Small tool to dump signatures from COD file

May 29, 2007

It is a small tool we use to dump signatures from COD file. The signatures table starts right after data segment end and each signature record has a very simple structure:

typedef struc {

ushort sign_type;

ushort sign_length ;

char signer_id [4] ;

byte signature [sign_length – 4] ;

} SIGNATUREENTRY

Download 2 java files Hex.java and Program.java , put them in the same folder, compile and run

Usage:

getsignatures <filename1.cod> [.. <filenameZ.cod>]

Output looks like:

File : net_rim_cldc.cod | version is: 78
Codesize = 53308
Datasize = 27972
| Type = 1 | Length = 132 | signerid = RRTT | sig_start = 81332 | sig_end = 81460
50 ad 66 4d 75 2f d1 54 43 01 9c bb fd b7 a1 ab
35 32 cb 7e 42 80 7a 7a d7 39 eb 9d 2e f4 08 cd
53 95 48 60 b9 f0 ac 27 7c bf cd 8e 3f 20 d9 fe
29 94 95 68 8e 41 ac 6a 82 66 c5 8b 44 c3 07 a9
59 8c da 04 89 6a 03 51 3c 8a 9e 5c 1e c1 32 05
a2 96 58 7a 73 c6 b9 59 74 4b a4 08 2d 4c ce 1e
2d dd 5d f1 5a a0 93 1b e6 5b 8c 87 9b 6c f1 9c
20 51 06 db fd 00 fc ca fc 01 28 b3 52 76 82 e8

Cheers


Blackberry internal folders layout

May 16, 2007

/applications/

/dev/

/system/

/system/samples/

/system/fonts/

/appdata/

/appdata/rim/

/home/

/home/user/

/home/user/pictures/

/home/user/ringtones/

/home/user/video/

/home/user/settings/

/tmp/

/samples/

/samples/pictures/

From Browser it could be called by using file://store/ prefix , but I cannot check it as my Browser service is disabled at the moment. Can somebody with working Browser check this link:

file://store/samples/pictures/Leaf.jpg ?


Work update …

May 7, 2007

As you are probably aware COD file must be signed in order to run on BB device. When we had managed to patch brickbreaker files (game has a cheat mode, so we wanted to enable it) it was not accepted by BB because of wrong signature.

So we had no choice but go for a signature tool and try to understand how we can bypass signature verification and it is what we are doing at the moment.