|
|
 |
|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
| |||||||
| Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
| GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets. |
 |
| | LinkBack | Thread Tools | Display Modes |
01-02-2009, 17:18
| #1 (permalink) |
| Junior Member Join Date: Jan 2009 Location: Tronna, Ont
Posts: 5
Member: 936397 Status: Offline Thanks Meter: 6 | Debranding - Hacking VSM files http://rapidshare.com/files/175815498/all_vsm_pack.zip I've been looking at a few, here's what I've seen, maybe someone can add to this knowledge until we have the scheme for the VSM file format, then we can make our own?!?! - A VSM is a resource file of sorts and contains 1 OR MORE files inside, These resources seem to be uncompressed and may be text, PNG files or even MP3 files. The first 20 bytes of a VSM file are a biggie header and largely unknown in purpose: - byte offset 0xC seems to be the Vendor ID - the last 2 bytes of these 20 (in high-low order) indicate the size of the first resource ... then we have the first resource If there's only one resource in the VSM then we have some unknown and irregularly-counted trailing bytes (say 6 or 7?). If we have another resource in the VSM file then after the first resource_data ends we then have 8 unknown bytes, then two bytes (again in high-low format) indicating the size of the second resource, followed by the second resource. That's all I have time for, maybe someone can leapfrog on this? Thx to all for the info on this site - i just un-network-locked my 8700r successfully (or so it seems : ) =-=-=-=- The most important part to consider here, is that VSM files ARE NOT merely 20 static bytes prepended to a PNG splash-screen file. =-=-=-=- Personally, if I wanted to adjust my splash screen I'd go about it this way: - locate the relevant VSM file from my provider for my model of device - remove the PNG part of it which is my splash screen - and insert into the same location in the VSM file my new PNG splash screen - then adjust the last 2 bytes of the 20-byte header to be the size of my inserted PNG file since it's unlikely that my PNG will be the same filesize as the original - have $100 in hand to replace my BB if I brick it when I load this new VSM file Good luck! |
 |
| The Following 6 Users Say Thank You to BellVictim For This Useful Post: |
|
01-02-2009, 20:11
| #2 (permalink) |
| Freak Poster   Join Date: Apr 2004 Location: Where night is bright Age: 44
Posts: 219
Member: 61649 Status: Offline Thanks Meter: 113 | I did all 1/2 month ago, but splash screen still blank and vendor stoll showed me -1. I haven't enough time for continue discover. My question is which algorithms of CRC check in VSM file |
| |
|
01-03-2009, 03:13
| #3 (permalink) | ||
| Junior Member Join Date: Jan 2009 Location: Tronna, Ont
Posts: 5
Member: 936397 Status: Offline Thanks Meter: 6 | Quote:
Quote:
BTW, may I ask: are you sure a checksum is used, how do you know this, etc? I do have a link to a code segment from someone who years ago who hacked the serial communications protocol (i.e. RS-232 data for the RIM 957). The reason I post this is that 1) it's probably easy for someone to implement this algorithm and see if resource sections (or the whole VSM file) are being checksummed with this algorithm and 2) RIM seems to be rather lazy - by that I mean that in OS 4.1 (IIRC) the little icons on the device (when it was connected to the PC) looked just like the cheesy, pixelated ones on my olde, olde RIM 957 when it was connected to the PC ... which suggests to me that RIM likes to re-use their intellectual property for years and years. Anyway, here's the link: http://www.off.net/cassis/protocol-d...ion.html#h-5.0 Maybe someone can do a quick & dirty to see if this is the checksum used by RIM in the VSM files? | ||
| |
|
01-03-2009, 03:58
| #4 (permalink) | |
| Major Poster Join Date: Dec 2008
Posts: 42
Member: 935267 Status: Offline Thanks Meter: 10 | Quote:
 | |
| |
|
01-03-2009, 04:24
| #5 (permalink) |
| Junior Member Join Date: Jan 2009 Location: Tronna, Ont
Posts: 5
Member: 936397 Status: Offline Thanks Meter: 6 | Branding (VSM) API Info Let me also add this link since it looks informative for anyone wanting to hack the VSM file format... http://www.blackberry.com/developers.../Branding.html It explains the various resource_types which may (presumably) appear in the VSM file. My guess is that the resource_type identifiers will appear in part of the header/unknown bytes in the VSM file. (Thanks to user hhardheart for posting this link previously). |
| |
|
01-03-2009, 10:31
| #6 (permalink) | ||
| Junior Member Join Date: Jan 2009 Location: Tronna, Ont
Posts: 5
Member: 936397 Status: Offline Thanks Meter: 6 | Hacking VSM Files - More CheckSum API from RIM, "Resource Bundles" Looks like the RIM API has some checksum calculators built within it - perhaps one of these is doing the dirty work; from: http://www.blackberry.com/DevMediaLi...w.do?name=java we have: Quote:
http://www.blackberry.com/developers...rceBundle.html Quote:
http://www.blackberry.com/developers...index-all.html speaks a little of "resource bundle" and the like. | ||
| |
|
01-30-2009, 17:47
| #7 (permalink) |
| Freak Poster Join Date: Jan 2009
Posts: 170
Member: 956117 Status: Offline Thanks Meter: 66 |  VSM files start with the bytes 01 00 00 bc which appear to be nothing more than a magic number. Changing any of these first four bytes causes the file to not be recognized as a VSM file. Next are four bytes that give the length of the resource section in little-endian order so 46 0b 00 00 signifies that the length is 0x00000b46 or 2886 bytes long. The next four bytes are calculated by taking 0xffffffff - (the CRC-32 of the resource section). If the CRC-32 of the resource section is 0x5480b153 then take 0xffffffff - 0x5480b153 = 0xab7f4eac so the four bytes are ac 4e 7f ab. The Vendor ID takes the next two bytes. Remember that little-endian order is used, so 36 01 is used to represent the vendor id 310 for Wind Italy. The Vendor ID MAY be changed without affecting the file signature or the checksum. The next two bytes are always zero. There is a single byte value of unknown purpose followed by two bytes of zero followed by a byte that is zero when the unknown value is zero, and one when the unknown value is non-zero. There are eight bytes of zero before the resource section begins. This may be reserved for future use. The resource section may be empty, but most often it contains resources. Each resource starts with two bytes that specify the resource type, followed by a two byte resource length value, followed by the resource data. If the last byte of the resource falls on an even-numbered address offset (assuming the first byte in the file is considered offset zero) then there is a pad null byte between the two resources. The pad byte is not figured into the length of either resource, but is included in the value for the total resource section length found in the file header. The resouces may be listed in any order, however changing any byte in the resource section including resource order will cause the file signature to be invalid. Following the resource section there may or may not be a footer and signature. The footer is the byte sequence: 1F 2D C8 D7 33 00 00 00 80 00 00 00. I am not sure of the function of the first eight bytes, but I believe the 80 00 specifies that the signature is of length 0x0080 or 128 bytes. There are two null bytes followed by a 128 byte (1024 bit) signature. The following table lists the values to use to define a field type followed by a name for each. There are also some values for flags listed after the field for which they are used. Code: 0x0 FIELD_BITMAP_1_DATA 0x1 FIELD_BITMAP_1_TIMEOUT 0x2 FIELD_BITMAP_2_DATA 0x10 FIELD_ENGINEERING_UNIT 0x11 FIELD_SUPPRESS_SOS 0x13 FIELD_BETA_TEST 0x14 FIELD_EVALUATION_UNIT 0x15 FIELD_SUPPORT_DIRECT_DIAL_SEND 0x16 FIELD_ONS_RENDER_MODE 0x17 FIELD_DISABLE_VOLUME_BOOST 0x18 FIELD_DISABLE_BLACKBERRY_PROTECTION_MODE 0x1000 FIELD_WELCOME_MESSAGE_SUBJECT_ISO8859 0x1001 FIELD_WELCOME_MESSAGE_BODY_ISO8859 0x1002 FIELD_WELCOME_MESSAGE_FROM_ISO8859 0x1003 FIELD_WELCOME_MESSAGE_SUBJECT 0x1004 FIELD_WELCOME_MESSAGE_BODY 0x1005 FIELD_WELCOME_MESSAGE_FROM 0x1100 FIELD_DEVICE_MESSAGE_SUBJECT 0x1101 FIELD_DEVICE_MESSAGE_BODY 0x1102 FIELD_DEVICE_MESSAGE_FROM 0x1200 FIELD_TOP_TIPS_MESSAGE_SUBJECT 0x1201 FIELD_TOP_TIPS_MESSAGE_BODY 0x1202 FIELD_TOP_TIPS_MESSAGE_FROM 0x2000 FIELD_ESCREEN_HELP_MSG 0x3000 FIELD_PROVISIONING_IP 0x3001 FIELD_PROVISIONING_DEST_PORT 0x3002 FIELD_PROVISIONING_SRC_PORT 0x3003 FIELD_PROVISIONING_APN 0x3004 FIELD_PROVISIONING_DEVICE_CLASS 0x3005 FIELD_PROVISIONING_APN_USERNAME 0x3006 FIELD_PROVISIONING_APN_PASSWORD 0x3007 FIELD_PROVISIONING_FLAGS 0x1 FLAG_PROVISIONING_DONT_SEND_MSISDN 0x2 FLAG_PROVISIONING_DONT_SEND_ICCID 0x4 FLAG_PROVISIONING_SEND_SPN 0x8 FLAG_PROVISIONING_RIM 0x10 FLAG_PROVISIONING_SEND_EMPLOYEE_ROLE_FEATURE_INFO 0x20 FLAG_PROVISIONING_DONT_SEND_AIRTIME_USAGE_STATS 0x40 FLAG_PROVISIONING_INFO_LEVEL_1 0x80 FLAG_PROVISIONING_INFO_LEVEL_2 0x3100 FIELD_2ND_PROVISIONING_IP 0x3101 FIELD_2ND_PROVISIONING_DEST_PORT 0x3102 FIELD_2ND_PROVISIONING_SRC_PORT 0x3103 FIELD_2ND_PROVISIONING_APN 0x3104 FIELD_2ND_PROVISIONING_DEVICE_CLASS 0x3105 FIELD_2ND_PROVISIONING_APN_USERNAME 0x3106 FIELD_2ND_PROVISIONING_APN_PASSWORD 0x3107 FIELD_2ND_PROVISIONING_FLAGS 0x3500 TCP_APN_DEFAULT_APNNAME 0x3501 TCP_APN_DEFAULT_USERNAME 0x3502 TCP_APN_DEFAULT_PASSWORD 0x3600 FIELD_CDMA_IIF_APN 0x3601 FIELD_CDMA_IIF_APN_USERNAME 0x3602 FIELD_CDMA_IIF_APN_PASSWORD 0x3800 FIELD_PRIMARY_WIRELESS_ACCESS_FAMILY 0x1 WAF_3GPP 0x2 WAF_CDMA 0x3 WAF_WLAN 0x4 WAF_IDEN 0x4000 FIELD_BRANDING_WAP_ICON 0x4001 FIELD_BRANDING_TUNE 0x4002 FIELD_BRANDING_TUNE_NAME 0x4003 FIELD_BRANDING_KEY 0x4004 FIELD_BRANDING_TUNE_MIDI 0x4005 FIELD_BRANDING_WAP_SPLASH 0x4006 FIELD_BRANDING_TUNE_CONTENT_DATA 0x4007 FIELD_BRANDING_TUNE_CONTENT_TYPE 0x4100 FIELD_BRANDING_BROWSER_ICON_0 0x4101 FIELD_BRANDING_BROWSER_ICON_1 0x4102 FIELD_BRANDING_BROWSER_ICON_2 0x4103 FIELD_BRANDING_BROWSER_ICON_3 0x4104 FIELD_BRANDING_BROWSER_ICON_4 0x4105 FIELD_BRANDING_BROWSER_ICON_5 0x4106 FIELD_BRANDING_BROWSER_ICON_6 0x4107 FIELD_BRANDING_BROWSER_ICON_7 0x4108 FIELD_BRANDING_BROWSER_ICON_8 0x4109 FIELD_BRANDING_BROWSER_ICON_9 0x4200 FIELD_IDLESCREEN_CONTENT_TYPE 0x4201 FIELD_IDLESCREEN_CONTENT_DATA 0x4202 FIELD_BRANDING_IGNORE_INTEL_SPLASH 0x4300 FIELD_BROWSER_UAPROF_URI 0x5000 FIELD_HELP_WMLC 0x5100 FIELD_PREFERRED_PLMN_FEATURE 0x0 VALUE_PREFERRED_PLMN_DISABLED 0x1 VALUE_PREFERRED_PLMN_ENABLED 0x5200 PHONE_BOOT_URL 0x5201 PHONE_BOOT_NAIURL 0x5202 BROWSER_DOMAIN_TRUSTED 0x5203 BROWSER_PROXY_WDP 0x5300 FIELD_CELL_BROADCAST 0x5301 FIELD_CELL_BROADCAST_ALWAYS_POPUP 0x6000 FIELD_MESSAGE_LIST_OPTIONS_AUTO_ATTACHMENT_DOWNLOAD_ENABLED 0x6001 FIELD_MESSAGE_LIST_OPTIONS_AUTO_ATTACHMENT_DOWNLOAD 0x6002 FIELD_MESSAGE_LIST_OPTIONS_AUTO_ATTACHMENT_DOWNLOAD_HIGH_SPEED_NETWORK 0x7000 FIELD_OMA_CLIENT_PROVISIONING_DOCUMENT 0x7010 FIELD_GAN_SECURE_GATEWAY 0x7011 FIELD_GAN_CONTROLLER 0x7020 FIELD_GAN_ROOT_CERT_1 0x7021 FIELD_GAN_ROOT_CERT_2 0x7022 FIELD_GAN_ROOT_CERT_3 0x7023 FIELD_GAN_ROOT_CERT_4 0x7026 FIELD_GAN_WLAN_THRESHOLD 0x0 VALUE_GAN_ROVE_THRESHOLD_LOW 0x1 VALUE_GAN_ROVE_THRESHOLD_MEDIUM 0x2 VALUE_GAN_ROVE_THRESHOLD_HIGH 0x7027 FIELD_GAN_SIGNAL_STRENGTH_THRESHOLD 0x7028 FIELD_GAN_SIGNAL_QUALITY_THRESHOLD 0x7029 FIELD_GAN_PROTOCOL_VERSION 0x0 VALUE_GAN_PROTOCOL_VERSION_UMA_1_0_0 0x1 VALUE_GAN_PROTOCOL_VERSION_UMA_1_0_1 0x2 VALUE_GAN_PROTOCOL_VERSION_UMA_1_0_2 0x3 VALUE_GAN_PROTOCOL_VERSION_UMA_1_0_3 0x4 VALUE_GAN_PROTOCOL_VERSION_UMA_1_0_4 0x5 VALUE_GAN_PROTOCOL_VERSION_3GPP_rev6 0x7030 FIELD_WLAN_DISABLED 0x7031 FIELD_WLAN_ENTERPRISE_DATA_DISABLED 0x7032 FIELD_WLAN_ENTERPRISE_DATA_FLAG_OVERRIDES_IT_POLICY 0x7033 FIELD_WLAN_LAYER3_AUTH_KEY Code: 0x01 1 RIM 0x64 100 T_MOBILE_US 0x65 101 CINGULAR_WIRELESS 0x66 102 AT_T_WIRELESS 0x67 103 NEXTEL 0x68 104 SPRINT_PCS 0x69 105 VERIZON_WIRELESS 0x6a 106 ALLTEL 0x6b 107 ROGERS_AT_T 0x6c 108 MICROCELL 0x6d 109 BELL_MOBILITY 0x6e 110 BT_CELLNET 0x6f 111 O2_GERMANY 0x70 112 DIGIFONE 0x71 113 TELFORT 0x72 114 T_MOBILE_GERMANY_AUSTRIA 0x73 115 TIM_ITALY 0x74 116 HUTCHISON 0x75 117 BOUYGUES_TELECOM 0x76 118 VODAFONE_SFR_FRANCE 0x77 119 ORANGE_FRANCE 0x78 120 VODAFONE_UK_NETHERLANDS 0x79 121 TELCEL_MEXICO 0x7a 122 TELSTRA 0x7b 123 T_MOBILE_UK 0x7c 124 VODAFONE_GERMANY 0x7d 125 O2_UK_IRELAND_ISLE_OF_MAN_NETHERLANDS 0x7e 126 TELUS 0x7f 127 SMART 0x80 128 STARHUB 0x81 129 TELEFONICA_SPAIN 0x82 130 VODAFONE_SWITZERLAND_SWISSCOM 0x83 131 CABLE_WIRELESS_WEST_INDIES 0x84 132 VODAFONE_ITALY 0x85 133 VODAFONE_SPAIN 0x86 134 T_MOBILE_NETHERLANDS 0x87 135 CINCINNATI_BELL 0x88 136 TELEFONICA_MEXICO 0x89 137 VODAFONE_AUSTRIA 0x8a 138 VODAFONE_AUSTRALIA_FIJI 0x8b 139 VODAFONE_IRELAND 0x8c 140 TELENOR_SWEDEN 0x8d 141 CSL 0x8e 142 ORANGE_UK 0x8f 143 VODAFONE_NEW_ZEALAND 0x90 144 SINGTEL 0x91 145 GLOBE 0x92 146 OPTUS 0x93 147 ORANGE_BE_MOBISTAR 0x94 148 VODAFONE_HUNGARY 0x95 149 BHARTI 0x96 150 KPN_NL 0x97 151 WIND_HELLAS_TIM_GREECE 0x98 152 VODAFONE_BELGIUM 0x99 153 VODAFONE_PORTUGAL 0x9a 154 TIM_BRAZIL 0x9b 155 BT_MOBILE 0x9c 156 EARTHLINK 0x9d 157 AETHER 0x9e 158 E_PLUS 0x9f 159 BASE 0xa0 160 DOBSON_COMMUNICATIONS 0xa1 161 VODAFONE_EGYPT 0xa2 162 ORANGE_SWITZERLAND 0xa3 163 RIM_WLAN 0xa4 164 T_MOBILE_SUNCOM 0xa5 165 MAXIS 0xa6 166 VODAFONE_DENMARK_TDC 0xa7 167 VODAFONE_SINGAPORE_M1 0xa8 168 VODACOM_SOUTH_AFRICA 0xa9 169 T_MOBILE_POLAND 0xaa 170 T_MOBILE_CZECH 0xab 171 T_MOBILE_HUNGARY 0xac 172 AT_T_SPRINT 0xad 173 MTN_SOUTH AFRICA 0xae 174 TIM_CHILE_ENTEL_PCS 0xaf 175 ORANGE_SPAIN 0xb0 176 VODAFONE_SMARTONE_HONG_KONG 0xb1 177 TCS_TELECOMMUNICATION_SYSTEMS 0xb2 178 AVEA 0xb3 179 FAST_100 0xb4 180 TURKCELL 0xb5 181 PARTNER_COMMUNICATIONS 0xb7 183 ORANGE_ROMANIA 0xba 186 TELKOMSEL 0xbc 188 VODAFONE_GREECE 0xbd 189 UNITED_STATES_CELLULAR_CORP 0xbe 190 MOBILINK 0xbf 191 VELOCITA_WIRELESS 0xc0 192 VODAFONE_CROATIA 0xc1 193 VODAFONE_SLOVENIA 0xc2 194 VODAFONE_LUXEMBOURG 0xc3 195 VODAFONE_ICELAND 0xc4 196 VODAFONE_FIJI 0xc5 197 VODAFONE_ROMANIA 0xc6 198 VODAFONE_CZECH 0xc7 199 VODAFONE_BAHRAIN 0xc8 200 VODAFONE_KUWAIT 0xc9 201 T_MOBILE_CROATIA 0xca 202 T_MOBILE_SLOVAKIA 0xcb 203 NORTEL 0xcc 204 CHINA_MOBILE 0xcd 205 MOVILNET 0xd1 209 SYMPAC 0xd2 210 PERSONAL_ARGENTINA 0xd4 212 ETISALAT_UAE 0xd5 213 CBEYOND 0xd6 214 AMX 0xd7 215 TELEFONICA_VENEZUELA 0xd8 216 TELEFONICA_BRAZIL 0xd9 217 ORANGE_ROMANIA 0xda 218 KTPOWERTEL_KOREA 0xdb 219 ROLLING_STONES 0xdc 220 DOCOMO 0xde 222 VODAFONE_BULGARIA 0xdf 223 NEXTEL_INTERNATIONAL 0xe0 224 PCCW_SUNDAY 0xe1 225 HAWAIIAN_TELCOM_CREDO_MOBILE 0xe2 226 VERIZON_MVNO 0xe3 227 MOBILY 0xe4 228 BWA 0xe5 229 O2_CZECH_REPUBLIC 0xe6 230 HUTCHISON_INDIA 0xe7 231 CELCOM 0xea 234 DIALOG 0xeb 235 XL 0xec 236 RELIANCE 0xed 237 VERIZON_WIRELESS_WHOLESALE 0xee 238 VODAFONE_TURKEY 0xef 239 TELEFONICA_MOROCCO_MEDITEL 0xf0 240 INDOSAT 0xf1 241 ALCATEL_SHANGHAI_BELL 0xf5 245 3_UK_ITALY_SWEDEN_DENMARK_AUSTRIA_IRELAND 0xf7 247 VODAFONE_ESSAR 0xf8 248 CENTENNIAL_WIRELESS 0xfa 250 T_MOBILE_AUSTRIA 0xfe 254 OI_BRAZIL 0xff 255 TELECOM_NEW_ZEALAND 0x102 258 HUTCHINSON_3G_AUSTRALIA 0x103 259 CABLE_&_WIRELESS_TRINIDAD_TOBAGO 0x10c 268 BMOBILE 0x10d 269 TATA_TELESERVICES_INDIA 0x10f 271 T_MOBILE_CROATIA 0x111 273 BT_ITALY 0x112 274 1&1 0x115 277 MTS_MOBILITY 0x116 278 VIRGIN_MOBILE 0x118 280 ORANGE_SLOVAKIA 0x11a 282 TAIWAN_MOBILE 0x11d 285 ORANGE_AUSTRIA 0x11e 286 VODAFONE_MALTA 0x120 288 BASE_JIM_MOBILE 0x127 295 CMCC_PEOPLES 0x12a 298 DIGITEL_WIRELESS 0x12b 299 SK_TELECOM 0x12c 300 SOLO_MOBILE 0x12d 301 CARPHONE_WAREHOUSE 0x12e 302 20:20_MOBILE_GROUP 0x134 308 XL_INDONESIA 0x135 309 FIDO_SOLUTIONS 0x136 310 WIND_ITALY Last edited by elseWestcott; 01-30-2009 at 17:55. Reason: reformat |
| |
| The Following 13 Users Say Thank You to elseWestcott For This Useful Post: |
|
02-09-2009, 00:48
| #8 (permalink) | |
| Crazy Poster Join Date: Jan 2009
Posts: 51
Member: 957095 Status: Offline Thanks Meter: 16 | Quote:
Nice work. Do you have an updated version of your parsing tool? - I'm having trouble parsing the PNGs from some of the VSMs with your 2/3/2009 release. Also, your online VSM design tool is fantastic. Thanks again. Do you know under what circumstances it is necessary to have a signed VSM file? mobytes | |
| |
| The Following User Says Thank You to mobytes For This Useful Post: |
|
02-11-2009, 05:52
| #9 (permalink) |
| Freak Poster Join Date: Jan 2009
Posts: 170
Member: 956117 Status: Offline Thanks Meter: 66 | I have made some changes, but only to cause some of the files that contain only text to be named .txt instead of .bin. Which VSM files are you having trouble with? I'll bet they are the ones that don't have any PNG files in them. Some of the VSM files have images in them others don't and some don't even have ANY resource section at all, just the header. You can look at the VSM files in question and search for the text "PNG" Here is the latest code: Code: #include <stdio.h>
int
main (int argc, char *argv[])
{
FILE *fpi, *fpo;
unsigned short int *buff, *resType;
buff = (short int *) malloc (0xffff);
resType = (short int *) malloc (2);
unsigned int *vendorID, *brandingVersion;
vendorID = (int *) malloc (4);
brandingVersion = (int *) malloc (4);
unsigned short int *filename;
filename = (char *) malloc (0xff);
unsigned short int resLen;
unsigned char len[] = "FFFF";
unsigned short int a, b;
char fullpath[100];
int done;
unsigned int *footerCheck;
footerCheck = (int *) malloc (4);
int fileLen, currentPos;
if (argc != 2)
{
fprintf (stderr, "Error: wrong number of arguments.\n");
fprintf (stderr, "Usage: %s <in-file>\n", argv[0]);
return (1);
}
if ((fpi = fopen (argv[1], "rb")) == NULL)
{
printf ("Cannot open input file.\n");
exit (1);
}
fseek (fpi, 0, 2); //go to end of file
fileLen = ftell(fpi); //get position
fseek (fpi, 0xc, 0);
fread (vendorID, 4, 1, fpi);
fread (brandingVersion, 4, 1, fpi);
sprintf (filename, "BV=%x VID=%d", *brandingVersion, *vendorID);
strcpy (fullpath, "output\\");
strcat (fullpath, argv[1]);
strcat (fullpath, "\\");
strcat (fullpath, filename);
if ((fpo = fopen (fullpath, "wb")) == NULL)
{
printf ("Cannot create output file %s.\n", fullpath);
exit (1);
}
fseek (fpi, 0x1c, 0);
while (fpi != EOF && done != 1)
{
fread (resType, 2, 1, fpi);
currentPos = ftell(fpi);
if ((*resType != 0x2d1f) && (currentPos < fileLen))
{
switch (*resType)
{
case 0:
fread (footerCheck, 4, 1, fpi);
if (*footerCheck == 0xd7c82d1f)
{
sprintf (filename, "BVHasPad");
done = 1;
}
else
{
sprintf (filename, "0x%x.png", *resType);
fseek (fpi, ftell (fpi) - 4, 0);
}
break;
case 2:
sprintf (filename, "%#x.png", *resType);
break;
case 0x1000:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1001:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1002:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1003:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1004:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1005:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1100:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1101:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1102:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1200:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1201:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x1202:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x2000:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3000:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3003:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3004:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3005:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3006:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3100:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3103:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3104:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3105:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3106:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3500:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3501:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3502:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3600:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3601:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x3602:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x4000:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4002:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x4003:
sprintf (filename, "%#x.asc", *resType);
break;
case 0x4004:
sprintf (filename, "%#x.mid", *resType);
break;
case 0x4005:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4006:
sprintf (filename, "%#x.mp3", *resType);
break;
case 0x4007:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x4100:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4101:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4102:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4103:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4104:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4105:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4106:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4107:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4108:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4109:
sprintf (filename, "%#x.png", *resType);
break;
case 0x4200:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x4300:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x5200:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x5201:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x5202:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x5203:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x7000:
sprintf (filename, "%#x.xml", *resType);
break;
case 0x7010:
sprintf (filename, "%#x.txt", *resType);
break;
case 0x7011:
sprintf (filename, "%#x.txt", *resType);
break;
default:
sprintf (filename, "%#x.bin", *resType);
break;
}
strcpy (fullpath, "output\\");
strcat (fullpath, argv[1]);
strcat (fullpath, "\\");
strcat (fullpath, filename);
fread (&resLen, 2, 1, fpi);
if ((fpo = fopen (fullpath, "wb")) == NULL)
{
printf ("Cannot create output file %s.\n", fullpath);
exit (1);
}
for (a = 0; a < resLen; a++)
{
fread (buff, 1, 1, fpi);
fwrite (buff, 1, 1, fpo);
}
fclose (fpo);
if (resLen % 2)
{
fseek (fpi, 1, 1);
}
}
else
{
break;
}
}
fclose (fpi);
} |
| |
| The Following User Says Thank You to elseWestcott For This Useful Post: |
|
02-11-2009, 06:22
| #10 (permalink) |
| Freak Poster Join Date: Jan 2009
Posts: 170
Member: 956117 Status: Offline Thanks Meter: 66 | I'm not sure when it is required to use a signed VSM file. I suspect that RIM will start requiring signed VSM files in newer versions of the OS now that we know how to create our own with valid checksums. I will leave it up to someone else to figure out and document the process of verifying the VSM signature. Of course I know that one can write a BlackBerry app that calls Branding.isDataSigned(), but I'm talking about figuring out what part of the VSM file is hashed to get the signature and what public key is used to verify it. I've been working the last few days on adding all the remaining fields to the online VSM creator. In the process I made lots of errors and had to go back and find and fix them all. And then someone decided that it was inappropriate and my entire hosting account was deleted without any notification. That's OK though, because I have another place to host it. There are still a couple things I want to test out before I put it back online. One of those is the converson of a midi ringtone to RIM tone/duration values. I'll post when it is ready to go. I've also completed (with some help) a BlackBerry application that retrieves all the branding information and saves it to the BlackBerry filesystem as separate files for each field. It was useful in verifying the branding info was actually written exactly as sent...even if what was sent did not make sense. i.e. loading a text file as the browser background. Of course the text file would not be displayed when running the browser, and would probably crash or at least give an error. I know that loading a text file instead of a PNG for the splash screen cause a failure to boot giving an "app error 523 reset" The BrandingInfo application is also nice to run if you would like to see what branding is currently applied to your device before messing with it. You could even back up your branding info to restore it later, although I haven't found a way to retrieve the signature for the branding data short of comparing your branding data with the 1000+ VSM files and hoping there is one that matches and getting the signature from that. |
| |
| The Following User Says Thank You to elseWestcott For This Useful Post: |
|
02-11-2009, 09:43
| #11 (permalink) | |
| Junior Member Join Date: Jan 2009 Location: Tronna, Ont
Posts: 5
Member: 936397 Status: Offline Thanks Meter: 6 | Thanks for sharing your info! Quote:
| |
| |
|
02-26-2009, 17:57
| #13 (permalink) |
| Junior Member Join Date: Feb 2009
Posts: 1
Member: 981610 Status: Offline Thanks Meter: 0 | Wescott, do you by chance know or have the VSM file to debrand a Blackberry 8900 - T-Mobile USA...? Im new to this whole thing and although I am very familiar with MFI, Im not familiar with debranding and the VSM files nor have been able to locate anything. Any help is appreciated. Thank You! |
| |
|
03-02-2009, 06:17
| #14 (permalink) | |
| Junior Member Join Date: Feb 2009
Posts: 1
Member: 980395 Status: Offline Thanks Meter: 0 | Quote:
wow, this is excellent news! Good work! I can't wait for the release of the website and bb-brand-reading-app! I'm new to the scene but am reading like crazy to catch up. I have already traced your C code and have made some of my own custom VSMs. Thanks elseWestcott! ps) need any testers? Last edited by prettyha8; 03-02-2009 at 06:18. Reason: spelling | |
| |
|
03-04-2009, 16:52
| #15 (permalink) | |
| Junior Member Join Date: Mar 2009
Posts: 7
Member: 985753 Status: Offline Sonork: Keijiro Thanks Meter: 1 | Quote:
| |
| |
| The Following User Says Thank You to keijiro For This Useful Post: |
|
| Bookmarks |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to create your own VSM file / replace image in VSM file | BlackberryOS | GSM Programming & Reverse Engineering | 0 | 09-06-2009 02:28 |
| Debranding... which vsm did you use | SkyGear | BlackBerry (RIM) | 0 | 08-18-2009 19:07 |
| I have extract some pics from VSM files | Joywow | BlackBerry (RIM) | 19 | 04-10-2009 06:41 |
| VSM file for AT&T | nellyfang | BlackBerry (RIM) | 5 | 03-24-2009 15:05 |
| Debranding - need more VSM files | nellyfang | BlackBerry (RIM) | 0 | 01-14-2009 19:05 |
|
|
Linear Mode
