Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
sheran
Posts: 36
Registered: ‎11-19-2008
My Device: Blackberry 9000 - Bold
Accepted Solution

How is the SHA hash for a module generated?

Hello,


I was wondering if anyone had any more information on the CodeModuleManager.getModuleHash() method?  The API says:

 

"Returns the SHA hash of a module."

 

I have used it before and it provides me with what looks like a SHA1 hash.  The only catch is, I am not able to reproduce this hash by generating a SHA or SHA1 hash using my computer.  

 

For example:

 

If the BlackBerry gives me 02A826682116ED6A7B9B4429CAAFD2DF198A29F7 for the net_rim_app_manager module, running the same .cod file does not provide me with a matching number:

 

 

azazel:tmp sheran$ openssl sha net_rim_app_manager.cod SHA(net_rim_app_manager.cod)= 03804aa899166d0eed95ddf3a758446c2159ee4b

azazel:tmp sheran$ openssl sha1 net_rim_app_manager.cod SHA1(net_rim_app_manager.cod)= 7feebefdad9a39d98c70d0282cca935fd2dc55fe

 

My questions: 

 

 

1. How is this hash generated for a specific module?  

2. How would the calculation differ for a module with many siblings? 

 

Thanks,

Sheran

Chirashi Security
Please use plain text.
Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: How is the SHA hash for a module generated?

[ Edited ]

The tail of each signed module is a list of signatures. When you compute the SHA-1 hash, you need to exclude this part of the binary from hashing.

 

When a module consists of several modules, it's actually a ZIP file. Each ZIP entry containing a (sibling) module has its own hash and signatures. Simplest way to test this is to unzip the .COD file and then compute the hashes for each file.

Please use plain text.
Developer
sheran
Posts: 36
Registered: ‎11-19-2008
My Device: Blackberry 9000 - Bold

Re: How is the SHA hash for a module generated?

[ Edited ]

Thank you.  I completely overlooked the fact that the signatures were appended to the COD file.  Calculating the hash of the file minus the signatures provides the expected value.  

 

With regard to a multi-sibling COD file (ZIP format), when I use the getHash method on it, the return value is the hash value of the first COD file.  For example:

 

DocsToGoCommon.cod is actually a ZIP file with the following entries:

 

DocsToGoCommon.cod
DocsToGoCommon-1.cod
DocsToGoCommon-2.cod
DocsToGoCommon-3.cod
DocsToGoCommon-4.cod
DocsToGoCommon-5.cod
DocsToGoCommon-6.cod
DocsToGoCommon-7.cod
DocsToGoCommon-8.cod
DocsToGoCommon-9.cod
DocsToGoCommon-10.cod

 

 

The getHash method will return the value of the unzipped DocsToGoCommon.cod

 

Regards,

Sheran

 

Chirashi Security
Please use plain text.
Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: How is the SHA hash for a module generated?

You're welcome!

Please use plain text.