RIM has the keygen published on their website but you need a password to get to it (Perhaps it is for partners only?) You can see the site here: https://www.blackberry.com/EngineeringScreens/

Earlier this year a few websites published their own keygen to compute the unlock code. Much to my dismay, however, none of them decided to share exactly how they did this. With that, I decided to discover the unlock code myself and publish the results.

The unlock code is actually a simple HMAC digest with a SHA1 variant. The trick is knowing what data to throw at the algorithm to produce the proper unlock code. The data used includes:

1. The BlackBerry device PIN
2. The application version (including parentheses if provided)
3. The current uptime of the device in seconds
4. The unlock duration
5. The secret sauce

The relevant data needed was found by inspecting “net.rim.device.internal.EScreens.EngScreenSecurity”, however, I will not go into the details of that here. Once I found the unlock duration codes and the secret key, it was just a matter of putting them into a standard HMAC hash function and out came the unlock code.

In order to use an unlock code, you simply visit the “Help Me!” screen by pressing alt+shift+H on your BlackBerry device to get the necessary information, generate a code, and then type it directly into the Help Me screen. No characters will be echoed, but if you enter it correctly, the screen with change over to the “Engineering Screen” main page. Do note it is possible to make some changes in the “eScreen” that could cause your phone to operate improperly or even break completely so do proceed with changing values at your own risk.

Now I wont point fingers at the various people that have already discovered how this is done but refused to share the code or details with anyone. They are what prompted me to undertake this project in the first place. With that, I give you the Python source code to my basic unlock code keygen:

#!/usr/bin/env python
 
import hmac
import hashlib
 
pin = 'ffaa0000'            # Device PIN                [XXXXXXXX]
app = '4.6.0.100 (233)'     # OS Application version    [n.n.n.n (n)]
uptime = '12345'            # Uptime in seconds             
duration = 30               # Duration for key to last  [1, 3, 6, 15, or 30]
 
lifetime = {
 1: "",
 3: "Hello my baby, hello my honey, hello my rag time gal",
 7: "He was a boy, and she was a girl, can I make it any more obvious?",
 15: "So am I, still waiting, for this world to stop hating?",
 30: "I love myself today, not like yesterday. I'm cool, I'm calm, I'm gonna be okay"
}
 
secret = 'Up the time stream without a TARDIS'
 
data = pin + app + uptime + lifetime[duration]
hash = hmac.new(secret, data, digestmod = hashlib.sha1)
key = hash.hexdigest()[:8]
 
print key

Weighing in at only 25 lines, this shows how simple the algorithm actually is if one only knows how to put it together. If you want a packaged online tool, then by all means check out the other published keygens, but if you are curious how the codes actually are generated (like I was) feel free to take, use, and share this code at your will.