SE-NSE Forums > [how-to] Create You Own Cert File And Use It To Sign Your Midlets

Full Version: [how-to] Create You Own Cert File And Use It To Sign Your Midlets

SE-NSE Forums > SE Firmware > Firmware Tutorials & Guides

frajo

2007-12-02 16:22

How to create you own cert file and use it to sign your midlets
to remove permissions, Using EQHalmer package

I know is not a pretty straight forward way but it works:

Get EQHalmer.zip file found here and unpack it on C:\ so you'll have this folder structure and files:
CODE
C:\EQHalmer\EQHalmer.exe
C:\EQHalmer\JRE
C:\EQHalmer\LIB
C:\EQHalmer\MS
C:\EQHalmer\Read me.txt
C:\EQHalmer\JRE\bin
C:\EQHalmer\JRE\lib
C:\EQHalmer\JRE\bin\classic
C:\EQHalmer\JRE\bin\hpi.dll
C:\EQHalmer\JRE\bin\java.dll
C:\EQHalmer\JRE\bin\java.exe
C:\EQHalmer\JRE\bin\LyricShow.jar
C:\EQHalmer\JRE\bin\net.dll
C:\EQHalmer\JRE\bin\verify.dll
C:\EQHalmer\JRE\bin\zip.dll
C:\EQHalmer\JRE\bin\classic\jvm.dll
C:\EQHalmer\JRE\lib\jvm.cfg
C:\EQHalmer\JRE\lib\rt.jar
C:\EQHalmer\JRE\lib\security
C:\EQHalmer\JRE\lib\tzmappings
C:\EQHalmer\JRE\lib\security\java.policy
C:\EQHalmer\JRE\lib\security\java.security
C:\EQHalmer\LIB\unzip.exe
C:\EQHalmer\LIB\zip.exe
C:\EQHalmer\MS\cd
C:\EQHalmer\MS\certify.bat
C:\EQHalmer\MS\certify1.bat
C:\EQHalmer\MS\Config
C:\EQHalmer\MS\doit.bat
C:\EQHalmer\MS\doit1.bat
C:\EQHalmer\MS\JadTool.jar
C:\EQHalmer\MS\jar
C:\EQHalmer\MS\keystore.dat
C:\EQHalmer\MS\LyricShow V 0.6.5.zip
C:\EQHalmer\MS\LyricShow.jad
C:\EQHalmer\MS\LyricShow.jar
C:\EQHalmer\MS\makecert.bat
C:\EQHalmer\MS\New
C:\EQHalmer\MS\readme.txt
C:\EQHalmer\MS\rmprop.exe
C:\EQHalmer\MS\spe.exe
C:\EQHalmer\MS\Config\Certificate store
C:\EQHalmer\MS\Config\Policy
C:\EQHalmer\MS\Config\Certificate store\halmer.cer
C:\EQHalmer\MS\Config\Policy\manufacturer.sbp
C:\EQHalmer\MS\New\doit.bat
C:\EQHalmer\MS\New\LyricShow.jad
C:\EQHalmer\MS\New\LyricShow.jar
Take care of structure inside zip file because EQHalmer folder appears twice: \EQHalmer\EQhalmer\*.*, extract all files from the innermost EQHalmer folder to C:\
edit these files:
- C:\EQHalmer\MS\certify.bat
- C:\EQHalmer\MS\certify1.bat
- C:\EQHalmer\MS\makecert.bat
in all of them change first line to
CODE
set JAVA_HOME=C:\EQHalmer\JRE
(Optional) edit this file:
- C:\EQHalmer\MS\makecert.bat
change line 19 from:
CODE
set DNAME="OU=%1,O=Mobile-Review,C=TEAM"

to whatever you want to have in your cert, for example:
CODE
set DNAME="OU=%1,O=frajo,C=se-nse"
Open a CMD window (on windows XP press WINkey+R then type CMD) and then go to C:\EQHalmer\MS\ typing:
CODE
CD C:\EQHalmer\MS
then type:
CODE
makecert.bat mycert

where mycert should be replaced by the name you want for your cert. At the end you own cert file will be in C:\EQHalmer\MS\Config\Certificate store\mycert.der
Change your cert file extension from .der to .cer. You can do this in the CMD window typing:
CODE
CD "C:\EQHalmer\MS\Config\Certificate store"

and then:
CODE
REN mycert.der mycert.cer
Upload your cert file mycert.cer from C:\EQHalmer\MS\Config\Certificate store\mycert.der to your phone using the procedure described here. Please remeber to edit customize_upgrade.xml file and change certificate name field from halmer to mycert and datafile field from halmer.cer to mycert.cer like this:
CODE
<?xml version="1.0" encoding="UTF-8"?>
<customization>
    <security>
        <certificate>
            <name>mycert</name>
            <type>x509</type>
            <storage>java-3p</storage>
            <datafile>mycert.cer</datafile>
        </certificate>
    </security>
</customization>

you may upload the files as described here on "5) Uploading files via FSX *optional*". Modified customize_upgrade.xml file and your own cert file mycert.cer should be uploaded to tpa/preset/custom. You may also use XS++ 3.1 it has a full FS browser that will speed up the whole thing, just follow the instructions there on how to upload files using FSX™
After sign your Midlets, you must edit this file:
- C:\EQHalmer\MS\doit.bat
and change halmer into mycert

before:
CODE
certify.bat halmer jar

after:
CODE
certify.bat mycert jar
(Optional) and edit this file:
- C:\EQHalmer\MS\certify.bat
Lines 7 to 15 determine permisions to be granted to the midlet, =1 means grant, =0 means do not grant. For example:
CODE
set FILE_READ=1
set FILE_WRITE=1
set INTERNET=1
set SMS=0
set MMS=0
set COMM=0
set BLUETOOTH=0
set CAMERA=0
set PIM=0
grants permisions to Read and Write File System and access Internet.

C:\EQHalmer\MS\certify1.bat has alredy set all permisions in 1, if you like to use it also edit C:\EQHalmer\MS\doit1.bat as described in previous step.
To finally sign your midlet copy .jar and .jad files in C:\EQHalmer\MS\jar then run C:\EQHalmer\MS\doit.bat by double click on it from windows explorer, this will modify the original .jad file adding signature and permissions. NOTE: use C:\EQHalmer\MS\doit1.bat to set full permissions as described on previous step. After trying to sing a new midlet remeber to clean up C:\EQHalmer\MS\jar by moving your already signed .jar and .jad files to another location.
To install your signed midlet copy both .jar and .jad from C:\EQHalmer\MS\jar to your phone (or MS) in to others folder using your USB data cable. Then use the phone to browse to others folder and use the .jad file to setup the application.
TIP: rename .jad file adding a "_" after the name so you can easy tell what is the jad file when browsing with phone. ie: "LyricShow.jad" rename it to "_LyricShow.jad" Because phone will show to you 2 files with same name and icon.

Now you will have your midlets signed with your own cert mycert.cer instead of halmer.cer

NOTE: you can still sign your midlets using Halmer by "drag and drop" in to EQHalmer.exe es described in the original thread.

nordingh

2007-12-02 18:13

What the point of doing this if I can just drag and drop. Nobody care the cert using you name or not, it in your phone anyway.

commando

2007-12-02 19:04

Thanks a lot man ...

in first look i could not get it ...as these things have just passed above my head ....

after couple of days i will check it and may bother you again for any help if needed

any way nice job .

Snowiffic

2007-12-02 19:06

Hey Frajo, Very good job there!

frajo

2007-12-03 02:10

QUOTE (nordingh @ 2007-12-02 13:05)

What the point of doing this if I can just drag and drop. Nobody care the cert using you name or not, it in your phone anyway.

Well, I know a couple guys that care about, so this tuto is for them... I admit it is lot of work first time you do it, but once you have the cert and it is upload to the phone, is just a mater of sign every midlet you want in a single step. (step 10

)

frajo

2007-12-03 02:12

QUOTE (commando @ 2007-12-02 13:56)

any way nice job .

QUOTE (Mr. Thunderbird @ 2007-12-02 13:58)

Hey Frajo, Very good job there!

Thank you!

Mr.Hassan

2008-01-18 08:40

Hi frajo!

Thanx for a nice guide on how to sign j2me midlets.

I have some problems thou..

I followed your Guide,and have a new certificate on my SE K800iv cellphone with mynickname.cer.But when I sign the *.jar and *.jad files and moved the sign files over tho my cellphones other folder (I tried both the memorystick and phone)And are going to install the j2me midlet from the *.jad file. It looks good at first but then I get "Operation failed". <-Something I find strange then I have done it by the "book".

Anything I might have forgot?

Reaper_2010

2008-02-09 12:01

no offence,but did anyone have this working?

i patched my phone with no java permissions,but its wrong,this way is best.

Jinx13

2009-02-02 00:14

can anyone help i have tried installing the halmer cert my own cert and also some certs from THIS thread on my c902 everytime i put both the cer file(s) and the .xml the please wait screen gets stuck and i have to remove the .xml

EDIT

LMFAO proof google knows everything just bluetooth it and it installs

iteo

2009-03-14 01:53

In order to use the Halmer certificate, does the phone already need to have been debranded?(Please excuse my inexperience.)

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.