Wizard version hack

This info was put togetter based on all the effort that was put in the following thread: http://forum.xda-developers.com/showthread.php?t=294218 My small contribution is to collect the bits and pieces and put it in here.

This article is on changing the Wizard OS version numbers by hacking the ROM image. The ROM image is contained in the 80040000-OS_0.nb file that’s in the nk.nbf which goes with every Rom Upgrade.

Why would you want to hack the OS version (apart from generating your favourite number ;-)? Well some software packages (among them the Blackberry Connect client software) rely on hard-coded version numbers.

Contents 1 Introduction 2 Finding and changing the major version number 3 Finding and changing the minor version number 4 Blackberry Connect client

Introduction

The OS version consists of two parts, the major version number and the minor version number. The ‘line’ between these two is at the 2nd dot (from the left).
So:
OS 5.1.463 has major version 5.1 and minor version 463
OS 5.2.318 has major version 5.2 and minor version 318

Finding and changing the major version number

The string containing the major version number is easiest to find. It has (in HEX) the decimal version number in it on fixed positions.
Major version 5.1 has string 05 20 A0 E3 01 10 A0 E3
Major version 5.2 has string 05 20 A0 E3 02 10 A0 E3

Just find it with a HEX editor. The string appears two times in the 80040000-OS_0.nb file.

Changing the major verson number is just as easy: just replace the indicated bytes with the correct numbers (remember: two times)

Finding and changing the minor version number

The string containing the minor version number is hard to find. Easiest way is to search the forum for the string belongs to a Rom that has the same version number as yours. Examples:

Minor
version String

195 C3 30 A0 E3 00 30 83 E3 45 2F A0 E3 05 10 A0 E3 01
318 4F 3F A0 E3 02 30 83 E3 45 2F A0 E3 05 10 A0 E3 02
461 73 3F A0 E3 01 30 83 E3 45 2F A0 E3 05 10 A0 E3 01
463 73 EF A0 E3 03 40 A0 E3 00 50 A0 E3 01 30 80 E5
465 1D 3E A0 E3 01 30 83 E3 45 2F A0 E3 05 10 A0 E3 01
1413 16 3D A0 E3 05 30 83 E3 45 2F A0 E3 05 10 A0 E3 02
1620 65 3E A0 E3 04 30 83 E3 45 2F A0 E3 05 10 A0 E3 02
1908 77 3E A0 E3 04 30 83 E3 45 2F A0 E3 05 10 A0 E3 02


Just find it with a HEX editor. The string appears two times in the 80040000-OS_0.nb file.

The calculations used to change the minor OS version is based on the following mulitiplier table:
1 0x40000000;
2 0x10000000;
3 0x4000000;
4 0x1000000;
5 0x400000;
6 0x100000;
7 0x40000;
8 0x10000;
9 0x4000;
A 0x1000;
B 0x400;
C 0x100;
D 0x40;
E 0x10;
F 0x4;
0 0x1;

The formula to calculate the minor version in HEX is in general:
(1st bold byte (multiplier to 2nd digit of 1st italic byte))* (2nd bold byte (multiplier to 2nd digit of 2nd italic byte))
By just translating the HEX to a decimal gets the visible minor version of the OS.

Examples:
Minor version 463
String 73 EF A0 E3 03 40 A0 E3 00 50 A0 E3 01 30 80 E5
Calculation (0x73 0x4)* ( 0x03 0x1) 0x1CF dec 463

Minor version 318
String 4F 3F A0 E3 02 30 83 E3 45 2F A0 E3 05 10 A0 E3 02
Calculation (0x4F 0x4)* (0x02 0x1) 0x13E dec 318

Minor version 461
String 73 3F A0 E3 01 30 83 E3 45 2F A0 E3 05 10 A0 E3 01
Calculation (0x73 0x4)* (0x01 0x1) 0x1CD dec 461

Minor version 1413
String 16 3D A0 E3 05 30 83 E3 45 2F A0 E3 05 10 A0 E3 02
Calculation (0x16 0x40)* (0x05 0x1) 0x585 dec 1413

Minor version 465
String 1D 3E A0 E3 01 30 83 E3 45 2F A0 E3 05 10 A0 E3 01
Calculation (0x1D 0x10)* (0x01 0x1) 0x1D1 dec 465

Minor version 1908
String 77 3E A0 E3 04 30 83 E3 45 2F A0 E3 05 10 A0 E3 02
Calculation (0x77 0x10)* (0x04 0x1) 0x774 dec 1908

Changing the minor version number is easy again: just replace the bold/italic bytes with the correct numbers (remember: two times)

Blackberry Connect client

BBC Version OS version AKU
2.1.2.31 5.1.195 .2.0.0 <== This has proven to work on my Wizard
2.1.2.52 5.1.465 .3.3.1 <== This has not worked on my Wizard

The AKU version is in the registry: HKLM\System\Versions