Related
I am just wishing and hoping that there's a way of using the "Permanent Save" option in Settings for data other than Contacts, Appointments, Tasks, and Connection Sharing, the four options normally given.
My reason for this is that I use encryption software which has the added purpose of deleting the Contacts, Appointments, Tasks, and Connection Sharing - everything on the PDA, in fact, but the permanent storage area! - if a snoop or thief enters the incorrect password a user-defined number of times. Therefore, I don't want these databases permanently stored *unencrypted* anywhere in my PDA. I would rather use the permanent storage for data I do not need to encrypt.
Thanks for any tips you can give me.
hmm... still nothing on using permanent save for something other than contacts and the usual suspects? Seems like it must be a registry-related dilemma, one that can be overcome.
One of the things that annoys me about my Dash is its habit of attempting to call home every time it boots up. I always recei a number from some service complaining that I have an unknown phone number. It would be nice to know how to turn this off.
Also, is there some way of generally making a distinction between EDGE and WiFi connections so I can avoid burning data if I don't have to? AT&T's configuration has EDGE set us as an Internet connection, and a proxy set up from The Internet to WAP Network. It's nice that Skype and Fring make a distinction between cell data and WiFi, and I'd like to carry that over o mail, MSN Messenger, ShoZu and browsers if possible. I'm willing to experiment since I have unlimited EDGE for the rest of this month.
Any ideas?
Are you referring to a received text message? Cause you'll get that if you don't disable the myfaves when you use it on the at&t network.
outphase said:
Are you referring to a received text message? Cause you'll get that if you don't disable the myfaves when you use it on the at&t network.
Click to expand...
Click to collapse
Yep, that's it. How do I go about disabling MyFaves? And is it possible to re-enable it later? There's the possibility that once our contract is up (or at least, once my contract is up) we'll be jumping ship to go with T-Mobile.
There's a shortcut in \Windows\Startup that you move out. I forget the name at the moment, but it should be clear.
What he said.... you will need to rename the file (whatever you want)... reboot and then you can delete it.
He can't rename the file if it's in use. Download a task manager like celetask. Open program and go to processes, kill myfavapp (I think its called), then go to the \Windows\Startup folder and remove the shortcut to the My Fav application.
Oh really? Because that is exactly how I did it. (And yes, it was running under the processes)
I've never found a successful way of renaming or moving the my5service.exe file in WM5. I did it without any problems in WM6 but I don't use it. I've searched many threads and all say recommend the same methods like deleting MyFav from the Startup Folder (which I don't see like so many). It simply can't be done or something since it's a ROM/System/ReadOnly. I tried unchecking System/ReadOnly using RescoExplorer then tried moving it using Resco and Activesync. No Go. If anybody knows how to take out my5 in WM5, please post it.
P.S.: I am using Celetask 2.2
i am running WM6.0 what i did was to go to "Comm Manager" and i turned off the "Data" & "Phone radio" icons, i restarted the phone, with the radio off i was able to delete the file, after deleting the file i turned back on the above and restarted again, no rogue text any longer
good luck
Why the does it replace my newer excel spreadsheets during a sync? After I sync it, I would open the file from the pda, make changes and save it. But during the save, excel mobile prompts me that the file format is unsupported. If I save and sync it, it will get overwritten with the older file on my desktop.
I'm using Excel 2003 in Vistax64 and have FileFormatConverters.exe installed.
in windows mobile device center there is a setting for this situation which one to overwrite if changes happened. if you change documents a lot on the go, you should set the blueangel as priority device to overwrite the desktop documents. check the settings in "mobile device settings" -> "manage a partnership" and then set "replace items on desktop" then, whenever there is a conflict like that, the BA gets the priority.
Chef_Tony said:
in windows mobile device center there is a setting for this situation which one to overwrite if changes happened. if you change documents a lot on the go, you should set the blueangel as priority device to overwrite the desktop documents. check the settings in "mobile device settings" -> "manage a partnership" and then set "replace items on desktop" then, whenever there is a conflict like that, the BA gets the priority.
Click to expand...
Click to collapse
Too risky for me. If I lose everything in my pda, which happens once in awhile, it will overwrite everything in my desktop with nothing. Theoretically, it should sync things, but I could have sworn it once erased contacts and appointments on my desktop.
Chef_Tony said:
in windows mobile device center there is a setting for this situation which one to overwrite if changes happened. if you change documents a lot on the go, you should set the blueangel as priority device to overwrite the desktop documents. check the settings in "mobile device settings" -> "manage a partnership" and then set "replace items on desktop" then, whenever there is a conflict like that, the BA gets the priority.
Click to expand...
Click to collapse
I gave it a shot again and switched it to "replace items on desktop" and it deleted half of my templates such as memo.
normally, it should only make use of this option when a file was changed on the pc and the device. since it cannot "combine" the files or compare their content, it needs to know, which one to overwrite. it should not affect deleting.
the situation you described in your prior post is risky, like you said. my standard setting is "replace on the desktop" and i.e. when i hard reset my device and there is no pim data on it, it still does not delete everything in outlook because there is no conflict. it is still syncing and not a one way street, which is why in that case it should transfer new items to the device.
i hope, since you said before, it was risky, that you made backups of those files, or that you can at least restore an earlier version using volume shadow copies.
as i said before, activesync/wmdc is not perfect and behaves strangely sometimes. maybe there is no official solution for that problem. maybe you need to bypass it.
if, for instance, you know, that a file you have on the BA is newer than the server version, you could start a manual file transfer and not sync that file/folder, but overwrite it, either cradled, or using the sd card or a bluetooth share, a lan share, accessible with wi-fi or gprs with vpn, whatever data connection comes to mind.
or maybe, some other user reading this can come up with a good idea. i am sorry that my advice did not work but instead possibly harmed your pim data. i personally don't sync files and never had troubles with syncing in general. that option always worked for me.
Chef_Tony said:
...i hope, since you said before, it was risky, that you made backups of those files, or that you can at least restore an earlier version using volume shadow copies.
as i said before, activesync/wmdc is not perfect and behaves strangely sometimes. maybe there is no official solution for that problem. maybe you need to bypass it.
Click to expand...
Click to collapse
Yes, I always have backups in my desktop and storage card.
I think the problem with "replace items on the device" is with Excel 2003 compatibility issues between the desktop and Excel Mobile. Not sure how to get around this but to constantly keep backups on my SD card before a sync.
When I delete a text, it should really be deleted and not hidden away for somebody to find later. That is what's happening on my Tilt 2 phone (stock rom, wm6.5).
When using the "search phone" feature, it found every text I have ever deleted. I click on a message and it opens up. Afterwards, I can go to touch-flo messaging, click on all messages, and the initial screeen will be ipm.root with all my messages that were supposedly deleted months ago. If I click on ipm.root drop down tree at the top, the screen shows the normal email accounts and folders (inbox, draft, outbox, etc). The only way to get the ipm.root to display again is to do another "search phone" and open a message that was supposedly deleted, then go back to the touch-flo ->all messages screen. From there, I can truly select and delete all of them.
I've searched and can't find anything on this issue. Is there a fix to make sure that sms messages delete when you tell it to instead of hiding them. They can build up over time and take up memory space. It's annoying that delete really means hide on this phone.
I'm watching this thread with interest
same here! i supposedly deleted a bunch of sms text messages and through sktools search message files i found them and was able to read them!
I too would like to find a solution to this. One of the tweaking tools (I think it is Advanced Config Tools) has an option to set the max number of texts saved in the deleted folder. I set this to 0 so now I don't have to manually delete the files from that folder too (although the deleted files still go to the deleted folder and for some reason it irritatingly sometimes takes a while for the files to actually disappear from there). Now I find that the files are still taking up space somewhere else.
Anyone know how to stop this behavior?
Hummm...I just did a search using Search Phone and the only thing that came up were messages that had not yet been deleted.
I'm using a Verizon TP2 with MightyROM's latest official ROM (released 5-24-10).
Maybe this is just an issue on T-Mobile?
ps. I think I figured out why the texts sometimes don't disapear from the deleted folder right away with max allowed set to 0. I think you have to close out WinMo text (not just minimize it or close the Sense message screen) for them to go away.
The problem is not going to fix itself
Well, I was hoping that someone may have a fix for this by now. It's just not right for these messages to pile up in a hidden place, when I tell it to delete.
I guess it's not bothersome to most people.... since it's hidden.
Tracini said:
When I delete a text, it should really be deleted and not hidden away for somebody to find later. That is what's happening on my Tilt 2 phone (stock rom, wm6.5).
When using the "search phone" feature, it found every text I have ever deleted. I click on a message and it opens up. Afterwards, I can go to touch-flo messaging, click on all messages, and the initial screeen will be ipm.root with all my messages that were supposedly deleted months ago. If I click on ipm.root drop down tree at the top, the screen shows the normal email accounts and folders (inbox, draft, outbox, etc). The only way to get the ipm.root to display again is to do another "search phone" and open a message that was supposedly deleted, then go back to the touch-flo ->all messages screen. From there, I can truly select and delete all of them.
I've searched and can't find anything on this issue. Is there a fix to make sure that sms messages delete when you tell it to instead of hiding them. They can build up over time and take up memory space. It's annoying that delete really means hide on this phone.
Click to expand...
Click to collapse
they are not actually deleted because of the patriot act george w. bush passed...it is very sad...
After deleting from the inbox I will go to tools and empty the deleted folder. I've done searches and haven't been able to find them after that. I also Run Memmaid and that might purge them as well.
* first, install sms backup & restore.
* next, open app, select preferences, select Backup Folder then select External Storage.
* next, in preferences go to Backup Preferences, check Selected Conversations Only, then select “Select Conversations" to select whose text messages you want to save.
* The text messages backup pretty fast but if your phone does not give you enough time to backup all the messages you want, you can backup certain people's texts in one backup, then backup other people's texts in the next backup. It will save the backups to different folders (rather than over-write previous backup).
* on your phone, install sms backup & restore, your sd card and you are set to restore your text messages.
Follow these steps to dump all of your phone's memory. What use is this? It can be used to locate your MSL code if other methods fail. This method should work even if your phone is "bricked". This could potentially be used to retrieve lost information. At the very least it contains all your texts.
I am also currently exploring a possible security fail on the part of android/google. My phone dump contains my google account password in plain text....not just once. It has my password in plain text over 120 times. I am investigating how this could be. My google password is unique to that one account, and it is paired with my google login in the phone dump. I have not input the password in any other place outside of when I first setup my phone. I have not input that password in any app or browser. You may want to check if your login credentials are also being mishandled and possibly logged.
Phone Dump: (portions of this were taken from the PRL guide)
Connect your phone to your computer using a USB cable.
Open Device Manager.
Ports > LGE Android Platform USB Serial Port > Properties > Port Settings > Advanced > COM port number
Make a note of your COM port number.
Download and install QPST v2.7.
Open "QPST Configuration".
In the "Ports" tab, if your com port isn't listed, select "Add New Port" and write in your com port as "COM#" (# being the number you noted in step 4). Verify that your com port is listed.
Make sure your phone appears in the the "Active Phones" tab.
Run the "Memory Debug" program from QPST.
With your phone connected via USB and selected via the "Browse" button, press "Get Regions".
This will reboot your phone into "Download mode". You will most likely lose the connection to your phone because download mode uses different drivers and possible a different port. Go into device manager -> Ports (COM & LPT) and find your phone's new COM port.
Go into the QPST configuration and setup the new port.
Go back to the "Memory Debug" program, browse for your phone again, and select "Get Regions" again.
This time it will show you a bunch of options. Leave them all checked and select "SaveTo" and pick an empty folder to dump your phone memory to. This will take up a little over 500 megs.
It will take a good amount of time to finish (possibly 30 min to an hour).
When you are done, you will have the following files:
Code:
adsp_rama.bin, adsp_ramb.bin, adsp_ramc.bin, adsp_rami.bin, mdsp_rama.bin, mdsp_ramb.bin, mdsp_ramc.bin, mdsp_regs.bin, load.cmm, ebi_cs0.bin, and ebi_cs1.bin
If you want your MSL code, open ebi_cs0.bin with a hex editor. Look at the following HEX addresses:
Code:
0162ABCE
01BA6BDC
Both should contain your 6 digit MSL code in plain text.
If you want to find your ESN:
Code:
0104B5C2
What is more interesting is when you search in both ASCII and Unicode for your google account password in ebi_cs0.bin and ebi_cs1.bin. This is a raw dump of your phone memory. It will contain your contact list and other person information, but I see no reason for your account password to be logged in plain text. Another user has already reported finding his password using this technique. Please search for yourself and report back what you find. My guess is that this is not unique to the Optimus V.
Update:
I changed my account password. My phone then prompted for my new password. I entered it in. I then synced my contacts, rebooted, and then dumped the contents of my phone. My new password was in there in plain text twice. The old password was still there too. Something is logging my internet traffic or my keyboard inputs.
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
JerryScript said:
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
Click to expand...
Click to collapse
Thanks! With you that makes 3 of us to experience this. The address for the password(s) are different for me which is expected. Where as the MSL code would be located in a certain unchanged portion of the phone, this mysterious log would constantly be changing and could even be fragmented over the flash drive. I don't have (UID FLAGS) anywhere in either file.
What I also have is many Groove IP references with my Groove IP related google login and password. This looks like it is capturing it as internet traffic. I don't see why Google or Groove IP would log a password they both have encrypted access to.
mmarz said:
Something is logging my internet traffic or my keyboard inputs.
Click to expand...
Click to collapse
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
obijohn said:
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
Click to expand...
Click to collapse
There are a few reasons I don't buy this as being the cause.
Where would this unencrypted keyboard log be? I have data2ext going. My password was found on my internal phone partition. Whatever is doing this has permission to modify files outside of the data folder.
My password was present repeatedly. Even when I changed my password, it appeared twice even though I had only entered it once.
You have to manually select when you want to add words to the dictionary, otherwise all your misspelled tweets would be added. In password fields, this is not possible because only a single letter is inputted at any given time. No word is ever developed.
My other passwords are not in this log file. For example, my titanium backup password that I have to constantly use when I restore backups is not in here. Also my internet search phrases and other relevant items that I have typed in.
Update:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
mmarz said:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
Click to expand...
Click to collapse
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
csrow said:
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
Click to expand...
Click to collapse
Wouldn't this mean that you have to enter a verification code when entering your normal password, but if malware were to steal your application specific password that you created just for your phone, they could access your account using it and bypass the verification process?
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
csrow said:
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
Click to expand...
Click to collapse
No, they work on any device. There is no way for google to know what device is using it. You personally assign them for that phone, but if the password were to be stolen, then it can be used on any device. Also, if your account were to be compromised, you wouldn't know which password was stolen. With each application password you create, you are allowing another passcode that can be used to access your account. This seems very unsafe.
Update: I just tested this and I am right. I can use the same application specific password on all my apps and phones. So if this password were to be stolen, anyone could use it to login to my account. This is a major fail on the part of google....again.
Update2: Application specific passwords can be used to create login tokens. That means you can use a program like trillian to log into your gtalk using it, and then use the login token it produces to get access to your main google account through a web interface.
Well, that completely defeats the purpose of 2-part authentication. Oh well.
I hope you've reported this security hole... because obviously the intent is to be more secure than it actually is.
Which hole are you referring to? How google's two step verification is worthless because of one step passwords they force you handout to automated login apps? How Android's own password storage system keeps passwords in plain text and protects it by setting the file permissions to "please don't read this"? Or are you taking about how putting all these issues aside, I can still see my password in plain text in some sort of data capturing log that I found in a data dump of my phone's internal memory?
If you are talking about the last one, I'm still trying to find out exactly where the password is being stored in the dump and by what process. I've been searching through my phone's internal memory while it is on, but I can't seem to find it. I also want to rule out malware or something stupid that I might be doing before I start yelling about the sky falling. If more of you guys try this out, maybe we can rule out malware since all of us can't have the same bug. It really can't hurt your phone to dump it. It only takes 40 mins of your time.
(The more I learn about this stuff, the angrier I get.)
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
ummkiper said:
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
Click to expand...
Click to collapse
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
srmuc69 said:
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
Click to expand...
Click to collapse
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
ummkiper said:
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
Click to expand...
Click to collapse
Any luck? I did the same thing but as I have read in many other blogs the LG Optimus V times out in qpst, so did mine too.
I still have information in the file and I found the NV_ITEM_ARRARY in the file. What I do not know is how that array is built, e.g. is there a developer guide for CDMA phone where they detail the information. I was looking for the 1192 nv item and it should start wit the length like 0A for 10 digits of the AA Password. No luck so far without knowing what the bytes are and from just locking for 0A you get tons of hits.
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
srmuc69 said:
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
Click to expand...
Click to collapse
yeah the dump should have all nv items.the hard part is figuring which ones are which.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
well the mnha and mn aa are paswords needed to get your data working when you want to use a different phone ie the Samsung Epic on virgin mobile.you can clone all info from the optimus v to the epic but with out those password data will not work.i may not be inclined to do this anymore since the motorola triumph is coming out.meaning i wont need to find a better phone and clone this one.