'Admin policy' broken on WM2003 ! - Windows Mobile Software Development

'Admin Policy' is a little-known feature of Microsoft PocketPC that was built mainly for security-aware corporate customers. It allows one to lock a PocketPC device in a mode that no longer display a 'run' dialog, disallows the addition of external programs via ActiveSync or through Internet Explorer, disallows renaming of files to .exe and disallows remote changes to the registry through 'RapiRegMod'.
To be able to play with 'Admin Policy', on most PPCs one has to rename the registry value 'Redirect' in the registry at '\HKLM\Controlpanel\AdminPassword' to something else. Then go to 'Settings' / 'System' and look for the 'Policy' applet.
To enter the 'Secure Mode' the user has to enter a password, and the same password needs to be entered if the user is to leave again. The unicode representation of this password (0x0000 appended) is hashed using MD5 and placed in the binary value 'AdminInfo' in '\HKLM\Security\Policies\Shell' (on WM2003) or '\HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Shell' (on PPC2002).
However, they forgot to move the DWORD value 'NoExternalExes' (set to one when the Admin Policy is on) from the old to the new spot in the registry, and so the whole system just doesn't work on WM2003: you can still move binaries to the device and run them.
It still claims it works: it says:
Once enabled, users will not be able to download new programs via Pocket Internet Explorer, ActiveSync, or beaming to their mobile device. Users will not be able to rename programs to enable them to start on the device.
Click to expand...
Click to collapse
But that's Not True (tm) until you manually add the 'NoExternalExes' value.
This has been a public service announcement from XDA-developers.com.

Related

How to setup E-Mail Encryption (S/MIME)

Although PGP may be nice, the unfortunate fact is that it doesn't just "hook in" nicely to WM6 right now.
The track favored by the industrial giants is S/MIME, which is what Outlook and Netscape use. OpenSSL also includes the basic plumbing to do S/MIME stuff.
Let’s try to compile a simple step-by-step description with this thread, so as soon as it is complete we can create a wiki entry.
Step1: Setup Outlook utilize s/mine
Step1.1: Making a new X509 certificate
First, get and install the latest version of OpenSSL (if your OS doesn't already come with it). For M$ Windows you will find a installer here.
Next, you'll need to make a key pair so go to the bin folder and type:
% openssl genrsa -des3 -out keyfile 1024
This will make a key pair file. The private key will be encrypted with Triple DES. This means that anytime you do anything with the private key (like sign a message), you'll have to provide a passphrase (which you set at generation time). If you don't want to do this, then leave -des3 out, but just know that anyone who gets a copy of your key file can sign messages from you and read your encrypted mail.
To allow that everyone who received a signed email from you can verify the signature, you should create now a Certificate Signing Request, to get it signed by some root certificate, but this is optional, you can also create your own Certification Authority. But as long as the recipient has not imported your CA root certificate, one will be cluttered by warnings and error messages every time a signed and or encrypted email is displayed.
So I propose to get it signed by any common public CA. I choose
Thawte as an example as they offer the service for free. But you can choose any other you like.
So go sign up with Thawte's Freemail program and request a new certificate. At this point, go to the bottom of the form where it says "Developers of New Security Applications ONLY". Check the box that says "Paste in CSR Certificate Enrollment". Then click the button right below.
On the next screen there's probably nothing to do but hit "next>" when it asks about your name.
On the next screen there's probably nothing you should do but choose all of your e-mail addresses and hit "next>". Thawte advises that not all mail clients can handle having multiple e-mail addresses attached to a certificate, which means that if you send e-mail to someone using one of these clients, they may get a warning that the certificate doesn't match the message's From: line.
Same thing on the next screen.
On the next screen, accept the default extensions.
On the next screen, you'll see instructions telling you to make your certificate request, with a 16 character garbage string as the Common Name. At this point, you should go back to the shell window and do:
% openssl req -new -key keyfile
Answer all the questions that openssl asks, but be sure and paste in the 16 character garbage string Thawte gave you for the Common Name. Copy and paste the certificate request into the box on the Thawte form and hit "Next>".
Make sure everything looks ok on the last screen and hit "Finish".
A short time later, you should get an e-mail telling you your new certificate is done.
Go to the page (link) in the e-mail save it to a file in the openssl/bin folder.
The saved SPC file is a simply DER encoded PKCS#7 file containing the certificates.
Next, type:
openssl pkcs7 -print_certs -inform DER -out certs.pem -in file (where file is the name of the file with the PKCS7 stuff)
You should get out a bunch of certificates. You'll need to look at the text above each one to find the one that is your certificate. The rest are part of Thawte's Certifying Authority. It turns out that if you want your messages to verify correctly, you must also include Thawte's intermediate CA key.
There should be 3 certificates. The file certs.pem will then contain all the certificates in PEM form, you can manually cut and paste them. The one whose identity is your e-mail address is your certificate. The one whose subject and issue are identical is the Thawte CA root. You won't need that one, since we'll include it in the trusted root file later if it is not already there. The 3rd one will have the CA root as the issuer and something else as the subject (which will be the same as the issuer of your certificate). You need to save that certificate as an additional certificate for signing. We'll refer to the file containing this cert as othercert.
When you're done with all of that the pieces you need to keep are the key file you generated at the beginning (remembering the passphrase, if you set one), the intermediate cert between the Thawte CA root and your cert, and the certificate chunk for your e-mail address you got out of the last step. You're now ready to use S/MIME!
Step1.2: Importing in OUTLOOK
Outlook uses the pkcs12 format. OpenSSL can import and export certificates and private keys so that you can use the same cert and key pair on all your mail clients. To move a keypair and cert from OpenSSL to Outlook, you need to export it:
% openssl pkcs12 -export -inkey keyfile -certfile othercertfile -in certfile -out mycert.p12
This will ask you for a passphrase. This phrase locks the .p12 file. Outlook will ask this passphrase later.
Now open Outlook and go to Extras and open something called like Thrust center (I just have a German version so I can just guess).
Go to Email Security and click on Import, select your p12 file, enter your passphrase and click on OK.
In the next window you have the option the change the security level, medium means it will ask just for your permission, high it will additional ask for a passphrase, which will be defined if selected (not the same as used for protecting the keys).
On the same page section secure email (or something like that) you can change the settings concerning ciphering and signing algorithm.
You should choose for signing not MD5 as it is considered as broken, better is SHA1 even if this one is something like semi-broken.
Further you should prefer strong algorithm for instance 3DES instead of DES.
Select S/mime as format and give the settings a name before saving.
Now you are ready to use s/mime for signing and encrypting!
Step2: WM 6
Next step would be to import it in pocket outlook by just copy it to the Hermes and click on it.
I ll be honest, I didn't read your entire post
Just wanted to point out that in order to send an encrypted email to someone, you need to have his public key. Those keys are usually stored in a corporate directory, which need to be accessed in order to send the mail.
Thanks for your comment!
fun_key said:
I ll be honest, I didn't read your entire post
Just wanted to point out that in order to send an encrypted email to someone, you need to have his public key. Those keys are usually stored in a corporate directory, which need to be accessed in order to send the mail.
Click to expand...
Click to collapse
This is quit clear but for simply signing my own mail, just my privat key is required. As long as this is not working, encryption will also not work.
So the main problem is that Outlook is matching the certificate to email account, so most likely something with the certificate contained information
seems to be wrong...
Just for the records - as it seems I just soliloquise:
So I managed to get it working with Outlook!
I also successfully imported the same p12 certificate on my hermes.
For Pop3/SMTP accounts in WM6:
Receiving encrypted mails is working, the automatic s/mime decryption works fine.
But sending: under message options of a new email, encryption and signing is disabled !?!
Same for my synced outlook folder.
Could that be an issue with WMXL v0.21 ??
Maybe I should take BLACK 2.0 for a spin - it seems to be newer...
Or is s/mime encryption/signing only supported for exchange accounts?
... an other thing (outlook releated)
- please check the level of thrust for your own as well for imported certs
if the trustlevel is not set correctly outlook will refuse it (error: something
like certificate is invalid) - normaly that means a CA is missing the sequence
of signing CAs from the ROOT CA to the personal certificate
- If you receive a signed email: if you click left on the senders name and
select add to contects the cert is added to the new contact as well, as
soon as you save it, and the contact already exists select update.
Maybe this is the reason why using s/mime on WM6 is not supported as the contact database is not storing any certs ?!?
So its only working together with Exchange?
http://www.jacco2.dds.nl/networking/windowsmobile-smime.html
Hi,
I use WM 6.1 on my Hermes (CRCs stable version) and want to use e-mail encryption.
But it is not possible. Import of the private key was OK, now I tried to send a message to a user with a public key in GAL, but failure is "Error Crtifcates missing".
So I import the private key to my contact, but same failure.
Why does the device not find the public keys?
Karl
karlh said:
Hi,
I use WM 6.1 on my Hermes (CRCs stable version) and want to use e-mail encryption.
But it is not possible. Import of the private key was OK, now I tried to send a message to a user with a public key in GAL, but failure is "Error Crtifcates missing".
So I import the private key to my contact, but same failure.
Why does the device not find the public keys?
Karl
Click to expand...
Click to collapse
You need to import the certificate/public key of the recipient, also check the Key Usage extensions within the certificate, if they dont have the correct ones for e-mail encryption then your stuffed.
MrGAN said:
Just for the records - as it seems I just soliloquise:
So I managed to get it working with Outlook!
I also successfully imported the same p12 certificate on my hermes.
For Pop3/SMTP accounts in WM6:
Receiving encrypted mails is working, the automatic s/mime decryption works fine.
But sending: under message options of a new email, encryption and signing is disabled !?!
Same for my synced outlook folder.
Could that be an issue with WMXL v0.21 ??
Maybe I should take BLACK 2.0 for a spin - it seems to be newer...
Or is s/mime encryption/signing only supported for exchange accounts?
Click to expand...
Click to collapse
Answer find :
Sadly, Microsoft decided to not support S/MIME with SMTP, the Internet industry standard for e-mail. If your company or ISP uses another mail server than Exchange you will not be able to use the features "Encrypt message" and "Sign message" in Windows Mobile's "Messaging" application. The option "Security" is ghosted. This is clearly an example of vendor lock-in. It is an attempt by Microsoft to lock Windows Mobile users into Exchange and their other product offerings. I cannot think of a technical reason why Microsoft could not support SMTP for secure e-mail. Storing certificates on mobile devices takes valuable memory, but most certificates are only 1-2 KB. The least they could have done is use open standards such as LDAP for looking up certificates of recipients. (There is a "Check Names" option in WM6 where you can lookup names in an online server but I don't know if that means LDAP and if certificates are actually checked).
Click to expand...
Click to collapse
Grrr !!

Activesync error code 0x80072f06

I am always having Activesync error code 0x80072f06 , anyone facing same issue? I was able to sync to the server via WiFi till somehow it's not working after connecting to a PC via USB.
According to MS website , here is the details. Hope someone can give me some guidance.
You have an incorrect SSL certificate common name in the Host Name field. For example, you may have entered www.server.com, when the common name on the certificate is actually www.different.com. Make sure the server name is entered correctly.
The Exchange Server name in the ActiveSync settings differs from the name that is required to establish an SSL connection. Correct the Exchange Server name, and try to synchronize again. If you synchronize on a schedule, synchronization has been changed from scheduled to manual
Open Registry Editor on your desktop (Start/Run and type "regedit") and locate the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows CE Services. Right-click on the value list and choose New/DWORD value. Type the name "AllowLSP" and leave the value zero.
The problem requires you to edit the registry of the device. To do this you will need to install to the device an editor called: PHM Editor http://www.phm.lu/products/PocketPC/RegEdit/
If you have questions on how to edit the registry file, drop me an email and I'll explain it. [email protected]

Exchange Problems! 0x800072F17

I really didn't want to post this, honest. I have searched xda. I have searched the web. I have found other threads. I have followed the suggestions. But, it seems that my exgirlfriend may have been right, I'm an idiot.
I can't get my Hermes to connect to my office exchange server. The settings on my end are correct, the issue is on my office's end.
When I sync I get an error and support code 0x80072F17. I know that it's a certificate error.
IT is not going to help me on this one, so I'm on my own. I have tried to manually import the certificate. Didn't work. I tried making a regedit I found on another thread. Didn't work. I tried combinations of various settings. I only time I don't get an error code is when my device begins to endlessly prompt me for my password.
I'm sorry to post, but it's my last option. Does anyone have any work arounds for this error? Is there a way to have my device ignore the certificates? Is there anyone out there that can help??
There must be some way. My colleagues, both of them with HTC Trinity's, original WM5 roms came across this error when the certificate on our Outlook Web Access was about to expire. Me, however, with my HTC TyTN WM6 never got this issue. I'm not sure why. I know I've installed a couple of cert cabs, the one they call sdkcerts.cab and one more. Search for that cab and see if it helps. I always figured it made the device accept non signed software but maybe it helps for these kinds of issues as well.
You just must set correct date and time for you phone and try again.
I'll try and give you a hand...
First off, you need to know a few things to set this up.
(1) The FQDN of you company used to access the OWA (Outlook Web Access), for example, mail.mycompany.com/exchange
(2) The NetBIOS name of your local domain at your office (Right click the My Computer icon on your office pc and select Computer Name and note the Domain. If your IT dept did it the recomended way it'll have a .local extension, for instance, lawoffice.local. You'll use just the domain name without the extension, ie: lawoffice. (without the period, LOL)
(3) I absolutely never use my PC to configure my ActiveSync on my devices, just to initailly copy the certificate to the Storage Card.
Two ways to do the certificate. First is the method I always used until I discovered the second method, which is in my sig.
(BTW, substitute YOUR FQDN for mine, duhh! )
(1) Install the certificate on your PC by going to the FQDN of your OWA in Internet Explorer 7 on your PC, not your PDA (XP is much easier, Vista is quite difficult to do this)
For example, open IE7 and put mail.mycompany.com/exchange in the address bar. You should initially get a "There is a problem with this website's security certificate" error, click on "Continue to this Website" Now, next to the address bar at the top you'll see Certificate Error", click it, View, Install, Next, Next, Finish, Yes. Then you'll see "The import was sucessful" <damn, that took a while!)
Close IE 7 completely and reopen it, put "mail.mydomain.com/exchange" in the address bar and you'll go straight to the OWA page, meaning that your import WAS sucessful, yipee!
(2) Click on Start, Run and type "mmc" and OK. This opens the Microsoft Management Console and you'll see Console1 at the top. File, Add/Remove Snap-In, Add, Certificates, Finish, Close, OK. Now expand Certificates, Trusted Root Certification Authorities, Certificates. Find YOUR certificate in the list. Right click, All Task, Export, Next, DER encoded binary, Next, File name. I use c:\mail.mydomain.com so that I can find it easily. Now finish and you'll get the Export was sucessful message.
(3) Connect to your PDA via ActiveSync as a guest, kill your partnership if it exists, you don't need it), copy the cert to your Storage Card and execute it from there.
Now disconnect youR PDA AND open ActiveSync. Server address is the FQDN of you company without the /exchange, for example, mail.mycompany.com. Leave the check mark on the SSL. Next put your user name, password and the NetBIOS name of your domain. The configure you options for the number of days to sync, etc.
That's it!
Now... once you do that and it works, follow this thread, Auto-provisioning POP3 or Exchange mail via UC Mini how-to.
so you can create a cab to do this automatically!
I had this problem before.
For me, it was due to the fact that I installed CESTAR and it messed up my certs. Unintalling CESTAR won't fix it. You got to reload the rom.
From there, I used Leies' Chinese character support which is free and doesn't mess up the certs.
SOLVED
I have been at this issue for over 2 days now, dealing with the error 0x800072f17. About 5 min ago i fixed it. After narrowing the problem down to a certificate error i then proceeded to look at the certificates. There were two in the certificate store (personal) and both were self signed.
One was XXXX (server name) and the other was XXXX(company name) CA.
The server name one had expired. Seeing as how it is self signed, i had our it admin renew it. He forgot to re-assign it to the outlook web access, so i did it myself in the Internet Information Services console on the server.
This had solved only 1/2 of the problem.
The certificate was assigned to the exchange server, not the OWA web site. After discovering that i could not change the issued to name, or create a new certificate (not an admin) i decided to change the activesync settings to sync the INTERNAL OWA address, which is servername.internaldomain.externaldomain.com (this had not previously worked due to the expired certificate)
Now i have a fully functioning push email system.
Nearly all done without admin permissions.
Whilst im new to this site, feel free to pm me about it.
Solving this is the most satisfying thing i have done this year lol.
But does this allow you to get/check email from outside your location? Or do you have to establish a VPN first?

[REF] Foxtel Mobile TV GUIDE (Australia) on HTC Touch HD & Jbed

I have succeeded in:
- downloading the Foxtel Mobile TV Guide
- making it work on my HTC Touch HD
- stopping it from prompting me for "permissions" every time it runs.
- creating a direct shortcut to the application
This allows me to send remote-record instructions to my Foxtel iQ2 set top box, just like on the "supported" handsets, such as the Nokia N95.
(I've cross-posted this information to an existing thread on forums.whirlpool.net.au, where there are probably more Aussies asking about it. But I thought I should also post here, because xda-developers has more people interested in adjusting permissions in Jbed's "selector.utf".)
The following worked with Jbed 20080418.2.1 on the HTC Touch HD. I am not entirely sure whether that is the version which came on my handset originally, but if you have a problem with the version you're using, you can try to find the version I'm using via a Google/forum search.
Step 1. Register for the Foxtel TV Guide on your computer, and make sure it's working from a normal PC browser:
https://www.foxtel.com.au/EPG/EPG.aspx
Step 2. Send the text message "Guide" to 19 955 955 from the handset, as per the instructions at the following webpage:
http://www.foxtel.com.au/mobile/get-started.htm
(Cost: $0.55 according to that web page.)
You will shortly receive an SMS message with a URL to download the software, but if you try to download it on your handset, you will probably get an error message saying that your handset is unsupported.
Step 3. Change a web browser's "agent string" to match one of the supported handsets' agent string, then use the URL on the SMS message to download the software.
I used Firefox, and changed my agent string to:
Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaN95_8GB/10.0.021; Profile/MIDP-2.0 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413
as quoted on the following web page:
http://www.leytonjay.co.uk/internet...kia-n95-8gb-user-agent-string-default-browser
Using the instructions on this page:
http://johnbokma.com/mexit/2004/04/24/changinguseragent.html
(I removed the "general.useragent.override" setting afterwards, to change Firefox back to normal.)
The file you download will be a ".jad" file.
Step 4. Copy the ".jad" file onto the handset, using ActiveSync, etc.
Step 5. On the handset, run the Jbed "Java" program, and choose Menu->Install->Local Files to locate the .jad file, and install it.
At this stage, you have installed the Foxtel Mobile TV Guide, but you might not be able to use it. On the HTC Touch HD, you do not have any built-in keyboard, or any directional buttons, and something needs to be done to work around it.
Step 6. If you don't have a directional pad on your pocket pc, then install a utility to re-map your volume buttons to fulfil the role of the directional pad. I installed AE-Button Plus, and used the following settings for my HTC Touch HD:
Volume Up:
1: Press Up arrow key
2: Press Left arrow key
3: Press Enter
Long: Press Left SoftKey
Volume Down:
1: Press Down arrow key
2: Press Right arrow key
3: Press Enter
Long: Press Right SoftKey
You may choose to use a different utility, as long as you can access up/down/left/right/enter and have a "hardware" way of accessing the soft-keys, which will be invisible.
http://ae.inc.ru/aebplus.php
Step 7. Run "Java" and launch the "Foxtel TV Guide" application. You will probably need to give it several permissions manually, because we haven't done anything about that, yet.
In order to perform a "remote record", you will need to enter your Foxtel TV Guide user guide and password, the same as for the normal web browser interface. But, Jbed won't let you access a SIP, and if you might not have a physical keyboard. You will need to use some software to control your handset from your PC.
I used EveryWAN Remote Support Personal Edition 3.0:
http://www.sparus-software.com/spip.php?page=download&lang=en
In the Foxtel Java application, press the Left SoftKey, to bring up the "Actions" menu. You can do this via your remote control program, or use your remapped buttons. Choose "Settings", then "Account Settings".
Now you have to enter your Foxtel username and password using the remote control software as a keyboard. However, it's not as simple as typing "a", "b", "c", etc. The application expects you to ONLY use digit keys, like on a simple phone. So, for "a" you might press "2" once, "b" = hit "2" twice in quick succession, etc. It's a pain, but you should only have to do it once, and it'll remember your settings.
By this stage, you should be able to launch and control the Foxtel Mobile TV Guide with your remapped buttons, and because you've entered your username and password, you can ask your iQ/iQ2 to record something from your phone, and it'll do it.
IF you want to get rid of the annoying prompts for permission on startup: (technical, and your mileage may vary)
Step 8. Find the files "selector.utf" on your handset, and copy it to your PC. Mine is in \Esmertec Java\AppDb, but yours might be in \Windows\AppDb. Make backups, both on your PC and on your handset, in case you do something wrong.
Step 9. Download a Hex editor for your PC, and edit "selector.utf".
I used "HexEdit":
http://www.physics.ohio-state.edu/~prewett/hexedit/
The first two bytes of the file determine exactly how many bytes follow. My file was 397 bytes long, so the first two bytes were "01 8B" = 395. The first two bytes don't count. The java program should be happy with "selector.utf" as long as the correct length is given.
The Foxtel application is installed with a setting/line "domain=midp1", but we need to change it to "domain=tckmax". That's exactly one byte longer, so, use your hex editor to increase the length by 1. In my case, that meant changing the first two bytes from "01 8B" to "01 8C".
Save and exit.
Next, open the file up with a normal editor. Hopefully you can use notepad, but I used "vi", which may not be available on your computer. Change "domain=midp1" to "domain=tckmax", save, and exit.
Step 10. Overwrite "selector.utf" on your handset with your edited version, and run Java again, and launch the Foxtel TV Guide application. Hopefully, it will now run without prompting you for any permission any more.
Step 11. You can make a direct shortcut to the Foxtel TV Guide application if you like, so you don't have to run "Java" and then select it manually any more. If you look at "selector.utf" again, there is a parameter "root=XXXX". In my case, the Foxtel TV Guide root is "s2_". It depends on which order you install your Java applications.
Using Resco File Explorer, copy the Java shortcut from \Windows\Start Menu\Programs\ and create a link "Foxtel" in the same directory. Then, tap-and-hold on it and choose "Properties", then the "Shortcut" tab. In the "target" field, append the string:
-run XXXX
where XXXX is the root of your Foxtel application. Don't forget to use a space to seperate "-run" from whatever comes before.
I hope this information is useful to someone. I tried following all sorts of tutorials for removing the permissions prompts, but most threads are focussed on Java Gmail/Opera applications, and they never worked for this Foxtel software. They key was, the Foxtel application installs itself in the "midp1" domain, and in order to change that to "tckmax", which is one extra byte, and I had to change the two-byte header of the file.
Edit: Addendum: The application looks like it'd be happier on a QVGA device, and I had some problems scrolling through the list of all channels in WVGA mode. It's more functional if I use WVGAFIX3 to set the resolution to VGA 480x640 before I run it.
I just installed this file: View attachment 156767 which allows me to watch foxtel on my xperia and also allows me to view the foxtel tv guide through telstra's business portal (free to browse) and set up programs to record on my IQ2.
Works like a charm.
Special thanks to thedeva who posted this file in another thread.
Thanks tls,
will add this to my shortcut list!
will this work if you're with a different mobile carrier other than telstra or does it use the telstra portal?
i had it working on '3'!
On a separate note, my JBlend got corrupted and im trying to figure out how to install/restore it.

XTRA aGPS

Hey all I found something that might work on the Samsung Epix for a faster GPS lock.
I found this on modaco.
dmk679 said:
With the emergence of an updated i910 rom, gps functionality is unlocked - great news! Through real-world testing, it is apparent that gps functionality is standalone (without aGPS). A big pro of a standalone gps is the independent function without data services. A big con is that it may take a few minutes to obtain a successful lock, which can be frustrating in some situations. The goal of this discussion is to enable aGPS on the verizon i910 (omnia).
Target 1 - XTRA
The samsung i900 (gsm) has an additional control panel applet named Enhanced GPS. This control panel applet initiates the executable \windows\gps_xtra.exe (aka XTRA) on the handheld. XTRA contacts a server (notably: test.agps.com:7275 or xtra1.gpsonextra.net:80) to download an xtra.bin file. The xtra.bin file contains satellite information to allow for much faster locks. The gps_xtra.exe on the i910 does not open a window to allow for user interaction. A different version of XTRA (attached), opens on the i910 and also interacts with registry settings in hklm/software/samsung/ril/gps/xtra. Although the user can interact with this version of XTRA, we are unable to download updated xtra.bin files using the phone data services or through activesync. Manually downloading the xtra.bin file from xtra1.gpsonextra.net and placing the file in the devices root directory (ie \My Device) allows XTRA to read the date/time stamp from the file. For additional testing of successfully running XTRA on the i910, a comparison of registry values and files from the i900 needs to occur. View XTRA screen shots and settings from this samsung-omnia thread.
Target 2 - Registry
The i910 registry has several folders of interest related to aGPS settings. hklm/software/samsung/ril/gps and hklm/software/samsung/ril/gps/xtra . Note that the XTRA directory is not present using any of the current Verizon roms and needs to be manually created, with keys setup similar to the i900.
Code:
Registry settings on the i900 - from this [url="http://www.modaco.com/content/i9x0-omnia-http-omnia-modaco-com/272440/xtra-et-a-gps/"]modaco thread[/url]
[HKEY_LOCAL_MACHINE\Software\Samsung\RIL\GPS]
"AccessPoint"=""
"Accuracy"=dword:00000013
"AGPSStatus"=dword:00000000
"DownloadResult"=dword:00000000
"MaxLocationAge"=dword:00000000
"OperatingMode"=dword:00000000
"QOPDelay"=dword:0000000c
"RefreshRate"=dword:00000001
"ResponseTime"=dword:00000002
"Running"=dword:00000000
"ServerAddress"="txtra1.gpsonextra.net"
"SessionType"=dword:00000001
"SSL"=dword:00000000
"StartingMode"=dword:00000001
"TimeSync"=dword:00000000
"VAccuracy"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Samsung\RIL\GPS\XTRA]
"AccessPoint"=""
"AutoDownload"=dword:00000000
"DownloadInterval"=dword:00000018
"DownloadResult"=dword:00000000
"Enable"=dword:00000000
"UseSpecificAPN"=dword:00000000
Manipulation of these registry keys may prove useful in unlocking aGPS on the i910.
Target 3 - qpst gpsone settings
By connecting the i910 to qpst, an internal qualcomm program to set/debug phone, gpsone settings can be viewed and manipulated. In many succesful aGPS setups on other devices, gpsone settings will be edited and entered "in sync" with appropriate registry settings - see aGPS setup for vx6800 on xda. For example, if an ip address for an aGPS server is entered in qpst, the associated ip can be entered in the serveraddress registry key listed above. Below is an image of the qpst gpsone tab on a motoq - the gpsone tab one the i910 has identical input options.
By setting up the appropriate aGPS settings in qpst and/or the registry, it may be possible to obtain aGPS functionality. View this thread over at xda regarding settings used on an HTC which have resulted in successful aGPS setup. Obtaining the default gpsone settings from an i900 device may prove helpful.
Summary
We have at least three targets to get aGPS working on the i910:
1) get XTRA to work properly (or get quickGPS to work - which functions in a similar manner)
2) modify registry in hklm/software/samsung/ril/gps and hklm/software/samsung/ril/gps/xtra (note xtra directory must be added; see above for i900 keys for both directories)
3) modify gpsone settings using qpst
Lets work together and see if we can obtain aGPS on the i910.
ps: you can run command line entries on the i910. First enable the clock to display in the taskbar (should be under the clock setting in the ctrl panel). Open an application (eg File Explorer) to display the clock in the upper task bar. Hold down the middle button on the bottom of the i910. Tap and hold the clock in the taskbar. Upon release of the clock, you will be prompted with a "Run" dialog box that will allow you to run command line strings.
Click to expand...
Click to collapse
I am going to test it and post the results.
Another useful thread: http://www.samsung-omnia.org/precise-gps-navigation/how-to-enhance-your-gps-lock-times-and-speed/
REMEMBER always back up before editing the registry!
Hmmm, i amgoing to restore back up and just change the server address and add the XTRA key and see what happens.
I get a "Unable to acess server error" when clicking download data.

Categories

Resources