I have an XDA 2 which I haven't used for some time now. I was just about to sell it but wanted to copy some more or less important files (mostly selfmade pictures and some sent messages) from the device before I hard-reset it.
Unfortunately I enabled the security code feature some months ago. Which doesn't mean the SIM pin but the 4 digit security code which the device then asks for every time you switch it on. And of course I forgot that code after that long time.
I know that I can hard-reset the device, and I will to that anyway in preparation for the sale. But as said, I'd like to have these old files before I do that.
An ActiveSync connection does not help because ActiveSync asks for this code as well before it would let me access the device.
Is there a tool available that reads out or clears this code somehow? Something like the ShowPin tool for the SIM PIN? Or do I have to forget about my files?
No one any idea about that? :roll:
not that i know of would not be much of a security code if you could bypass it though....
Rudegar said:
not that i know of would not be much of a security code if you could bypass it though....
Click to expand...
Click to collapse
Well, the same would be true for a Simlock code, however it's pretty easy to retrieve/remove it...
Do you have a backup of the device on the PC (via ActiveSync)? If so, I believe that it disables the PIN when it restores - At least Sprite does and Ithink I recall AS doing it too. Alternatively you could extract the files from the backup directly with the STG viewer?
Related
My brothers Universal (i-mate jasjar) was hijacked from him a while ago...
And he asked me if the hijackers can see his personal information after it has been locked?
I told him I have no idea...
does the device boot normaly and just the phone doesn't work?
or does it not allow you to access the phone at all?
Quite an interresting thread.. I have allways been wondering the same thing !
all u gotta do is use one of the free avaiable tools to change the imei and that person can see what ever is on the phone as long as they dont reset it.
An IMEI lock will just stop the phone part from working. It won't do anything to the PDA side of the device.
bigyellowdog said:
An IMEI lock will just stop the phone part from working. It won't do anything to the PDA side of the device.
Click to expand...
Click to collapse
Thanks
So there is nothing you can do (without having software pre-installed) that will make it difficult to access the device's content?
thats why people put passwords on their devices
if there is password on it they cant access the info
they cant get any info on it unless they hardreset and delete the chipondisk
in which case there is no info to get
Rudegar said:
thats why people put passwords on their devices
if there is password on it they cant access the info
they cant get any info on it unless they hardreset and delete the chipondisk
in which case there is no info to get
Click to expand...
Click to collapse
Thanks Rudegar
Here is something that might be remotely interesting for the future:
WM 5 devices have a built in remote hard reset option. Unfortunately to use it you need to:
a) Have built in push mail turned on
b) Have administrative privileges on the server your device connects to.
I never actually tested this my self, but M$ has a very funny clip about this on theire site somewhere.
Does anyone know if you can take a piece of software that you have purchased in CAB format, with a Licence Key and change it into a package?
Since the software isn't OEM is it still the same method to create a package?
Any Takers?
This cant be to much of a hard question!!! can anyone answer? please
Tried it with Phone Alarm. sort of worked at the second attempt. But not quite. If I spent more time on it I reckon I could have got it to work but just don't have the time.
crazyC said:
Tried it with Phone Alarm. sort of worked at the second attempt. But not quite. If I spent more time on it I reckon I could have got it to work but just don't have the time.
Click to expand...
Click to collapse
but you can actually do it? what do you do about the activation codes etc?
The code is probably just stored in the registry or a config file after you enter it, in which case just make an RGU in the package putting the right data into the right place.
Some software might encrypt the code.. but even then usually putting the right encrypted string in the right place will work.. You may have to have the owner information set exactly the same each time (as this may be hashed into the generated key) but this isnt a problem as you can set the owner information in the RGU as well.
If you get a program where you cannot track the installation to see what happens when entering serials etc.. try SKTracker.. you can use it to watch the ppc for changes to files, databases and registry and dump those changes for analysis... so you install it.. make a reference dump.. then install/register the app.. then dump again.. then compare to see what has changed.
Some apps it wont work with of course.. but i'd imagine for most it will be possible yes. The worst that happens is you have the app installed in trial mode.. and a text file burned to the ROM with the serials you have bought in it to re-register it when needed after a hard reset.
Yeah - SK tracker is fantastic. Generally it just involves exporting a reg key from your PPC and then putting it into the cab/package along with your owner name (in some cases).
All my licensed software has been set to install via cabs including the keys. Not found any that cannot be done this way.
Problems arise with more complicated installs that involve interfacing with the system. Just using the normal conversion process with the PA cab did not work, needed to run SK tracker and fix a load more reg entries that were changed by the instll prcess. Improved it but still had issues with no sounds etc. I must have missed something, and have temporarily given up. The cab only takes a minute to install anyway.
As a smartphone fan I always wanted to be able to do whatever I wanted to do with my device, so a custom rom is one of the best choices for me. As a developer, I always wanted to be able to debug my applications on the device. With Mango, debugging and full interop unlock on a custom rom was not possible... till now!
The concept is quite simple: I create a fully locked (yes, it’s not a typo) ROM that fits my needs, I register it (and let the registration process do the magic trick and enable debugging for me) and after that I interop unlock and prevent the device from relocking.
The solution: In many cases we used the “engine” of the Connection Setup to deploy our provxml’s on the device, so why not now??? The Connection Setup (which is already deployed to our devices) uses the package “CSConn_DB” as a source (all those dbz files) to initialize MMS, APN, etc settings. The dbz’s are just password protected zip files with the extension changed.
So... I created two of those files (one for full unlock and one for lock), removed the Relock “time bomb” (969eb155-55ff-4884-9ecb-241c8a4b6e09.exe) I added them to my ROM, I deployed it to my phone and voila! One fully unlocked ROM with debugging capability!
The steps I followed:
1. Cooked and deployed a locked custom Schubert ROM (In this point, I need to thank Cotulla, DFT and everybody else who made custom WP7 roms possible).
2. I registered (as usual) the phone.
3. I opened connection setup and selected “Manual Selection”.
4. In the countries list I selected “Phone Customization” (What a nice country name don’t you think?)
5. I selected “Dev and Interop Unlock” from the available providers and tapped ok (the other one is for locking it back... in case I change my mind ).
That’s all! Now I have a full unlocked ROM and I can debug in the same time!
I have attached all the files I changed for my Schubert, but I think that for the other models the procedure remains the same.
So... Happy debugging (for me and anyone interested)!
EDIT: Password for dbz's on Schubert is 030D681B-1DFC-4bd0-A72A-A9B3CCCDA653
Good workaround, my friend, congrats!
how to get the passwd of the dbz?
ted973 said:
how to get the passwd of the dbz?
Click to expand...
Click to collapse
I just updated the post with the password...
kounadisk said:
As a smartphone fan I always wanted to be able to do whatever I wanted to do with my device, so a custom rom is one of the best choices for me. As a developer, I always wanted to be able to debug my applications on the device. With Mango, debugging and full interop unlock on a custom rom was not possible... till now!
The concept is quite simple: I create a fully locked (yes, it’s not a typo) ROM that fits my needs, I register it (and let the registration process do the magic trick and enable debugging for me) and after that I interop unlock and prevent the device from relocking.
The solution: In many cases we used the “engine” of the Connection Setup to deploy our provxml’s on the device, so why not now??? The Connection Setup (which is already deployed to our devices) uses the package “CSConn_DB” as a source (all those dbz files) to initialize MMS, APN, etc settings. The dbz’s are just password protected zip files with the extension changed.
Click to expand...
Click to collapse
Interesting idea But how do you want to debug? and what do you want to debug? C# code with source code can be debugged with VS2010, Native C++ and COM DLL can't be debugged, afaik?
rudelm said:
Interesting idea But how do you want to debug? and what do you want to debug? C# code with source code can be debugged with VS2010, Native C++ and COM DLL can't be debugged, afaik?
Click to expand...
Click to collapse
I mostly debug .net apps. Haven't tried unmanaged with this solution, but I'll give it a try!
Sent from my HD7 T9292 using Board Express
All those .DBZ files are only in \Windows\, right? Is there any way to point Connection Setup at a DBZ (or similar) stored elsewhere on the phone? This could potentially be used for interop-unlock on retail ROMs too. We can write to almost anywhere on the filesystem even with an interop-locked phone... except for the \Windows\ folder.
well, ... I don't understand what can I do with these files.
can u please write more 'n00b'-ish tutorial ?
kthx
if you dont understand odds are you dont need it
Sent from my GT-S5830 using XDA App
yeah.. gfy
Hey,
I've got a friend that has a s8500, the screen broke and i changed it. By the time i gave it back to him he had forgotten the Phone Securty code he had setup. The only thing i want is a way to recover the data before the reset.
Is there any way to achieve that? Or is there any way to reset/get the code ? I've been looking into the FLOCK thread but im afraid it will lose the data after the flash.
We also contacted Samsung and they said the only way to reset that code is with a hard reset which will make the data being lost.
Can i in recovery/download mode get the data? The most important thing is the contacts/photos.
Thanks in advance.
w1ckedz said:
Hey,
I've got a friend that has a s8500, the screen broke and i changed it. By the time i gave it back to him he had forgotten the Phone Securty code he had setup. The only thing i want is a way to recover the data before the reset.
Is there any way to achieve that? Or is there any way to reset/get the code ? I've been looking into the FLOCK thread but im afraid it will lose the data after the flash.
We also contacted Samsung and they said the only way to reset that code is with a hard reset which will make the data being lost.
Can i in recovery/download mode get the data? The most important thing is the contacts/photos.
Thanks in advance.
Click to expand...
Click to collapse
No idea about the FLOCK thing, i think it's to unlock SIM-LOCK or freeze and not the phone.
The photo are recoverable with android, not sure about the contact (i don't know where they are stored in bada).
In short, you need to boot an android recovery (see the android dev on bada section, i can also provide more detailled instructions), mount bada user partition and then copy paste what's inside on SDcard.
It need an sdcard, a SD fota, multiloader an android kernel and adb (android debug bridge, free software anywhere on the net).
No data will be lost if you do it (if you are on bada 2, else i don't know, and phone will still be locked).
BenzoX said:
No idea about the FLOCK thing, i think it's to unlock SIM-LOCK or freeze and not the phone.
The photo are recoverable with android, not sure about the contact (i don't know where they are stored in bada).
In short, you need to boot an android recovery (see the android dev on bada section, i can also provide more detailled instructions), mount bada user partition and then copy paste what's inside on SDcard.
It need an sdcard, a SD fota, multiloader an android kernel and adb (android debug bridge, free software anywhere on the net).
No data will be lost if you do it (if you are on bada 2, else i don't know, and phone will still be locked).
Click to expand...
Click to collapse
Thank you, i had forgotten that i could just boot a costum recovery. Need to do some research on the contacts location tho since it's really the most important data i need to recover. Thank you again.
I was able to dump the RDC that is provisioned to my 640 XL prototype. I dumped it and renamed it with a .bin extension. Have a couple of questions for those that know more about as I currently know little.
1. What is the RDC file, meaning what does it consist of? Or how is it used?
2. Where is it written when writing it from thor2? Or where is it stored on the phone?
3. Can it be re-used or is it good only for the one device it is provisioned to?
So, I am not sure if "dump" is the correct term to use here, as the command from thor2 would include the option -readrdc which sends it to a file that you choose...So it is reading something from the phone and generating a file...
I opened the file in hex editor but see little about its contents. It is small in size, about 804 bytes. I tried to write it to a different device same model but it failed with a specific error "Certificate error 25 (0x19) (0)"
Thanks.
Where to get prototypes phone?
nate0 said:
I was able to dump the RDC that is provisioned to my 640 XL prototype. I dumped it and renamed it with a .bin extension. Have a couple of questions for those that know more about as I currently know little.
1. What is the RDC file, meaning what does it consist of? Or how is it used?
2. Where is it written when writing it from thor2? Or where is it stored on the phone?
3. Can it be re-used or is it good only for the one device it is provisioned to?
So, I am not sure if "dump" is the correct term to use here, as the command from thor2 would include the option -readrdc which sends it to a file that you choose...So it is reading something from the phone and generating a file...
I opened the file in hex editor but see little about its contents. It is small in size, about 804 bytes. I tried to write it to a different device same model but it failed with a specific error "Certificate error 25 (0x19) (0)"
Thanks.
Click to expand...
Click to collapse
A RDC file is a research and development certificate tied to the device hardware it came with, it will only work on the device it was shipped with, having the same IMEI, hardware serial number and everything unique, you can't use them with other devices at all.
@gus33000
I was almost certain it was unique to the device it was installed in. Does it reside on the boot partition? Thanks for sharing.
nate0 said:
@gus33000
I was almost certain it was unique to the device it was installed in. Does it reside on the boot partition? Thanks for sharing.
Click to expand...
Click to collapse
It's in DPP along with all other provisioned data specific to the phone, you won't be able to do anything with it, just abort, you'll loose time and you'll most likely brick devices.
Was only wanting to know more about it. Thanks again.
nate0 said:
Was only wanting to know more about it. Thanks again.
Click to expand...
Click to collapse
Also as a tip, never overwrite MODEM*, SSD, and DPP with the ones from another phone, it will be destructive for prototypes. I advise you make a full backup of the prototype emmc first, before doing anything, (even if it's just reflashing with a ffu, it's very important to back everything up in mass storage using something like Win32 disk imager), if you however for some reason ever end up with wrong MODEM*, DPP and/or SSD, boot to flash app, switch to download mode, send the emergency payloads for that device RM, and write the rdc, writing it without DLOAD won't work.
DPP is the one nice to work with but never copy and replace, delete and eventually copy over onto it
I need this file
Can you help
Kidsnet said:
I need this file
Click to expand...
Click to collapse
I sold this phone along with dozens of other Lumias and Windows Phones over 2 years ago. I do not own the phone anymore, and I unlikely will find that RDC file if I even backed it up. It would be almost to you unless you are the new owner of this exact device that I dumped it from. Are you planning to use the file for any other reason?
I got a refurbished mobile came locked so i have to fl it since its demanding protection key so i need help
nate0 said:
I sold this phone along with dozens of other Lumias and Windows Phones over 2 years ago. I do not own the phone anymore, and I unlikely will find that RDC file if I even backed it up. It would be almost to you unless you are the new owner of this exact device that I dumped it from. Are you planning to use the file for any other reason
Click to expand...
Click to collapse
Kidsnet said:
I got a refurbished mobile came locked so i have to fl it since its demanding protection key so i need help
Click to expand...
Click to collapse
They are coming already locked, or if there's any tool i can download so that it will vo well with m
Sounds like the lock you are seeing is like a safety net lock. Someone must have had windows on it but had logged in with their account in Windows 10 mobile and set up the Reset protection with their Microsoft account. There is a method to remove that but it is quite dangerous and could ruin the phone.
There is a way to by pass it though as a work around so that you can use the phone but every time you hard reset it it will always lock back.
nate0 said:
Sounds like the lock you are seeing is like a safety net lock. Someone must have had windows on it but had logged in with their account in Windows 10 mobile and set up the Reset protection with their Microsoft account. There is a method to remove that but it is quite dangerous and could ruin the phone.
There is a way to by pass it though as a work around so that you can use the phone but every time you hard reset it it will always lock back.
Click to expand...
Click to collapse
@Kidsnet this is especially a problem for a lumia 640/640 xl. Because what happens is that if they upgraded it to Windows 10 mobile and enabled the protection but you reflash it back to Windows phone 8 you will unlikely set yourself up to not even get a workaround to get in the phone. Since the provisioning of W10M and WP8 are completely different.