E680i was shipped with a lot of preloaded Java games and applications in /diska/.prepload folder.

All of them are used Encryption-Method: AES128CBC to encrypt the content.

I think all the decrypt keys can be found in /ezxlocal/download/appwrite/rights folder.

E680i will use that key to decrypt the jar file before it can be run.

If we know how to decrypt AES128CBC method, we can get the .jar file's content. Then we can unjar it to modify preloaded Java games and applications or at least we can learn somethings on how to write a java application like motorola's preloaded Java games and applications.


Here is some information about decrypt iTune's AES128 CBC
<<<
The encryption is standard AES128 CBC. The iv, of course, is sent in the header, and the encryption ... I wrote a Perl script to decrypt Apple's responses. ...

http://hcsoftware.sourceforge.net/ja...hrer/itms4all/
>>>

<<<
The encryption is standard AES128 CBC. The iv, of course, is sent in the header, and the encryption key is:

8a 9d ad 39 9f b0 14 c1 31 be 61 18 20 d7 88 95

The key is actually generated from the following code snippet:

MD5_CTX ctx
unsigned char key[16];
MD5_Init(&ctx);
MD5_Update(&ctx,"Accept-Language",15);
MD5_Update(&ctx,"user-agent",10);
MD5_Update(&ctx,"max-age",7);
MD5_Final(key,&ctx);
// key[16] contains the AES key now
Song samples are simply normal .aac files.
>>>

http://www.aaronsw.com/2002/itms/

People can decrypt iTune's AES128CBC. So I hope one day we can decrypt motorola's preload java AES128CBC?




Winning gives birth to hostility.
Losing, one lies down in pain.
The calmed lie down with ease,
having set winning & losing aside.