Small tool to dump signatures from COD file

It is a small tool we use to dump signatures from COD file. The signatures table starts right after data segment end and each signature record has a very simple structure:

typedef struc {

ushort sign_type;

ushort sign_length ;

char signer_id [4] ;

byte signature [sign_length – 4] ;

} SIGNATUREENTRY

Download 2 java files Hex.java and Program.java , put them in the same folder, compile and run

Usage:

getsignatures <filename1.cod> [.. <filenameZ.cod>]

Output looks like:

File : net_rim_cldc.cod | version is: 78
Codesize = 53308
Datasize = 27972
| Type = 1 | Length = 132 | signerid = RRTT | sig_start = 81332 | sig_end = 81460
50 ad 66 4d 75 2f d1 54 43 01 9c bb fd b7 a1 ab
35 32 cb 7e 42 80 7a 7a d7 39 eb 9d 2e f4 08 cd
53 95 48 60 b9 f0 ac 27 7c bf cd 8e 3f 20 d9 fe
29 94 95 68 8e 41 ac 6a 82 66 c5 8b 44 c3 07 a9
59 8c da 04 89 6a 03 51 3c 8a 9e 5c 1e c1 32 05
a2 96 58 7a 73 c6 b9 59 74 4b a4 08 2d 4c ce 1e
2d dd 5d f1 5a a0 93 1b e6 5b 8c 87 9b 6c f1 9c
20 51 06 db fd 00 fc ca fc 01 28 b3 52 76 82 e8

Cheers

18 Responses to Small tool to dump signatures from COD file

  1. Randy says:

    Would you be interested in helping me unlock the internal GPS receiver for the Verizon 8830? I am particularly interested in the following package / class:

    net_rim_bb_lbs.cod
    -GPSDeviceSelectionDialog.java

    Can you run your app on that cod and provide me with some of the output? It would certainly be much appreciated.

    Many Thanks,
    Randy

    PS – Great work!

  2. Randy says:

    I forgot to tell you the software version:

    4.2.2.123 from Telus or Bell Mobility (North America), available via the Device Software download page.

    http://na.blackberry.com/eng/support/downloads/download_sites.jsp

    -Randy

  3. Dr. {B0lsen} says:

    I’ll check , but it will be much easier for me if you can send me cod file to reverseforsage (at) gmail.com.

    P.S. How do you know that code you are looking for is located in this particular java file. Through API ? Just curious.

  4. Dr. {B0lsen} says:

    I have checked this class calls two methods :

    1 : invokestatic_lib net.rim.device.api.lbs.gps.GPSProvider.getInstance ()
    2 : invokevirtual net.rim.device.api.lbs.gps.GPSProvider.getDeviceInUse( net.rim.device.api.lbs.gps.GPSProvider )

    I am not quite sure that I understand what it means, but in net.rim.device.api.lbs.gps.GPSProvider.init method there is a check for vendor_id 105 (Verizon US) and hardware_id 67112452 (0x4000E04)

    The file is here http://rapidshare.com/files/42325843/GPSProvider.rar.html

    Cheers

  5. Randy says:

    I must say, the output is very impressive. Although, tracing variables like field_6006 can become a nuisance. I think a minor mod in the code generator would make the code a lot more readable. One approach could be to use the class name with a number appended to it. This is commonly practice in IDE’s that generate code and some decompilers use a similar approach. I sure you know exactly what I’m talking about.

    – i.e. –
    private static net.rim.device.api.lbs.gps.GPSProvider field_5994 ;
    becomes:
    private static net.rim.device.api.lbs.gps.GPSProvider GPSProvider1 ;

    I don’t think this would be too difficult to implement, the hardest part would be keeping count of all references to the same type within the same scope =P.

    Excellent work mate!

    Cheers,
    Randy

  6. Charlie says:

    OK, so if the software is checking for vendor_id 105, but we aren’t able to build a signed replacement bit of software … are we able to change the vendor_id of the phone?

  7. Dr. {B0lsen} says:

    I think we did find a way how to fix this. More news on coming week.

  8. kuhasu says:

    Am waiting for it…..:)

  9. ibmman69 says:

    So, you think the vendor ID check is in the cldc cod?

  10. Grant L says:

    Curious to see if this progressed any further. I have a thread going on at howardforums.com about removing the VZW 8130 GPS lock down to VZ Navigator; any one care to join in?

    http://www.howardforums.com/showthread.php?t=1274246&page=1&pp=15

    -Grant

  11. Nick says:

    Any luck guys since last year?

  12. Dr. {B0lsen} says:

    Nick,

    A small bit of luck :) – USB MemoryLoader, shhhhhhh! sooon ;0)

  13. Tom says:

    @ Dr. {B0lsen}

    I’ve been looking all around for this. I and about 10,000 other people wish you good luck.

  14. Ben says:

    10,001… count me in

  15. Dirnov says:

    Greatings,
    Thank you in advance and thanks for the fine share

    Thanks
    Dirnov

  16. […] gì được cho 2 bạn không. Các bạn tìm hiểu thêm, có gì mình cùng thảo luận. Small tool to dump signatures from COD file Bypass signature requirement for COD files History of COD format Thân. __________________ […]

  17. Vernon Small says:

    Wow! Thanks! I always desired to produce in my web-site something similar to that. Will i quote part of your post to my weblog?

  18. Cesar Vega says:

    Your article just saved my life man! Not literally but you did me a big favor!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: