1. Tornado99's Avatar
    With all the leaks being posted out to non official sites, could a hacked OS be deployed in an autoloader, sideloadable etc?
    Where is the confidence in deploying an OS from a non official source?

    This Passport takes me places!
    02-07-15 01:19 PM
  2. Legal Eagle's Avatar
    With all the leaks being posted out to non official sites, could a hacked OS be deployed in an autoloader, sideloadable etc?
    Where is the confidence in deploying an OS from a non official source?

    This Passport takes me places!
    No risk, all the signed files are produced by BlackBerry and obtained from their servers.
    02-07-15 01:21 PM
  3. baarn's Avatar
    No risk, all the signed files are produced by BlackBerry and obtained from their servers.
    And what about the autoloader that you run on your PC? Is it also signed from a reputable source?

    Personally I think BlackBerry should release the equivalent of sacha/darcy as an official unofficial not supported use at your own risk tool. There is demand for it and it creates excitement for the end users, why not sort of support it? The leaks are officially unofficial, aren't they.
    02-07-15 01:27 PM
  4. Legal Eagle's Avatar
    And what about the autoloader that you run on your PC? Is it also signed from a reputable source?

    Personally I think BlackBerry should release the equivalent of sacha/darcy as an official unofficial not supported use at your own risk tool. There is demand for it and it creates excitement for the end users, why not sort of support it? The leaks are officially unofficial, aren't they.
    The tools are there to build your own autoloaders if you have that degree of paranoia.

    Otherwise use one posted by a reputable contributor such as Thurask.

    If BB released it's own version to Sachesi or Darcy's Tool it would be seen to be publicly condoning leaks which Chen would never allow.
    02-07-15 01:32 PM
  5. Calvin Chin's Avatar
    As you said 'leaks', it might poses a security threat, someone might have mod it, it may not but it is not official. It is always better to wait for official release. If you insist in using leaks, use it at your own risk.

    Posted via CB10
    02-07-15 01:35 PM
  6. Mr_White's Avatar
    No risk, all the signed files are produced by BlackBerry and obtained from their servers.
    No risk ? The Autoloaders are indeed a huge risk. Infections, Trojans, Malware etc. to tell you some.
    Manipulated Code could also be flashed to your device ( dont say (N) Security Agencies and other trumpets wont/dont do...).
    Your original files from BB Servers could also be exchanged at the download. And to make the paranoia perfect,
    this is also actual for OS files downloaded with BB Link software, too. But less infection risk.
    02-07-15 01:38 PM
  7. conite's Avatar
    You can't mod a signed BlackBerry file. Only files signed by BlackBerry can be installed on your device.

    You can mix and match apps, radios, and OS versions, but that's it.

    Z30STA100-5/10.3.1.2267
    02-07-15 01:40 PM
  8. tickerguy's Avatar
    Right.

    An autoloader could be a threat to your PC, but not the phone.

    The phone will not accept any os file not signed by BlackBerry. If you manage to flash such a file with an autoloader the phone won't boot!

    Posted via CB10
    toobs623 and diegonei like this.
    02-07-15 01:46 PM
  9. baarn's Avatar
    The tools are there to build your own autoloaders if you have that degree of paranoia.
    Well, as BlackBerry is touted as a secure platform, you may expect a reasonable degree of paranoia from its users. But then maybe they'd be better off skipping leaks altogether.
    In any case, are the tools signed by a reputable source?

    Otherwise use one posted by a reputable contributor such as Thurask.
    Never met the fellow, but I'm sure he is the salt of the earth... (no offence meant, Thurask).

    If BB released it's own version to Sachesi or Darcy's Tool it would be seen to be publicly condoning leaks which Chen would never allow.
    I assume the leaks are publicly condoned based alone on their long standing availability. If people are going to install leaks anyway, better that they use the best quality tools possible, even if BlackBerry take no responsibility for unexpected consequences.
    02-07-15 01:50 PM
  10. thurask's Avatar
    The moment that BlackBerry packages whichever OS/radio is in question into signed files is the moment that they can no longer be edited. Consumer devices can't load anything outside of signed and secured BlackBerry software, so this isn't an issue.

    Posted via CB10
    diegonei and Pdinos3 like this.
    02-07-15 02:41 PM
  11. Mr_White's Avatar
    You can't mod a signed BlackBerry file. Only files signed by BlackBerry can be installed on your device.

    You can mix and match apps, radios, and OS versions, but that's it.

    Z30STA100-5/10.3.1.2267
    It is hard to mod the BB "signed" files, because WE don't have the signing key. I am shure others ( not only criminals ) have it, who knows !

    Look at the CPF utility, you could dump a device region, edit the
    code ( you have to know exact where the wanted change should be ) and flash this back to the device.
    I haven't tried this, but the tool offers some interesting possibilities.
    Another thing i've seen month ago by staring at an autoloader shell output, was that a Debrik and a Radio were signed but not the 3rd file the IFS. (or i missed something ;( )

    Another thing i found, searching for the latest CAP.exe was, that at another "Mobile" forum some people were posting fake HEX edited BB CAP files with "higher" version numbers for fun. ( winning the Version race... ) These edited files make me think, too.
    02-07-15 02:43 PM
  12. SlcCorrado's Avatar
    No risk ? The Autoloaders are indeed a huge risk. Infections, Trojans, Malware etc. to tell you some.
    Manipulated Code could also be flashed to your device ( dont say (N) Security Agencies and other trumpets wont/dont do...).
    Your original files from BB Servers could also be exchanged at the download. And to make the paranoia perfect,
    this is also actual for OS files downloaded with BB Link software, too. But less infection risk.
    Seriously? I don't think you understand how it works. The only risk is to your computer, not your device
    02-07-15 02:43 PM
  13. conite's Avatar
    It is hard to mod the BB "signed" files, because WE don't have the signing key. I am shure others ( not only criminals ) have it, who knows !
    You're sure?

    This is no small task. Even if you obtained the keys (which is an Olympic feat), you're still not there yet.

    Don't forget, all you need to make an atomic bomb is plutonium.

    Z30STA100-5/10.3.1.2267
    02-07-15 03:18 PM
  14. tickerguy's Avatar
    I have attempted to "coerce" a modified (benignly so) file onto a Z-10.

    I can manage to get the modified load in the phone, but it won't boot. These devices verify everything against their respective signatures on startup, beginning with the boot loader itself, and the phone will not boot if you tamper with any part of the OS load -- even something as trivial as a single character of text in a language file or status screen.

    It is pretty easy to tamper with an Android device in this fashion (indeed, I'd call it trivial) but to do it with BB10 you need BlackBerry's signing key. To get that you'd have to steal it as the entire premise behind public-key cryptography is that the private key cannot be derived from the public key (which is used to verify that the code and signature were not tampered with), period.
    02-07-15 03:29 PM
  15. Mr_White's Avatar
    You're sure?

    This is no small task. Even if you obtained the keys (which is an Olympic feat), you're still not there yet.

    Don't forget, all you need to make an atomic bomb is plutonium.

    Z30STA100-5/10.3.1.2267
    OK, we know there are Version faked CAPs out.
    ( open CAP, edit Version string, end ). The displayed Version
    is only faked.

    BUT:
    If one decompiles a CAP, remove the signing valitation key check completly + a recompile. This little beast, bundled into an autoloader could flash everything, because it did no key validation any more.

    No Risk ? No Fun ? I don't like weapons !
    02-07-15 03:52 PM
  16. BlackScorpion3's Avatar
    OK, we know there are Version faked CAPs out.
    ( open CAP, edit Version string, end ). The displayed Version
    is only faked.

    BUT:
    If one decompiles a CAP, remove the signing valitation key check completly + a recompile. This little beast, bundled into an autoloader could flash everything, because it did no key validation any more.

    No Risk ? No Fun ? I don't like weapons !
    Still won't work, as each bar file is signed separately via BlackBerry signing keys, so even flashing a 'hacked' version of an app will cause it not to work, if you can get the phone to even boot.


    What OS I'm on is my business, get off my .... ! Ex-BerryLeaks member (best group ever)
    02-07-15 04:09 PM

Similar Threads

  1. How can I make my BlackBerry data package work on my Android phone?
    By CrackBerry Question in forum Ask a Question
    Replies: 5
    Last Post: 02-07-15, 01:40 PM
  2. Replies: 1
    Last Post: 02-07-15, 01:26 PM
  3. Can we get sky go or first bus m tickets
    By Vics111 in forum BlackBerry Z10
    Replies: 1
    Last Post: 02-07-15, 01:08 PM
  4. Replies: 1
    Last Post: 02-07-15, 10:58 AM
  5. How can I add MSN Hotmail back onto my BlackBerry hub?
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 02-07-15, 09:30 AM
LINK TO POST COPIED TO CLIPBOARD