FacistsRunRIM

BlackBerry Engineering Screens:
The BlackBerry devices all contain a hidden engineering screen (internally referred to as the escreen).
On all recent devices (OS 4.0 and later), access to the escreen is controlled through a code generated
from the application version, device PIN, and device uptime.

To access the escreen, access the device "Help Me!" screen. For QWERTY devices, perform the key
combination Alt+Shift+H on the homescreen. For SureType devices, type Alt+EACE on the homescreen. For
SurePress devices, hold the Escape button, and tap the screen upper left, upper right, upper left, and
upper right corners in that sequence.

The "Help Me!" screen contains the application version, PIN, and current up time. Without leaving the
"Help Me!" screen, enter that information into the generator. The generator will give you the 8 digit
code for the current "Help Me!" screen. If you close the "Help Me!" screen, the device uptime will no
longer match the uptime used to generate the code.

Type the 8 digit code into the "Help Me!" screen. You will not see the digits as you type them, but once
all 8 correct digits are entered, the escreen will activate. Make sure to use Alt for the numbers on
QWERTY devices. Make sure to use multitap to enter the digits on SureType devices.

Once activated, the escreen will replace the "Help Me!" screen for the duration specified when
generating the code. You can close the escreen earlier by setting your device clock ahead past the
expiration time, reactivating the "Help Me!" screen, then setting your device clock back to normal.

Pseudo-Code:
# Filter uptime, PIN, and OS version by regexps `^[0-9]+$`, `^[0-9a-f]{8}$`, and `^([0-9]+\.[0-9]+\.[0-9]+ \([0-9]+\))|(4\.[0-1]\.[0-9]+\.[0-9]+)$`, respectively.
# Convert PIN to lowercase.
# Select the lifetime string value based on the desired code lifetime:
    * 1 day: ""
    * 3 days: "Hello my baby, hello my honey, hello my rag time gal"
    * 7 days: "He was a boy, and she was a girl, can I make it any more obvious?"
    * 15 days: "So am I, still waiting, for this world to stop hating?"
    * 30 days: "I love myself today, not like yesterday. I'm cool, I'm calm, I'm gonna be okay"
# To create the data string: concatonate the PIN, OS version, uptime, and lifetime string, in that order.
# Calculate an HMAC-SHA1 on the data string using "Up the time stream without a TARDIS" as the HMAC key.
# Convert the first 4 bytes of the binary HMAC into an 8 character hex string (or if your HMAC-SHA1 outputs a hex string, take the first 8 characters).

Sample Codes (to test your own generator):
***********************************
App Version: 4.5.0.110 (152)
PIN: 12345678
Uptime: 12345

Unlock code [1 day]: e1242bea
Unlock code [3 days]: 5003da66
Unlock code [7 days]: 88c59071
Unlock code [15 days]: b9b8520d
Unlock code [30 days]: 434bea2e
***********************************
App Version: 5.0.0.1 (1)
PIN: 00000000
Uptime: 54321

Unlock code [1 day]: b9cddfdc
Unlock code [3 days]: 9fe7a8a0
Unlock code [7 days]: e76342b8
Unlock code [15 days]: fb29bef6
Unlock code [30 days]: 18f120c4
***********************************
App Version: 4.7.0.1 (2)
PIN: 88888888
Uptime: 5

Unlock code [1 day]: e8f37d51
Unlock code [3 days]: cec3ae24
Unlock code [7 days]: 0f6c06fa
Unlock code [15 days]: 284ea7cc
Unlock code [30 days]: 58d732cb
***********************************

Java Implementation:
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

// The code RIM doesn't want you to see.
public class EScreenWizard
{
	private static final String HMAC_KEY = "Up the time stream without a TARDIS";

	private static final String[] DURATION_KEY = {
		"",
		"Hello my baby, hello my honey, hello my rag time gal",
		"He was a boy, and she was a girl, can I make it any more obvious?",
		"So am I, still waiting, for this world to stop hating?",
		"I love myself today, not like yesterday. I'm cool, I'm calm, I'm gonna be okay"};

	private static final String[] DURATION_LEN = {
		"1 day",
		"3 days",
		"7 days",
		"15 days",
		"30 days"};

	public static void main(String[] args) throws IOException, NoSuchAlgorithmException, InvalidKeyException
	{
		BufferedReader console = new BufferedReader(new InputStreamReader(System.in));
		System.out.println("BlackBerry Engineering Screen Unlock Code Generator");
		System.out.println();

		// get the data that is used to generate the key
		System.out.print("App Version: ");
		String appVer = console.readLine();
		System.out.print("PIN: ");
		String pin = console.readLine();
		System.out.print("Uptime: ");
		String uptime = console.readLine();
		System.out.println();

		// generate the HMAC-SHA1 for all 5 possible codes
		for (int duration = 0; duration < 5; duration++)
		{
			// get an hmac_sha1 key from the raw key bytes
			SecretKeySpec signingKey = new SecretKeySpec(HMAC_KEY.getBytes(), "HmacSHA1");
			Mac mac = Mac.getInstance("HmacSHA1");
			mac.init(signingKey);

			// generate the data
			StringBuffer buffer = new StringBuffer();

			buffer.append(pin.toLowerCase());
			buffer.append(appVer.toLowerCase());
			buffer.append(uptime.toLowerCase());

			buffer.append(DURATION_KEY[duration]);
			String data = buffer.toString();

			// compute the hmac on input data bytes
			byte[] rawHmac = mac.doFinal(data.getBytes());

			System.out.println("Unlock code [" + DURATION_LEN[duration] + "]: " + makeDigestString(rawHmac).split(" ")[0]);
		}
	}

	private static String makeDigestString(byte[] input)
	{
		StringBuffer buffer = new StringBuffer();
		for (int i = 0; i < input.length; i++)
		{
			if (i % 4 == 0 && i != 0)
				buffer.append(" ");
			int x = (int)input[i];
			if (x < 0)
				x += 256;
			if (x < 16)
				buffer.append("0");
			buffer.append(Integer.toString(x, 16));
		}
		return buffer.toString();
	}
}