Blackberry eScreen Keygen

As an avid BlackBerry user I always love to see what new things I can make it do.  One of the more interesting parts is the Engineering Screen or “eScreen” within the OS. However you need a special key to unlock it.

RIM has the keygen published on their website but you need a password to get to it (Perhaps it is for partners only?) You can see the site here: https://www.blackberry.com/EngineeringScreens/

Earlier this year a few websites published their own keygen to compute the unlock code. Much to my dismay, however, none of them decided to share exactly how they did this. With that, I decided to discover the unlock code myself and publish the results.

The unlock code is actually a simple HMAC digest with a SHA1 variant. The trick is knowing what data to throw at the algorithm to produce the proper unlock code. The data used includes:

  1. The BlackBerry device PIN
  2. The application version (including parentheses if provided)
  3. The current uptime of the device in seconds
  4. The unlock duration
  5. The secret sauce

The relevant data needed was found by inspecting “net.rim.device.internal.EScreens.EngScreenSecurity”, however, I will not go into the details of that here. Once I found the unlock duration codes and the secret key, it was just a matter of putting them into a standard HMAC hash function and out came the unlock code.

In order to use an unlock code, you simply visit the “Help Me!” screen by pressing alt+shift+H on your BlackBerry device to get the necessary information, generate a code, and then type it directly into the Help Me screen. No characters will be echoed, but if you enter it correctly, the screen with change over to the “Engineering Screen” main page. Do note it is possible to make some changes in the “eScreen” that could cause your phone to operate improperly or even break completely so do proceed with changing values at your own risk.

Now I wont point fingers at the various people that have already discovered how this is done but refused to share the code or details with anyone. They are what prompted me to undertake this project in the first place. With that, I give you the Python source code to my basic unlock code keygen:


#!/usr/bin/env python
 
import hmac
import hashlib
 
pin = 'ffaa0000'            # Device PIN                [XXXXXXXX]
app = '4.6.0.100 (233)'     # OS Application version    [n.n.n.n (n)]
uptime = '12345'            # Uptime in seconds             
duration = 30               # Duration for key to last  [1, 3, 6, 15, or 30]
 
lifetime = {
 1: "",
 3: "Hello my baby, hello my honey, hello my rag time gal",
 7: "He was a boy, and she was a girl, can I make it any more obvious?",
 15: "So am I, still waiting, for this world to stop hating?",
 30: "I love myself today, not like yesterday. I'm cool, I'm calm, I'm gonna be okay"
}
 
secret = 'Up the time stream without a TARDIS'
 
data = pin + app + uptime + lifetime[duration]
hash = hmac.new(secret, data, digestmod = hashlib.sha1)
key = hash.hexdigest()[:8]
 
print key

Weighing in at only 25 lines, this shows how simple the algorithm actually is if one only knows how to put it together. If you want a packaged online tool, then by all means check out the other published keygens, but if you are curious how the codes actually are generated (like I was) feel free to take, use, and share this code at your will.

 

 

11 Responses to “ Blackberry eScreen Keygen ”

  1. Jerry says:

    Man, Thanks for sharing. I live in China and will try it when i get my next BB!

  2. sam says:

    How can I unlock my device (8900)
    Please help.

  3. Bob says:

    I couldn’t get it to work with my Verizon 8330, but thanks for sharing.

    • It should work for any device.

      Make sure you are entering the information exactly as it is shown and in all lower case.

      • Danny says:

        Hey I was wondering if you think this would work for my Tour, and if there you had any insight as to how to use it. I am not familiar with algorithms so I’m not quite sure as to how to use it. Any help would be greatly appreciated.

        Thanks,

        Danny

  4. Kyeno says:

    You rule dude!

    You made my WIFI start working on hostapd!

    http://forums.pinstack.com/f156/hostap_madwifi_ng_atheros_and_w004_error-76140/

    One good hint for You – better spread this algorythm around the net pretty good unless the RIM gets You.
    They suck a lot when it comes to Engineering Screens protection :)

  5. Fernando says:

    How do i run this program?

  6. Jewel says:

    Where is GUI?

Leave a Reply