05-29-12 09:15 AM
246 ... 678910
tools
  1. Thyth's Avatar
    Research in Motion has been sending out DMCA takedown notices to people running eScreen generator sites.

    As a result, I've had to take mine down.

    No idea why it took them 10 months to notice, but, if you're running a generator site, beware.
    12-13-09 01:36 PM
  2. Samour's Avatar
    In light of these developments are you able to provide any way to access the e-screen? For example, can users run the algorithm locally on their own PCs rather than having it hosted online?
    12-14-09 01:50 PM
  3. liecno's Avatar
    Research in Motion has been sending out DMCA takedown notices to people running eScreen generator sites.

    As a result, I've had to take mine down.

    No idea why it took them 10 months to notice, but, if you're running a generator site, beware.
    I've got a question regarding this issue, can you please contact me thyth? I can't write you a private message since I have not enough posts...
    12-14-09 01:56 PM
  4. Thyth's Avatar
    In my opinion, these actions show how little RIM values the power users and well-connected advocates. It's not respectful to fling around the "copyright infringement" hammer when it's at most reverse engineering of a trade secret. Then again, this might not be the policy of the company at large. It could be some moron middle manager who wants a raise. The best thing that people could do in this situation is to complain loudly, to assert our rights to do what we please with the hardware we own, to explore and discover how these devices work.

    Conceptually, the reverse engineering process of the devices I performed as part of the process is no different from the process the iPhone "Dev Team" did to enable improvements like Jailbreaking or SIM-unlocks for the iPhone. Does Apple like people jailbreaking their devices? Of course not. Do people have a right to do what they please with the hardware they purchased ? Yes. The more flak RIM takes on this issue, the better for all BlackBerry users now, and in the future.

    I'm one of the most knowledgeable developers on this platform outside of RIM, and now I am pissed. I have intimate knowledge of the internal operation of the operating system, which has enabled two exciting software product possibilities I had planned to reveal shortly into the new year. Now, I question whether I should contribute anything more to the platform, or whether I should focus completely on platforms that welcome developers openly (like Android) and let the BlackBerry be relegated into the lower-class smartphones with its impotent browser and limited/overpriced application selection.

    Yes, it's possible for users to run the algorithm locally. I produced a local test client in Java when reverse engineering the algorithm initially, then ported to PHP for the web generator I ran. There's a bundle of psuedo-code, test examples, and Java source floating around on the internet posted by someone; apparently it can be found with some queries on Google.

    That someone may throw together a BlackBerry side application in a few days, so that codes could be generated on device. Until then, I'm sorry that my generator is unavailable to help the power users. An apology from RIM, of course, would help everyone immensely.
    12-14-09 02:30 PM
  5. patches152's Avatar
    In my opinion, these actions show how little RIM values the power users and well-connected advocates. It's not respectful to fling around the "copyright infringement" hammer when it's at most reverse engineering of a trade secret. Then again, this might not be the policy of the company at large. It could be some moron middle manager who wants a raise. The best thing that people could do in this situation is to complain loudly, to assert our rights to do what we please with the hardware we own, to explore and discover how these devices work.

    Conceptually, the reverse engineering process of the devices I performed as part of the process is no different from the process the iPhone "Dev Team" did to enable improvements like Jailbreaking or SIM-unlocks for the iPhone. Does Apple like people jailbreaking their devices? Of course not. Do people have a right to do what they please with the hardware they purchased ? Yes. The more flak RIM takes on this issue, the better for all BlackBerry users now, and in the future.

    I'm one of the most knowledgeable developers on this platform outside of RIM, and now I am pissed. I have intimate knowledge of the internal operation of the operating system, which has enabled two exciting software product possibilities I had planned to reveal shortly into the new year. Now, I question whether I should contribute anything more to the platform, or whether I should focus completely on platforms that welcome developers openly (like Android) and let the BlackBerry be relegated into the lower-class smartphones with its impotent browser and limited/overpriced application selection.

    Yes, it's possible for users to run the algorithm locally. I produced a local test client in Java when reverse engineering the algorithm initially, then ported to PHP for the web generator I ran. There's a bundle of psuedo-code, test examples, and Java source floating around on the internet posted by someone; apparently it can be found with some queries on Google.

    That someone may throw together a BlackBerry side application in a few days, so that codes could be generated on device. Until then, I'm sorry that my generator is unavailable to help the power users. An apology from RIM, of course, would help everyone immensely.
    better idea: talk with your wallet. go get any android phone, and enjoy the open source. they WANT you to hack it, and then share with the community. that's what open source is all about. community feedback. the only reason RIM is still around is because of how expensive a BES setup is, so these companies have invested literally hundreds of thousands of dollars into this. they're married. and it's gonna take a lot to pry them loose. in the mean time, let them have their crappy OS and their restricted, proprietary limitations. if you wanna be a power user, get a better phone. RIM is only for email. and they're not even really all that good at email anymore.

    EDIT: i didn't read the whole thing, you sort of said this in your post too, lol. i fail
    Last edited by patches152; 12-14-09 at 06:39 PM.
    12-14-09 04:11 PM
  6. liecno's Avatar
    Yes, it's possible for users to run the algorithm locally. I produced a local test client in Java when reverse engineering the algorithm initially, then ported to PHP for the web generator I ran.
    That's what I have done too, can you please contact me?
    12-14-09 04:19 PM
  7. digitalb0y's Avatar
    Saving the following code as an html file should produce very similar results to visiting Thyth's site:

    Code:
    <html>
    <head>
    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
    
    <style type="text/css">
    label {
      width: 180px;
      display: block;
      float: left;
      text-align: right;
      padding-right: 2px;
    }
    </style>
    
    <script type="text/javascript">
    var rm;function ri(){var map = new Array();var s = unescape("%61%62%63%64%65%66%67%68%69%6A%6B%6C%6D%6E%6F%70%71%72%73%74%75%76%77%78%79%7A");for(i=0; i<s.length; i++) map[s.charAt(i)]= s.charAt((i+13)%26); for (i=0; i<s.length; i++) map[s.charAt(i).toUpperCase()]	= s.charAt((i+13)%26).toUpperCase(); return map;}function r(a){ if (!rm) rm=ri(); s = ""; for (i=0; i<a.length; i++) { var b = a.charAt(i); s	+= (b>='A' && b<='Z' || b>='a' && b<='z' ? rm[b] : b); } return s;}
    function jsSHA(k,l){jsSHA.charSize=8;jsSHA.b64pad="";jsSHA.hexCase=0;var m=null;var o=function(a){var b=[];var c=(1<<jsSHA.charSize)-1;var d=a.length*jsSHA.charSize;for(var i=0;i<d;i+=jsSHA.charSize){b[i>>5]|=(a.charCodeAt(i/jsSHA.charSize)&c)<<(32-jsSHA.charSize-i%32)}return b};var p=function(a){var b=[];var c=a.length;for(var i=0;i<c;i+=2){var d=parseInt(a.substr(i,2),16);if(!isNaN(d)){b[i>>3]|=d<<(24-(4*(i%8)))}else{return"INVALID HEX STRING"}}return b};var q=null;var r=null;if("HEX"===l){if(0!==(k.length%2)){return"TEXT MUST BE IN BYTE INCREMENTS"}q=k.length*4;r=p(k)}else if(("ASCII"===l)||('undefined'===typeof(l))){q=k.length*jsSHA.charSize;r=o(k)}else{return"UNKNOWN TEXT INPUT TYPE"}var s=function(a){var b=jsSHA.hexCase?"0123456789ABCDEF":"0123456789abcdef";var c="";var d=a.length*4;for(var i=0;i<d;i++){c+=b.charAt((a[i>>2]>>((3-i%4)*8+4))&0xF)+b.charAt((a[i>>2]>>((3-i%4)*8))&0xF)}return c};var u=function(a){var b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var c="";var d=a.length*4;for(var i=0;i<d;i+=3){var e=(((a[i>>2]>>8*(3-i%4))&0xFF)<<16)|(((a[i+1>>2]>>8*(3-(i+1)%4))&0xFF)<<8)|((a[i+2>>2]>>8*(3-(i+2)%4))&0xFF);for(var j=0;j<4;j++){if(i*8+j*6>a.length*32){c+=jsSHA.b64pad}else{c+=b.charAt((e>>6*(3-j))&0x3F)}}}return c};var v=function(x,n){if(n<32){return(x<<n)|(x>>>(32-n))}else{return x}};var w=function(x,y,z){return x^y^z};var A=function(x,y,z){return(x&y)^(~x&z)};var B=function(x,y,z){return(x&y)^(x&z)^(y&z)};var C=function(x,y){var a=(x&0xFFFF)+(y&0xFFFF);var b=(x>>>16)+(y>>>16)+(a>>>16);return((b&0xFFFF)<<16)|(a&0xFFFF)};var D=function(a,b,c,d,e){var f=(a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);var g=(a>>>16)+(b>>>16)+(c>>>16)+(d>>>16)+(e>>>16)+(f>>>16);return((g&0xFFFF)<<16)|(f&0xFFFF)};var E=function(f,g){var W=[];var a,b,c,d,e;var T;var H=[0x67452301,0xefcdab89,0x98badcfe,0x10325476,0xc3d2e1f0];var K=[0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x5a827999,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6];f[g>>5]|=0x80<<(24-g%32);f[((g+1+64>>9)<<4)+15]=g;var h=f.length;for(var i=0;i<h;i+=16){a=H[0];b=H[1];c=H[2];d=H[3];e=H[4];for(var t=0;t<80;t++){if(t<16){W[t]=f[t+i]}else{W[t]=v(W[t-3]^W[t-8]^W[t-14]^W[t-16],1)}if(t<20){T=D(v(a,5),A(b,c,d),e,K[t],W[t])}else if(t<40){T=D(v(a,5),w(b,c,d),e,K[t],W[t])}else if(t<60){T=D(v(a,5),B(b,c,d),e,K[t],W[t])}else{T=D(v(a,5),w(b,c,d),e,K[t],W[t])}e=d;d=c;c=v(b,30);b=a;a=T}H[0]=C(a,H[0]);H[1]=C(b,H[1]);H[2]=C(c,H[2]);H[3]=C(d,H[3]);H[4]=C(e,H[4])}return H};this.getHash=function(a){var b=null;var c=r.slice();if(m===null){m=m=E(c,q)}switch(a){case"HEX":b=s;break;case"B64":b=u;break;default:return"FORMAT NOT RECOGNIZED"}return b(m)};this.getHMAC=function(a,b,c){var d=null;var e=null;var f=[];var g=[];var h=null;var j=null;switch(c){case"HEX":d=s;break;case"B64":d=u;break;default:return"FORMAT NOT RECOGNIZED"}if("HEX"===b){if(0!==(a.length%2)){return"KEY MUST BE IN BYTE INCREMENTS"}e=p(a);j=a.length*4}else if("ASCII"===b){e=o(a);j=a.length*jsSHA.charSize}else{return"UNKNOWN KEY INPUT TYPE"}if(512<j){e=E(e,j);e[15]&=0xFFFFFF00}else if(512>j){e[15]&=0xFFFFFF00}for(var i=0;i<=15;i++){f[i]=e[i]^0x36363636;g[i]=e[i]^0x5C5C5C5C}h=E(f.concat(r),512+q);h=E(g.concat(h),672);return(d(h))}}
        function newHMAC() {
        zib1=document.getElementById("devpin").value+document.getElementById("appv").value+document.getElementById("uptime").value;
        vkey=document.getElementById("validity");
        zib1=zib1+r(unescape(vkey.options[vkey.selectedIndex].value));
        hmacObj = new jsSHA(zib1, "ASCII");
        calcHMAC();
        }
        function calcHMAC() {
          var keyTypeSelectBox = document.getElementById("hmacKeyType");
          var hashVariantSelectBox = document.getElementById("hmacVariant");
          var hmac = hmacObj.getHMAC(r(unescape("%48%63%20%67%75%72%20%67%76%7A%72%20%66%67%65%72%6E%7A%20%6A%76%67%75%62%68%67%20%6E%20%47%4E%45%51%56%46")),
            "ASCII",
            "HEX");
            document.getElementById("ykey").innerHTML = hmac.toUpperCase().substring(0,8)
        }
    </script>
    
    <title>eScreen Keygen</title>
    </head>
    
    <body>
    <br>
    
    <div>
    <label for="devpin">Device PIN:&nbsp;</label><input size="16" name="devpin" id="devpin" onKeyUp="newHMAC();" type="text">
    </div>
    
    <div>
    <label for="appv">App Version:&nbsp;</label><input size="16" name="appv" id="appv" onKeyUp="newHMAC();" type="text">
    </div>
    
    <div>
    <label for="uptime">Uptime:&nbsp;</label><input size="16" name="uptime" id="uptime" onKeyUp="newHMAC();" type="text">
    </div>
    
    <div>
    <label for="validity">Key Duration:&nbsp;</label> 
    <select name="validity" id="validity" onChange="newHMAC()">
    <option value="">1 day</option>
    <option value="%55%72%79%79%62%20%7A%6C%20%6F%6E%6F%6C%2C%20%75%72%79%79%62%20%7A%6C%20%75%62%61%72%6C%2C%20%75%72%79%79%62%20%7A%6C%20%65%6E%74%20%67%76%7A%72%20%74%6E%79">3 days</option>
    <option value="%55%72%20%6A%6E%66%20%6E%20%6F%62%6C%2C%20%6E%61%71%20%66%75%72%20%6A%6E%66%20%6E%20%74%76%65%79%2C%20%70%6E%61%20%56%20%7A%6E%78%72%20%76%67%20%6E%61%6C%20%7A%62%65%72%20%62%6F%69%76%62%68%66%3F">7 days</option>
    <option value="%46%62%20%6E%7A%20%56%2C%20%66%67%76%79%79%20%6A%6E%76%67%76%61%74%2C%20%73%62%65%20%67%75%76%66%20%6A%62%65%79%71%20%67%62%20%66%67%62%63%20%75%6E%67%76%61%74%3F">15 days</option>
    <option value="%56%20%79%62%69%72%20%7A%6C%66%72%79%73%20%67%62%71%6E%6C%2C%20%61%62%67%20%79%76%78%72%20%6C%72%66%67%72%65%71%6E%6C%2E%20%56%27%7A%20%70%62%62%79%2C%20%56%27%7A%20%70%6E%79%7A%2C%20%56%27%7A%20%74%62%61%61%6E%20%6F%72%20%62%78%6E%6C">30 days</option>
    </select>
    </div>
    <br>
        
    <div>
    <label for="key">Your key is:&nbsp;</label><span id="ykey" name="ykey">Enter data above.</span>
    </div>
    
    </body>
    </html>
    I didn't write that code myself. I cleaned up, copied and pasted bits of source code from pages I found using Google.
    Last edited by digitalb0y; 12-15-09 at 07:01 AM.
    flyingsolid likes this.
    12-15-09 06:28 AM
  8. Xpimp's Avatar
    Thank You
    12-15-09 11:05 AM
  9. digitalb0y's Avatar
    quite welcome. I'd love to hear how it goes for people as the escreens are already unlocked on my phone, I've not yet thoroughly tested my own version! If I don't hear back from a few people by this evening I'll reset the Help Me! screen, test, and report.

    Posted from my CrackBerry at wapforums.crackberry.com
    12-15-09 11:46 AM
  10. Xpimp's Avatar
    quite welcome. I'd love to hear how it goes for people as the escreens are already unlocked on my phone, I've not yet thoroughly tested my own version! If I don't hear back from a few people by this evening I'll reset the Help Me! screen, test, and report.

    Posted from my CrackBerry at wapforums.crackberry.com
    Just tried it with my 8310 and 8900 and works perfectly. Thanks again!
    12-15-09 12:43 PM
  11. Dustknight's Avatar
    Works great digitalb0y. Just tried it on my storm.

    Now I can once again install hybrids and be able to get the eScreen to turn my PMIC Spk Gain back down to 0db so it's not distorted. +12db sounds horrible!

    Thanks again!
    12-15-09 12:58 PM
  12. digitalb0y's Avatar
    My pleasure, glad it helps. I figure if RIM really starts cracking down, it'll be nice to have the html file on our own SD cards rather than a server somewhere (unless it's your own server)!

    Posted from my CrackBerry at wapforums.crackberry.com
    Last edited by digitalb0y; 12-15-09 at 02:48 PM.
    12-15-09 02:17 PM
  13. robnhl's Avatar
    Anyone get this to work on an S2 with the 428 OS?

    Posted from my CrackBerry at wapforums.crackberry.com
    12-15-09 04:34 PM
  14. Thyth's Avatar
    It's possible that RIM will change the code generation mechanism in new OS versions or new devices now that they know the algorithm is out, and are actively trying to take it down.
    12-15-09 05:16 PM
  15. digitalb0y's Avatar
    It's possible that RIM will change the code generation mechanism in new OS versions or new devices now that they know the algorithm is out, and are actively trying to take it down.
    I had that thought, but that doesn't really make things any worse than they currently are. If it's you're opinion that the way to protest this is to be as vocal as possible, doesn't it make sense to bring it to the attention of as many "power" users as possible?

    Posted from my CrackBerry at wapforums.crackberry.com
    12-15-09 06:20 PM
  16. jlsparks's Avatar
    My apologies in advance for being slow. I was crushed to see the generator taken down, but completely respect Thyth's correct decision to obey RIM's cease and desist before things got out of hand.

    Anyway, I copied the HTML code posted above into TextEdit, saved as HTML, opened it, and all I got was the raw code. Pasted into Word, saved as a web page (HTML), launched the file, same result. Would one of you gurus please point out for me what I'm missing? Thanks in advance.

    Best,
    Jason
    12-15-09 08:02 PM
  17. digitalb0y's Avatar
    If you paste it into TextEdit and save it as html, right-click it and choose "Open With" and choose a browser, not TextEdit. Or choose "Get Info" and change the pulldown menu for "Opens With" to your browser. Optionally, set your browser as the default app for all html files from the Get Info window as well. Or just copy the html file to your SD card and open in your BB browser.

    Posted from my CrackBerry at wapforums.crackberry.com
    12-15-09 09:06 PM
  18. jlsparks's Avatar
    If you paste it into TextEdit and save it as html, right-click it and choose "Open With" and choose a browser, not TextEdit. Or choose "Get Info" and change the pulldown menu for "Opens With" to your browser. Optionally, set your browser as the default app for all html files from the Get Info window as well. Or just copy the html file to your SD card and open in your BB browser.

    Posted from my CrackBerry at wapforums.crackberry.com
    Outstanding, thank you for your help. I discovered I needed to first format the html code as plain text, then save it with a manually entered .html file name. Gotta love Mac.

    Thanks again.
    12-15-09 09:47 PM
  19. digitalb0y's Avatar
    Outstanding, thank you for your help. I discovered I needed to first format the html code as plain text, then save it with a manually entered .html file name. Gotta love Mac.

    Thanks again.
    No sweat! If it makes you feel any better, I had a response completely written out for you and then realized "wait, that says TextEdit, not Notepad."

    You're not the only one who has to remind himself what he's doing every once in a while. I can set up a multi-platform vpn network that supports smart card active directory authentication but I can't remember if I'm supposed to hit ctrl or the command key.
    Last edited by digitalb0y; 12-16-09 at 01:46 AM.
    12-16-09 01:36 AM
  20. robnhl's Avatar
    It's possible that RIM will change the code generation mechanism in new OS versions or new devices now that they know the algorithm is out, and are actively trying to take it down.
    I replaced the escreen CODs on my S2 428 with the ones from S2 320 and I'm able to open the advanced escreen. Looks like the algorithm has changed.

    Posted from my CrackBerry at wapforums.crackberry.com
    12-16-09 10:15 AM
  21. Thyth's Avatar
    Figures. Can you give me a link to the new net_rim_escreen_app.cod, or the MD5/SHA1 of the file and the OS version you got it from?

    The method of replacing the new COD with the old should be effective indefinitely, as the engineering menus are implemented in firmware, and the COD is just the gatekeeper/entry point, but I may as well reverse engineer the new algorithm.
    12-16-09 11:42 AM
  22. robnhl's Avatar
    Figures. Can you give me a link to the new net_rim_escreen_app.cod, or the MD5/SHA1 of the file and the OS version you got it from?

    The method of replacing the new COD with the old should be effective indefinitely, as the engineering menus are implemented in firmware, and the COD is just the gatekeeper/entry point, but I may as well reverse engineer the new algorithm.

    Sent you a PM
    12-16-09 01:01 PM
  23. Thyth's Avatar
    Thank you. I won't have enough time for a proper analysis until the weekend, but from a quick overview of the module code dump, it looks like whatever they changed is subtle.
    12-16-09 02:05 PM
  24. Lumalee's Avatar
    fingers crossed you can "fettle" it Thyth,

    regards
    Lee
    12-17-09 07:07 PM
  25. Thyth's Avatar
    In analyzing the net_rim_escreen_app.cod from OS 5.0.0.320 and OS 5.0.0.428, there were no relevant modifications to the code generation mechanism. The only changes were which API was called to determine screen width for UI layout, and a small change to the signature of one function (it now throws a more generic exception type). They are otherwise identical.

    I'm treating this change as unconfirmed/false-alarm until I have additional evidence from other users that codes generated with the existing method are non-functional.
    12-18-09 04:07 PM
246 ... 678910
LINK TO POST COPIED TO CLIPBOARD