Please read before:
I received a lot of PM from many members asking me to repost this thread that was delated, to help other ppl who still dont know the cracking secret of the Blackberry Apps.
The idea is same cracking any computer software using a debugger so nothing new but the way changed, some forums (like "PDAxxx" and others) claims that its their idea, its wrong, the idea was posted first time on an american forum "crackbexxy" and was delated cause its agains their policy, and then was treated on "Srintgxxxs" forum, now this forum is dead, and then the secret was keept on a few forums for months, there is some members who know that and they keep it secret to get more credits, reputations and popularity.
I come today to offer this guide to all my ipmart friends, and broke this secret, and this post will be up to date than any other forum.
someone will tell me:
- why dont keep it secret, the developers will made new changes and the cracking process will be harder?
i will tell them that there is always a solution for any problem, for ex. Nokia, nokia is the biggest company and RIM is nothing beside Nokia, you can go and have a look in the moding section for nokia on this forum, we always find a solution to crack nokia apps and nokia phone security.
and it will be so boring to get all serials for all software.
NB: Cracking is against law, and this guide is for information only, i dont take any responsibility on any software you cracked, and/or installed on your device. you can always read and check developer license agreement.
Here is the detailed guide using ollydbg as debugger, you can also use winhex, it gives the same result, i made some changes on the guide to fit the new apps.
Tools :
1- Blackberry jde Download Here chose the version same your device version, if you dont know, hold "alt+shift" and press "H"
note: always try to download the old version cause RIM know about this method and the fixed some new simulator versions
2- Olly debugger Download Here: Version 1.10 (Stable) or Version 2.00 Beta
3- MDS Services Simulator (optional, required for some email software) can be downloaded here
4- Dmpclean.bat (attached)
5- Our target app - Ascendo Datavault (download @ hxxp://www.ascendo-inc.com/DataVault.html)
How To? :
1-Download and install blackberry jde version of choice, chose the version same your blackberry version, to check your device version hold "alt+shift" and press "H"
2-when the installation is complete.
click start > programs > research in motion > blackberry jde 4.x.x locate device simulator icon > right click and go to properties then click on find target. create a shortcut of defaultsimulator.bat on your desktop or the quick launch menu, whichever you prefer.
copy dmpclean.bat into your simulator’s folder, by default it should be c:\program files\research in motion\blackberry jde 4.x.x\simulator basically the same folder where the defaultsimulator.bat file is located. once copied, create a shortcut of dmpclean.bat as well next to your defaultsimulator.bat shortcut on the desktop or quick launch.
3-Right click on shortcut to defaultsimulator.bat and choose edit, at the end of the text you will see /pin=0x2100000A change this value to your blackberry's pin, and behind add your IMEI without any quotes (necessary for some IMEI verified applications) , and save it.
For example, if my pin number is 24d25d8a and my IMEI is 357880.00.879598.5
then the parameter would look like this /pin=0x24d25d8a /IMEI=357880008795985
4-Launch the device emulator by double clicking on the shortcut to defaultsimulator.bat icon. be patient, it takes some time to load the
simulator as it has the same feel as your blackberry. (note, jde 4.5.0 or maybe even lower versions start up much faster).
Go to View -> "keep lcd on" to avoid flushing the memory dump
To be sure your pin is being read correctly, navigate to options > scroll down to status and check for your pin.
5-To install an application into the simulator click on file > load java program> point to the DataVault.cod “our target app” then navigate to downloads and run the program. go to register, it shows our pin “good” and it’s asking
for the registration code else it will expire. leave it (dont close it)
6-let's launch the debugger now. double click on ollydbg.exe, once loaded click on file then choose attach. the attach window opens up very small, simply stretch by pulling it from the right buttom corner so you can see the
running programs on your computer. we are looking for a process name titled fledge with a path to the executable which should look like the following -c:\program files\research in motion\blackberry jde 4.x.x\simulator\fledge.exe - select this process and click attach. as it
finishes loading all necessary files the debugger will pause, simply press F9 once or twice to continue or sometimes SHIFT + F9, depending on olly’s mood. leave it (dont close it)
7-Now go back to the simulator and enter any facke code, untill you see the message "field full" (we will enter the following as your code 97531) then press arrow down ↓ and click on register. note: do not enter 1234567... as your bogus serial ever because most likely you will end up nowhere. after pressing enter or clicking to register a window comes up saying “Wrong Key!”. we knew that. leave it (dont close it)
8-Now go back to the debugger window (OllyDbg), then click on do an ALT + M to open the memory map, and select the first line in the memory map window. then do CTRL + B to search for the number we entered in the ASCII field and enter 97531 as your search string and click oK.
it begins to search in the memory for our bogus serial, a window titled dump pops up shortly showing the 97531 number we entered in the application > right below it shows our pin number > further down our serial is being constructed > finally we see the serial 42350 which happens to be the correct serial for my bogus pin number 24d25d8a.
9-To test our discovered registration code let’s switch to the simulator window and enter it to see what happens, well just as we hoped it would be “you have successfully register..."
Download:
DMP
 
No comments:
Post a Comment