I'd like to know how to disassemble/patch .sis files for Nokia 6600 Symbian.
Can anyone help me showing the right tools?
Thanx

Kassar:

Go back to the first page list of these Forums and actually read the BIG LETTERS AT THE TOP which tell you to READ THE FAQ and SEARCH before you ask a question. If you had done that, or did do that, you should have also seen the larger print on the Tools of the Trade Forum which state very clearly: "Do not ask where to get the Tools of our Trade. Do not even think about asking for them."

What you need to do is start over, do some preliminary work and searching on your own, follow the guidelines about describing what you have already done to help yourself and then ask a more pointed question than "Can anyone help me showing the right tools?"

Regards,

Have you tried IDA Pro (Advanced)? It can disassemble a hell of a lot of formats anyway, it would be my first guess except specialized tools for symbian.

About your question, as long as you have made some effort trying to find some info regarding the subject yourself (and made that clear), it is perfectly ok to ask WHICH tools that people prefer for a certain activity, as long as you don't ask WHERE to get them (if they are not both free and hard to find, then it's sorta ok to ask where to get them too ). Just make sure to formulate the question unambiguously when being close to unallowed subjects like that.

"Can anyone help me showing the right tools?"

Yeah, and then there was the part about showing that you made an effort yourself, or at least checked out the tips you were given...

What processor does that phone have?

See for example this, just like I told you in my last post:

http://www.datarescue.com/idabase/idaarm710a.htm

Now there's the format for "good writing". "Tell them what you're going to tell them; tell them; and then tell them what you told them."

Regards,

Now I know itěs an ARM processor.
I know IDA could disassemble sis files (http://www.datarescue.com/idabase/gallery/arm_epoc_sis.htm)
I'll try to disassemble it and... let you know.
Thanx

There you go, you've actually learned alot already, and that usually a good thing.

Regards,

I can't disassemble .sis files.
I try to load sis file setting ARM as processor but I don't get a disassembled file w/ strings.
Where am I wrong?

.text:10003410 aStoppingMessag unicode 0, <Stopping Messaging App>,0
.text:10003410 ; DATA XREF: start+1ACCo
.text:1000343E DCB 0, 0
.text:10003440 aStoppingHelpAp unicode 0, <Stopping Help App>,0 ; DATA XREF: start+1AD0o
.text:10003464 aStoppingSettin unicode 0, <Stopping Settings App>,0 ; DATA XREF: start+1AD4o
.text:10003490 aRegisteringSer unicode 0, <Registering Serial Number>,0
.text:10003490 ; DATA XREF: sub_10001EF0+29Co
.text:100034C4 aNoSerialFoundF unicode 0, <No serial # found for device: %S.>,0
.text:100034C4 ; DATA XREF: sub_10001EF0+2A8o
.text:10003508 aSerials_txt unicode 0, <SERIALS.TXT>,0 ; DATA XREF: sub_100021B0+C8o
.text:10003520 aEnablingXXXX unicode 0, <Enabling TALX>,0 ; DATA XREF: sub_100021B0+CCo
.text:1000353C dword_1000353C DCD 0x101F70B2 ; DATA XREF: .text:1000315Co

I doubleclick on "NoSerialFound" (sub_10001EF0+2A8o )and land here:
.text:10002130 LDR R1, =aNoSerialFoundF

This is part of a subroutine:
.text:10001EF0 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:10001EF0
.text:10001EF0
.text:10001EF0 sub_10001EF0 ; CODE XREF: sub_100021B0+5Cp
.text:10001EF0 STMFD SP!, {R4-R10,LR}
.text:10001EF4 SUB SP, SP, #0x660
.text:10001EF8 SUB SP, SP, #4
.text:10001EFC STR R0, [SP,#4]
.text:10001F00 ADD R5, SP, #0x38
.text:10001F04 MOV R4, #0
.text:10001F08 STR R4, [SP,#0x38]
.text:10001F0C STR R4, [R5,#4]
.text:10001F10 ADD R0, SP, #0x630
.text:10001F14 ADD R0, R0, #0xC
.text:10001F18 MOV R1, #0xF
.text:10001F1C BL sub_100024E4
.text:10001F20 BL sub_10002774
.text:10001F24 LDR R3, [R0,#0x1C]
.text:10001F28 STR R3, [SP,#0x34]
.text:10001F2C MOV R10, R4
.text:10001F30 MOV R0, R5
.text:10001F34 ADD R1, SP, #0x34
.text:10001F38 LDR R2, [SP,#4]
.text:10001F3C LDR R3, =0x101
.text:10001F40 BL sub_10002F04
.text:10001F44 CMP R0, R4
.text:10001F48 BNE loc_100021A0
.text:10001F4C LDR R3, =loc_1000311C
.text:10001F50 STR R3, [SP,#0x2C]
.text:10001F54 STR R5, [SP,#0x30]
.text:10001F58 ADD R3, SP, #0x2C
.text:10001F5C LDMIA R3, {R0,R1}
.text:10001F60 BL sub_10002534
.text:10001F64 ADD R0, SP, #0x630
.text:10001F68 ADD R0, R0, #0xC
.text:10001F6C BL loc_10001390
.text:10001F70 ADD R4, SP, #0x520
.text:10001F74 MOV R0, R4
.text:10001F78 BL sub_10002F14
.text:10001F7C MOV R0, R4
.text:10001F80 MOV R1, R5
.text:10001F84 BL sub_10002F24
.text:10001F88 ADD R0, SP, #0x318
.text:10001F8C MOV R1, #0x100
.text:10001F90 BL sub_100024E4
.text:10001F94 ADD R12, SP, #0x248
.text:10001F98 STR R12, [SP]
.text:10001F9C ADD R6, SP, #0x24C
.text:10001FA0 MOV R5, #0
.text:10001FA4 ADD R9, R6, #0x14
.text:10001FA8 B loc_100020E8
.text:10001FA8 ; ---------------------------------------------------------------------------
.text:10001FAC dword_10001FAC DCD 0x101 ; DATA XREF: sub_10001EF0+4Cr
.text:10001FB0 off_10001FB0 DCD loc_1000311C ; DATA XREF: sub_10001EF0+5Cr
.text:10001FB4 ; ---------------------------------------------------------------------------
.text:10001FB4
.text:10001FB4 loc_10001FB4 ; CODE XREF: sub_10001EF0+210j
.text:10001FB4 ADD R7, SP, #0x318
.text:10001FB8 MOV R0, R7
.text:10001FBC BL sub_100026D4
.text:10001FC0 MOV R0, R7
.text:10001FC4 MOV R1, #9
.text:10001FC8 BL sub_100026E4
.text:10001FCC MOV R8, R0
.text:10001FD0 CMN R8, #1
.text:10001FD4 BEQ loc_100020E8
.text:10001FD8 MOV R0, R7
.text:10001FDC MOV R1, R8
.text:10001FE0 BL sub_10002344
.text:10001FE4 ADD R3, SP, #0x24
.text:10001FE8 STMIA R3, {R0,R1}
.text:10001FEC MOV R0, R3
.text:10001FF0 ADD R1, SP, #0x630
.text:10001FF4 ADD R1, R1, #0xC
.text:10001FF8 BL sub_100026F4
.text:10001FFC CMP R0, #0
.text:10002000 BNE loc_100020E8
.text:10002004 ADD R0, SP, #0x1C
.text:10002008 LDR R1, =aRegisteringSer
.text:1000200C BL sub_100023E4
.text:10002010 ADD R0, SP, #0x1C
.text:10002014 BL sub_10002634
.text:10002018 LDR R3, =dword_10003618
.text:1000201C STR R3, [SP,#0x248]
.text:10002020 STR R5, [SP,#0x24C]
.text:10002024 STR R5, [SP,#0x250]
.text:10002028 STR R5, [R6,#8]
.text:1000202C MOV R0, R9
.text:10002030 MOV R1, #0x13
.text:10002034 BL sub_100024E4
.text:10002038 STR R5, [R6,#0x44]
.text:1000203C STR R5, [R6,#0x48]
.text:10002040 STR R5, [R6,#0x54]
.text:10002044 STR R5, [R6,#0x58]
.text:10002048 ADD R0, R6, #0xC
.text:1000204C BL sub_10002464
.text:10002050 MOV R0, R9
.text:10002054 BL sub_100024F4
.text:10002058 ADD R2, SP, #0x2A8
.text:1000205C MOV R3, #0x32
.text:10002060 STR R3, [SP,#0x2A8]
.text:10002064 STR R3, [R2,#4]
.text:10002068 STR R3, [R2,#8]
.text:1000206C MOV R3, #3
.text:10002070 STR R3, [R2,#0xC]
.text:10002074 STR R5, [R2,#0x10]
.text:10002078 STR R5, [R2,#0x14]
.text:1000207C MOV R3, #2
.text:10002080 STR R3, [R2,#0x18]
.text:10002084 STR R5, [R2,#0x1C]
.text:10002088 STR R5, [R2,#0x20]
.text:1000208C ADD R4, SP, #0x2CC
.text:10002090 MOV R0, R4
.text:10002094 LDR R1, =dword_10003548
.text:10002098 MOV R2, #0x20
.text:1000209C BL sub_10002574
.text:100020A0 STR R5, [R4,#0x48]
.text:100020A4 BL sub_10002774
.text:100020A8 MOV R1, R0
.text:100020AC LDR R0, [SP]
.text:100020B0 BL loc_100009E0
.text:100020B4 MOV R0, R7
.text:100020B8 ADD R1, R8, #1
.text:100020BC BL sub_10002704
.text:100020C0 ADD R3, SP, #0x14
.text:100020C4 STMIA R3, {R0,R1}
.text:100020C8 ADD R0, SP, #0x260
.text:100020CC MOV R1, R3
.text:100020D0 BL sub_10002504
.text:100020D4 BL sub_10002774
.text:100020D8 MOV R1, R0
.text:100020DC LDR R0, [SP]
.text:100020E0 BL loc_10000AB8
.text:100020E4 MOV R10, #1
.text:100020E8
.text:100020E8 loc_100020E8 ; CODE XREF: sub_10001EF0+B8j
.text:100020E8 ; sub_10001EF0+E4j ...
.text:100020E8 CMP R10, #0
.text:100020EC BNE loc_10002104
.text:100020F0 ADD R0, SP, #0x520
.text:100020F4 ADD R1, SP, #0x318
.text:100020F8 BL sub_10002F34
.text:100020FC CMP R0, #0
.text:10002100 BEQ loc_10001FB4
.text:10002104
.text:10002104 loc_10002104 ; CODE XREF: sub_10001EF0+1FCj
.text:10002104 BL sub_10002424
.text:10002108 ADD R0, SP, #0x34
.text:1000210C LDR R1, [SP,#4]
.text:10002110 BL sub_10002F44
.text:10002114 CMP R10, #0
.text:10002118 BNE loc_100021A0
.text:1000211C ADD R4, SP, #0x40
.text:10002120 MOV R0, R4
.text:10002124 MOV R1, #0x100
.text:10002128 BL sub_100024E4
.text:1000212C ADD R0, SP, #0xC
.text:10002130 LDR R1, =aNoSerialFoundF
.text:10002134 BL sub_100023E4
.text:10002138 MOV R0, R4
.text:1000213C ADD R1, SP, #0xC
.text:10002140 ADD R2, SP, #0x630
.text:10002144 ADD R2, R2, #0xC
.text:10002148 BL sub_100024B4
.text:1000214C STR R10, [SP,#8]
.text:10002150 MOV R0, R4
.text:10002154 ADD R1, SP, #8
.text:10002158 BL sub_10003104
.text:1000215C MOV R4, R0
.text:10002160 LDR R3, [R4]
.text:10002164 LDR R1, =0x8CC0059
.text:10002168 LDR R12, [R3,#0x78]
.text:1000216C MOV LR, PC
.text:10002170 BX R12
.text:10002174 ; ---------------------------------------------------------------------------

so "NoSerilaFound" call is here:
.text:10002104 loc_10002104
What can I do to bypass it?
Or should I make it jump anywhere from here:
.text:10002118 BNE loc_100021A0
this is the text wiev:ED 00 00 EB 0C 00 8D E2
I need to know the command to modify (BE?) and how can I assemble it?

Thanks a lot mates.
(In assembler I would bypass it by nopping...)

g'morning,

there's no 90h nop on ARM. what you basically do instead is changing the command to MOV R0, R0. the opcode therefore would be 00 00 A0 E1 ... use any hexeditor to patch the .app file. at least up to the ida version I'm using you can't reassemble arm code. but well, my ida is damn old ...

changing the BNE to BEQ would be

xx xx xx 1A -> xx xx xx 0A

there's an opcode list at http://www.ka0s.net

cya

Thank you very much, i'll try.

sis is just an archive (like zip is).
sis file contains the executable file (*.app),bitmap (mbm), aif..and some more files.
in order to disassemble any s60 written application, u must install it on your phone, than plug your USB cable (or use BlueTooth dongle), and copy the *.app (GUI application - executable under Symbian OS) to windows.
now, the only one out that you could do it with atm (probably nokia has some more phones out now, check thier pages) is with n-gage.

disassembly is for the ARM(9) as your target CPU.

well, unmakesis works with symbian 6 and still many of the new symbian 7 apps use the old (though unicode) file format. and as far as i see, makesis itself doesn't even support creating those compressed s7-sis files.

this means, that installing and copying back the .app files is always a possibility BUT I'd rather use atzplzw's sweet unmakesis to extract the files from the archive on my desktop pc.

unmakesis:
http://mitglied.lycos.de/atzplzw/

sis file format:
http://homepage.ntlworld.com/thouky/software/psifs/sis.html

hav' a nice one ...

does anyone have a working link to erl.exe ?

Monmur:

Here's a copy of a post I made in the Newbie Forum a short while ago which applies to you as well.

Time to notice the statement in the title of the Tools of the Trade Forum, which states:

"Do not ask where to get the Tools of our Trade. Do not even think about asking for them."

Those kinds of things you need to do on your own. Searching on the net is a very important skill for would be crackers. If you lack skill in seaching, there is a link at the bottom of the forums for +Fravia's Searchlores, where you can learn how to do it. There is even a "lite" version available with just the debugger.

Regards,

and not underestimating people around you is another important one ..

...and yet another one might be to formulate your questions and requests in a way that doesn't leave so much room for people to unnecessarily underestimate you then I guess.

I have not "estimated" you at all, either "over" or "under". I simply "advised" you of our rules, of which you should have been aware, and provided a link "If you lack skill in seaching."

Whether or not you have skills in searching, and whether or not you tried and failed to find what you were seeking, our rules still prohibit your asking for it here. That rule still applies, no matter how I might "estimate" you, and whether or not the rule meets with your approval.

Regards,

Well i use IDA 4.3 Advanced to disassemble a file of my own, just to practice how it could be done. unfortunately, the disassembly could not work on the code and it didn't give meaningful ARM instructions, instead it display the code section as it is data for example

.text:10000000 ; Segment type: Pure code
.text:10000000 AREA .text, CODE, READWRITE, ALIGN=0
.text:10000000 ; ORG 0x10000000
.text:10000000 CODE32
.text:10000000 dword_10000000 DCD 0xF028B500, 0xBC02FCD7, 0x4708, 0x1C06B570, 0x48271C0D
.text:10000000 ; DATA XREF: .text:10041CD4o
.text:10000000 DCD 0x48276070, 0x48276330, 0x6BB16030, 0xD0052900, 0x68826808
.text:10000000 DCD 0x21031C08, 0xFBD2F039, 0x29006BF1, 0x6808D005, 0x1C086882
.text:10000000 DCD 0xF0392103, 0x6C31FBC9, 0xD0052900, 0x68826808, 0x21031C08
!!!!
i already set the target processor to ARM before the disassembly. what do you think was wrong??

Thanks
aknd

i recon that's because you set the processor type to ARM but didn't set the Thumb mode flag. i'm not sure if CTRL + T is the rite shortcut (don't have ida here with me). but normally when you disassemble an executable for arm, ida tells you that arm has those 2 different modes and how to change them. (big fat messagebox rite before disassembling starts.

Thanks to you, well it works Alt+G then change the value of T register into any thing, the IDA processor begin to realize the thumb instructions