Hacking on Barry

BlackBerry protocol

No BlackBerry-related protocol project would be complete without referencing the fine documentation from the Cassis project, which tackled the earlier serial protocol. You can find this documentation at:

There were some major and minor differences found between the serial protocol and the USB protocol. Some of the new handheld devices use new database record access commands, and in these cases the record format changes. See the code for more detailed information.

Further documentation on the USB protocol is planned. Stay tuned.

Playing with the protocol

The USB captures were performed on a Windows XP Pro system running UsbSnoop from http://benoit.papillault.free.fr/usbsnoop/index.php

You can use the convo.awk and btranslate.cc tools to turn these very verbose logs into something more manageable. Other than the normal USB control commands at the beginning of each conversation, it was found that only USB Bulk Transfers were used.

The btool utility is at the stage where it can be used instead of UsbSnoop, for database operations. You can use the -v switch to turn on data packet dumping, which will display the sent and received packets in canonical hex format as btool talks to the device. You can use this in combination with the -d switch to capture new database records to reverse engineer.

If you reverse engineer some of the unimplemented packet formats, please send patches and/or documentation to the mailing list!

See the doc/Hacking file for more information on getting started reverse engineering the protocol.

Enjoy!