Answering the questions …

Answering the questions regarding reverse of COD files. COD file is a result of conversion of a normal java application. RIM provides a special tool which allows to do that – rapc.exe. The first thing you can notice about this tool is that it contains two parts – rapc.exe and rapc.jar. The first part seems to be a simple wraper around jar file which looks like a main code repository. But quick look on rapc.jar brings you a bad news – it is obfuscated by RetroGuard. Well, nobody expected that it would be easy. But an old trick with RetroGuard still works fine. The result of deobfuscation is still far away from a normal java source code but it gives us a nice starting point – unique identifiers for functions, variables and constants. The next magic word is Refactoring. It is probably the most boring and in the same time interesting part of the process. At this stage we are looking for any clue inside of the code – memory references, constants, application messages, and etc. Once a clue is found we slowly progress forward from this point trying to trace all usage of discovered constant or function, replacing non-sense identifiers to functional ones. Imagine yorself to be a kind of Sherlock Holmes investigating a difficult case. Lucky for us RIM left a lot of clues inside.

Generally that is it. If you want details about reverse-engineering of java application you can check this link.

2 Responses to Answering the questions …

  1. Fritz says:

    Great, thank you for your information!
    I hope we’ll see more BB info from here ;-)

  2. dELTA says:

    Anyone interested in Blackberry reversing is very welcome to come join our discussions on the subject at the RCE board:

    http://www.woodmann.com/forum/showthread.php?t=9685

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: