Saturday, September 24, 2011

Signing J2ME Apps with the Darkman certificate

Signing J2ME Apps with the Darkman certificate

I decided to write this tutorial after some guy in a forum talking to me assuming
his method for getting an app signed were rite(actually he was wrong all the way)
and also assuming I'm a total dumbass.


A signed J2me app is a jar file with a jad file,and in the file jad, there contains the key that tells it has
been signed based on an existing
certificate.For example VeriSign certificate, Thawte certificate and others..

**did u know!We can install a custom made certificate on s40 phone**
**it is called the "user certificate"**

We would however make a j2me app signing software that uses the existing
certificate(VeriSign certificate, Thawte certificate and others) . But to
do that we must know how these certificate were made. Since we dont know
these certificate were made, the Darkman certificate was made so that a
j2me app signing software could be made.


To install the Darkman certificate you must have a connection between
your s40 phone and pc, to be able to transfer the Darkman certificate
to your phone. This can be done using Cable or Bluetooth.
If you already have the cable then install Nokia PC suite onto your
PC...Next install Oxycube or MobiMB(fixed russian version only)..

MobiMB software

The next step is to transfer The Darkman certificate on your phone.
to do this you must use OxyCube or MobiMB(fixed russian version only)

Download the Darkman certificate from this link
File Name :
link :
Description : This archive contains exp.cer and ext_info.sys

First navigate to C:\Hiddenfolder\certificates\user using MobiMB or Oxycube then make a backup
of your ext_info.sys file. In MobiMB press Ctrl-C to Copy and Ctrl-V to paste.

Then copy the files exp.cer and ext_info.sys from the archive to C:\Hiddenfolder\certificates\user using MobiMB or Oxycube

You must view the certificate in settings-security settings-user certificate in your
phone then..
Bam!! Now you have an s40 phone with the Darkman certificate installed.


The j2me app signing software name is BeHappy
(You need to install Java JVM first to run BeHappy)
We install the Jad generator which is BeHappy... This application will
generate the jad for a specific jar file a with key signed with the Darkman certificate.
Download BeHappy from this link

Run BeHappy and drag your j2me jar file onto the BeHappy Window and a popup ballon will say that
it has been signed..

Now copy both the J2me jar file with its jad file into your s40 phone and there you have it!!
A working signed j2me application.. Now you can set your application access to anything including
the "Always allowed option"..

4.0 END
I will be uploading my own links soon...
by funtikar

J2ME RCE tutorial

J2ME RCE tutorial
by funtikar

By viewing the contents of this document , you have agreed that I will not hold any responsibility of anything that occurs related or affected by this document.

I made this tutorial purely for educational purpose. Be aware that the application targeted in this tutorial have been numerously had its registration routine removed by other individual.

Using ClassHacker To RCE Q-SPY CAM.
Tools needed_
@Java JVM documentation
(all of the materials above are freely available on the internet)
The target on the other hand is not free but is free to download.

First download qspycam and make two copies of it using MiniCommander. One for running the app and one for RCE. Run qspycam and analyse the whole thing. You will see string "Submit Code","Key" and other stuff. As you can see ,as soon as qspycam is loaded then activation nag is showed. This could mean that the code for this activation routine is at the first class file thats launched. Now extract the contents of qspycam to an empty folder. To know the class file thats launched first, just go to the META-INF folder and open MANIFEST.MF file with any text editor and search for MIDlet-1. In the line where midlet-1 lies you will see 3 parts separated by commas which is first MidletName,MidletIcon,MidletMainClass. Now this MidletMainClass is what we want because its the first class file launched. Which in this case is spycam.class. Open up ClassHacker and select spycam.class ,wait for it to finish. After it finishes reading then a menu showing "Constant Pool","Field", "Methods" and other will come up . Select Methods and select the first method which is . Now a display will show lines of lines of code which should be easily understood by refering to the Java bytecode specs. As you can see there its only loading a bunch of png images. We'll move on to the next method. Which is startApp. Here you will see lots of the word activation until ifne Label107 its only preparing the activation form. ifne Label107 is the first jump we see. Why don't we find out where does this jump leads to. Scroll down at the bottom and you will see Label107 and under it is the MainMenu spawn. Just under the "ifne Label107" is the activation form being launched. If you have enough grey matter then you would think that "ifne Label107" should jump to Label107(MainMenu) and not go down. How do we do this you say? Well the vice versa of ifne is ifeq. We'll just change it to ifeq then. After you have changed it save the changes and pack all the contents of qspycam back to a jar file using MiniCommander. Run the modified qspycam and you will see that its not showing the activation form instead it shows the MainMenu.

Another way to patch the application_

heres another way to do it. In the activation form you are told to enter "your received key" and theres the "SubmitCode" button. In code there should be a routine that compares the code entered and the "real" code and when it is equal it shows MainMenu ,if it is not equal it doesnt do anything. We'll just take one string from the activation form then it will lead us to the rite class file. I choose "Activation Required" string. Now enter the string in MiniHalo and press search. Sure enough we get 2 class file which is Activation.class and ActivationPaypal.class. We will open up Activation.class since paypal doesnt make any sense as the activation routine. Open up Activation.class file with ClassHacker and analyse all the method or you can just go to the submitCode method. Analyse it and as you can see there is word like TextField,Getstring and CompareTo . If you use your imagination you can see that its here that it compares the entered key with the real key. Under ifeq Label80 is lots of code about RMS storing and if you use your imagination you can see that here it stores the real key in RMS. Dont hesitate to change that ifne to ifeq. Try saving it. Bam!. It shows an error. ClassHacker couldnt save it. In this case we will have to use the old method which is using ClassEditor which functions more like a hex editor to me. The hex byte code for ifeq is 99 and ifne is 9A. Search this byte in Activation.class using ClassEditor. Woaargh !there are many byte with x99 value. We go back to ClassHacker and see the code under it. Its aload_0 the hex bytecode for this is 2A. According to java bytecode specs ifeq has parameters . In this case the parameter is Label80. Now we dont know what label80 is in hex. So we will blindly find the correct one. From our gathered info we have ifeq Label80:aload_0 in ClassHacker but in hex we have 99 xx xx 2A. So we have to search each 99's that matches this characteristic in Activation.class using ClassEditor. Once you found the correct one just change 99 to 9A(ifne). Save it and again pack all of qspycam contents to a jar file with MiniCommander. Wuhlah. Its done. Thats all for now guys.

Greetings to:
Prodigits S40
Askurfriends(especially Amanthe1 and shrihars)(forum is dead)

authors site:

Monday, September 19, 2011

Wubi - Windows Ubuntu Installer

Wubi is a ubuntu installer for windows. With Wubi you can install ubuntu without burning to CD,without repartition or partitioning of hard disk(which is dangerous for newbies). with a wubi installation you can test ubuntu quickly and also save & edit data.
Download Wubi to install Ubuntu SAFELY!!

Wednesday, September 14, 2011

Play Angry Birds on your web browser(not flash?)

You can play Angry Birds on your web browser yes!without Flash or a touchscreen phone. To play click the link below

Saturday, September 10, 2011

BASIC interpreter for Android

I've always been a fan of programming especially on cellphone but the thing is I really don't have much time learning complex concept in programming language,I have a life you know. That's where BASIC programming language comes in. They are easy to learn and grasp for beginners in programming language although lacking in speed of execution. However here I have list down some of the great BASIC interpreter for android,all of them which you can get from Android market.

1. Mobile BASIC by David J. Firth - I really liked MobileBASIC the j2me version when i still had my feature phone.

Mobile BASIC is an Android Application that allows you to easily develop small program directly on your Android Phone or Tablet. Mobile BASIC can be used to write a variety of applications including:- Personal Productivity, Business, Education and Special Interest Applications.
o Structured Dialect of BASIC:- No line numbers, IF THEN ELSEIF ELSE ENDING, REPEAT UNTIL, WHILE ENDWHILE etc.
o Strongly Typed Language with 8 data types: BOOLEAN, BYTE, SHORT, INTEGER, LONG, FLOAT, DOUBLE and STRING.
o Arrays (Single and Multi-Dimensional).
o Subroutines and Functions.
o Mathematical Functions including trigonometry (Degrees and Radians), Logarithms etc.
o String Handling Functions including LEFT$, RIGHT$, MID$, LEN, STR$.
o Touch Screen Facilities
o Simple I/O Facilities (OPEN, CLOSE, PUT, GET)
o Comprehensive Built-In Help System.
o Over 100 simple examples that illustrate the use of every facility.
o Now comes with a BASIC program to calculate Ohm's Law - this can be used as a starting point for many similar types of calculations / conversions.

2. Basic by Mintoris

The power of a programming language in the palm of your hand.
Basic provides you with a rich and powerful Basic language programming environment.
Now with Bluetooth serial communications!
Create your own custom solutions to everyday problems. With the extensive math functions a few lines of Basic code can save hours of work on a good calculator.
You can place shortcut icons on your desktop to run Basic programs with a single touch.
In the graphics mode (which will be extended in the future) you will find all the common drawing commands you would expect. Also included are a set of data graphing commands which allows you to graph an array of data with just a few lines of code.
Mintoris Basic contains multiple file I/O, complete SQLite support and a complete set of file manipulation commands.
Advanced array manipulation features are supported which allow you to perform operations on entire arrays with a single statement.
All the standard Sensor and GPS features of android are supported.
Mintoris Basic has been called "Fun" and could even be considered an intellectual strategy game where the outcome is totally dependent on the powers at your command.
3. Light Basic Interpreter by Pix Arts

Go back to your early programming days, learn programming or teach programming t
Light Basic Interpeter allows you to program your android phone in Basic.
Along with all the standard basic commands, it includes graphical commands that allow you to read and display bitmaps or do typical drawings operations.
It is packed with a powerfull editor, complete command reference and a lot of examples. In the full version you have the ability to load/save the programs created

Wednesday, September 7, 2011

Password masking in batch file(rip off from internet)

These are some of method used to mask password i found on the internet.

The first one is from paxdiablo from

Method 1
1st create GetPwd.cmd
@echo off
:: GetPwd.cmd - Get password with no echo.
strPassword = oScriptPW.GetPassword()
Wscript.StdOut.WriteLine strPassword

Important quote from pax diablo about this method
Unfortunately, scriptpw.dll is available with XP and 2003 but not later versions (Vista, Windows 2008 and Windows 7, I believe). In order to rectify this, you simply copy the scriptpw.dll file from the Windows\System32 folder of an XP or Windows 2003 system to the Winnt\System32 or Windows\System32 folder on your own system. Once the DLL has been copied, you will need to register it by running:

regsvr32 scriptpw.dll

Method 2

This one is from Guerrerohgp(somewhere on the net)

owh yeah i've edited this a little
@echo off
::Coded BY Guerrerohgp
mode con cols=35 lines=10
color f0

if not exist keyboard.exe ((echo.n keyboard.hgp
echo.e 0000 4D 5A 2E 00 01 00 00 00 02 00 00 10 FF FF F0 FF
echo.e 0010 FE FF 00 00 00 01 F0 FF 1C 00 00 00 00 00 00 00
echo.e 0020 B4 08 CD 21 3C 00 75 02 CD 21 B4 4C CD 21
type keyboard.hgp|debug
ren keyboard.hgp keyboard.exe)>nul 2>&1

echo.ERRORLEVEL:%errorlevel% LETTER:%let%
if "[%errorlevel%]"=="[32]" (set "let=SPACE"&set "vart=%vart% "
set "char=%char%*"
if "[%errorlevel%]"=="[8]" (set "let=BACKSPACE"
if "[%char%]"=="[]" (goto ini) else (set "char=%char:~0,-1%")
if "[%vart%]"=="[]" (goto ini) else (set "vart=%vart:~0,-1%")
goto ini)
if "[%errorlevel%]"=="[27]" goto:crazy
set nums=48
for %%a in ( 0 1 2 3 4 5 6 7 8 9 A
a b c d e f g h i j k l m n o p q r s t u v w x y z) do (set let=%%a
set let=UNKNOWN
if not "[%errorlevel%]"=="[%nums%]" (if "[%let%]"=="[9]" set nums=64
if "[%let%]"=="[Z]" set nums=96
set /a nums+=1
set vart=%vart%%let%
set "char=%char%*"

echo %vart%>logan.txt

Enjoy the code :D