Rebuilding .cod files

[kartikhm]

Does anyone know how to modify .cod files,it may prove very useful in many things like we can customize themes,crack apps,etc.
From the knowledge I have gained from various sources I can share these things:
1)Bypass signature requirement for COD files:-

We still cannot bypass signature control, but results, in fact, quite interesting.
After many unsuccessful experiments and reviews of both – SignatureTool and rapc , we decided to try another approach – net_rim_api. Our assumption was that any API call should be mapped to particular function prototype in net_rim_api library. If we can learn how it was done then the next step would be to create our own “prototypes” of system functions and try to bypass needs for application signing. Our assumption was “almost” correct. Why “almost” I’ll explain later.
What we did, we used information dumped from cod files, namely – class names and methods definitions, to create prototype java files. An example:
// ##########################################
// Decompiled by : coddec
// Module : XXXXXXXXXXXXXX.cod
// Module version : 4.2.1.89
// #########################################
package net.rim.vm;
public class Process
{
native public int getLastIdleCounter();
}
The trick is just simple to declare a function as native. Then the file was compiled using standard java compilator. The resulting class file was slightly corrected by JavaBite tool to remove constructor code, but I am not quite sure that it was strictly required. Anyway you are free to experiment.
Next step is to add our class file to ne_rim_api.jar file. This task is very-very simple. We used 7-Zip to accomplish that.
Well, that’s it. If in your project you call getLastIdleCounter(), rapc will compile your project without any signature warning. Why was it cool ? getLastIdleCounter() is just an example, using the same approach is possible to call system functions not using protected RIM API.
Unfortunately, it only worked on emulator. There was additional signature requirement we weren’t aware of. Signer ID for this one is 33 and it appears as “Secure API” in the error message. We couldn’t find any useful information regarding that, but it seems it is related to so called “Secure Device” flag and it works the same way as firewall rule – “Deny All”.
If it would be possible to turn the flag off … We are trying to figure out how …
By the way, the public key for Signer ID ( 33 ) is the same for all devices and BB emulator, it begins with 0x8F A7 61 CA 6E B6 94 5E 28 86 … the length is 128 bytes (1024 bits). It is physically located in rim*.sfi file.
Another possibility would be to replace this key with own public key, but it would be necessary to re-sign all system libraries using own private key as well.
It is definitely an improvement over raw binary in COD files and is usable for reversing applications. The decompiler and custom patching can also be used to further explore the OS using the simulator—for example, decompiling some of the network classes, changing their behavior, recompiling, and then substituting the modified Java class in the original JAR. The modified code can now be run in the simulator. This trick will not work on real devices because they enforce code signing for OS code.

And we are not quite sure if it would be possible to patch sfi file at all as it might be signed too.

2)When you change a .cod file content, then it's signature becomes incorrect, and the .cod file becomes unusable.
A possible solution to this is if we can create a new cod file on our own copying and editing the source code and other required class file statements and make our own .cod file and signature will it work???
If so any such softwares available? Can BlackBerry JDE,Visual Studio,Text Editor.... or any other tool be used? I am sure some people are aware of such softwares and things.