Change Device ID - Upgrading, Modifying and Unlocking

This may be a stupid question for this forum, this may not have anything to do with this forum, but you guys are probably the only forum that could help me. I was referred here from a post at another forum.
I own 2 HP IPAQ 1950s (i know this forum isnt dedicated to handhelds), OS is Windows Mobile 5. I purchased a piece of software for one and want to load it on the other as well, but it does not allow me. Heres why:
In order to purchase the software, you first load a trial version and run it. On that trial version's registration screen, it gives a device ID. I then purchase the software, and at purchase, provide this device ID. The software maker then provides me a registration that will only work with the unique device ID. I cant use the same registration key on the second handheld because it has a different device ID. To be clear, when I say device ID, I dont mean the name I give the device when syncing. This is a random alpha-numeric ID, I dont know where it comes from.
Anyway, I am wondering if there is a way I can edit device 2 so it has the same ID as device 1. Some kind of registry edit or something?
Sorry again if this post is not appropriate for this forum, but you guys seem to know the most about these kind of devices and if anyone knows the answer, theyd be on this forum. Thanks for your help.

trm666 said:
This may be a stupid question for this forum, this may not have anything to do with this forum, but you guys are probably the only forum that could help me. I was referred here from a post at another forum.
I own 2 HP IPAQ 1950s (i know this forum isnt dedicated to handhelds), OS is Windows Mobile 5. I purchased a piece of software for one and want to load it on the other as well, but it does not allow me. Heres why:
In order to purchase the software, you first load a trial version and run it. On that trial version's registration screen, it gives a device ID. I then purchase the software, and at purchase, provide this device ID. The software maker then provides me a registration that will only work with the unique device ID. I cant use the same registration key on the second handheld because it has a different device ID. To be clear, when I say device ID, I dont mean the name I give the device when syncing. This is a random alpha-numeric ID, I dont know where it comes from.
Anyway, I am wondering if there is a way I can edit device 2 so it has the same ID as device 1. Some kind of registry edit or something?
Sorry again if this post is not appropriate for this forum, but you guys seem to know the most about these kind of devices and if anyone knows the answer, theyd be on this forum. Thanks for your help.
Click to expand...
Click to collapse
Open your registry editor and change this key:
HKEY_LOCAL_MACHINE>Ident
Select 'Values'
Select 'Name'
and change the Value Data to the new name for your phone (no spaces)

Sorry to disappoint you but the method above will not work.
What you are seeing is what is know as UUID - a unique hardware based identifier that almost every PPC has.
Note the hardware based part - this means you can not change it with registry hack or any other way (I am not 100% sure but I believe it is derived from several hardware components like memory CPU etc).
The second problem is that you are basically trying to crack a program you should have paid for and we do not do this here.
(Yes there is a forum called 'development and hacking' but it is not this kind of hacking)
My suggestion to you is contact the app creator / vendor and see if you can get some sort of deal for your second device.

Related

HTC Touch Pro2 as a HACKING tool?

Good evening folks,
I am considering buying the HTC Touch Pro2 when it is released in the USA on Tmobile. I would like to understand what hacking (security testing) tools are available on the Windows Mobile Platform. I am a security professional and have the desire to perform penetration testing from the HTC Touch Pro2.
It seems the MetaSploit framework is not available. I like to work with the command prompt, is the command prompt accessible on the HTC Touch Pro2? I've read some info about being able to mount ISOs or run emulators. Is there WiFi hacking software such as Kismet available?
Does anyone know what hacking tools are available for this platform?
Thank you!
Anyone have any ideas?
It doesn't run real windows, you can't get a command prompt. You'd be better off with a real machine.
There's a couple companies out there that sell WM devices for pentesting, but they are all provided with the hardware since they are focused on wifi and I don't believe the standard WM stuff lets you put it into promiscuous mode.
You'd probably be better off with an android device so you can just compile whatever you want.
MSFT products have never been suitable for comp-sec professionals.
You're better off connecting to a *nix box using either PocketPuTTY or using a webbrowser to connect to a remote server running metasploit.
Check out VxUtil, it gives you DNS, reverse DNS, port scan, ping, finger & so on. Pocket Putty is a good free SSH client, also does port forwarding.
OpenVPN works as well if that takes your fancy. Lots of security tools are available, they are just a bit obscure. I don't think nmap is around though.
thanks for the reply
Our company actually just released a new product (called Security Tools) that lets you ping, traceroute, do a WHOIS lookup, and even do port testing on your Windows Mobile phones. The port testing can even send clear text commands to a port such as 'GET / HTTP/1.0' to verify that it is a HTTP service listening on that port. The traceroute is also able to visually show the trace (if it's public IP address) on a map so you can kind of get a visual representation of where your traffic is going. Please feel free to try our one week free trial which lets you use the application for a week without limitations, so you can make sure everything works as you want before you buy.
You can visit the original post here at xda over at this thread:
http://forum.xda-developers.com/showthread.php?t=550473
or you can visit the website for the product at:
http://www.securenetworksystems.com/SecurityTools/
Punkster812:
I downloaded "security tool" , installed, got a license - and it was already expired...
Also, your company name is "secure network systems" and your web-pages are hosed in Microsoft IIS, and based on aspx .....seriously, if you wish to appear as a security company, you cannot use that crap.
the program with won't work because you serve old license, but one thing is clear; the icon is of very low resolution, and looks bad on WM6.5 or TouchFlo menu.
And: the long Device-ID is there only to annoy your customers, no pir8 would ever be bothered by it, so you may as well stick to 6 characters alphanumeric code +-+++...
AlCapone said:
Punkster812:
I downloaded "security tool" , installed, got a license - and it was already expired...
Also, your company name is "secure network systems" and your web-pages are hosed in Microsoft IIS, and based on aspx .....seriously, if you wish to appear as a security company, you cannot use that crap.
the program with won't work because you serve old license, but one thing is clear; the icon is of very low resolution, and looks bad on WM6.5 or TouchFlo menu.
And: the long Device-ID is there only to annoy your customers, no pir8 would ever be bothered by it, so you may as well stick to 6 characters alphanumeric code +-+++...
Click to expand...
Click to collapse
I am sorry that you had troubles with the trial download, if you PM me with your Device ID I can get you one. We are aware of the low resolution, but rather than focusing on a pretty icon, we worked hard on a functional program. The long Device ID is not to annoy customers, it is actual a very secure method that we use and if you are able to break it, I would be very impressed; I know it's long but it's to protect our intellectual property and no other licensing method existed that prevent piracy like this does. We know ever method is breakable, but this accomplished our goal of restricting to the pirates that are going to steal software no matter what.
As far as the server... you are using a Microsoft product as well for you phone. We very rarely use Asp.net through our site, in fact it's only for license generation and to set up an order, but doesn't actually handle purchases. So the site is secure and I am confused on why you think our site is so insecure. I love Linux and Apache as much as the next network administrator. 4 out of 5 of my personal pc's run Linux with one set up with Apache for my personal site, but for our business needs, we went with IIS.
Again I am sorry that it didn't work for you, I will double check to see if it's still properly generating license, and remember, the trial starts from when you download the license, not run the application with the license.
regarding IIS: http://www.internetnews.com/securit...Microsoft+Rushes+to+Patch+FTP+Hole+in+IIS.htm
This finally got some attention, it was in fact being exploited for years, over several versions.
Hosting software on vulnerable servers gives an opportunity for hackers to easily repack your CAB with spyware/dialer, and you can guess the rest. - such CABs must be inspected for each download.
Regrading long serial number, it only makes a brute force attack harder, at best, which is usually not the method used. You can as well trunk it to a 6-7 char/alphanumeric number, and it will work the same, but annoy people less.
Remember you are at a forum where people often reflash, and entering long serials each time (if cannot be exported from registry) - is boring, and a motivation to workaround.
I can't remember what it's called, but there is a CAIN port for Windows Mobile.
Fmstrat said:
I can't remember what it's called, but there is a CAIN port for Windows Mobile.
Click to expand...
Click to collapse
you are right; - it's simply "Cain for PPC:"
http://www.oxid.it/downloads/Cain_setup_PPC.ARM.exe
and yes, it's far away from the "real" Cain.
AlCapone said:
regarding IIS: http://www.internetnews.com/securit...Microsoft+Rushes+to+Patch+FTP+Hole+in+IIS.htm
This finally got some attention, it was in fact being exploited for years, over several versions.
Hosting software on vulnerable servers gives an opportunity for hackers to easily repack your CAB with spyware/dialer, and you can guess the rest. - such CABs must be inspected for each download.
Regrading long serial number, it only makes a brute force attack harder, at best, which is usually not the method used. You can as well trunk it to a 6-7 char/alphanumeric number, and it will work the same, but annoy people less.
Remember you are at a forum where people often reflash, and entering long serials each time (if cannot be exported from registry) - is boring, and a motivation to workaround.
Click to expand...
Click to collapse
Thanks for the link, I looked into and we are not vulnerable against the attack and never have been due to the attacks requirements (http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx). As far as brute forcing, without going into to much details, would be extremely difficult to do as it uses standards proven encryption algorithms. The extremely long serial that you are talking about is a unique ID for your phone. We know it's long and are always looking for ways to improve the licensing we use. The license is a file and not something that you key in, you copy to the installation directory; so you can keep a copy in your email, on your computer, flash drive, where ever for back up purposes in case you need to reload the app.
As far as reflashing, that is a very valid point. I am not 100% sure, but I believe reflashing should not hurt the license, which would hopefully mean you wouldn't have to enter your device id again. But if any one could confirm this, that would be appreciated. We know a lot of the people here are very advanced and know more about their phones then most the people at service providers or even the phone manufactures themselves sometimes, which is why we enjoy releasing our products here for testing before we release them to the public. In the little time that Security Tools has been up we have received some constructive feedback on what could be improved.
Punkster812 said:
As far as brute forcing, without going into to much details, would be extremely difficult to do as it uses standards proven encryption algorithms.
Click to expand...
Click to collapse
Right, that's why I said long numbers would be good for only that, once the calculation/verification routine is extracted for a keygen, it's no more job whatever the result is 6 or 50 digits long.
- Therefore, you might save your customers from all the boring entry, because no keygen /(or crack) will be more difficult by having more digits.

Name suggestions for WP7 unlocking procedure

iPhone - Jailbreaking | Android - Rooting | WP7 - ???
So we have to name the unlocking process of WP7.
Do we really want to stick with iPhones "jailbreaking" (I know I don't want that - WP7 is unique!) If we do nothing now, this will be the case for sure.
I would say, we collect suggestions in this threat and then make a poll out of it. If we then use the new term in forums, blog comments etc. I'm sure we can take this in our own hands.
So I start and suggest:
"liberate"
It's called HardSPL, and no names need to invented.
Hmm... fine with me, but everyone is calling it jailbreaking.
Let's spread the word HardSPL then
lqaddict said:
It's called HardSPL, and no names need to invented.
Click to expand...
Click to collapse
it isn't called HardSPL , HardSPL is only there to flash and load custom rom's (unsigned ) it has nothing to do with getting around the security of the os ,you could make a HardSPL for wp7 but then you could only flash differed stock rom's.
you also need something to crack the os to load unsigned app's (root excess ) and run native code .
and for the second part isn't a name but I think that rooting or liberating would be a good name.
edit: "Hard"SPL simply means a write protected and modified SPL
why not just say 'crack'?
i mean...thats what is going on right? to crack wp7's security layer
LOL , I have to much time ,actually it already has a name :
Application Unlock: Most WM5 phones only allow you to load applications that have an acceptable digital signature. If you try to edit the registry or load an application it will give you an error. Application Unlocking removes this barrier and allows you to install any application or edit the registry to your liking.
The WP7 version
Application Unlock: Most WM5 WP7 phones only allow you to load applications that have an acceptable digital signature and are from marked place . If you try to You cannot edit the registry or sideload an application it will give you an error . Application Unlocking removes this barrier and allows you to install Sideload any application or edit the registry to your liking.
and here is the link to it , it is on the bottom of the page .
http://forum.xda-developers.com/wiki/index.php?title=FAQ#techicalJargon
Because of all the possibilities that are brought to us with WP7, I suggest :
UNLEASH WP7
What do you think ? I like the idea of unleashing the power of Windows Phone 7
....windowsphonebillgatescracking....
Forcebreak.
Liberty
Break(ing).
Breaking Windows... Hurrrrrrrrf!
Since it is based heavily on .NET I was thinking of something along the lines of "Broken Net", or maybe RIP.NET (which has the double meaning of Rest In Peace and a Ripped Net!).
But I am not good at these types of things!
"Windowbreaking" makes a lot of sense to me, e.g.:
"Dude, did you windowbreak your Focus, yet?"
Answer
"I have forcebreak (forcebroken?) my WP7!" I love
raping like "dude did you rape your wp7 device? not yet but I'm raping it now" hhhhh
no seriously lets call it
wp7 metro crashing or metroing
u know something with metro as wp7 has metro interface
My suggestions are "Free" and "De-tile", but I like "Liberate"...it sounds...liberating...
Hijacking ...unless someone already proposed it.
Or HyJacking, for Hyper Jacking.
Going Native.
Farmer Ted said:
Going Native.
Click to expand...
Click to collapse
This. A million times this.
Break-in
Deflowering
Smashing
Raping
Sent from my HTC HD2 using XDA App

Contact from Kin Developers

About 2 weeks ago, I took johnkussack's advice (I think it was him) and went to LinkedIn to try t be friends with anyone who came up on the search for "kin phone". In the invite email, I just said that I noticed they worked on the Kin phones and would like to ask them a few questions on how one could write to the phone. I have had 3 responses in the last 2 days.
Guy1: didn't know because he worked on the UI for the Kin Studio
Guy2: kindly told me he couldn't release an unauthorized build and that he would be breaking the law by doing so.
Guy3: This guy worked on the phone for over a year. He first told me I was breaking the DCMA by hacking/reverse engineering Kin, regardless of intent. Then he said this important thing:
"You are absolutely right in assuming that the device is locked; in fact, it has a hardware lock that is common to many such devices. When the devices roll of the manufacturing line the programming fuses are blown (literally) preventing any further programming of the device. This is all handled by hardware so unless you find a flaw with that you are out of luck."
So if this is true (sounds like it is), the "dream" is over. Hopefully there is some way that someone out there can find.
If I get more responses, I will post them here. Don't ask me to go back to these three who already replied and asked them more questions, I think I made some of them mad.
Hmmmm... I don't know whether or not the KIN models will accept OTA updates so that's a good question to ask. If OTA updates are possible then it's inherently possible to change the software. I wonder...
Yes, it was me the one who said about "linkedin".
But i also said "in one word NDA". You should known even before ask that the signed NDA are also legal contracts, so i prevented before asking them.
On the DCMA, yes.. on the USA. Outside the big country, the legal question is different and may not operate with that law. (if ever). If they provide a normal (legal?) way to unbrick my factory mode here, or to use the phone options, then i wait for the cost for it.
And everyone knew that hardware was not the way, just at the moment where first flash attempt failed. "Dream" is doable by software, if anything is to be done.
What i don't get is why to ask for rom rom roooooms, where we need drivers drivers driveeeeers... or sdk's. We won't get it anyway from MS, but no flashing means a rom is futile, non useful,crap pack of bytes.
But i also said "in one word NDA". You should known even before ask that the signed NDA are also legal contracts, so i prevented before asking them.
Click to expand...
Click to collapse
I figured I just take a shot in the dark; hope for the best and expect the worst. Since the phone and suuport from MS was discontinued, maybe the NDAs would be voided.
And everyone knew that hardware was not the way, just at the moment where first flash attempt failed. "Dream" is doable by software, if anything is to be done.
Click to expand...
Click to collapse
Good to know you still think there's a way.
What i don't get is why to ask for rom rom roooooms, where we need drivers drivers driveeeeers... or sdk's. We won't get it anyway from MS, but no flashing means a rom is futile, non useful,crap pack of bytes.
Click to expand...
Click to collapse
I just asked if "there is a way to get around the write lock". Had I known ahead of time to ask about drivers or SDKs, I would have put that in the msg.
I strongly believe that we could operate with the device,softwarewise. there is proof that the kin NAND memory (for now on, called "Storage" as label) is writeable. Not sure on the Rom part.
Of course, i mean.. just use it as a normal writable storage memory.
I posted how it could be done and would do it myself but, again, i bricked my phone, and available ones (through bidding sites) are so expensive to buy another one just for this (+ $150). Don't see a way to get it internationally again.
And even doing it, i'm not sure about what could be done just writing on the storage mem....
If the fuse byte is burn't should not it have prevented you from bricking?
kintwouser said:
If the fuse byte is burn't should not it have prevented you from bricking?
Click to expand...
Click to collapse
Nvitem bricked, not flashing bricked. You can succesfully write to the NVItems memory. But i guess it's just configuration memory and not the one "fused".
I just want to mention that jailbreaking a phone is NOT illegal in the United States! Geohot hacked the iphone... Apple went after him... Apple lost.
Also blowing the programming fuses seems a little fishy to me actually. No other phone does that. The majority of other phones have been flashed. I just think it would be pretty odd for a company to do that so that they no longer could update it. I am not sure I believe him. If this really was true... then why wouldn't Apple or Sony be doing it? This also doesn't make sense since Microsoft actually originally intended on putting WP7 on this as well as allowing apps for it. Check this article out:
http://www.intomobile.com/2010/05/12/kin-windows-phone-7-a-lot-closer-than-we-thought/
you must understand, its not possible to blow fuses in the hardware, it would be a top news story if they were able to keep the OS running in complience with the flash memory without it crashing. Obviously that was a lie to discourage us, and i dont even think that was a real kin developer, because microsoft clearly stated that all kin developers would be moved to WP7 or another programming section. And it doesnt matter if its legal or not to jailbrake phones, if we are porting a new OS, we wouldnt have modified the original OS, which is what jailbraking means. Most likely the OS is hidden deep in the flash memory with a write - protection. If you think its saying access denied because they said the fuses were blown, its wrong. They must just have a password or code that needs to be sent continuasly to the phone to access files. If the fuses were blown, then nothing would be able to be accessed by zune, because it would be impossible to reach the memory.
soninja8 said:
Most likely the OS is hidden deep in the flash memory with a write - protection. If you think its saying access denied because they said the fuses were blown, its wrong. They must just have a password or code that needs to be sent continuasly to the phone to access files. If the fuses were blown, then nothing would be able to be accessed by zune, because it would be impossible to reach the memory.
Click to expand...
Click to collapse
Not my expertise field, but this mobiles can (and in fact they do) have several memories, storing the OS in the ROM memory and all the data on the NAND memory (our "8gb" storage).
Zune software has protocols to query for available storages (requiring its label/id) and is allowed to write/read to it. If you dare to click on update version (at least in the 1st version I tried) it expressed that the option was not "available" to that device without web requesting data, apparently.
So.. in the nand flash we may only have the equivalent of a SD Card. And my last wince PDA showed that as /Storage too, apart from main wince ROM.
You can format the nand memory using win explorer if in fact it is the 8gig storage. I did this and it deleted all pics,albums etc. It was interesting to note that we cannot copy or view these pics without an access error but it does let me delete them.
I just wan't to be able to get my pics off this piece of crap without emailing them.
I posted it once. You are able to:
- Query storage properties (label, size, id,...)
- Query storage folders
- Query folder files.
- Query tracks / albums / playlist / images / anyZuneSupportedFile
- Delete * file (whatever)
- Format the storage
You are "unable" to:
- Upload (create) a file into the device
- Download a file from the device.
MTP protocol tools allows you to do so, from command line (not quite sure if they are available on Win32 OS's), but... fails to operate with this device when it comes to the "unavailable" operations.
I am curious as to which former developers you contacted?
I was doing some research and noticed that Microsoft acquired the company Danger, Inc. After Microsoft purchased them, the former president of Danger went to develop Android (later acquired by Google). One thing I read was that most of Dangers employees left after being purchased by Microsoft. Apparently these people don't like Microsoft all that much! I also looked into it a little more and found one of the founders of Danger who had a twitter account. Of course all of his tweets were via a "KIN". Thought that was interesting. It seems to me that these former Danger employees would be interested in helping out if they don't hold to high of an esteem for the big "M".
seems like this is your first "inside the move" trying-to-hack/reverse a thing, so i will say:
people involved doesnt wanna risk through legal issues, even if they were pissed off, just for "some kids" to have a driver or rom. NDA are strong there, and they could either sign them or leave (if leaving, they don't have the interesting things).
At most you would get bad-mood or good-luck comments, and ocassionaly (very uncommon), leaks (wont happen here).
yeah, they purchased danger for an amazing 500 million dollars, which they later developed the kin with it, they were planning to put windows phone 7 on it, but they were to behind and released it with the old windows CE, then the former developer moved to work on a free source OS, later called android. Google wanted to get android while it was cheap, so they bought that company, and made the old developer as 2nd engineer.
Maybe not worth yet, but we should get more *info* about the SBL mode (aka "Ms Pink Bootstrap), as coinflipper said that it was the way to flash OS or parts (like radio's).
I have been trying even OMA wap WBXML bootstrap examples with it, but as we dont know if our phone is standard, it's like looking for a water drop in the sea of possibilities.
We do not need a guide on how to do something, but what-to-do with it.
Maybe, JUST MAYBE, we could design a program like bitpim. I am a mac user and when I used bitpim with my enV touch, I used to edit all sorts of files. Examples would be phone info, server info etc. We could make a program like that to get the info. I know programming may be hard, but its worth a shot. I hate the OS on this phone, ESPECIALLY WHEN YOU PIN APPS! THEY LOOK HORRIBLE
Kinuser1 said:
Maybe, JUST MAYBE, we could design a program like bitpim. I am a mac user and when I used bitpim with my enV touch, I used to edit all sorts of files.
Click to expand...
Click to collapse
We can't. If we have not the protocols or the supported phone features (protocols, drivers, documentation,...) you cannot guess it and put it into visual basic (or Xcode) and then by *magic*get the program you want.
i will admit that i know very little about protocols and drivers but i would like to point out that bitpim is open source, and that the code can be found here ->
http-//sourceforge.net/scm/?type=svn&group_id=75211 (change "-" to ":")
i seem to recall bitpim already having limited support for the kin, but perhaps with a little research and a little code tweaking we can find ways to improve it? i'm not sure how feasable it is as i have very little experience with programming for phones/usb devices, but it's just a thought.
slimeq said:
i will admit that i know very little about protocols and drivers but i would like to point out that bitpim is open source, and that the code can be found here ->
http-//sourceforge.net/scm/?type=svn&group_id=75211 (change "-" to ":")
i seem to recall bitpim already having limited support for the kin, but perhaps with a little research and a little code tweaking we can find ways to improve it? i'm not sure how feasable it is as i have very little experience with programming for phones/usb devices, but it's just a thought.
Click to expand...
Click to collapse
We can't. If we have not the protocols or the supported phone features (protocols, drivers, documentation,...) you cannot guess it and put it into visual basic (or Xcode) and then by *magic*get the program you want.
Click to expand...
Click to collapse
The above applies to any software you want. Unless you magically found documentation or files (like OP), there's no way to. So f#cked.
The thing is always the same, tweaking tweaking... what to tweak, huh?

[SDK] Promocodes for your app

Hello!
I'm software developer from Russia, and made one very popular app in local market. Very soon I realized that I need an ability to give licensed version of app for my friends or reviewers or someone else.
Unfortunately AppHub doesn't provide such functionality(private distribution is pain in ass), so I created a webservice for myself.
After two days I realized that it may be useful for other developers, so here it is:
promo.g33k.ru (here I wanted to post url, but I can't due to low post count. You may find it in my profile->interests)
Now it has:
- JSON/SDK with RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
Now this service works in beta mode.
So for developers I have two questions:
1) Is such service useful for you?
2) How to develop it further, in which way?
Not yet clear
I am sorry, but after reading your post and also checking your website I am still not sure what you offer. For me there is just not enough information to understand and then judge the usefulness of your service.
Maybe you could give a step-by-step scenario: Dev does this, then interested user does that, dev then this ...
Ok, I'll try to describe a little more details:
1) Developer wants to add capability of promo codes in his app(to give some specific users full licensed app).
The first problem is that developer need his own server for checking of promo code validity(hardcoding is not an option, of course).
2) So, Developer registers in my service, add his app's guid to his app list and create a promo code for specific app via web.
3) Developer adds support for promo codes in his app by:
a) adding an text box for user to enter promode
b) adding a web request to specific URL for promocode activation
c) adding to his license check web request for checking is current user activated a promo code.
Benefits for developer:
- Add support for promo codes without owning a server.
- Simple way to give full version of program to friends
Benefits for users:
- User may found promo code for specific app somewhere and use it to get full version of app in simple manner.
Benefits for reviewers/portals:
- Developers can easily give promo code for reviewing purpose or as giveaway for news post.
Clear now
Thanks for the additional info, now it's clear
Well yes, sounds useful. Properly implemented is probably really easier than Microsoft's "closed beta" mechanism, and of course can be used for other, non-beta apps as well.
The icing on the cake would be a "frame application" as sample code that basically does nothing more than asking for a promo code and then check against the list of valid codes on your server.
Sounds intresting but how do you ensure security?
chabun, I thought about security and situation is same as with default checking for trial - there is no security Man-in-the-Middle and direct cracking of xap will work, and there is no way out. I could use RSA signing for MitM, but still cracking of xap is very easy option today, so no one really interested will try to use MitM. When WP8 SDK will be out(I believe it will be in several weeks) - some developers may implement trial checks in native code - this will be much harder to crack.
As for server part there are following possible problems
- App's ID squatting(same as domain, someone else could reserve developer's app's guid). Don't know yet what to do with this, may be think about it later when this happens?
- Promocode's for App ID bruteforce - could be easily avoided via server throttling, if this ever happens - i'll add such checks
- Server DDoS - every webmaster's nightmare, I hope this never happens(or my Amazon AWS will pour my purse empty
rbrunner7, nice idea, I'll add a sample app as soon as possible on site.
This looks like an interesting concept
Sent from my SGH-i917 using XDA Windows Phone 7 App
Yop, you can never avoid direct cracking... However, RSA signing would be good I'd say as it will avoid MitM - with MitM you could create simple tools which can be used by every noob outhere. Cracking xaps requires some skill and it will need an unlocked WP7 as well.
I can see this working i have been thinking about something similar also. You can encrypt the data on device before sending it off to the cloud, you can than verify the encrypted data with a password and compare it to the codes registered on the server. Than link a code to a certain device id (once the code becomes 'registered') if a certain code is already coupled to a deice id and the device is not the same than the app will jump back into trial mode. Otherwise one can use the paid mode.
This can defenetly work and will prevent reselling th codes. Although it requires a server. And users can still hack/patch the app ofcourse but that will require an unlocked device so I should not worry to much about it.
Also to prevent spoofing you can frequently check with the server if this device is legitetmately registered.
Marvin_S said:
I can see this working i have been thinking about something similar also. You can encrypt the data on device before sending it off to the cloud, you can than verify the encrypted data with a password and compare it to the codes registered on the server. Than link a code to a certain device id (once the code becomes 'registered') if a certain code is already coupled to a deice id and the device is not the same than the app will jump back into trial mode. Otherwise one can use the paid mode.
This can defenetly work and will prevent reselling th codes. Although it requires a server. And users can still hack/patch the app ofcourse but that will require an unlocked device so I should not worry to much about it.
Also to prevent spoofing you can frequently check with the server if this device is legitetmately registered.
Click to expand...
Click to collapse
That's what I thought of... private/public key
chabun, so, for example, how about following scenario:
for each developer server creates public/private key pair.
when checking license on server: if success server encodes userid with developer private key
when checking license in app: server response decoding via public key(hardcoded in app) and comparing to userId. if ok -> licensed.
You might want to ask @ngreader guys on twitter. They do have this concept implemented in their app.
diverofdark said:
chabun, so, for example, how about following scenario:
for each developer server creates public/private key pair.
when checking license on server: if success server encodes userid with developer private key
when checking license in app: server response decoding via public key(hardcoded in app) and comparing to userId. if ok -> licensed.
Click to expand...
Click to collapse
I'm not sure if it would be good to encode the request to the server as well but otherwise it sounds really cool now... I'll use this service when I need this (and tell my friends about it)
Here is one way to do it http://stackoverflow.com/questions/599837/how-to-generate-and-validate-a-software-license-key
wpxbox said:
Here is one way to do it http://stackoverflow.com/questions/599837/how-to-generate-and-validate-a-software-license-key
Click to expand...
Click to collapse
Well, what they suggest is not as good as diverofdark's service which is a lot more secure and still easy to use for the customers...
Greetings everyone!
Today I updated promo.g33k.ru, now it has:
- more detailed about page,
- SDK now includes RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
- Many minor bugfixes.
So, from now this service works in beta mode
diverofdark said:
Greetings everyone!
Today I updated promo.g33k.ru, now it has:
- more detailed about page,
- SDK now includes RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
- Many minor bugfixes.
So, from now this service works in beta mode
Click to expand...
Click to collapse
Thanks! I will check this out
Hey diverofdark
It would be nice if you update the first post in the thread with all information. That's the way it's usually done in the forum.
A possible user (here dev ) can read it and without having to browse the whole thread, he can use your promocode service...
Thanks for mentioning it, I updated the first post.

[how-to] internet sharing on ATT branded phones

Howdy folks!
I've been feverishly scouring the web and this site for ways around the internet sharing limitation that att puts on its phones. Sadly the xaps and provxmls didn't work well for me but I struck gold on google and I would like to share it with you! in xda post below, skip to registry editing unless you cant see internet sharing as option
long story short as shown here: http://forum.xda-developers.com/showthread.php?t=1233612&highlight=openmarketenabled Thanks sensboston for diggin it up.
do the following registry edits:
Now launch WP7 Root Tools and go to Local Machine -> Comm -> InternetSharing -> Settings and manualy add new value (+val button):
(this is description)>>Value Name: Name, Value Type: String, Value Data: Value ... hit save
Value Name: EntitlementURI, Value Type: String, Value Data: ./Vendor/MSFT/Registry/HKLM/Comm/InternetSharing/Settings/OpenMarketEnabled ... hit save
Value Name: OpenMarketEnabled, Value Type: dword, Value Data: 1 ... hit save
need more info? keep reading. sorry for crap presentation.
The Sasha Kotlyar has a post on his website that shows you the registry settings required (you can use only the first two, or go all the way to fully debrand). http://arktronic.com/weblog/2012-04-14/my-phone-my-rules
Prerequisites:
1. In order to successfully add the registry values you will need to start with mango version 7720 or 7740 and interop-unlock with windowbreak or
visit http://windowsphonehacker.com/windowbreak/ on your non-nokia mobile phone or visit windowsphonehacker.com/articles/the_windowbreak_project-12-23-11 for more info
1a. If you cannot use window break please find another method to interop-unlock. like heathcliff74 xap
2. Install Root tools: http://forum.xda-developers.com/showthread.php?t=1569832
3. Visit http://arktronic.com/weblog/2012-04-14/my-phone-my-rules
3a. Use Root tools to add the first internet sharing related value in your registry you will have to use "add value" button since it's not there originally!
3b. Use same to EDIT the "entitlement" value
Please make sure you spell everything in your registry correctly!
tested on samsung focus flash. Speedtest.net on pc showed pathetic 500kbps Down and 1mbps Up on "4g".
Good Luck and please show Mr. Kotlyar your gratitude for so clearly and simply showing the settings that need to be changed!
Also thank our window-break and root tools suppliers, jaxbot and Heathcliff74!!
Before reposting some very old hacks with outdated instructions (Shevron unlock isn't available more than year!) and referring to some unknown guys (who is "wonderful Sasha"?), try to search forum first: http://forum.xda-developers.com/showthread.php?t=1334248&highlight=internet+sharing
All these noobs "wonderful internet finds" have a xda roots.
sensboston said:
Before reposting some very old hacks with outdated instructions (Shevron unlock isn't available more than year!) and referring to some unknown guys (who is "wonderful Sasha"?), try to search forum first: http://forum.xda-developers.com/showthread.php?t=1334248&highlight=internet+sharing
All these noobs "wonderful internet finds" have a xda roots.
Click to expand...
Click to collapse
maybe you should revisit the portion of my post specifying how the various provxml and xap packages provided on this site haven't worked for me. I haven't seen those exact registry settings written out explicitly on xda, just long winded instructions for some ultimately useless xap deployment.
I visited the thread you mentioned (as well as others) many times and tried it without success. In perusing the thread I see no mention of the two settings that need be changed in the registry. I do see users reporting issues with their radios and some wondering whether it's undoable. These registry settings look very undoable to me but not that xap deployment.
another search for " internet sharing registry settings" comes up empty .
Simply editing the registry as shown was fairly easy and straightforward and it worked.
I merely hope someone else having a similarly fruitless search will find this useful.
Have you seen this (an year old!) thread? If you unable to find/apply, it doesn't mean the xda instructions are useless
P.S. Your post it's just an another proof: XDA needs more structured, clean and visible FAQ/wiki system.
Will these Registry values work with a HTC Titan 2, or is this just for Samsung devices. Please advise. I dont want to brick my phone. Thanks!!
sensboston, i didn't find that thread. it should be stickied. its much more concise and well organized than what i put up. thanks!
my advice to others, as someone who's only worked on one device to investigate this issue, is that if your device gives you the option to do internet sharing but att denies you this right with a message asking you to call them, then your condition may be cured simply with the registry settings. the fella in sensboston's link has an optima and the registry bit is the same. if your problem is more severe in that there's no internet sharing option, perrhaps you may check out that thread more carefully to see what's applicable to your device.
the regediting parts are the same and this makes me feel safe that it will work across devices. just remember, you edit entitlement value but add the openmarket dword
as a final word, i do love xda and all the work people do to support and develop here. didnt mean to link to / exalt an outsider instead of xda. google did point me in the direction of that site and not the xda post likely because i searched " focus flash internet sharing". sometimes it's hard to know what is device specific and what isn't.
I use a Focus Flash on AT&T
This is the post I followed for use Internet sharing option (Samsung Phones) http://forum.xda-developers.com/showthread.php?t=1334248
well damn now my phones bricked!
What you mean your phone is bricked. What the phone, And what you did before?

Categories

Resources