1. jameyworr's Avatar
    I understand that ROM is responsible for finding the OS in storage and loading it into memory to give it control. Would it, then, hypothetically be possible to change any part of the OS without flashing the ROM? I know this is a general question, but my target device is a BlackBerry running OS 5. I'd like to change the system code to do what I'd like it to do rather than doing what it normally does. I know that OS 5 is closed source, so I am planning to reverse engineer the OS to change the things I want. Any ideas?
    10-30-10 11:28 AM
  2. Reed McLay's Avatar
    The good news is, computer science has advanced well beyond the Read Only Memory (ROM) days. Today, it is FLASH memory, the best of both Worlds.

    The BlackBerry OS consists of core and non-core functions. You have full control over the non-core components like optional software to install.

    As for reverse engineering anything, they hybrid OS guys can give you a pointer or two.
    10-30-10 12:05 PM
  3. jameyworr's Avatar
    "The good news is, computer science has advanced well beyond the Read Only Memory (ROM) days. Today, it is FLASH memory, the best of both Worlds.

    The BlackBerry OS consists of core and non-core functions. You have full control over the non-core components like optional software to install.

    As for reverse engineering anything, they hybrid OS guys can give you a pointer or two."

    Lol I meant to say Flash ROM, how embarassing

    How would I go about changing the core components? IE, implementing new protocol support/removing current protocol support, spawning/removing system threads, manipulating core applications, adding system functionality, that sort of thing?

    I'll check out the hybrid OS guys, thanks
    10-30-10 12:13 PM
  4. Fret Madden's Avatar
    I understand that ROM is responsible for finding the OS in storage and loading it into memory to give it control. Would it, then, hypothetically be possible to change any part of the OS without flashing the ROM? I know this is a general question, but my target device is a BlackBerry running OS 5. I'd like to change the system code to do what I'd like it to do rather than doing what it normally does. I know that OS 5 is closed source, so I am planning to reverse engineer the OS to change the things I want. Any ideas?
    If anyone could manipulate the code at a whim the BlackBerry platform wouldn't be as secure. If you want different functionality try different apps.
    10-30-10 12:14 PM
  5. jameyworr's Avatar
    "If anyone could manipulate the code at a whim the BlackBerry platform wouldn't be as secure. If you want different functionality try different apps."

    What about QNX being open source? Surely it isn't as secure as legacy BBOS verisons?

    I don't want to pay for the SDK and I don't want to publish my apps. I'm not looking for a "how it can't be done" answer, that really doesn't help me at all. But thank you, I appreciate your input.

    I am simply looking for a way to manipulate system code in effect creating my own (very slightly different) version of the operating system. I'm not concerned with how difficult it is or the technical requirements because I can learn what I don't already know about the adjustment process, I just need to know if it can theoretically be done and if anyone has had any luck with it?

    Regards,
    Jamey
    10-30-10 12:35 PM
  6. Fubaz's Avatar
    It would be interesting on seeing if RIM can notice reverse engineering changes running on their BIS sytem, and if they would take concern to it as a vulnerability, and lock that handset out.

    But as Reed has stated, head over to the Hybrid forums, and ask specific questions about the funcionality that you are looking to change, they guys in there are great!

    also, use the QUOTE feature when quoting someone, make it easier on the eyes, and less deciphering needed.
    10-30-10 12:40 PM
  7. Fret Madden's Avatar
    "If anyone could manipulate the code at a whim the BlackBerry platform wouldn't be as secure. If you want different functionality try different apps."

    What about QNX being open source? Surely it isn't as secure as legacy BBOS verisons?

    I don't want to pay for the SDK and I don't want to publish my apps. I'm not looking for a "how it can't be done" answer, that really doesn't help me at all. But thank you, I appreciate your input.

    I am simply looking for a way to manipulate system code in effect creating my own (very slightly different) version of the operating system. I'm not concerned with how difficult it is or the technical requirements because I can learn what I don't already know about the adjustment process, I just need to know if it can theoretically be done and if anyone has had any luck with it?

    Regards,
    Jamey
    Sorry, didn't mean to be a party-pooper. What I meant was essentially an echo of Reed's post: the core software is not something RIM would appreciate being cracked and changed. QNX is now owned by RIM, and it'll most likely carry the same closed restrictions so they can retain their reputation for be a secure platform for business purposes.
    10-30-10 12:41 PM
  8. Shao128's Avatar
    In theory anything is possible. Practical? No. But if you have a few months of your life to throw away you could always try

    You're first step should have been to download the Java/BB SDKs, you're going to need to learn the BlackBerry API inside out to even attempt this. The simulators also let you run unsigned code. You'll need to start reverse engineering the COD file format. You could look at "coddec", but it needs some work to get running. Then once you are able decompile a COD youll need to clean up the code since it won't be in any state to recompile. Not to mention APIs and low level access that RIM uses that isn't part of the public SDK. Assuming you can get that far then you'll need to sign the COD file that you have created, but as with my last point you won't get it to build with the public SDK. So your best bet there would be to try and bribe someone at RIM that could provide you with these.

    A good starting point for that would be doing some reading up on Kevin Mitnick, maybe you can social engineer someone at RIM instead of bribing them

    I know you dont want to hear "it can't be done", so thats your simplest solution.
    10-30-10 12:57 PM
  9. jameyworr's Avatar
    In theory anything is possible. Practical? No. But if you have a few months of your life to throw away you could always try

    You're first step should have been to download the Java/BB SDKs, you're going to need to learn the BlackBerry API inside out to even attempt this. The simulators also let you run unsigned code. You'll need to start reverse engineering the COD file format. You could look at "coddec", but it needs some work to get running. Then once you are able decompile a COD youll need to clean up the code since it won't be in any state to recompile. Not to mention APIs and low level access that RIM uses that isn't part of the public SDK. Assuming you can get that far then you'll need to sign the COD file that you have created, but as with my last point you won't get it to build with the public SDK. So your best bet there would be to try and bribe someone at RIM that could provide you with these.

    A good starting point for that would be doing some reading up on Kevin Mitnick, maybe you can social engineer someone at RIM instead of bribing them

    I know you dont want to hear "it can't be done", so thats your simplest solution.
    Thank you for a straight answer lol. Very interesting indeed. I've been researching COD files and was wondering... are the high level BB applications (BBM, Browser, Messaging, GUI, etc) COD apps as well?

    I knew that signing the apps was going to be a problem, so I'm working on a solution. With Android, for instance, you can flash the devices hardware and remove permissions from the system code without affecting system performance. Obviously this is much more easily done with Android because the system source is readily available, but I've known people to have done this on other closed systems like Windows and Mac OS.

    I don't have much experience with decompiling, so I was wondering, will the output for the CODDEC decompiler be human readable Java?

    Thanks again
    10-30-10 01:16 PM
  10. Shao128's Avatar
    Thank you for a straight answer lol. Very interesting indeed. I've been researching COD files and was wondering... are the high level BB applications (BBM, Browser, Messaging, GUI, etc) COD apps as well?

    I don't have much experience with decompiling, so I was wondering, will the output for the CODDEC decompiler be human readable Java?

    Thanks again
    Yes pretty much anything you interact with (BBM, browser etc) is installed through a cod file.

    Coddec.... somewhat.
    10-30-10 01:26 PM
LINK TO POST COPIED TO CLIPBOARD