Develop Bugs

apps_compressed.bin

With PSAS (only FULLversion) it is possible to "decompress" apps_compressed.bin for investigation.
It uses Algo:
TkToolVer:1.6.3
I don't know way to make own apps_compressed.bin.
As Multiloader for instance not accept decrypted apps_compressed.bin
As example some older apps_compressed.bin from S8500.
http://www.megaupload.com/?d=2JIKS8QD
Best Regards

u reache some limit bro........... cant download from RS........but good going

can u write a tutorial
so that other members too can find something
thanx!
gr8 gng mate

PSAS can only decrypt in Full Version.
Costs 30 Euro...
BUT I can upload via Request some decrypted files for study.
I'm not an Seller of PSAS nor I force you to buy PSAS.
But this is the only Tool I know, which decrypt these apps_compressed.bin and bootloader.mbn. Tested by me with:
S5250
S5330
S5750
S7230
S8500
S8530
http://forum.revskills.de/viewtopic.php?f=14&t=700
Wait few minutes. I will upload to megaupload... from S8500 as example.
Best Regards
Edit:
Download example apps_compressed.bin taken from S8500:
http://www.megaupload.com/?d=2JIKS8QD
Same as in first post.

So what did u get inside that?? What was compressed in layman terms pls.......

Expect not too much. Depend on knowledge...
Now file is "human readable"... Ready for Reverse engineering.
Minimum Requirement HEX Editor...
Then you can find Text like this:
Please receive DB2 by TkFileExplorer.exe !!primaryRecord
Click to expand...
Click to collapse
Remember where u saw TkFileExplorer.exe else...
You could search for Textstrings... like:
widget
bondi
.
.
.
So many things to explore.
Best Regards

hi guys I'm working on some bada's modding projects...
is it possible to have an example of uncompressed files?
thank you in advance
edit : I have now seen the uploaded uncompressed file...
I hoped it was more "human" readable...

http://www.megaupload.com/?d=PFWCKTGZ
This is from XXJID... bada 1.2 S8500 stuff.
Best Regards

adfree said:
But this is the only Tool I know, which decrypt these apps_compressed.bin and bootloader.mbn.
Click to expand...
Click to collapse
Hi,
could you upload the decrypted bootloader, too? Maybe someone here will find some exploitable code in that will help "jailbrake"-ing the system, or allow booting unencrypted OS (modified Bada or Android from Galaxy S for exmaple...)
TIA!

@ anghelyi
http://forum.xda-developers.com/showpost.php?p=10304951&postcount=3
Here I have attached some more things about Bootloader... some ELF files included... maybe "easier" for Reversing.
Best Regards

adfree said:
@ anghelyi
http://forum.xda-developers.com/showpost.php?p=10304951&postcount=3
Here I have attached some more things about Bootloader... some ELF files included... maybe "easier" for Reversing.
Best Regards
Click to expand...
Click to collapse
Thanks! I'll check it!

Little overview...
Best Regards

Hi adfree,
Can you say me the name of PSAS software please?

http://psas.revskills.de/
RevSkills is the new name of PSAS.
This feature only in registered Fullversion possible.
NOT in Trial Version.
Best Regards

Thanks but seems to be not compatible with windows 7 64 bits
Will try later, Have a good night adfree

look like that apps_compressed.bin contains a big secret
i flashed amss.bin file & apps_compressed.bin file from spoofable fw as an update for non spoofable fw and the result was getting a spoofable fw with its code name in the about phone menu but i lost all the updates made in the non spoofable fw
can anyone know where is the part in the app_compessed.bin that allow spoofed games run or not?????

To clarify:
I'm NOT support spoofing.
Prior files were not decompressed, "only" decrypted.
But now.
http://rapidshare.com/files/453882158/XXJL2decrypted_apps_decompressed.rar
File is from XXJL2.
Maybe we can find other usefull infos.
Best Regards

Now we can encrypt.
Thanx to ho1od
Any suggestions?
Mabye few things can be enabled or disabled...
TRUE can be found 600 x
FALSE over 700 x
Best Regards

I'm working on decompression QMD, thanks to mijoma

I was looking for the decompressed files of apps_compressed.bin (S8500XXJL2 and S8500XEKC1 only), but the link does not work.
If anyone (or you, adree) can decompress (not only decrypt) those files and upload them somewhere, that would be very kind/nice. Maybe I can work something out and if we are ever able to encrypt the files back, we may have a new better cleaned up version by that time.
Btw, thanks for the efforts, adree and ho1od.

How can we edit *.so file?

I found into shp folder *.so files and I want to ask if we can edit them
because I want to see what have in the files
OpEuroIME.so and OpEuroIMESetting.so

HEX Editor... expect not tooo much.
This leads to this...
http://forum.xda-developers.com/showthread.php?t=1294406
But we could investigate, if this or other files about language is in arabic S8600...
Best Regards

.so are equivalents to .dll libraries which you can find in Windows. They contain almost only machine code.
And you cannot edit them, because these are digitally signed, first you'd have to bypass integrity&sign check mechanisms.

Some one using Linux can try this program please?
http://www.fileinfo.com/extension/so
Not to edit, but if it was possible at least to read .so file?

you can see GCC compiler in SDK files....of course if you have it
"SDK Path"\Bada\2.X.X\Tools\Toolchains\ARM\arm-bada-eabi\bin\gcc.exe
You can see this in the readme file too
The executables in this directory are for internal use by the compiler
and may not operate correctly when used directly. This directory
should not be placed on your PATH. Instead, you should use the
executables in ../../bin/ and place that directory on your PATH.
Click to expand...
Click to collapse
So any ideas about a DEcompiler
This is just a compiler that make .so files....Maybe non-compressed ones only too
Best Regards

ML90 Did you try to see so file with SDK?
Because I never used it

There is nothing to see in there
You can use gce2elf plug-in for trix to decompress .so files from bada 2.0 and the files will be converted to elf files that were available in bada 1.2 FWs before
S8600 .so files can't be decompressed until now !
There is no way to compress files back yet !
As i say these files can contain pure code and no pics or any stuff like that as they are compiled from .O libraries files used by C/C++ apps
We need the real experts to come back and help us
Best Regards

Thanks for your answer.
Even if we got pure c++ code perhaps we should be able to see what for exemple setting.so file call on other file firmware... that was my idea
After I know we can not rebuild a file, but it's just to have some more infos that should be usefull?

After I know we can not rebuild a file...
Click to expand...
Click to collapse
This is not 100 % correct...
*.so files are signed... So Security is main problem...
To modify or to rebuild is only problem of skills...
If "Android boys"... ...
See here:
*.so files are also known in Android world...
http://forum.xda-developers.com/showpost.php?p=23559274&postcount=15
Android use folder lib with *so files...
Maybe good chance to find some source... if these files also open source...
But again.
Break first Security check, then you can modify *.so files... depend on your brain.
But at the moment Dead ends...
Smart skilled users on ""holiday""... or missing in action...
First "safe" attempt to remove Security Check:
apps_compressed.bin...
Compression Algo needed... as you have no full access in compressed BINary...
If Bootloader checks *.so files... maybe FOTA could help...
To break RSA 2048...
I hope few of our smart Devs come back to bada Hacking.
To search and find *.so sources in Android world is not useless...
Maybe it helps to better understand.
Best Regards

hi,
editing is not a problem - we dont need to compress gce back - similar situation to rc1/qmd image (gce is light weight qmd version)

Happy to see you there Kubica, we realy need your knowledge
Bada have no big interest if we can't custom firmware (thanks to samsung ).
Someone could post and edited so file please? it's just to see relation with others files in the firmware.

editing is not a problem - we dont need to compress gce back - similar situation to rc1/qmd image (gce is light weight qmd version)
Click to expand...
Click to collapse
Thanx b.kubica
Attached is DEcompressed Admin.so from S8500 XXKK5 as example...
With Help of TriX easy task.
Thanx again.
Here we can see (if we want) Codes as TEXT Strings...
http://forum.xda-developers.com/showthread.php?t=1154945
Prior in bada 1.x they were located in apps_compressed.bin... now in this Admin.so...
In theory we could edit few Codes to harder combos... like:
*#1234567#
But how remove or "rebuild" GeneralSoInfo.so.sig Integrity check
Vodafone branded Firmware or S8600 for instance uses few different Codes... sometimes...
Maybe this could 1 of our first modified *.so file, if someone break *.so Security check.
Thanx.
Best Regards

adfree said:
if someone break *.so Security check.
Click to expand...
Click to collapse
done

b.kubica said:
done
Click to expand...
Click to collapse
How

simple 1 byte patching
later I will post more info

On bada 1.x
Better on XXJEB, other not tested yet...
Only first 4 KB are signed...
If you change something at higher address... above 0x1000
See here:
http://forum.xda-developers.com/showpost.php?p=25255252&postcount=47
Big thanx mijoma
Now I will check again XXLC1... bada 2...
Anyway.
Big thanx b.kubica
My Preconfig Code is now:
*#1234567*#
Best Regards
---------- Post added at 11:27 PM ---------- Previous post was at 11:09 PM ----------
I can confirm... bada 2 on XXLC1 has improved Sig Check...
But now no problem anymore.
Thank you very much b.kubica
Best Regards

apps code:
Code:
// pseudo C
unsigned int AppPkgSvcRequest ( ... )
{
unsigned int action = *(struct field ptr);
switch ( action )
{
/* ... */
case 6:
/* check signature ;) */
break;
case 7:
/* ... */
}
}
assembled code:
Code:
patt: [B]06[/B] 28 3F D0 07 28
mask: FF FF 00 00 FF FF
replace first byte with anything grater than 7 and you'll know what are we talking about

Thank you very much b.kubica
For easy test... Code change in Admin.so:
http://forum.xda-developers.com/showpost.php?p=23127738&postcount=54
Now we could for instance play with Dolfin.so ... Browser.
I need more time to find something usefull.
Best Regards

Someone can explain please? I don't get it

very simply mod - Radio without earphones connected
from LA1 but should works on similar too.

[Q] Why I can't compress CSC of Wave 3?

Hello Everyone!
I have this CSC S8600OJPKK3 of Wave 3 (downloaded from samfirmware)
I dumped it to the Waveremaker 2.0.7, and I added Hebrew language, and then I saved it as non-compressed csc, but the message "File is signed" didn't appear. In addition, when I tried to put it in the multiloader I got the message "Can't load CSC Binary" I guess the problem is with some .bin file...
Can someone help me??

Somebody??

shaiws said:
Somebody??
Click to expand...
Click to collapse
Ho1od already answered this question
ho1od said:
CSC files are not yet edited.
Click to expand...
Click to collapse

hero355 said:
Ho1od already answered this question
Click to expand...
Click to collapse
Why this problem is only with Wave 3 csc??

yeah.He is working on it

hero355 said:
yeah.He is working on it
Click to expand...
Click to collapse
so we will see a new version of waveremaker soon?
Thank you for answers

shaiws said:
so we will see a new version of waveremaker soon?
Thank you for answers
Click to expand...
Click to collapse
yeah Maybe We can see New Version Soon

Difference between S8500/S8530 files and S8600 and so on...
Seems Value packs for S7230E S5330 also...
1.
S8600 FW files are encrypted once more...
If you are able to decrypt and to use HEX Editor... then chance to make it manually...
2.
CSC have 2 parts...
After decrypt...
Sorry. I have NOT much time yet...
But if you open CSC from S8500 and compare with S8600 CSC...
But for now you need HEX Editor knowledge too...
Best Regards
Edit 1...
Example from S7230E Value Pack... same """problem"""
Marked stuff is "Header"... remove this, then decrypt...

Please check this feature...
In theory then files like S8500...
After you have finished your work... ENCRYPT for S8600 compatibility.
Try out and report.
I have no S8600 for deeper tests...
Best Regards

Change Keyboard

Is it possible to change the keyboard's size and color ?
Bada 2

No for the moment. You can't install keyboard directly on the device.
But maybe there is a way by exploring firmware ? I don't know.

keyboard
hello
color and size are in the file.rc1\system\mediaset\msghtmlviewer
look others post in the forum

yakapa40 said:
hello
color and size are in the file.rc1\system\mediaset\msghtmlviewer
look others post in the forum
Click to expand...
Click to collapse
can you give me LINK?

keybord
link here:http://forum.xda-developers.com/showthread.php?t=928178&page=8

yakapa40 said:
link here:http://forum.xda-developers.com/showthread.php?t=928178&page=8
Click to expand...
Click to collapse
Thank you dude. but do you know how to change letters color??

keyboard
under background-color
use html color name
you can find the names on network (html color name )

yakapa40 said:
under background-color
use html color name
you can find the names on network (html color name )
Click to expand...
Click to collapse
Well, I'm not sure u are right at all. To change BackGround color U have to act on this file , the WsRsrcVirtualEdit.rbm , that is located in Rsrc1. About the Letters? Where the string to manage them is situated?

keyboard
maybee you are right , i've not try with bada2 only with bada1
---------- Post added at 09:21 AM ---------- Previous post was at 09:11 AM ----------
sorry
for letters use samsung theme designer (style)
on network : commentcamarche.net\contents\html\htmlcouleurs.php3

yakapa40 said:
maybee you are right , i've not try with bada2 only with bada1
---------- Post added at 09:21 AM ---------- Previous post was at 09:11 AM ----------
sorry
for letters use samsung theme designer (style)
on network : commentcamarche.net\contents\html\htmlcouleurs.php3
Click to expand...
Click to collapse
Can you explain it better?
I need to know it for Bada 2.0

i've a wave 723 and i can't change rc1 files with waveremaker
sorry i can't help you more

answer please??
How can I change the letters' color

Someone??

Try to play with bada SDK... modify in SDK files... on PC...
For handset it seems no solution yet...
Best Regards

adfree said:
Try to play with bada SDK... modify in SDK files... on PC...
For handset it seems no solution yet...
Best Regards
Click to expand...
Click to collapse
Ok, seems like I will give up Thank you mate ^^

HellToy said:
Ok, seems like I will give up Thank you mate ^^
Click to expand...
Click to collapse
Me too

Any idea which tool edit csc for wave y

i need csc edit tool for wave y
bcz not edit All Wave Remaker so plz give me a any idea how to edit wave y F W

Please.
1.
Firmwarename
example...
S5380... INU ?
2.
Later ...
Best Regards

[QUOTE=adfree;
this FW S5380FXXKL_OXEKL2 bczz this FW no call recoding so i want add call recoding so i need edit csc file
stune not show System file not sow nv file so i want edit direct F W csc file plz help me which tool edit csc file

Wave_Remaker... can do this...
S8600, S7250, S5380 have more ""Security""...
But for extraction Wave_Remaker...
Version is mandatory or additional steps required.
Later more...
Best Regards

adfree said:
Wave_Remaker... can do this...
S8600, S7250, S5380 have more ""Security""...
But for extraction Wave_Remaker...
Version is mandatory or additional steps required.
Later more...
Best Regards
Click to expand...
Click to collapse
where i learn help me sir and thanx for reply

CSC_S5380K_India_ODD.CSC
Short tested with this file...
You are right. Wave_Remaker can NOT with 1 click...
Are you able to work with HEX Editor ?
I have NOT much time for other handsets...
Maybe easiest way to replace last 1024 Byte from S8600 or something similar...
Can't remember if S7250 same problem...
But short on S5380 I can find encrypted part... cut... decrypt...
Best Regards