Symbian AppTRK

Things are quite easy with the Symbian TRK! Today I decided to write a small program to interact with it and everything worked extremely smoothly. My driver program can download a SIS file to the phone, automatically install and run it. It reacts to debugging events and gracefully closes the connection when the application terminates. Below are just a few pictures for the curious.


Here’s the applications folder of the phone:

The TRK comes with the Pro version of the Carbide development environment. HelloWorld is just a sample application (maybe I spent more time on it than on the driver). The TRK kernel can connect to the main computer over USB or Bluetooth. Since my computer does not have a Bluetooth connection, I use a USB cable. The port number and baud rate seem to be irrelevant but they are displayed anyway:

At the main computer the connection is visible as a serial (COM) port. Connecting to the phone and sending bytes forth and back is quite easy: just open the serial port with CreateFile and use regular read/write system functions. Currently the driver is just a text-mode program and prints the communication packets on the screen:

Finally, here’s the helloworld application. It has been installed and ran by the driver program:

There is still a lot to do, but the foundation already exists. All this stuff is quite stable (IMHO much stabler than WinCE, probably because of a better memory protection).
We will have to modify the debugger in IDA to be able to work with TRK. IDA expects the application memory and registers to be available at all times but Symbian TRK is irresponsive while the application is running. Many other debugger servers behave the same way, so it is a good idea to support this mode.
If things go as well as today, we will have a Symbian debugger pretty soon!

This entry was posted in IDA Pro. Bookmark the permalink.

3 Responses to Symbian AppTRK

  1. mario says:

    just guessing, but the registers problem could be solved with an internal cache, like the gdb server does.

  2. FCA00000 says:

    Hi
    I suppose you know it is possible on preFP1 devices to read memory from kernel space using a user program.
    Unfortunatelly this doesn’t work on FP1 devices, but it works if you use the kernel process (#1) and the first thread (#2) .
    On the other hand, reading ROM is not possible, in my experiments. Were you able to read from it?
    If you need help, I will be more than happy to test, as I have also investigated a bit.
    Thanks

  3. neanton says:

    Hello, Ilfak and thanks for IDA!
    If you dont already know, symbian certificates protection was broken with the usage of AppTrk just some days ago. You can check this forum thread for detailed description: http://symbian-freak.com/forum/viewtopic.php?t=17479