NB: Cracking is against law, and this guide is for information only, i dont take any responsibility on any software you cracked, and/or installed on your device. you can always read and check developer license agreement.
Here is the detailed guide using ollydbg as debugger, you can also use winhex, it gives the same result, i made some changes on the guide to fit the new apps.
Download Here chose the version same your device version, if you dont know, hold "alt+shift" and press "H"
note: always try to download the old version cause RIM know about this method and the fixed some new simulator versions
Download and install blackberry jde version of choice, chose the version same your blackberry version, to check your device version hold "alt+shift" and press "H"
when the installation is complete. click start > programs > research in motion > blackberry jde 4.x.x locate device simulator icon > right click and go to properties then click on find target. create a shortcut of defaultsimulator.bat on your desktop or the quick launch menu, whichever you prefer. copy dmpclean.bat into your simulator’s folder, by default it should be c:\program files\research in motion\blackberry jde 4.x.x\simulator basically the same folder where the defaultsimulator.bat file is located. once copied, create a shortcut of dmpclean.bat as well next to your defaultsimulator.bat shortcut on the desktop or quick launch.
Right click on shortcut to defaultsimulator.bat and choose edit, at the end of the text you will see /pin=0x2100000A change this value to your blackberry's pin, and behind add your IMEI without any quotes (necessary for some IMEI verified applications) , and save it. For example, if my pin number is 24d25d8a and my IMEI is 357880.00.879598.5 then the parameter would look like this /pin=0x24d25d8a /IMEI=357880008795985
aunch the device emulator by double clicking on the shortcut to defaultsimulator.bat icon. be patient, it takes some time to load the simulator as it has the same feel as your blackberry. (note, jde 4.5.0 or maybe even lower versions start up much faster). Go to View -> "keep lcd on" to avoid flushing the memory dump To be sure your pin is being read correctly, navigate to options > scroll down to status and check for your pin.
To install an application into the simulator click on file > load java program> point to the DataVault.cod “our target app” then navigate to downloads and run the program. go to register, it shows our pin “good” and it’s asking for the registration code else it will expire. leave it (dont close it)
let's launch the debugger now. double click on ollydbg.exe, once loaded click on file then choose attach. the attach window opens up very small, simply stretch by pulling it from the right buttom corner so you can see the running programs on your computer. we are looking for a process name titled fledge with a path to the executable which should look like the following -c:\program files\research in motion\blackberry jde 4.x.x\simulator\fledge.exe - select this process and click attach. as it finishes loading all necessary files the debugger will pause, simply press F9 once or twice to continue or sometimes SHIFT + F9, depending on olly’s mood. leave it (dont close it)
Now go back to the simulator and enter any facke code, untill you see the message "field full" (we will enter the following as your code 97531) then press arrow down ↓ and click on register. note: do not enter 1234567... as your bogus serial ever because most likely you will end up nowhere. after pressing enter or clicking to register a window comes up saying “Wrong Key!”. we knew that. leave it (dont close it)
Now go back to the debugger window (OllyDbg), then click on do an ALT + M to open the memory map, and select the first line in the memory map window. then do CTRL + B to search for the number we entered in the ASCII field and enter 97531 as your search string and click oK. it begins to search in the memory for our bogus serial, a window titled dump pops up shortly showing the 97531 number we entered in the application > right below it shows our pin number > further down our serial is being constructed > finally we see the serial 42350 which happens to be the correct serial for my bogus pin number 24d25d8a
To test our discovered registration code let’s switch to the simulator window and enter it to see what happens, well just as we hoped it would be “you have successfully register..."
Almost of registration codes for blackberry apps are generally 5 characters long in numeric format, unless the developer decided to get super creative, they made it longer and become alphanumerical, and others get two serials, one Key and one Activation Code
Most Blackberry apps are pin specific, which means that when you discover one working key for one pin it doesn't always mean it will work on all other berries.
When searching the memory map in olly, your search string could sometimes be in UNICODE, however i only noticed some Blackberry app thus far.
When searching for serial in the dump sometimes the first search result isn't the only instance. while in the dump do CTRL+L to see if your bogus serial shows up more than once. with some apps the reg code shows up right away and with others you have to look for it. i also noticed that some times the reg code appears around your pin number, you might get lucky with some apps if you search for your pin number in ASCII while in the dump window by doing CTRL+B. generally, once your first search result pops up in the dump window you may need to scroll up or sometimes down several pages until you find your valid reg code. anyway, once you find a key or two and feel comfortable enough you will try other features of the debugger
Remember, you may not be successful with every app when it comes to finding a valid reg code. while in the dump window you will see 5 digit number 45654, this is a port number and not a serial. you will also see PURG followed by some numbers, this is not a serial either. when you download trial apps make sure the app has the option to register by inputting a serial which would make the app fully registered, otherwise some apps are just demo apps with expiration or limited functionality, these are not trial. we are not cracking the apps with this method but just finding the right codes for our pin.
You will be unable to crack some new apps version, try to crack the old one, install it on your blackberry and update to the new one, the apps will stay registerd in almost of time excepl for some (berrybuzz.v2,...etc)
Use Dmpclean.bat everytime before starting to clean the simulator's memory to default