1 <?
createHeader("Hacking Barry"); ?
>
3 <?
include ("barry.inc"); ?
>
5 <div
class="subHeader">BlackBerry protocol
</div
>
7 <p
>No BlackBerry
-related protocol project would be complete without referencing
8 the fine documentation from the Cassis project
, which tackled the earlier
9 serial protocol
. You can find this documentation at
:
12 <a href
="http://off.net/cassis/protocol-description.html">http
://off.net/cassis/protocol-description.html</a>
15 <p
>There were some major
and minor differences found between the serial
16 protocol
and the USB protocol
. Some of the
new handheld devices
use new
17 database record access commands
, and in these cases the record format changes
.
18 See the code
for more detailed information
.</p
>
20 <p
>Further documentation on the USB protocol is planned
. Stay tuned
.</p
>
23 <div
class="subHeader">Playing with the protocol
</div
>
25 <p
>The USB captures were performed on a Windows XP Pro system running UsbSnoop
26 from
<a href
="http://benoit.papillault.free.fr/usbsnoop/index.php">http
://benoit.papillault.free.fr/usbsnoop/index.php</a></p>
28 <p
>You can
use the convo
.awk
and btranslate
.cc tools to turn these very verbose
29 logs into something more manageable
. Other than the normal USB control
30 commands at the beginning of each conversation
, it was found that only
31 USB Bulk Transfers were used
.</p
>
33 <p
>The btool utility is at the stage where it can be used instead of UsbSnoop
,
34 for database operations
. You can
use the
-v
switch to turn on data packet
35 dumping
, which will display the sent
and received packets in canonical hex
36 format
as btool talks to the device
. You can
use this in combination with
37 the
-d
switch to capture
new database records to reverse engineer
.</p
>
39 <p
>If you reverse engineer some of the unimplemented packet formats
, please
40 send patches
and/or documentation to the
41 <a href
="http://sourceforge.net/mail/?group_id=153722">mailing
list</a
>!</p
>
43 <p
>See the doc
/Hacking file
for more information on getting started reverse
44 engineering the protocol
.</p
>
47 <div
class="subHeader">Some notes on code architecture
</div
>
49 <p
><i
>Note
: this is currently out of date
.</i
></p
>
53 Lowest level is the libusb software
.
60 <td valign
=top
>usbwrap
.{h
,cc
}</td
>
61 <td valign
=top
>C++ wrapper
for libusb
</td
>
63 <td valign
=top
>data
.{h
,cc
}</td
>
64 <td valign
=top
>C++ data
class for buffer management
and hex log file input
and output
</td
>
66 <td valign
=top
>debug
.h
</td
>
67 <td valign
=top
>general debugging output support
</td
>
72 <p
>Barry low level layer
:
76 <td valign
=top
>packet
.{h
,cc
}</td
>
77 <td valign
=top
>low level packet builder
class, having knowledge of
78 specific protocol commands in order to hide protocol details
81 <td valign
=top
>protostructs
.h
</td
>
82 <td valign
=top
>low level
, packed structs representing the USB protocol
</td
>
84 <td valign
=top
>time
.{h
,cc
}</td
>
85 <td valign
=top
>time conversions between
1900-based minutes
and C
's 1970-based time_t</td>
94 <td valign=top>base64.{h,cc}</td>
95 <td valign=top>base64 encoding and decoding (for LDIF)</td>
97 <td valign=top>builder.h</td>
98 <td valign=top>C++ virtual wrappers to connect record and controller in a generic way</td>
100 <td valign=top>endian.h</td>
101 <td valign=top>big/little endian defines... only used for compiling
102 the library, never installed</td>
104 <td valign=top>error.{h,cc}</td>
105 <td valign=top>common exception classes for Barry layer</td>
107 <td valign=top>probe.{h,cc}</td>
108 <td valign=top>USB probe class to find Blackberry devices</td>
110 <td valign=top>protocol.{h,cc}</td>
111 <td valign=top>structs and defines for packets seen on wire</td>
113 <td valign=top>common.{h,cc}</td>
114 <td valign=top>general API and utilities</td>
116 <td valign=top>socket.{h,cc}</td>
117 <td valign=top>socket class encapsulating the Blackberry logical socket</td>
119 <td valign=top>record.{h,cc}</td>
120 <td valign=top>programmer-friendly record classes</td>
122 <td valign=top>parser.{h,cc}</td>
123 <td valign=top>C++ virtual wrappers to connect record and controller in a generic way</td>
125 <td valign=top>controller.{h,cc}, controllertmpl.h</td>
126 <td valign=top>high level API class</td>
128 <td valign=top>version.h</td>
129 <td valign=top>library version information and API</td>
131 <td valign=top>s11n-boost.h</td>
132 <td valign=top>serialization functions for record.h classes</td>
134 <td valign=top>barry.h</td>
135 <td valign=top>application header (only one needed)</td>
137 <td valign=top>cbarry.h</td>
138 <td valign=top>C application header (incomplete)</td>
147 <td valign=top>btool.cc</td>
148 <td valign=top>command line testing utility</td>
150 <td valign=top>bcharge.cc</td>
151 <td valign=top>set device to use 500mA, and also enables database access for Blackberry Pearl devices</td>
153 <td valign=top>breset.cc</td>
154 <td valign=top>does a USB level software reset on all Blackberry devices found</td>
156 <td valign=top>convo.awk</td>
157 <td valign=top>script to convert UsbSnoop log files into trimmed-down request/response conversations</td>
159 <td valign=top>ktrans.cc</td>
160 <td valign=top>turns USB kernel capture logs from 2.6 kernels into hex+ascii dumps</td>
162 <td valign=top>translate.cc</td>
163 <td valign=top>translate UsbSnoop log file data into hex+ascii dumps</td>
165 <td valign=top>upldif.cc</td>
166 <td valign=top>takes an ldap LDIF file on stdin and uploads contact data to the Blackberry, overwriting existing contacts</td>
175 <td valign=top>addcontact.cc</td>
176 <td valign=top>example for adding a contact record to the device</td>