (and many others) there are '''NO''' AT commands that can be used to retrieve multimedia content. For these, OBEX commands must be issued to the phone to return directory contents, ringtones, pictures and video.</li><li>Samsung GSM phones, on the other hand, '''DO''' have AT commands that allow access to the multimedia content.</li></ul><br/>
+
  
To use these AT commands:
+
=== 2005 ===
<ol><li> Connect the phone and determine the number of the COM port that is associated with it.</li>
+
<li>Open HyperTerminal, Realterm or any other terminal program that will communicate with a specified COM port.</li>
+
<li>With the Motorola phone, type '''AT+MODE=2'''. This prepares the phone for an extended AT+ command set. (+Cxxx and +MPxx)</li></ol><br/>
+
After following these steps, you can continue with any of the commands below.
+
  
== '''Phonebook''' ==
+
* 18 Dec 2005: [[Nick Harbour]], author of [[Dcfldd|dcfldd]]
'''AT+CPBS=?'''<br/>
+
* 31 Dec 2005: [[Jesse Kornblum]], author of [[foremost]] and [[md5deep]]
Lists the phonebooks that the phone contains. (Choose phonebook storage)<br/>
+
Returns: +CPBS: ("ME","SM","MT","ON","DC","MC","RC","EN","AD","QD","SD","FD")<br/>
+
  
+CPBS="ME" sets the "retrieve mode" to the internal phonebook.<br/>
+
=== 2006 ===
+CPBS="SM" sets the "retrieve mode" to the SIM phonebook.
+
  
'''AT+CPBR=?'''<br/>
+
* 7 Jan 2006: [[Drew Fahey]], author of [[Helix]]
Describes the phonebook selected above. (Simple) This gives the max number of entries the phone can contain. It also gives the maximum phone number (or email address) length and name length.<br/>
+
* 18 Jan 2006: [[Simple Nomad]]
'''NOTE:''' You can substitute +MPBR for any +CPBR command, but the phone returns a much more specific (and less intelligible) response containing more fields that may act as internal “programming” flags of some sort.<br/>
+
* 21 Jan 2006: [[Johnny Long]]
Returns: +CPBR: (1-1000),40,24
+
* 28 Jan 2006: [[Kevin Mandia]]
  
'''AT+CPBR=[beginning index],[ending index]'''<br/>
 
Returns a list of numbers with the index between the two numbers entered. Also denotes what TYPE of phonebook entry was selected.<br/>
 
Returns: +CPBR: 9,"18005555555",129,"Contact Name" – 129 refers to a phone number.<br/>
 
Returns: +CPBR: 18,"user@domain.net",128,"Contact Name" – 128 refers to an email.
 
  
'''AT+CPBR=[index]'''<br/>
+
* 4 Feb 2006: [[Brian Carrier]]  
Returns the specified index.<br/>
+
* 11 Feb 2006: [[Jesse Kornblum]]
Returns: +CPBR: 18,"user@domain.net",128,"Contact Name"
+
* 18 Feb 2006: [[Bruce Potter]] of the Shmoo Group
 +
* 25 Feb 2006: [[Kris Kendall]] speaks about malware analysis
  
'''AT+MPBF="Name"'''<br/>
 
Searches the phonebook for the Name or string.
 
 
'''AT+MPBR=?'''<br/>
 
Similar to above, but a more verbose result is displayed.<br/>
 
Returns: +MPBR: 1-1000,40,24,8,0-1,50,(0,2,4,6,9-30,255),(0),(0-1),(1-30),(255),25,(0-1,255),264,(0),0,0,0,0,0,0,0
 
<ul><li>1-1000 denotes the number of entries that can be stored on the selected (+CPBS) phonebook.</li><li>40 represents the number of characters that the email or phone number can have.</li><li>24 indicates the number of characters the “friendly” name can have.</li><li>The 8 refers to the different “types” of phonebook entry (i.e. Mobile, Main, Email, Home, Fax, Work … etc).</li><li>The +CPBR command does not list anything after the 24 (as seen above), so there are times when the +MPBR may be useful.</li></ul>
 
  
'''AT+MPBR=[index]'''<br/>
+
* 4 Mar 2006: [[Dave Merkel]]
Returns: +MPBR: 18,"user@domain.net",128,"Contact Name",6,0,255,0,0,1,255,255,0,"",0,0,"","","","","","","",""
+
* 11 Mar 2006: [[James Wiebe]] of [[Wiebe Tech]]. Also [[Todd Bellows]] of [[LogiCube]] about [[CellDek]]
 +
* 18 Mar 2006: [[Kris Kendall]]
 +
* 25 Mar 2006: (No interview)
  
== '''SMS Messages''' ==
 
'''AT+CMGF=1'''<br/>
 
This tells the phone to display the entries as text rather than binary. +CMFG=0 would display the data in binary format.
 
  
'''AT+CPMS=?'''<br/>
+
* 1 Apr 2006: [[Harlan Carvey]], creator of the [[Forensic Server Project]]
This displays all of the locations in which the phone can save the SMS messages.<br/>
+
* 8 Apr 2006: (No interview)
Returns: +CPMS: ("MT","IM","OM","BM","DM"),("OM","DM"),("IM")
+
* 15 Apr 2006: (No interview), but first to mention the [[Main_Page|Forensics Wiki]]!
 +
* 22 Apr 2006: [[Jaime Florence]] about [[Mercury]], a text indexing product
  
'''AT+CMGL=?'''<br/>
 
Returns the options on which messages you wish to display.<br/>
 
Returns: +CMGL: ("REC UNREAD", "REC READ", "STO UNSENT", "STO SENT", "ALL")
 
  
'''AT+CMGL="ALL"'''<br/>
+
* 6 May 2006: [[Mark Rache]] and [[Dave Merkel]]
Selects and displays all of the SMS messages on the selected source.
+
* 13 May 2006: [[Steve Bunting]]
 +
* 21 May 2006: [[Mike Younger]]
 +
* 29 May 2006: [[Mike Younger]]
  
== '''Misc. Information''' ==
 
'''AT+CGSN'''<br/>
 
Returns the IMEI of the phone.<br/>
 
Returns: +CGSN: IMEI356252000861622 <br/>
 
Returns: +GSN: 299B5900 (Samsung)
 
  
'''AT+CGMR'''<br/>
+
* 3 Jun 2006: [[Jesse Kornblum]] about [[Windows Memory Analysis]]
Returns the manufacturer’s OS revision.<br/>
+
* 10 Jun 2006: (No interview)
Returns: +CGMR: "R47_G_08.17.0FR_01"
+
* 17 Jun 2006: [[Mike Younger]]
 +
* 24 Jun 2006: (No interview)
  
'''AT+GMI'''<br/>
 
Returns the manufacturer name (Samsung).<br/>
 
Returns: +GMI: SAMSUNG
 
  
'''AT+CGMM'''<br/>
+
* 1 Jul 2006: (No interview)
Returns the make, model and capabilities of the phones.<br/>
+
* 9 Jul 2006: [[Johnny Long]]
Returns: +CGMM: "GSM900","GSM1800","GSM1900","GSM850","MODEL=V551" <br/>
+
* 18 Jul 2006: [[Dark Tangent]]
Returns: +GMM: SCH-A670 (Samsung)
+
* 30 Jul 2006: [[Jesse Kornblum]] about [[Ssdeep|ssdeep]] and [[Context Triggered Piecewise Hashing|Fuzzy Hashing]]
  
'''AT+CNUM'''<br/>
 
Returns the subscriber name/number from the SIM.<br/>
 
Returns: +CNUM: Owner Name,15555555555,129
 
  
'''AT+CLAC'''<br/>
+
* 10 Aug 2006: [[Brian Contos]] discusses his book ''Insider Threat: Enemy at the Watercooler''
Lists AT commands that the phone supports.
+
* 13 Aug 2006: [[Richard Bejtlich]] discusses his book ''Real Digital Forensics''
 +
* 27 Aug 2006: [[David Farquhar]]
  
'''AT+MODE=22'''<br/>
 
Prepares the phone (Motorola) for OBEX commands.
 
  
'''AT+MODE=0'''<br/>
+
* 3 Sep 2006: [[Keith Jones]]
This returns the phone to simple AT command mode.
+
* 10 Sep 2006: (No Interview)
 +
* 17 Sep 2006: (No Interview)
 +
* 24 Sep 2006: (No Interview)
  
== '''Reference Links''' ==
 
  
[http://gatling.ikk.sztaki.hu/~kissg/gsm/index.html AT+C Command Set of GSM]
+
* 1 Oct 2006: [[Brian Kaplan]], author of [[LiveView]]
 +
* 8 Oct 2006: [[Tom Gallagher]] discusses his book ''Hunting Security Bugs''
 +
* 15 Oct 2006: (No Interview)
 +
* 29 Oct 2006: (No Interview)
  
[http://www.traud.de/gsm/atex.htm Alexander Traud's GSM pages ]
 
  
[http://www.anotherurl.com/library/at_test.htm AT Test Commands]
+
* 12 Nov 2006: [[Jesse Kornblum]] discusses his paper ''Exploiting the Rootkit Paradox with Windows Memory Analysis''
 +
* 19 Nov 2006: [[Kris Kendall]] discusses unpacking binaries when conducting malware analysis
 +
* 26 Nov 2006: (No Interview)
  
[http://www.csparks.com/MotoBackup/MotorolaAT.xhtml AT Commands to Access the Motorola]
 
  
[http://webapp.etsi.org/key/key.asp?GSMSpecPart1=27&GSMSpecPart2=007  ETSI-3GPP Standards]
+
* 3 Dec 2006: [[Brian Dykstra]]
 +
* 10 Dec 2006: [[Mike Younger]]
 +
* 17 Dec 2006: [[Mike Younger]] and [[Geoff Michelli]]
  
[http://wiki.forum.nokia.com/index.php/AT_Commands Nokia AT Commands]
+
=== 2007 ===
  
[http://www.parallax.com/Portals/0/Education/custapps/Nokia_AThelp.pdf Support Guide for the Nokia Phones and AT Commands]
+
* 7 Jan 2007: [[Jamie Butler]]
 +
* 17 Jan 2007: [[Chad McMillan]]
 +
* 28 Jan 2007: [[Jesse Kornblum]]
  
[http://www.daimi.au.dk/~jones/sms/packed/Nokia_30_AT_Command_Guide_2_0.pdf Nokia 30 GSM Connectivity Terminal AT Command Guide]
+
 
 +
* 11 Feb 2007: [[Scott Moulton]]
 +
* 18 Fen 2007: [[Phil Zimmerman]], creator of [[PGP]] discussing his new [[Zfone]]
 +
* 25 Feb 2007: [[Mark Menz]] and [[Jeff Moss]]
 +
 
 +
 
 +
* 4 Mar 2007: No show due to technical difficulties
 +
* 12 Mar 2007: [[Trevor Fairchild]] of [[Ontario Provincial Police Department]] discussing [[C4P]] and [[C4M]], both add-ons to [[EnCase]]
 +
* 18 Mar 2007: [[Tony Hogeveen]] of [[DeepSpar]] Date Recovery Systems
 +
* 25 Mar 2007: Shmoocon broadcast
 +
 
 +
 
 +
* 1 Apr 2007: [[Kevin Smith]] from LTU Technologies about [[Image Seeker]]
 +
* 15 Apr 2007: [[Jim Christy]] from the [[Defense Cyber Crime Center]]
 +
* 22 Apr 2007: [[Jesse Kornblum]] all about the [[Main_Page|Forensics Wiki]]!
 +
* 29 Apr 2007: [[Harlan Carvey]] discusses his new book
 +
 
 +
 
 +
* 13 May 2007: [[Russell Yawn]]
 +
* 20 May 2007: No interview
 +
 
 +
 
 +
* 2 June 2007: No interview
 +
* 10 June 2007: [[Paul Ohm]]
 +
* 17 June 2007: No interview
 +
* 24 June 2007: No interview
 +
 
 +
 
 +
* 1 July 2007: No interview
 +
* 22 July 2007: Didier Stevens
 +
* 29 July 2007: No interview
 +
 
 +
 
 +
* 23 Sep 2007: No interview
 +
* 30 Sep 2007: No interview
 +
 
 +
 
 +
* 15 Oct 2007: No interview
 +
 
 +
 
 +
* 12 Nov 2007: No interview
 +
 
 +
 
 +
* 21 Dec 2007: No interview
 +
 
 +
=== 2008 ===
 +
 
 +
* 14 Jan 2008: No interview
 +
 
 +
* 10 Feb 2008: Unknown
 +
* 17 Feb 2008: Unknown
 +
 
 +
* 8 Mar 2008: [[Simson L. Garfinkel|Dr. Simson Garfinkel]]

Revision as of 08:42, 19 March 2008

The Cyberspeak podcast usually features at least one interview per show. The guests on each show are listed below.

2005

2006









  • 3 Sep 2006: Keith Jones
  • 10 Sep 2006: (No Interview)
  • 17 Sep 2006: (No Interview)
  • 24 Sep 2006: (No Interview)


  • 1 Oct 2006: Brian Kaplan, author of LiveView
  • 8 Oct 2006: Tom Gallagher discusses his book Hunting Security Bugs
  • 15 Oct 2006: (No Interview)
  • 29 Oct 2006: (No Interview)


  • 12 Nov 2006: Jesse Kornblum discusses his paper Exploiting the Rootkit Paradox with Windows Memory Analysis
  • 19 Nov 2006: Kris Kendall discusses unpacking binaries when conducting malware analysis
  • 26 Nov 2006: (No Interview)


2007






  • 2 June 2007: No interview
  • 10 June 2007: Paul Ohm
  • 17 June 2007: No interview
  • 24 June 2007: No interview


  • 1 July 2007: No interview
  • 22 July 2007: Didier Stevens
  • 29 July 2007: No interview


  • 23 Sep 2007: No interview
  • 30 Sep 2007: No interview


  • 15 Oct 2007: No interview


  • 12 Nov 2007: No interview


  • 21 Dec 2007: No interview

2008

  • 14 Jan 2008: No interview
  • 10 Feb 2008: Unknown
  • 17 Feb 2008: Unknown