Tanvers
26-04-2004, 10:52 AM
BLZ files are proprietary archive format of the warez group BLZ-PDA. They can be installed on Series 60 Nokia phones with the publically available 7KB Blzinstall application. In a similar way to the historical wide distribution of PKunzip, the Blzinstall application has reached far and wide. Given that one can attain a BLZ file installer easily as well as its small size, the BLZ file archive format is a relatively attractive format for program distribution. The only disadvantages are the proprietary nature of the format(lack of implementation detail) and the association with the distribution of illegal software.
Due to curiousity I've done some spelunking into the BLZ file format via disassembly of the Blzinstall app. Below are my notes:
First off looking at the DLLs Blzinstall imports, EZLIB.DLL stands out. This is the EPOC/Symbian implementation of the standard Zlib library. The four functions imported are uncompress,inflateInit,inflate,inflateEnd.
After looking at the file checks in the app I've come up with some of the fileds in the header:
offset size(bytes) field
0 4 "NGPK" 4 character ascii string
4 4 0x0100 Version 1.00?
8 4 Compressed size of archive - (header+directory)
12 4 Uncompressed size of all files(install space)
16 4 compressed size of directory
20 4 Uncompressed size of directory
24 4 unknown
The header appears to always be 28 bytes long. The directory mentioned above holds the directory , filenames and uncompressed file sizes of all files in the package.
Adding the value in offset 8 to the value in offset 16 gives the offset of the compressed directory, which is at the end of the file. If you run the Zlib uncompress function on the compressed header (perhaps with Perl and Compress:Zlib) gives the uncompressed header.
The format of the directory :
It starts with the install directory for the files. Each directory and subdirectory name is an ascii string with the length as its first byte(pascal strings). Each directory name string is followed bythe value hex FFFFFFFF. For example :
S y s t e m a p p s
06h, 53h, 79h, 73h, 74h, 65h, 6dh, ffh, ffh, ffh, ffh, 04h, 61h, 70h, 70h, 73h
Following the directory strings is the filenames as pascal strings followed by the uncompressed size instead of FFFFFFFF.
I am not very familiar with the format of Zlib deflate streams so I'm not sure how to decode the big compressed archive (offset 1c to the value at offset 8). The inflate function does not require filenames or file sizes and just decompresses a provided buffer. If you have any further information please share it here in the forum.
Until Blz-Pda release the file format, this should be a start in making the format more open.
Due to curiousity I've done some spelunking into the BLZ file format via disassembly of the Blzinstall app. Below are my notes:
First off looking at the DLLs Blzinstall imports, EZLIB.DLL stands out. This is the EPOC/Symbian implementation of the standard Zlib library. The four functions imported are uncompress,inflateInit,inflate,inflateEnd.
After looking at the file checks in the app I've come up with some of the fileds in the header:
offset size(bytes) field
0 4 "NGPK" 4 character ascii string
4 4 0x0100 Version 1.00?
8 4 Compressed size of archive - (header+directory)
12 4 Uncompressed size of all files(install space)
16 4 compressed size of directory
20 4 Uncompressed size of directory
24 4 unknown
The header appears to always be 28 bytes long. The directory mentioned above holds the directory , filenames and uncompressed file sizes of all files in the package.
Adding the value in offset 8 to the value in offset 16 gives the offset of the compressed directory, which is at the end of the file. If you run the Zlib uncompress function on the compressed header (perhaps with Perl and Compress:Zlib) gives the uncompressed header.
The format of the directory :
It starts with the install directory for the files. Each directory and subdirectory name is an ascii string with the length as its first byte(pascal strings). Each directory name string is followed bythe value hex FFFFFFFF. For example :
S y s t e m a p p s
06h, 53h, 79h, 73h, 74h, 65h, 6dh, ffh, ffh, ffh, ffh, 04h, 61h, 70h, 70h, 73h
Following the directory strings is the filenames as pascal strings followed by the uncompressed size instead of FFFFFFFF.
I am not very familiar with the format of Zlib deflate streams so I'm not sure how to decode the big compressed archive (offset 1c to the value at offset 8). The inflate function does not require filenames or file sizes and just decompresses a provided buffer. If you have any further information please share it here in the forum.
Until Blz-Pda release the file format, this should be a start in making the format more open.