Just read this post from
Hexx in another forum:
Quote:
RimOS is based on AMX. The system messaging system, tasks, memory all was like AMX in 6xxx models. In 7xxx it was changed a bit, then in 8xxx they totaly refactored the code and used the other compiler so the quality of code has changed dramaticaly. The firmware and ramloaders used to update the firmware are digitaly signed. There's no way to hack the signature it's RSA- 2048 based. So, you can't patch it. The firmware updates usually consist of one file with arm code and mutiple .cod and .alx files.
The arm code file for GSM device is placed at path like this:
C:\Program Files\Common Files\Research In Motion\Shared\Loader Files\7100-vesion\GPRS\
There's a file named rimYYYYx.bin
where YYYY - model, x - Generation (g - gsm, i - iden, c - Cdma)
For example:
rim7100g.bin - Firmware for Blackberry 7100, it's a GSM model.
When the device starts it runs bootloader (the device lights the led), then it checks the signature of the firmware, starts the firmware, firmware code setups the hardware and runs the system task. The last task that starts is RIM_TASK it's a JVM task. Then JVM loads all the .cod files checks their validity and starts running the "java" code.
|
See the full thread here:
BlackBerry OS - RCE Messageboard's Regroupment
Looks like patching is out of the question.
-randyman