FORUMS
Remove All Ads from XDA

[Solved] Blackberry Connect Hacking

510 posts
Thanks Meter: 44
 
By c0rnholio, Senior Member on 15th February 2007, 08:58 AM
Post Reply Email Thread
26th February 2007, 10:03 PM |#31  
OP Senior Member
Flag in the basement...
Thanks Meter: 44
 
More
Quote:
Originally Posted by jelleeelco

Thanks, that was quick...

Just to be 100% sure: I have to look into the original 800310000.nb file that I get from decoding the nbf file? Or do I change the dll file?

My problem is, I can't find that string! When I use the DLL from Tmobile, and use the string in there, I DO find it in the .nb file. BUt when I use the .dll from the WM6 rom, I can't find it in the .nb file of WM6...

You should find this in WM6 .nb file: 05 20 A0 E3 02 10 A0 E3 A5 EF A0 E3

And should change it into : 05 20 A0 E3 01 10 A0 E3 C3 E0 A0 E3

I'm off for today. I'll get back to you tomorrow.
 
 
26th February 2007, 11:04 PM |#32  
Junior Member
Thanks Meter: 0
 
More
got the error...
Hi

I THINK (pls check my logic) got the error….First I did ONLY the Coredll.dll to the XIP2 folder. Now I extracted all files, as in your manual…

Gives me the following result:

EXPORT GetVersionExW
GetVersionExW
STMFD SP!, {R4,R5,LR} ; GetVersionEx
MOVL R3, 0x1CD
MOV R2, #0x114
MOV R1, #5
MOV LR, #1
MOV R4, #3
MOV R5, #0
STR R3, [R0,#0xC]
STR R2, [R0]
STR R1, [R0,#4]
STR LR, [R0,#8]
STR R4, [R0,#0x10]
STRH R5, [R0,#0x14]
MOV R0, #1
LDMFD SP!, {R4,R5,LR}
BX LR
; End of function GetVersionExW


MOVL R3, 0x1CD 45 2F A0 E3
MOV R2, #0x114 05 10 A0 E3
MOV R1, #5 05 10 A0 E3
MOV LR, #1 00 50 A0 E3
MOV R4, #3 0C 30 80 E5
MOV R5, #0 0C 30 80 E5

3 lines around it:
03F7C470 1E FF 2F D1 00 00 A0 E3 1E FF 2F E1 30 40 2D E9
03F7C480 73 3F A0 E3 01 30 83 E3 45 2F A0 E3 05 10 A0 E3
03F7C490 01 E0 A0 E3 03 40 A0 E3 00 50 A0 E3 0C 30 80 E5

And these I do find in the .nb file.

So if you can tell me which ones to change!!
Thanks
Jelle
26th February 2007, 11:31 PM |#33  
OP Senior Member
Flag in the basement...
Thanks Meter: 44
 
More
Quote:
Originally Posted by jelleeelco

Hi


3 lines around it:
03F7C470 1E FF 2F D1 00 00 A0 E3 1E FF 2F E1 30 40 2D E9
03F7C480 73 3F A0 E3 01 30 83 E3 45 2F A0 E3 05 10 A0 E3
03F7C490 01 E0 A0 E3 03 40 A0 E3 00 50 A0 E3 0C 30 80 E5

And these I do find in the .nb file.

So if you can tell me which ones to change!!
Thanks
Jelle


Change: 73 3F A0 E3 01 30 83 E3 45 2F A0 E3 05 (which is version 5.1.461)
To: C3 30 A0 E3 01 30 83 E3 45 2F A0 E3 05 (which will be 5.1.195)
27th February 2007, 08:53 AM |#34  
Junior Member
Thanks Meter: 0
 
More
string found, don't know how to encode .nb
I could change the strings in the .nb file. However I can't figure out how to encode the 800310000-os.nb file back to a nbf file.

Anyone an idea? I tried to use typhoonnbfdecode_v5, but I can't get the settings correct to work. Too bad there isn't a simple tool like HTC 64 for the Universal...or is there??

thanks
Jelle
27th February 2007, 09:08 AM |#35  
OP Senior Member
Flag in the basement...
Thanks Meter: 44
 
More
Quote:
Originally Posted by jelleeelco

Hi

I THINK (pls check my logic) got the error….First I did ONLY the Coredll.dll to the XIP2 folder. Now I extracted all files, as in your manual…

Dude, what have you done? The version in your last post is an AKU 3.3 ROM, not a WM6.

However, the hex values I've told you here

Quote:
Originally Posted by c0rnholio

You should find this in WM6 .nb file: 05 20 A0 E3 02 10 A0 E3 A5 EF A0 E3

And should change it into : 05 20 A0 E3 01 10 A0 E3 C3 E0 A0 E3

are the right one. I've donwloaded the Underground Version of WM6 for the Wizard and extracted the .nb file. I fired up my hex editor and looked for the hex values above. They are there, 2 times. Change them to the ones I told you and you should be fine.

Cheers
27th February 2007, 09:13 AM |#36  
Junior Member
Thanks Meter: 0
 
More
Ha, I just found that out as well...I must have swapped up the files somewere...I'm going to do it one more time and see what I can find...

Do you know how to encode though again back from nb to nbf?
27th February 2007, 09:21 AM |#37  
Junior Member
Thanks Meter: 0
 
More
Thumbs down I'm stupid
Oh boy, I'm very sorry that I have waisted your time so badly... I decoded the WM6 rom again and yep, there was the string....

I know what went wrong; in my WM6 folder I had the extracted files as well as a zip file named AKU3_Crossbow....I took the NFB twice from different places.

Now I've got my fixed .nb file (fixed on both places), all I have to do is encode and flash the phone... See my last question: any idea how to encode a nb file??
27th February 2007, 09:24 AM |#38  
OP Senior Member
Flag in the basement...
Thanks Meter: 44
 
More
Quote:
Originally Posted by jelleeelco

I could change the strings in the .nb file. However I can't figure out how to encode the 800310000-os.nb file back to a nbf file.

Anyone an idea? I tried to use typhoonnbfdecode_v5, but I can't get the settings correct to work....

There is something regarding this in the wiki:
http://wiki.xda-developers.com/index...onnbfdecode.pl

Also there seems to be a util called nb2nbf_tornado (search for it in the wizard section of this forum). It seems to be able to rebuild the nbf file for the wizard.

cheers
27th February 2007, 10:01 AM |#39  
Junior Member
Thanks Meter: 0
 
More
One last request?
Thanks...got it...

Now I decoded my changed .nb file. Just to be sure, I checked the original .nbf with the new .nbf and there are some differences. I just want to make sure it won't brick my phone when I flash; I'm particularly worried about the blversion (empty in the new nbf) and the fact that VERSION is not mentioned (nothing vs 3.0) and that the 80040000 now changed to 82040000.


New:

blversion
device WIZARD
entrycount 1
flags 17
flags2 12
hdrcrc 0x70b6780e
language WWE
magic HTC
operator
rest2

version
82040000 03900000 bf6e8154 OS
---------------------------------------------------

Old:

blversion 332e30
device WIZARD
entrycount 1
flags 17
flags2 12
hdrcrc 0x7aa01a5b
language WWE
magic HTC
operator
rest2

version 3.0
80040000 03900000 3fcb4aa7 OS
27th February 2007, 10:05 AM |#40  
OP Senior Member
Flag in the basement...
Thanks Meter: 44
 
More
Quote:
Originally Posted by jelleeelco

Thanks...got it...

Now I decoded my changed .nb file. Just to be sure, I checked the original .nbf with the new .nbf and there are some differences. I just want to make sure it won't brick my phone when I flash; I'm particularly worried about the blversion (empty in the new nbf) and the fact that VERSION is not mentioned (nothing vs 3.0) and that the 80040000 now changed to 82040000.

Sorry, can't help you on this. I have zero experience regarding the wizard.
27th February 2007, 10:11 AM |#41  
Senior Member
Thanks Meter: 9
 
More
Thanks a lot by your help
Cornholio: just to say that after some days using BB with WM6 jwr 2.08 all is fine. IT is incredible. You are the best.

Do you think we could improve some features I don't like or are missing in BB?

- not possible to call directly when push phone key over a mail to sender.
- not automatic suggestion of mail address when writing the "to" field.
- not connection to voice command as message, when comes new ones.


I thing is a matter of registry keys associated to msoutlook but should be changed to support bb accounts.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes