Qualcomm BREW

BREW, or Binary Runtime Environment for Wireless, is a software development platform developed by Qualcomm. The runtime was originally intended for CDMA devices, but it also can be found on GSM phones as well. Feature wise, BREW has the potential to be very powerful as it uses C/C++ for development, but the brutal DRM tactics put in place make it unsuitable for developing homebrew applications on a BREW enabled phone.



DRM
BREW has multiple application signatures in place. One signature verifies the developer of the program, another verifies that the program has passed "True Brew" testing, and these signatures are protected using the phone's ESN and MEID which is in place to prevent sideloading of BREW applications.

There are ways to circumvent BREW DRM to run unsigned code, but do note the current ways to do so are complicated methods that usually involve not only running a phone firmware through a disassembler, but also hex editing of the firmware and use of patched flashing tools. Currently, this is easiest on specific LG phones. Effort is being made to make an "almost-universal" patching solution for BREW phones however.

Running unsigned code on BREW devices

Currently, the only knkown example of a BREW exploit is this, which "bypasses security features easily using a loop hole in the certificate expiration process". The actual usefulness of this is questionable though, as modified drivers aren't needed to perform the actions shown in the PDF, and the mention of the BREW SDK Simulator has no connection to the exploit itself.

(Author's note: It would be extremely impressive if someone were to get unsigned code running reliably on a BREW device.)