Prime Day Deals:FireTV Stick $15 | Echo Dot $23
12-06-14 03:36 AM
396 123 ...
tools
  1. xsacha's Avatar
    Info

    Hello everyone!
    So Blackberry have told me it's not good to distribute files from Blackberry World. However, it is perfectly fine to download them directly from Blackberry's website yourself.
    For this reason, I have set up a web site that generates download links to the actual .bar file so you can download it yourself!

    So, here it is:
    Bar File Downloader


    Authorization code

    You will need an authorization code to use this generated from your Blackberry ID.

    Here's a simple method that doesn't require using your login details:
    1. Download Burp Proxy (requires Java)
    2. Open the app and go to Proxy->Options. Take note of the 'Interface' in Proxy Listener -- this is your Proxy Server (should be your WiFi IP!) and Port. Then scroll to the bottom and Enable a blank SSL Pass-through.
    3. On your phone, go to Settings->Network Connections->Wifi. Hold your active connection and tap 'Edit'. Scroll down to 'Use Proxy' and enable this. Fill in your 'Proxy Server' and 'Port' as seen in previous step. Then press Connect.
    Repeat when necessary:
    4. Whenever you want to generate an Authorization token: open Blackberry World, swipe down and hit 'Redeem'. Enter any promotion code and OK.
    5. Back in Burp, go to the HTTP History tab. At the bottom of the list you will see an appworld.blackberry.com 'POST' Method. Click on this and then copy the 'Authorization' code visible.


    FAQ

    Q. What is an application ID?
    A. It's the ID number you see when browsing Blackberry World online. If you're feeling lazy, just paste the entire link in -- that works too! For example: BBM - BlackBerry World

    Q. When I download the file, it downloads it as a .zip file instead of a .bar. How can I make it download with the right filename?
    A. There isn't a way in a web browser unfortunately. You'll have to manually rename it to a .bar. My own personal app does not have this problem but I'd prefer not to maintain a native app.

    Q. Is this a security exploit? Should we report it to Blackberry?
    A. I did report this as an issue but Blackberry do not care. It is not considered an exploit and they do not intend to ever patch it. I provided a quote from Blackberry on the webpage explaining that you should not distribute the resulting downloads.

    Q. Can I redistribute the .bar files I download from Blackberry?
    A. No


    Status

    * You can generate your own authorization token on your own device.
    * You can download any free app.
    * There's no way, yet, to choose OS or device. For now, it is hardcoded to be a Z10 on latest OS.


    Security

    I do take security at Blackberry very seriously. Here is a listing of my security reports for the month of November, 2014:


    Note that Blackberry do not pay me anything for this. If you like my work on security, please donate
    Last edited by xsacha; 12-05-14 at 04:50 PM.
    12-02-14 12:08 PM
  2. toobs623's Avatar
    Thanks Sach!

    Posted via CB10
    12-02-14 12:15 PM
  3. FrankIAm's Avatar
    xsacha, you are like the BB10 god.

    Thanks, once again.
    12-02-14 12:16 PM
  4. mrfreeze's Avatar
    Awesome! Thanks Sacha!
    anon(9208252) likes this.
    12-02-14 12:17 PM
  5. SteelGreek's Avatar
    Awesome work!!

    Z30STA100-3/10.3.1.1154

    Posted via CB10
    anon(9208252) and mrfreeze like this.
    12-02-14 12:17 PM
  6. toobs623's Avatar
    xsacha, you are like the BB10 god.

    Thanks, once again.
    No like, He is a BlackBerry god...

    Posted via CB10
    12-02-14 12:22 PM
  7. moody's Avatar
    This is great xsacha!! Thanks so much for all you do for this community!

    I am.... Mrs. Peevishlicious .... May he troll in peace. ❤
    anon(9208252) and Mecca EL like this.
    12-02-14 12:28 PM
  8. 3hb78ftg's Avatar
    Thanks for this Sacha.

    I was once abducted by aliens.
    anon(9208252) likes this.
    12-02-14 12:56 PM
  9. qmendiv's Avatar
    Thanks Sacha! You rock, man!

    Posted via CB10
    anon(9208252) and Mecca EL like this.
    12-02-14 01:14 PM
  10. FrankIAm's Avatar
    Inb4 butthurt developer
    anon(9208252) and Mecca EL like this.
    12-02-14 01:15 PM
  11. Pdinos3's Avatar
    You're awesome, sacha!


    Via CB 10 PassportSQW100-1/10.3.1.1154
    anon(9208252) and Mecca EL like this.
    12-02-14 01:15 PM
  12. tdyhedge's Avatar
    Can't wait to try this out! Thanks!
    anon(9208252) likes this.
    12-02-14 01:20 PM
  13. anon(9208252)'s Avatar
    I don't know you Sacha, lol but i think what you do is fantastic for this CB community.

    Thanks for everything
    mrfreeze and qmendiv like this.
    12-02-14 01:20 PM
  14. SteelGreek's Avatar
    I don't know you Sacha, lol but i think what you do is fantastic for this CB community.

    Thanks for everything
    Thank you as well good sir

    Posted via CB10
    anon(9208252) likes this.
    12-02-14 01:24 PM
  15. anon(9208252)'s Avatar
    Thank you as well good sir

    Posted via CB10
    Thank you very much for the kind words, but i don't believe i know you either,
    SteelGreek and qmendiv like this.
    12-02-14 01:37 PM
  16. moody's Avatar
    I don't know you Sacha, lol but i think what you do is fantastic for this CB community.

    Thanks for everything
    I just want to know what he looks like....

    I am.... Mrs. Peevishlicious .... May he troll in peace. ❤
    anon(9208252) and qmendiv like this.
    12-02-14 01:55 PM
  17. QtHelex's Avatar
    I really hope BlackBerry will close this security hole pretty soon. If you really want to achieve that native developers will completely stop to develop for BlackBerry devices then continue with your work...
    12-02-14 01:58 PM
  18. mrfreeze's Avatar
    I really hope BlackBerry will close this security hole pretty soon. If you really want to achieve that native developers will completely stop to develop for BlackBerry devices then continue with your work...
    Here we go...The debate begins (again and again)!
    anon(9208252) likes this.
    12-02-14 02:01 PM
  19. SteelGreek's Avatar
    I really hope BlackBerry will close this security hole pretty soon. If you really want to achieve that native developers will completely stop to develop for BlackBerry devices then continue with your work...
    BlackBerry itself said this was fine to do

    Sent from my Z30 using Tapatalk
    anon(9208252) likes this.
    12-02-14 02:03 PM
  20. masterscarhead1's Avatar
    I really hope BlackBerry will close this security hole pretty soon. If you really want to achieve that native developers will completely stop to develop for BlackBerry devices then continue with your work...
    You seem pretty clueless for a developer
    Did you not understand that only free apps can be downloaded? How is this a security hole?
    If it makes you feel happier, this doesn't affect your sales...
    I take that back. I'm sure someone will decide not to support you after reading your comments
    12-02-14 02:06 PM
  21. QtHelex's Avatar
    You seem pretty clueless for a developer
    Did you not understand that only free apps can be downloaded? How is this a security hole?
    If it makes you feel happier, this doesn't affect your sales...
    I take that back. I'm sure someone will decide not to support you after reading your comments
    Maybe you have no idea what you're talking here. So maybe I could call you a clueless user which has no idea what this means for a developer.

    You are by the way not forced to use any of my apps.
    12-02-14 02:15 PM
  22. thurask's Avatar
    *popcorn*

    Great work as usual. Although paid apps should, in my opinion, require a BBID check (and hence stay on mobile Sachesi).

    Posted via CB10
    12-02-14 02:32 PM
  23. pttptppt's Avatar
    Xsacha how exactly does this work? What is your magic?

    Posted via CB10
    12-02-14 02:44 PM
  24. mrfreeze's Avatar
    Xsacha how exactly does this work? What is your magic?

    Posted via CB10
    It's a secret sauce.
    12-02-14 02:52 PM
  25. thurask's Avatar
    Xsacha how exactly does this work? What is your magic?

    Posted via CB10
    That would ruin the illusion.

    Posted via CB10
    pttptppt and toobs623 like this.
    12-02-14 02:54 PM
396 123 ...

Similar Threads

  1. Can I recover WhatsApp data from old BlackBerry?
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 02-16-15, 07:30 PM
  2. Please help me. App to Download Streaming videos (Not Youtube)
    By Mario Emmanuel in forum BlackBerry Q5
    Replies: 3
    Last Post: 12-03-14, 03:12 PM
  3. Can't update from 1016
    By RRM21 in forum BB10 Leaked/Beta OS
    Replies: 1
    Last Post: 12-02-14, 04:03 PM
  4. How can i download Flash video?
    By pankaj rosebub in forum Ask a Question
    Replies: 2
    Last Post: 12-02-14, 11:01 AM
  5. Receive a free USB car charger with any order today while supplies last!
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 12-02-14, 08:22 AM
LINK TO POST COPIED TO CLIPBOARD