Simple tool for viewing of Bada firmware - Bada Software and Hacking General

This is a my program for viewing of bada firmware.
This source code

Thanks ho

tried it with simple test
dumped a ShpApp file then save it to another location
and here is the surprise
i did a hash check between both files and they didn't match!!!!!!!
have the same size same name differs in dates and differs in hash check
i think you have to work on your beta app more
keep the good work
and by the way the UI is more simple than trix so i pet it will beat it when it is finished

mylove90 said:
i did a hash check between both files and they didn't match!!!!!!!
Click to expand...
Click to collapse
Thank you for the test
Hash should be different. Programs use different ways to sort the directory
The file will be correct

@ mylove90
Multiloader 5.62 for instance checks without attached handset.
Best Regards

adfree said:
@ mylove90
Multiloader 5.62 for instance checks without attached handset.
Best Regards
Click to expand...
Click to collapse
ok adfree you are so right
i can't argue with you off course
who am i to do it?
sorry but i just wanted to tell the app maker about that maybe he can try to improve that point

MD5 Hash is only "mandatory" for Multiloader. But you can also disable MD5...
NO MD5 Hash needed.
Important is only that structure of created files is valid and content files are not corrupt...
But for instance sort Order from A to Z or from 1-10 or versa vi is not important.
I mean position from content files in created files like FFS...
Example, 3 files:
1
2
3
Second attempt with different sort order:
3
2
1
Both created files are valid, but MD5 differs, NOT equal...
Generally. Hashes like MD5... if only 1 Byte is different. Then Hash complete different.
Sorry, bad english description but I hope you understand what I mean...
Forget MD5.
Anyway. Thank you for testing mylove90.
Best Regards

adfree said:
MD5 Hash is only "mandatory" for Multiloader. But you can also disable MD5...
Click to expand...
Click to collapse
Multiloader does not check the MD5 hash, it checks the signature on the offset 440 bytes from the end of the file. My program calculates and corrects the signature.

New version 0.0.1
New features:
Added drag and drop files to the dump
Added drag and drop files to add the firmware
Added preview ini, txt, xml, jpg, png files
The program can be downloaded in the first post

@ ho1od
Maybe if you have time. You could integrate also RC2.
The Adresses for RAW Pics from S8500 are floating around here.
For the others smaller bada we could little bit research... also S8530 have little differences. But Algo should be the same...
http://forum.xda-developers.com/showpost.php?p=11919036&postcount=24
Thanx in advance.
Minimum support for RC2 could be change Value for Debug Level...
0 1 or 2
Best Regards

Ok, I'll do it

a request for ho1od
can you please examine S8500XXJB6 and make your tool able to extract it??
trix can't do it so if your app could it will be super
any file from that fw will be enough for me

Meanwhile for XXJB6
http://forum.xda-developers.com/showpost.php?p=11070379&postcount=5
To extract *.img take an while...
I do it for every Frame from 48 + 1 Pics... via WinHex.
Best Regards

mylove90 said:
can you please examine S8500XXJB6 and make your tool able to extract it??
Click to expand...
Click to collapse
Where can I download S8500XXJB6 ?

ho1od said:
Where can I download S8500XXJB6 ?
Click to expand...
Click to collapse
Here friend: http://netload.in/datei0M2CPM5V3x.htm
Best Regards, XaToR BadaItalia

Update v 0.0.2
New features:
View images in a file RC2
Replacing images in this file. The file must be BMP 24bpp format
Change debug level
The program can be downloaded in the first post

I used your tool to create a custom SHPApp.app file. But I think multiloader checks the MD5 hash and does not enable me to upload it to the phone. I have read adfree's post on disabling it but I couldn't understand him. So if you could help me in detail, I would be grateful.
Thanks.

astrotom said:
I used your tool to create a custom SHPApp.app file. But I think multiloader checks the MD5 hash and does not enable me to upload it to the phone. I have read adfree's post on disabling it but I couldn't understand him. So if you could help me in detail, I would be grateful.
Thanks.
Click to expand...
Click to collapse
I tested the program and flash the modified files via multiloader V5.64. Everything works fine. Upload your file and give me a link, I'll check it
PS. Signature at end of file, it is not MD5 hash, this is another hash function. I disassemble it from multiloader and inserted into the program. The file is signed correctly

ho1od said:
I tested the program and flash the modified files via multiloader V5.64. Everything works fine. Upload your file and give me a link, I'll check it
PS. Signature at end of file, it is not MD5 hash, this is another hash function. I disassemble it from multiloader and inserted into the program. The file is signed correctly
Click to expand...
Click to collapse
One doubt. Will I have to extract and recompile using your software itself? Because I had extracted the software earlier using trix. So maybe that's making your software not sign it correctly? Also I don't see how I can extract amss and csc files with your software. When I select on your AMSS and CSC tabs, there's nothing. I can't find the fie button which is there on the FFS, PFS and SHPAPP tab.

I can make a separate menu item, for signing the files created in Trix. If need be.
Working with CSC and AMSS files will be in next update

Related

apps_compressed.bin

With PSAS (only FULLversion) it is possible to "decompress" apps_compressed.bin for investigation.
It uses Algo:
TkToolVer:1.6.3
I don't know way to make own apps_compressed.bin.
As Multiloader for instance not accept decrypted apps_compressed.bin
As example some older apps_compressed.bin from S8500.
http://www.megaupload.com/?d=2JIKS8QD
Best Regards
u reache some limit bro........... cant download from RS........but good going
can u write a tutorial
so that other members too can find something
thanx!
gr8 gng mate
PSAS can only decrypt in Full Version.
Costs 30 Euro...
BUT I can upload via Request some decrypted files for study.
I'm not an Seller of PSAS nor I force you to buy PSAS.
But this is the only Tool I know, which decrypt these apps_compressed.bin and bootloader.mbn. Tested by me with:
S5250
S5330
S5750
S7230
S8500
S8530
http://forum.revskills.de/viewtopic.php?f=14&t=700
Wait few minutes. I will upload to megaupload... from S8500 as example.
Best Regards
Edit:
Download example apps_compressed.bin taken from S8500:
http://www.megaupload.com/?d=2JIKS8QD
Same as in first post.
So what did u get inside that?? What was compressed in layman terms pls.......
Expect not too much. Depend on knowledge...
Now file is "human readable"... Ready for Reverse engineering.
Minimum Requirement HEX Editor...
Then you can find Text like this:
Please receive DB2 by TkFileExplorer.exe !!primaryRecord
Click to expand...
Click to collapse
Remember where u saw TkFileExplorer.exe else...
You could search for Textstrings... like:
widget
bondi
.
.
.
So many things to explore.
Best Regards
hi guys I'm working on some bada's modding projects...
is it possible to have an example of uncompressed files?
thank you in advance
edit : I have now seen the uploaded uncompressed file...
I hoped it was more "human" readable...
http://www.megaupload.com/?d=PFWCKTGZ
This is from XXJID... bada 1.2 S8500 stuff.
Best Regards
adfree said:
But this is the only Tool I know, which decrypt these apps_compressed.bin and bootloader.mbn.
Click to expand...
Click to collapse
Hi,
could you upload the decrypted bootloader, too? Maybe someone here will find some exploitable code in that will help "jailbrake"-ing the system, or allow booting unencrypted OS (modified Bada or Android from Galaxy S for exmaple...)
TIA!
@ anghelyi
http://forum.xda-developers.com/showpost.php?p=10304951&postcount=3
Here I have attached some more things about Bootloader... some ELF files included... maybe "easier" for Reversing.
Best Regards
adfree said:
@ anghelyi
http://forum.xda-developers.com/showpost.php?p=10304951&postcount=3
Here I have attached some more things about Bootloader... some ELF files included... maybe "easier" for Reversing.
Best Regards
Click to expand...
Click to collapse
Thanks! I'll check it!
Little overview...
Best Regards
Hi adfree,
Can you say me the name of PSAS software please?
http://psas.revskills.de/
RevSkills is the new name of PSAS.
This feature only in registered Fullversion possible.
NOT in Trial Version.
Best Regards
Thanks but seems to be not compatible with windows 7 64 bits
Will try later, Have a good night adfree
look like that apps_compressed.bin contains a big secret
i flashed amss.bin file & apps_compressed.bin file from spoofable fw as an update for non spoofable fw and the result was getting a spoofable fw with its code name in the about phone menu but i lost all the updates made in the non spoofable fw
can anyone know where is the part in the app_compessed.bin that allow spoofed games run or not?????
To clarify:
I'm NOT support spoofing.
Prior files were not decompressed, "only" decrypted.
But now.
http://rapidshare.com/files/453882158/XXJL2decrypted_apps_decompressed.rar
File is from XXJL2.
Maybe we can find other usefull infos.
Best Regards
Now we can encrypt.
Thanx to ho1od
Any suggestions?
Mabye few things can be enabled or disabled...
TRUE can be found 600 x
FALSE over 700 x
Best Regards
I'm working on decompression QMD, thanks to mijoma
I was looking for the decompressed files of apps_compressed.bin (S8500XXJL2 and S8500XEKC1 only), but the link does not work.
If anyone (or you, adree) can decompress (not only decrypt) those files and upload them somewhere, that would be very kind/nice. Maybe I can work something out and if we are ever able to encrypt the files back, we may have a new better cleaned up version by that time.
Btw, thanks for the efforts, adree and ho1od.

Replace XXJL2's Dolfin Browser with XXJID's Dolfin Browser

The Dolfin browser in XXJL2 has a big annoying problem of bringing up the address bar every time we touch the screen...it even covers the top area of the browser window & makes browsing a real pain...XXJID had a much better browser? We could truly enjoy a fullscreen experience.
My question is, would it be possible to bring back the browser from XXJID to XXJL2?Or perhaps modify the dolfin browser on XXJL2 so that the address bar doesnot pop up every time we touch the screen? this would make a really good firmware. what do you guys think?
If we exactly identify file or files what Dolfin is.
Then maybe we can try to replace...
Modification seems to be much harder, because I think it is an *.so file protected by RSA 1024...
SystemFS\Osp...
Maybe...
Best Regards
Edit 1.:
As both Firmware seems bada 1.2...
Use TriX to extract ShpApp.app and compare files... maybe few are identical...
Textstring dolfin can be found 23 times in ShpApp.app... maybe it is the DLL...
adfree said:
If we exactly identify file or files what Dolfin is.
Then maybe we can try to replace...
Modification seems to be much harder, because I think it is an *.so file protected by RSA 1024...
SystemFS\Osp...
Maybe...
Best Regards
Click to expand...
Click to collapse
Thanx...i have no idea about such things but i'm sure you'll find a way..
It seems folder Exe with DLL is the Dolfin Browser...
Extract JID and JL2 with TriX... I think it was ShpApp.app...
Compare...
Best Regards
adfree said:
It seems folder Exe with DLL is the Dolfin Browser...
Extract JID and JL2 with TriX... I think it was ShpApp.app...
Compare...
Best Regards
Click to expand...
Click to collapse
Thanx for looking into it...if you can do it, it would be really helpful..
I will make few tests in the next 2 days...
Delete DLL in Exe folder to test if writeprotected... if I can not replace, so I need to make *.pfs file.
Maybe S8530 Browser can run...
We will see.
Best Regards
I think S8530's browser is the same as XXJL2 - so same problems...it would be better to look at XXJID's browser.
I will test XXJID first.
Test 1. on older Firmware...
- with sTune i've deleted Exe folder content
Result:
Wave Boot Cycle with empty folder Exe...
Test 2. with JL2 Firmware, delete + copy with sTune. Then I shut down.
Wave starts.
But if I press Internet Icon Wave restarts...
Test 3. next days... maybe Security too high... will try to inject via Firmware update...
Attention! Trying could lead to datalost. Only at your own risk.
Best Regards
This time. I used TriX to replace Exe folder from JID and flashed...
Failed. If I click on Internet Icon, handset restart too.
I know that Wave knows that Checksum is "wrong"... but I don't know.
Where else the MD5 Checksum from DLL is stored.
Only good news... MD5 Hash from MD5SUMS is the MD5 from whole file DLL00111104.DLL
Maybe this MD5 is somewhere in FFS stored...
Best Regards
Edit 1.
Looks like apps_compressed.bin checks Webkit DLL... this is bad...
How to identify Version Number of Dolfin?
Thanx in advance.
Best Regards
adfree said:
How to identify Version Number of Dolfin?
Thanx in advance.
Best Regards
Click to expand...
Click to collapse
you can check it on the phone itself....XXJL2 has version 2.2. just see the " about" on the phone's browser.
Thank you.
I checked short on my BOJE7 Firmware...
v2.0
On newer Firmware I can't start Browser on my handset. As no activated SIM...
Anyway.
I think this is too short. As several different Versions between JE7 and JL2.
v2.0
v2.1
v2.2
These are 3.
Maybe internal like this v2.2.123456789abcdefg... or maybe date...
Hmmm... open source stuff also ends with v2.2
http://opensource.samsung.com/reception/reception_main.do?method=reception_list&menu_item=mobile
Best Regards
MD5 Hash from MD5SUMS file is in apps_compressed.bin as Text.
Only chance to replace Browser is MD5 collision at this time:
http://www.mscs.dal.ca/~selinger/md5collision/
JL2 and above Firmware, Browser is with MD5:
0161ef314af63638b21796d8bec8a8ec
We need to modify DLL00111104.DLL to match this MD5 Hash.
This is very,very HARD, but not impossible.
Best Regards
wow look like you will reach to it
keep it up my friend
As I thought.
Identification via Screen is not exact enough... as my JE7 Browser shows also v2.0... but MD5 is different:
JE7 shows only v2.0
bb1580b40a3699cd888cf841714d53bd
JID shows also v2.0
1f7cb531bc7424ad71d96b9c6e8d7a33
JL2 shows v2.2
0161ef314af63638b21796d8bec8a8ec
We need more MD5 Hashs to increase chance...
Please help and look into folder EXE in file MD5SUMS, post first 16 Digits... and Firmware Version.
Best Regards
XEKC1 shows V2.2
0161ef314af63638b21796d8bec8a8ec
Thank you.
The important thing is to find other then 0161ef314af63638b21796d8bec8a8ec
At the moment we have 3 different MD5 Hashes.
I want to make an kind of "Rainbow table" to increase our "Lotto Game"...
I think this string is safe enough to Brute Force and not to destroy the DLL:
"""http://wap2.samsungmobile.com/test/tdev/wap/kishore/automatedtest.html"""
70 Byte of useless Text.
Step 1.
Change String +1
1ttp://wap2.samsungmobile.com/test/tdev/wap/kishore/automatedtest.html
Step 2.
Compute new MD5 Hash of new DLL
Step 3.
Take new MD5 Hash look into our Rainbow table
Step 4.
If new MD5 match our table, then Bingo for Test.
If not, then start at Step 1.
If someone could write such an Script...
Meanwhile we can collect as much as we can existing MD5 Hashes.
Best Regards
adfree said:
Step 4.
If new MD5 match our table, then Bingo for Test.
If not, then start at Step 1.
Best Regards
Click to expand...
Click to collapse
It is a bad idea
It is a bad idea
Click to expand...
Click to collapse
The only idea I have.
And with Tool or Script possible in few hours... maybe days.
If you have an better idea?
You could DECRYPT + DECOMPRESS apps_compressed.bin
Change the MD5 String...
COMPRESS and ENCRYPT to proper Format of apps_compressed.bin
If you can do this, then you are an genius.
Best Regards
It is a bad idea
Click to expand...
Click to collapse
Okay, you are right.
My fault.
1.
The DLL is like in real live only an part of an program...
So Dolfin main part is integrated in apps_compressed.bin...
2.
Funny, the checked MD5 String is in MD5SUMS only
If you replace only the DLL00111104.DLL the Browser seems to work.
You can use sTune for change.
BUT be warned.
I can not full test, as my SIM not active...
For instance other direction. On JID DLL from JL2 restart S8500...
If you have Debug Mode Middle or High, then you can see why, because some "Buffer problem for Font" or something similar...
If I do this on JL2 with JID DLL. Browser starts...
No idea about sideffects or improvements or not...
Thanx for enlight my little brain.
Best Regards
Edit 1.
Now also Restart...
Blue Screen with Write Access detected...
I give up for today.

Aio bada studio

All in One program Gui for Bada
Upload later for change...
Please, what is this?
I'll download, but I need more infos before install...
Thanx.
Best Regards
This is a collection of tools for bada
a screenshot form this program
please remove TriX from you package
Its not mine i dont know how remove it...
What's wrong whit you ?
we can edit rsrc1 file with this pack?
litebass2 said:
we can edit rsrc1 file with this pack?
Click to expand...
Click to collapse
yes RC1Extractor Current version: 0.3.0.0a (ALPHA) is integrated
martinklaus said:
yes RC1Extractor Current version: 0.3.0.0a (ALPHA) is integrated
Click to expand...
Click to collapse
but its not correct decompress and decrypt on S8500 and S8530 firmware, this one works fine on S5830.S5230...
Also in bundle you can use Extractor but not way to recompress...
Last WaveReMaker by Ho1od do it !
TriX is under developement - latest build you can always find at NokiX site - check my homepage link. This really pisses me off that someone says TriX doesn't work etc only because it uses program from unknown source. The second reason mentioned at the beginning is I'm still working on so the badastudio is permanently outdated (this also applies to Wave Remaker - 0.0.71 against 0.06 in badastudio)
Tigrouzen said:
but its not correct decompress and decrypt on S8500 and S8530 firmware, this one works fine on S5830.S5230...
Also in bundle you can use Extractor but not way to recompress...
Last WaveReMaker by Ho1od do it !
Click to expand...
Click to collapse
Yes but with waveremakr we can only decompress Rsrc1 and we cannot compress the files back and build rsrc1 file..
if I mistake tell me how to do it..
litebass2 said:
Yes but with waveremakr we can only decompress Rsrc1 and we cannot compress the files back and build rsrc1 file..
if I mistake tell me how to do it..
Click to expand...
Click to collapse
No way to recompress RC1 for the moment sorry, but this is the way easy to uncompress...
b.kubica said:
TriX is under developement - latest build you can always find at NokiX site - check my homepage link. This really pisses me off that someone says TriX doesn't work etc only because it uses program from unknown source. The second reason mentioned at the beginning is I'm still working on so the badastudio is permanently outdated (this also applies to Wave Remaker - 0.0.71 against 0.06 in badastudio)
Click to expand...
Click to collapse
Oh sorry i dont know about that, i understand. Then what about NokiX ?
NokiX is tool for modify N*kia ARM7TDMI based firmwares. TriX also was designed for N*kia phones but it's very flexible so we can use it with different file types (ELF, PE, mobile firmwares)
If the author really want to include TriX in badastudio he should add small web check feature and download latest build when needed
I 'm the badaStudio author...do you want to say me anything?
badaStudio has been released 1 mounth ago...
the last version of wave remaker was the 0.0.6,
i'm not a mentalist....
the next badaStudio release is for bada2.0 tool...
I have written that the program inside the AIO is property of his author...
TriX is yours... Good..
TriX is not mine - was written by g3gg0 and krisha
I mentioned before TriX is still under development so the statement 'the program inside the AIO is property of his author' is very convenient for you because you aren't responsible for nothing.
Some solution could be integrated 'wget' module to download fresh package from the web. I'm open for suggestions
I have written 'the program inside the AIO is property of his author'
for WinImage (commercial program), for HxD (commercial program) and for WinHex (other commercial program)...
the responsibility is always of those who use the software,
if they download software from unknown source...
TriX was updated when I compiled the first version of badaStudio and
for what I needed it always worked (others have tested badaStudio)...
if you want to develop badaStudio send me a PM ...
it is programmed in Visual Basic.Net

How can we edit *.so file?

I found into shp folder *.so files and I want to ask if we can edit them
because I want to see what have in the files
OpEuroIME.so and OpEuroIMESetting.so
HEX Editor... expect not tooo much.
This leads to this...
http://forum.xda-developers.com/showthread.php?t=1294406
But we could investigate, if this or other files about language is in arabic S8600...
Best Regards
.so are equivalents to .dll libraries which you can find in Windows. They contain almost only machine code.
And you cannot edit them, because these are digitally signed, first you'd have to bypass integrity&sign check mechanisms.
Some one using Linux can try this program please?
http://www.fileinfo.com/extension/so
Not to edit, but if it was possible at least to read .so file?
you can see GCC compiler in SDK files....of course if you have it
"SDK Path"\Bada\2.X.X\Tools\Toolchains\ARM\arm-bada-eabi\bin\gcc.exe
You can see this in the readme file too
The executables in this directory are for internal use by the compiler
and may not operate correctly when used directly. This directory
should not be placed on your PATH. Instead, you should use the
executables in ../../bin/ and place that directory on your PATH.
Click to expand...
Click to collapse
So any ideas about a DEcompiler
This is just a compiler that make .so files....Maybe non-compressed ones only too
Best Regards
ML90 Did you try to see so file with SDK?
Because I never used it
There is nothing to see in there
You can use gce2elf plug-in for trix to decompress .so files from bada 2.0 and the files will be converted to elf files that were available in bada 1.2 FWs before
S8600 .so files can't be decompressed until now !
There is no way to compress files back yet !
As i say these files can contain pure code and no pics or any stuff like that as they are compiled from .O libraries files used by C/C++ apps
We need the real experts to come back and help us
Best Regards
Thanks for your answer.
Even if we got pure c++ code perhaps we should be able to see what for exemple setting.so file call on other file firmware... that was my idea
After I know we can not rebuild a file, but it's just to have some more infos that should be usefull?
After I know we can not rebuild a file...
Click to expand...
Click to collapse
This is not 100 % correct...
*.so files are signed... So Security is main problem...
To modify or to rebuild is only problem of skills...
If "Android boys"... ...
See here:
*.so files are also known in Android world...
http://forum.xda-developers.com/showpost.php?p=23559274&postcount=15
Android use folder lib with *so files...
Maybe good chance to find some source... if these files also open source...
But again.
Break first Security check, then you can modify *.so files... depend on your brain.
But at the moment Dead ends...
Smart skilled users on ""holiday""... or missing in action...
First "safe" attempt to remove Security Check:
apps_compressed.bin...
Compression Algo needed... as you have no full access in compressed BINary...
If Bootloader checks *.so files... maybe FOTA could help...
To break RSA 2048...
I hope few of our smart Devs come back to bada Hacking.
To search and find *.so sources in Android world is not useless...
Maybe it helps to better understand.
Best Regards
hi,
editing is not a problem - we dont need to compress gce back - similar situation to rc1/qmd image (gce is light weight qmd version)
Happy to see you there Kubica, we realy need your knowledge
Bada have no big interest if we can't custom firmware (thanks to samsung ).
Someone could post and edited so file please? it's just to see relation with others files in the firmware.
editing is not a problem - we dont need to compress gce back - similar situation to rc1/qmd image (gce is light weight qmd version)
Click to expand...
Click to collapse
Thanx b.kubica
Attached is DEcompressed Admin.so from S8500 XXKK5 as example...
With Help of TriX easy task.
Thanx again.
Here we can see (if we want) Codes as TEXT Strings...
http://forum.xda-developers.com/showthread.php?t=1154945
Prior in bada 1.x they were located in apps_compressed.bin... now in this Admin.so...
In theory we could edit few Codes to harder combos... like:
*#1234567#
But how remove or "rebuild" GeneralSoInfo.so.sig Integrity check
Vodafone branded Firmware or S8600 for instance uses few different Codes... sometimes...
Maybe this could 1 of our first modified *.so file, if someone break *.so Security check.
Thanx.
Best Regards
adfree said:
if someone break *.so Security check.
Click to expand...
Click to collapse
done
b.kubica said:
done
Click to expand...
Click to collapse
How
simple 1 byte patching
later I will post more info
On bada 1.x
Better on XXJEB, other not tested yet...
Only first 4 KB are signed...
If you change something at higher address... above 0x1000
See here:
http://forum.xda-developers.com/showpost.php?p=25255252&postcount=47
Big thanx mijoma
Now I will check again XXLC1... bada 2...
Anyway.
Big thanx b.kubica
My Preconfig Code is now:
*#1234567*#
Best Regards
---------- Post added at 11:27 PM ---------- Previous post was at 11:09 PM ----------
I can confirm... bada 2 on XXLC1 has improved Sig Check...
But now no problem anymore.
Thank you very much b.kubica
Best Regards
apps code:
Code:
// pseudo C
unsigned int AppPkgSvcRequest ( ... )
{
unsigned int action = *(struct field ptr);
switch ( action )
{
/* ... */
case 6:
/* check signature ;) */
break;
case 7:
/* ... */
}
}
assembled code:
Code:
patt: [B]06[/B] 28 3F D0 07 28
mask: FF FF 00 00 FF FF
replace first byte with anything grater than 7 and you'll know what are we talking about
Thank you very much b.kubica
For easy test... Code change in Admin.so:
http://forum.xda-developers.com/showpost.php?p=23127738&postcount=54
Now we could for instance play with Dolfin.so ... Browser.
I need more time to find something usefull.
Best Regards
Someone can explain please? I don't get it
very simply mod - Radio without earphones connected
from LA1 but should works on similar too.

OAP aka ZIP wtf... $%!

Since when handset can handle oap files?
Never seen before nor tested...
I can see in WinComm some actions...
Best Regards
You have just discovered a method to install applications like .apk for Android?
If yes.... :') i would be so happy!! (we would be!)
A new era could begin.
great work AdFree! as always
I heard that first version of bada (1.0) was able to install *.oap files, but samsung disabled it to prevent from installing piracy apps. Maybe some CSC feature or variable in firmware?
So cool
but I tested both encoded OAP and decoded OAP and none of them works!!!
but a problem is that when i open asphalt6.oap with size of around 400mb it shows error without even 1 second loading
so where is the problem?!!
Well
You need to see this
It is so funny
This is DCF file
Of course it throw on me an error after opening dolfin
Best Regards
Tested short on JL2 ...
oap is not supported file... but DCF same info.
On bada 2.0 DCF leads to wrong site... maybe because this:
http...http...
Later more... need some time to test few things...
I'm now on JL2 and investigate more in certs... certchain...
About oap...
I heard that first version of bada (1.0) was able to install *.oap files, but samsung disabled it to prevent from installing piracy apps.
Click to expand...
Click to collapse
Yeah... Its complete weired at all...
http://developer.bada.com/badaforum...de-sdk&messageId=5584&startPage=94&curPage=96
From may 2010...
But remember... We have to differ between bada SDK (Developer) signed "testapps"... commercial apps from store... and Samsung signed apps...
But please take an look into:
AppEx\Sys\SamsungApps\SamsungApps.oap
Their are 3 more oap (ZIP) which are autorestore if you delete the apps from Osp folder...
Also all transfered files from Kies or from internal Store are oap (ZIP)...
Maybe we have to find correct folder...
Maybe we need license file + oap...
Maybe...
But why Samsung integrate this into handset visible for us?
Samsung has humor like this Andromeda Warp thingie...
An kind of easteregg?
Best Regards
Little progress...
On S8500XPKG5 I saw AppEx/Sys folder with both:
*.oap
AND
*.zip
Install of OAP shows me Error 0108...
Maybe I have an idea... will check more with WinComm...
Best Regards
0108
Installation failed: Failed to find root certificate.
The root certificate is not found on the device.The root certificateis required to build the certificate chain for the application integrity check.
Click to expand...
Click to collapse
...
Best Regards
Okay.
For XPKG5 I have managed to install all 3 types of App via ZIP... OAP.
I can install Samsung internal Apps... like in Firmware.
"Cert A"
I can install Samples like in SDK...
"Cert B" = rootCACert.cer
I can install Apps from store...
"Cert C"
All 3 Installations from SD Card or internal Memory with simple zipped files.
Best Regards
Stotter spotz.. since when does Bada support zip files
So how did you installed apps?
is there a special location we should put special certs there?
OAP Installation only successfully in XPKG5...
In other Firmware blocked...
Not sure yet why...
I will do some more tests...
XPKG5 include ZIP + OAP files... they are not 1 : 1
BDAgent.oap
BDAgent.zip
Maybe OAP need special Flag to work... will try if I am back on other Firmware...
Other method to install, this time in folders structure:
http://forum.xda-developers.com/showpost.php?p=24992809&postcount=35
Best Regards
hi adfree, I long to write to you on this issue with the files. OAP but I forgot as proof that telling the truth I'll add screen and a link to the file to confirm that I have not changed before extensions, i upload this file maybe can be useful to someone. sorry for my english i use google translate
rapidshare.com/#!download|214p1|3925164345|a6tczu9746.oap|24690
adfree said:
OAP Installation only successfully in XPKG5...
In other Firmware blocked...
Not sure yet why...
I will do some more tests...
XPKG5 include ZIP + OAP files... they are not 1 : 1
BDAgent.oap
BDAgent.zip
Maybe OAP need special Flag to work... will try if I am back on other Firmware...
Other method to install, this time in folders structure:
http://forum.xda-developers.com/showpost.php?p=24992809&postcount=35
Best Regards
Click to expand...
Click to collapse
Maybe winmerge is useful for comparing differences of these 2 files
BTW can device handle encoded OAP files?
@ maniek909
Your file is ENcrypted *.oap... During Installation on Wave it will be DEcrypt into "other Format"...
Then second *.oap file is only ZIP Archiv...
@ r_22009
Total Commander can compare 2 file also.
Best Regards
Now i have XPKG5
would you mind telling a short tut to install OAP?
thanks
would you mind telling a short tut to install OAP?
Click to expand...
Click to collapse
Only XPKG5...
1.
Install Certs... start with Cert from bada SDK:
rootCACert.cer
2.
Your app is now in ZIP Format... Check it or create self.
Rename into .oap
Remember, with rootCACert.cer you have to try better with bada SDK signed Apps...
Other 2 Certs came from Firmware... extract them...
Code:
Samsung_RootCA.crt
SamsungSBRootCA.cer
Best Regards
would you mind uploading the first cert as i dont have SDK? thankx
I am little bit paranoid...
I don't think Samsung is my best friend, if I share now their Certs...
To protect myself...
Btw...
Please be sure... you have visit and read some other threads...
As rootCACert.cer is floating around...
Btw 2...
I have forgotten, that Samsung moved in bada 2 to RSA 2048... before most RSA 1024 used in bada 1.x ...
So more Certs possible to try...
@ r_22009
Summary for you...
Use search or Google ...
Input:
rootCACert.cer
Best Regards
S8530 XPKD6 can also handle OAP...
Maybe interesting for research...
Best Regards

Categories

Resources