I had been searching all over for this solution, and was not able to find anything to remove the policy our exchange admins put on my device upon syncing which required a strong password to unlock the device after only 30 minutes of inactivity.
After some digging and trial and error I came up with a solution...
Here is how to remove and/or modify the policy that is pushed down from the server:
using a device registry editor (remote, or PHM) modify the following key(s)
The Exchange Security Policy (4131) updates the device policy:
HKLM\Security\Policies\00001023: 0 = Enabled; 1 = Disabled
To change the inactivity timer:
HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}\
AEFrequencyType: 0 = No inactivity time; 1 = Activity time enable
AEFrequencyValue: = number of minutes before timeout
To change the password strength policy:
HKLM\Comm\Security\Policy\LASSD\LAP\lap_pw\
MinimumPasswordLength: minimum number of characters in password (0 defaults to 1)
PasswordComplexity: 0 = Require Alphanumeric; 1 = Require numeric (PIN); 2 = No restriction
And finally to change the Device wipe settings:
HKLM\Comm\Security\Policy\LASSD\
DeviceWipeThreshold: -1 = disabled; (any positive number) = # failed attempts before device memory gets whacked
CodewordFrequency: # of attempts before a codeword is displayed to prevent accidental device wipe.
From what I've seen, the exchange server only pushes the policy down once, unless the exchange admin updates the policy, in which case you'd have to reset the registry entries.
Enjoy!
Thank you! So far, so good on my WM6 Wizard ROM. I've been trying to convince our network admin that this was a stupid policy, and now I don't have to
You totally saved me from wiping my TyTN and reinstalling from scratch.
Thank you!!!
cptcoconut said:
Thank you! So far, so good on my WM6 Wizard ROM. I've been trying to convince our network admin that this was a stupid policy, and now I don't have to
Click to expand...
Click to collapse
The reason this is NOT a stupid policy is the fact that you are required to configure a policy such as this on the mobile devices in order to be able to implement the remote wipe capabilities of Exchange SP2 and windows Mobile 5.0.
Without this policy in place if someone steals your phone they will still have access to all of your data and email on the phone from the time they steal it. With this policy in place once you inform your Admins that your phone was stolen they can implement the remote wipe and within a few minutes your phone has been set back to factory defaults and all Company data has been removed.
There is generally a reason behind security policies.
The policy is not stupid. However, it's implementation can be a pain. You can enforce the policy and have remote wipe ability without requiring the password every x minutes/hours.
Timeout settings with Remote Wipe
Great work, Coderuckus...
Are there any registry tools out there to automate these sorts of "hacks"?? Sounds like a good addition to a commercial tool like PocketMecahnic?
Ideally having an "Advanced Mode" to allow for more granular settings changes would be ideal... (eg allow Bitwipe etc, but during business hours, allow the user to extend or snooze the auto-timeout)..
Anyone fancy writing the app? (We'd have a stack of customers for you!)...
Cheers
Andy
www.pressdigital.com.au
Press Digital Australia Support Team
(Australia's PDA People).
Take care! coderuckus registry tweaks work well, but the manual changes are overwritten by the exchange server every 24 hours or so, which requires you to change the registry again and again. An automated solution which works very well (at least with my Trinity WM5) you can find in this post http://forum.xda-developers.com/showthread.php?t=279073&highlight=zenyee
When I make these changes to the registry I am still prompted to enter the password.
When I go to the lock settings screen I can then disable the password.
Is there anyway around this??
I had nearly forgotten about this until yesterday when our exchange admin was messing around with the policy and forced an update which made my pocketpc go haywire. It looks like some good work has been done with the automated utility to auto-disable the password policy, if our admins decide to force policy updates more frequently I may have to try out that app. I'd rather not have to keep yet another program in memory though. It seems the only relevant setting would be setting policy 1023's value to 1, the rest can be reset using the "Lock" settings after the policy reset.
If the exchangeserver is set to re-enforce policies on every connect, you'll need an app that monitors and resets the key when necessary, like :
http://blogs.microsoft.co.il/files/folders/tamir/entry46249.aspx
(I found this to work better then the Zenyee tool, that turned my Touch HD into nothing more then an expensive brick.)
kkoenen said:
If the exchangeserver is set to re-enforce policies on every connect, you'll need an app that monitors and resets the key when necessary, like :
http://blogs.microsoft.co.il/files/folders/tamir/entry46249.aspx
(I found this to work better then the Zenyee tool, that turned my Touch HD into nothing more then an expensive brick.)
Click to expand...
Click to collapse
can you give more information on why the Stayunlock brick your Touch HD?
it's just a small program that monitors the exchange server security policy enforce activity, it shouldn't hang unless your office intrduce a program to be installed that always enforce the policy everything it's being undone, inwhich case it'll no doubt result into a 'hang' situation.
What about Zen on WM6.5? It's crucial application for me.
Best regard,
MCC
mcc666 said:
What about Zen on WM6.5? It's crucial application for me.
Best regard,
MCC
Click to expand...
Click to collapse
Have you had any luck with WM 6.5?
thanks and its stays after 24hrs
Thanks you for your effort.
i'am ok with them having the power to wipe my phone and all but when i dont want to use mobile email all the time, but only update it when i want its stupid to have it on.
my exchange server password is much stronger than the "minimum of 4 numbers" pin ****.
I was looking for more info about the security setting on my phone, when I found this in the Microsoft library:
It gives a detailed explanation of the LASS Registry Settings
LASS is short for Local Authentication Subsystem
Here a copy from the most interresting settings:
Exponential Backoff Registry Settings
The HKEY_LOCAL_MACHINE\Comm\Security\LASSD registry key is used to enable the LASS exponential backoff mechanism. This mechanism is designed to deter brute force attacks that rapidly try several authentications on a LAP by introducing an exponentially increasing time delay between unsuccessful consecutive attempts of the VerifyUser call to a LAP.
The time delay or lockout time is calculated by using the following expression:
Copy
(InitialPenalty + (2^(Number of failures above Threshold)) * IncrementalPenalty)
The following table shows the named values.
InitialPenalty (REG_DWORD): Time, in seconds, for the initial penalty. Default value is 0.
Treshold (REG_DWORD): The number of failures before the exponential backoff mechanism is activated. Default value is 0. This indicates that exponential backoff is disabled.
IncrementalPenalty (REG_DWORD): Time, in seconds, of the multiplier for the exponent. Default value is 0, indicating that there is no delay beyond the value set for InitialPenalty.
LAP Codeword and Device Wipe Registry Settings
The HKEY_LOCAL_MACHINE\Comm\Security\LASSD registry key is used to configure the LASS settings for codeword functionality and the threshold for device wipes. After a number of failed password attempts, defined by the CodeWordFrequency setting, the device completely locks up and prompts the user to enter a displayed codeword to unlock it again. The purpose of the codeword prompt is to be sure that the incorrect password attempts are not the result of accidental key presses. After entering the displayed codeword, the user is then able to make more password attempts. Once the device wipe threshold is reached, the device wipes the memory, including all data and certificates.
Note:
Do not implement a code word that includes Double Byte Character Set (DBCS) characters. While the CodeWord registry node will accept DBCS characters, users cannot enter DBCS characters on a device.
The following table shows the named values.
CodeWordFrequency (REG_DWORD): The number of times an incorrect password can be entered before a displayed codeword must be entered to continue. This is to prevent accidental password entry resulting in a local device wipe.
If the registry key either does not exist or is set to 4294967295 (0xFFFFFFFF), this policy is not enforced.
CodeWord (REG_SZ): Codeword that the user will be requested to type.
DeviceWipeThreshold (REG_DWORD): The number of authentication failures before the device will be wiped. A value of 0 disables device wipe functionality.
LAP Password Settings
The length and type of a password can be enforced on the Microsoft Default LAP using the MinimumPasswordLength and PasswordComplexity settings under the HKEY_LOCAL_MACHINE\Comm\Security\LASSD\LAP\lap_pw registry key. These settings will only be enforced if PasswordNotRequired is set to zero (0).
In the following example, the minimum length of the password is set to 9 characters and the complexity is set so that a strong password is required.
Copy
[HKEY_LOCAL_MACHINE\Comm\Security\LASSD\LAP]
"MinimumPasswordLength"="9"
"PasswordComplexity"="0"
The following table shows the settings and values.
MinimumPasswordLength (REG_DWORD): Sets the minimum device password length the user can enter. The length is measured in characters and can be set to any number less than or equal to the maximum number of characters allowed. Entering zero (0) for MinimumPasswordLength results in the default setting of 1.
Note: Using Wireless Access Protocol (WAP) allows for password lengths from 1 to 256 characters. However, setting this parameter with the Exchange Security Manager limits you to a minimum of 4 and a maximum of 18 characters. This value works in conjunction with security policy 4131, which when set to zero (0) indicates that password enforcement is required on the device. If password enforcement is not required, the value of MinimumPasswordLength is ignored.
PasswordComplexity (REG_DWORD): Sets the complexity of the Device Password.
The following list shows the possible values:
Zero (0) indicates that a strong password is required. 1 indicates that a numeric pin is required. Any other value indicates that a numeric or alphanumeric password can be used
Setting this parameter with the Exchange Security Manager results in a setting of zero (0) or 2. It is not possible to set this parameter to 1 using the Exchange Security Manager.
AE Registry Settings
To install a new authentication event (AE), create a subkey with the GUID of the AE under the HKEY_LOCAL_MACHINE\Comm\Security\LASSD\AE registry key. For examples, see Installing an AE.
The following table shows the named values.
FriendlyName (REG_SZ): String that indicates to the user what the AE represents.
DisplayText(REG_SZ): String that indicates the name of the application that is verifying the user in a call to VerifyUser.
AEFrequencyType (REG_DWORD): Type of frequency policy used to control an AE. It can be any one of the following values, and AEFrequencyValue is interpreted differently based on each value:
0: User authentication occurs at the frequency specified by AEFrequencyValue.
2: AEFrequencyValue represents the number of minutes since any AE returned from VerifyUser successfully.
3: AEFrequencyValue represents the number of minutes since the specified AE returned from VerifyUser sucessfully
AEFrequencyValue (REG_DWORD): Value indicating how often user authentication will occur. The interpretation of AEFrequencyValue depends on the value of AEFrequencyType. For more information about how AEFrequencyType and AEFrequencyValue are related, see Setting an AE Policy.
When AEFrequencyType is set to 0, AEFrequencyValue has the following special cases:
0: Call LAP every time VerifyUser is called.
0xFFFFFFFF : Never call into LAP.
N: Call into LAP every N-1 time(s) that VerifyUser is called.
Authentication Reset Settings
The Authentication Reset Settings determine whether a device can be reset by RemoteWipe. The messages displayed to users can be customized for authentication reset in the default Local Authentication Plug-in (LAP). All keys listed in the table are located in the path HKEY_LOCAL_MACHINE\Comm\Policy\LASSD\AuthReset.
AuthenticationReset (REG_DWORD): Specifies whether or not to allow authentication reset on the device. If this setting is enabled, the Reset Password option appears in the password menu.
0: Authentication Reset is disabled.
1: Authentication Reset is enabled.
RequestMessage (REG_SZ): This message is displayed to the user before the reset process begins. If no message is specified, a default message is displayed.
RequestSuccessMessage (REG_SZ): This message is displayed if the reset process completes successfully. If no message is specified, a default message is displayed.
RequestFailureMessage (REG_SZ): This message is displayed if the reset process fails. If no message is specified, a default message is displayed.
RecoveryMessage (REG_SZ): This message is displayed in the Recovery PIN entry dialog. If no message is specified, a default message is displayed.
RecoveryPhone (REG_SZ): This is a secondary string to be displayed following the recovery message.
Exchange Management Console
I know this is an old thread, but it might help anybody searching. I've just had a similar issue on Exchange 2010.
In the Exchange Management Console > Organization Configuration > Client Access select the Exchange ActiveSync Mailbox Policies. You can either remove the password requirement, or change it in the Default Policy. Alternatively you can create a new policy, then under Recipients Configuration > Mail Box, you can select the user properties, and then choose the Mailbox Features tab. Select Exchange ActiveSync and properties. You can then apply another policy. We have the default then a special one for those who request it.
One important thing, on our installation the default refresh in the policy was not set. We changed this to push out the change of "no password required" for some devices.
I hope this saves somebody some time!
Related
I'm trying to use Mobile Registry Editor to modify the registry on my XDA Exec.
The changes appear to be accepted as far as the PC screen is concerned but the changes do not take effect on the Exec. If I restart the registry editor and pull the "modified" registry from the WM device the change is there but the device still works as per the old registry setting.
I've tried a soft reset but that makes no difference.
Can anyone offer any advice please?
Pete
obviously if it doesn't work... u might have put the key value on the wrong section, wrong key value (typo) or the value should be a DWORD, etc but you've inserted a STRING, etc.. value.
that was from my experience..
p/s: what is it that u wanna tweak?, if it's the "Owner Info", u need two values, string value and binary value, then you'll get the changes..
I always use the power button to put the uni in sleep mode. Then wait 2 min. before resetting.
Resetting right away when the device is on will calculate in loss of data such as the last text message(s) not being saved and/or settings.
When the device goes into sleep/hibernate it writes all changes to the memory
I've lost a couple of texts that way.
worcester4x4 said:
I'm trying to use Mobile Registry Editor to modify the registry on my XDA Exec.
The changes appear to be accepted as far as the PC screen is concerned but the changes do not take effect on the Exec. If I restart the registry editor and pull the "modified" registry from the WM device the change is there but the device still works as per the old registry setting.
I've tried a soft reset but that makes no difference.
Can anyone offer any advice please?
Pete
Click to expand...
Click to collapse
Please do follow my articles. I've explained in MANY of them that you need to SUSPEND your device before resetting so that the WinCE database and registry changes are flushed back to the flash ROM.
Hi
Thanks for replying.
I don't think I've either put the changes in the wrong sections or put the wrong values in. I've tried changing two relatively simple items just to test the water so to speak. The first is simply to change the text message "message sent" text. For that I went to:
HKLM\Software\Microsoft\Inbox\Svc\SMS\MessageSent
and changed the string value from "Message Sent" to "Message Delivered"
The second was to change the phone ring characteristics by going to:
HKCU\ControlPanel\Sounds\RingTone0\Script
and changing the value to (string) ap100w2r (activate, play at 100% vol, wait 2secs and repeat).
The values are still there in the XDA's registry but the behaviour is still at default?
Pete
Menneisyys said:
Please do follow my articles. I've explained in MANY of them that you need to SUSPEND your device before resetting so that the WinCE database and registry changes are flushed back to the flash ROM.
Click to expand...
Click to collapse
Hi
By suspend you mean turn off with the power button, wait 2 mins then reset? Yes?
I did this and still no joy.
Pete
Hey there,
I use 1and1 for my exchange access and they require you to use some sort of security enforcement policy on your phone. On windows 5 I was able to put in a 4 digit pin and set it to only ask me for it after 24 hours of non-use. It also asked me for it on reboot. I keep my keypad locked because there's nothing I hate more than having my phone dial random people. To do this of course, I just held down the end key untill the screen locked. To unlock it, I just pressed the center button on the d-pad and the asterisk key. Everything was peachy.
Well in windows 6, they still require me to enter a PIN in and everything, BUT I cannot change the time in which it requires me to enter my pin to unlock. Additionally, every time I screen lock my phone I have to enter my PIN which is incredibly annoying.
Is there some sort of reg hack that I can fix this with?
No, the point of security enforcement is to protect the device from having sensitive data stolen and as a result these kinds of policies can not be overridden through any fashion except settings on the exchange server. You need to contact 1and1 and ask them to remove this policy, or switch to another exchange provider.
4SmartPhone doesn't pull this stuff.
Thanks for the response, but I don't think I made myself clear enough.
I don't want to bypass the security, I don't care about that.
I just don't want to have to enter my password every time I want to use my phone. Who does that?
Start>Settings>security>device lock
from there you should be able to adjust the phone's lock settings.
whether you want to get round it or not, it is most likely the policy set at 1 & 1's end and they need to adjust it at their end....
it might be that this function on the exchange works differently on the server cos it is windows mobile 6.
As WM6 is optimised for Exchange 2007, it could be a bug in the MS Activesync set up when using these policies on an exchange 2003 SP2 server.
I don't have a WM6 excalibur, but i can test it with an S710 and our Exchange 2007 server if you want....?
One more thought, delete the exchange partnership, and then go into the lock settings. Turn the lock on and set it to 24 hours.
Then go back in and turn it off. the time settings should stay at 24 hours even though it is turned off.
Then set up the exchange server. if you are lucky, it might just stay at 24 hours instead of the OS default of 0 minutes.
Be lucky....
try this:
Enable changing password lock time:
In the registry do the following:
\hklm\security\policies\policies\00001023 from 0 to 1.
i have the same problem with 1and1 using a cavalier with wm6. my real problem is that sometimes at startup the device gets stuck in t9 and will not recognize the numbers in my pin so i have to hard reset the device. 1an1 say they have nothing to do with the security password and will not help
Disable T9
Heh-heh, I never liked the T9 thingie on my T-Mobile Dash/HTC Excalibur. To turn the T9 on and off (toggle) press alt and then press space. This should toggle the T9 function of WM6 smartphones. At least, it did on my Dash.
Now, on with my crusade to unlock my Dash!!...
turning the t9 off is the same on the cavalier, but the problem is that sometimes this test rom decides to turn it back on at start up and other times it does not. it is really pissing me off.
thanks for the suggestion though. i just really need a way to dissable this security password.
joedm said:
try this:
Enable changing password lock time:
In the registry do the following:
\hklm\security\policies\policies\00001023 from 0 to 1.
Click to expand...
Click to collapse
The phone gives an error screen and says "unable to perform this operation".
on my wm5 ppc i removed the exchange account yet I can't turn off the pin security. Now thats annoying.
you can also try this: http://forum.xda-developers.com/showpost.php?p=1269318&postcount=7
I haven't tried it myself =)
joedm said:
you can also try this: http://forum.xda-developers.com/showpost.php?p=1269318&postcount=7
I haven't tried it myself =)
Click to expand...
Click to collapse
cool that worked thanks!
Before you can change the registry keys, you need to run the "Application and CID" unlock program provided on this site. I did it on my Cavalier and it worked like a charm.
Any ideas anyone?
Hey mtvkilledusall -
Did you ever get this figured out? It is annoying the ****e out of me!!!
I'm the Exchange admin, and I'm considering turning off this "feature" for my device.
Like you, I just want to be able to KEYLOCK the device (so it doesn't dial 911 in my pocket, etc.), but I'd still like to keep the security.
This used to work fine on my MDA. Very annoying.
mtvkilledusall said:
Hey there,
I use 1and1 for my exchange access and they require you to use some sort of security enforcement policy on your phone. On windows 5 I was able to put in a 4 digit pin and set it to only ask me for it after 24 hours of non-use. It also asked me for it on reboot. I keep my keypad locked because there's nothing I hate more than having my phone dial random people. To do this of course, I just held down the end key untill the screen locked. To unlock it, I just pressed the center button on the d-pad and the asterisk key. Everything was peachy.
Well in windows 6, they still require me to enter a PIN in and everything, BUT I cannot change the time in which it requires me to enter my pin to unlock. Additionally, every time I screen lock my phone I have to enter my PIN which is incredibly annoying.
Is there some sort of reg hack that I can fix this with?
Click to expand...
Click to collapse
Same issue here after upgrading from Samsung Blackjack 1 to a Blackjack II, WM6 and 1and1 Exchange server. On top of that, after configuring exchange, my phone also looses the menus quick access numbers. Very frustrating.... Anyone found a fix yet?
Thierry.
Hi,
I have just installed goodmail top get my work email (as the corporate for some reason is supporting this). I find it very annoying that every 10 minutes it locks itself and forces me to enter a password. So if I need to make a phone call, I have to enter this password to unlock it.
The current preferences in goodmail only allows me to select the timeout interval to be 1, 5 or 10 minutes only.
Is it possible to turn off this locking, or allow the interval to be changed to 99 minutes - by registry hack or something?
Many thanks.
this is controlled by your company at the GOOD Server. Like Blackberry, GOOD has built in a way to apply policies to the handheld. It's a good thing from a corporate IT security perspective, but a bad thing for the, sometimes, over-restricted end-user.
thanks, I suppose from the response that there is no way to get over it. It is very annoying especially when I am forced to set a 6 digit password.
I only need to use a 4 character password and get 30 minutes before the device locks.
When i try and change the keyboard lock interval, I get only three choices - 1, 5 and 10 minutes. I looked at the registry and that has value = 3.
When I set/change the password, I get a message that it must be atleast 6 characters.
I believe this must be the policy set up by the company - I will chase the administrators and find out.
Thanks and regards,
Satinder
spahwa said:
Hi,
I have just installed goodmail top get my work email (as the corporate for some reason is supporting this). I find it very annoying that every 10 minutes it locks itself and forces me to enter a password. So if I need to make a phone call, I have to enter this password to unlock it.
The current preferences in goodmail only allows me to select the timeout interval to be 1, 5 or 10 minutes only.
Is it possible to turn off this locking, or allow the interval to be changed to 99 minutes - by registry hack or something?
Many thanks.
Click to expand...
Click to collapse
Are you sure you can't use your phone without unlocking? I have goodmail and it lets me place and receive calls without unlocking. It tries (and partially succeeds) at blocking me from viewing my contacts, but I can still make calls.
Follow these steps to dump all of your phone's memory. What use is this? It can be used to locate your MSL code if other methods fail. This method should work even if your phone is "bricked". This could potentially be used to retrieve lost information. At the very least it contains all your texts.
I am also currently exploring a possible security fail on the part of android/google. My phone dump contains my google account password in plain text....not just once. It has my password in plain text over 120 times. I am investigating how this could be. My google password is unique to that one account, and it is paired with my google login in the phone dump. I have not input the password in any other place outside of when I first setup my phone. I have not input that password in any app or browser. You may want to check if your login credentials are also being mishandled and possibly logged.
Phone Dump: (portions of this were taken from the PRL guide)
Connect your phone to your computer using a USB cable.
Open Device Manager.
Ports > LGE Android Platform USB Serial Port > Properties > Port Settings > Advanced > COM port number
Make a note of your COM port number.
Download and install QPST v2.7.
Open "QPST Configuration".
In the "Ports" tab, if your com port isn't listed, select "Add New Port" and write in your com port as "COM#" (# being the number you noted in step 4). Verify that your com port is listed.
Make sure your phone appears in the the "Active Phones" tab.
Run the "Memory Debug" program from QPST.
With your phone connected via USB and selected via the "Browse" button, press "Get Regions".
This will reboot your phone into "Download mode". You will most likely lose the connection to your phone because download mode uses different drivers and possible a different port. Go into device manager -> Ports (COM & LPT) and find your phone's new COM port.
Go into the QPST configuration and setup the new port.
Go back to the "Memory Debug" program, browse for your phone again, and select "Get Regions" again.
This time it will show you a bunch of options. Leave them all checked and select "SaveTo" and pick an empty folder to dump your phone memory to. This will take up a little over 500 megs.
It will take a good amount of time to finish (possibly 30 min to an hour).
When you are done, you will have the following files:
Code:
adsp_rama.bin, adsp_ramb.bin, adsp_ramc.bin, adsp_rami.bin, mdsp_rama.bin, mdsp_ramb.bin, mdsp_ramc.bin, mdsp_regs.bin, load.cmm, ebi_cs0.bin, and ebi_cs1.bin
If you want your MSL code, open ebi_cs0.bin with a hex editor. Look at the following HEX addresses:
Code:
0162ABCE
01BA6BDC
Both should contain your 6 digit MSL code in plain text.
If you want to find your ESN:
Code:
0104B5C2
What is more interesting is when you search in both ASCII and Unicode for your google account password in ebi_cs0.bin and ebi_cs1.bin. This is a raw dump of your phone memory. It will contain your contact list and other person information, but I see no reason for your account password to be logged in plain text. Another user has already reported finding his password using this technique. Please search for yourself and report back what you find. My guess is that this is not unique to the Optimus V.
Update:
I changed my account password. My phone then prompted for my new password. I entered it in. I then synced my contacts, rebooted, and then dumped the contents of my phone. My new password was in there in plain text twice. The old password was still there too. Something is logging my internet traffic or my keyboard inputs.
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
JerryScript said:
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
Click to expand...
Click to collapse
Thanks! With you that makes 3 of us to experience this. The address for the password(s) are different for me which is expected. Where as the MSL code would be located in a certain unchanged portion of the phone, this mysterious log would constantly be changing and could even be fragmented over the flash drive. I don't have (UID FLAGS) anywhere in either file.
What I also have is many Groove IP references with my Groove IP related google login and password. This looks like it is capturing it as internet traffic. I don't see why Google or Groove IP would log a password they both have encrypted access to.
mmarz said:
Something is logging my internet traffic or my keyboard inputs.
Click to expand...
Click to collapse
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
obijohn said:
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
Click to expand...
Click to collapse
There are a few reasons I don't buy this as being the cause.
Where would this unencrypted keyboard log be? I have data2ext going. My password was found on my internal phone partition. Whatever is doing this has permission to modify files outside of the data folder.
My password was present repeatedly. Even when I changed my password, it appeared twice even though I had only entered it once.
You have to manually select when you want to add words to the dictionary, otherwise all your misspelled tweets would be added. In password fields, this is not possible because only a single letter is inputted at any given time. No word is ever developed.
My other passwords are not in this log file. For example, my titanium backup password that I have to constantly use when I restore backups is not in here. Also my internet search phrases and other relevant items that I have typed in.
Update:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
mmarz said:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
Click to expand...
Click to collapse
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
csrow said:
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
Click to expand...
Click to collapse
Wouldn't this mean that you have to enter a verification code when entering your normal password, but if malware were to steal your application specific password that you created just for your phone, they could access your account using it and bypass the verification process?
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
csrow said:
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
Click to expand...
Click to collapse
No, they work on any device. There is no way for google to know what device is using it. You personally assign them for that phone, but if the password were to be stolen, then it can be used on any device. Also, if your account were to be compromised, you wouldn't know which password was stolen. With each application password you create, you are allowing another passcode that can be used to access your account. This seems very unsafe.
Update: I just tested this and I am right. I can use the same application specific password on all my apps and phones. So if this password were to be stolen, anyone could use it to login to my account. This is a major fail on the part of google....again.
Update2: Application specific passwords can be used to create login tokens. That means you can use a program like trillian to log into your gtalk using it, and then use the login token it produces to get access to your main google account through a web interface.
Well, that completely defeats the purpose of 2-part authentication. Oh well.
I hope you've reported this security hole... because obviously the intent is to be more secure than it actually is.
Which hole are you referring to? How google's two step verification is worthless because of one step passwords they force you handout to automated login apps? How Android's own password storage system keeps passwords in plain text and protects it by setting the file permissions to "please don't read this"? Or are you taking about how putting all these issues aside, I can still see my password in plain text in some sort of data capturing log that I found in a data dump of my phone's internal memory?
If you are talking about the last one, I'm still trying to find out exactly where the password is being stored in the dump and by what process. I've been searching through my phone's internal memory while it is on, but I can't seem to find it. I also want to rule out malware or something stupid that I might be doing before I start yelling about the sky falling. If more of you guys try this out, maybe we can rule out malware since all of us can't have the same bug. It really can't hurt your phone to dump it. It only takes 40 mins of your time.
(The more I learn about this stuff, the angrier I get.)
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
ummkiper said:
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
Click to expand...
Click to collapse
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
srmuc69 said:
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
Click to expand...
Click to collapse
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
ummkiper said:
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
Click to expand...
Click to collapse
Any luck? I did the same thing but as I have read in many other blogs the LG Optimus V times out in qpst, so did mine too.
I still have information in the file and I found the NV_ITEM_ARRARY in the file. What I do not know is how that array is built, e.g. is there a developer guide for CDMA phone where they detail the information. I was looking for the 1192 nv item and it should start wit the length like 0A for 10 digits of the AA Password. No luck so far without knowing what the bytes are and from just locking for 0A you get tons of hits.
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
srmuc69 said:
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
Click to expand...
Click to collapse
yeah the dump should have all nv items.the hard part is figuring which ones are which.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
well the mnha and mn aa are paswords needed to get your data working when you want to use a different phone ie the Samsung Epic on virgin mobile.you can clone all info from the optimus v to the epic but with out those password data will not work.i may not be inclined to do this anymore since the motorola triumph is coming out.meaning i wont need to find a better phone and clone this one.
Hey guys,
I need few brave people to [beta] test my GPS Software - A program similar to RemoteTracker. Information about it is written on my personal site at http://www.mkexchange.com/rcagent (Or should i have copied the whole thing here?)
The software currently has no privacy protection (no passwords, no configurable way of specifying the upload location, etc) - everything is recorded in the "Debug Log" for testing and debugging purposes. This is not a final "stable" version, your device could blow up! - probably not though
I wrote this for personal use but i wouldn't mind sharing and give back to the community
Requirements:
- Someone who knows what they're doing.
- Device with GPS running WM6+ (with Compact Framework 2.0... maybe 3.5 in the future)
- Unlimited Data/SMS plan - so it doesn't end up costing you a fortune while testing. Mainly SMS is used for comms - data is optional.
- Enough space on the External Storage/SD Card - for debug log, track files, etc.
- The software has no visible interface so you will need another phone to send the messages from.
Let me know if you are interested.
I'm using SPV M700 (HTC P3600) permanently connected to the car battery to test this.
I'll put more info about it, if there's enough interest.
-----------------------------------------------------------------------------------------
Update: 2011-07-12
I have attached the latest build of the program to this post. Use this to Install the program.
Before you do anything, please read, understand and only continue if you accept the following sentence/paragraph:
YOU USE THIS SOFTWARE AT YOUR OWN RISK, I AM IN NO WAY RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOU, YOUR DATA OR YOUR PHONE ARISING FROM THE USE OF THIS SOFTWARE EITHER DIRECTLY OR INDIRECTLY.
1. Before you install this software, please backup your data.
2. Set the GPSID (or "External GPS") configuration in system settings to the correct hardware port. This is important, otherwise the program will not be able to get any GPS data and may not work correctly.
3. Install the attached cab
4. You will need to manually activate the program from the programs folder ("RCAgent (Beta)"). If you wish to remove it, please remember to kill the process/program using task manager before uninstalling.
5. Once installed and activated you might want to switch on the "Monitors". You can activate most of them together by sending an SMS Command "@rc monitors on";
Tip: Send "@rc version" to get the version information or to check whether it's running and responding to commands.
Check post #2 (or here: http://www.mkexchange.com/rcagent-ug) to see how to use all the commands. Remember this is a beta/alpha software so it might have bugs or compatibility issues as i've only tested on two devices.
Update 2011-07-13
Please note, RCAgent.log file is limited to 100mb to prevent it from taking all the space on the external storage card. Once it hits 100MB, it will empty the file automatically to make way for new data. Make sure you backup this file if you want to keep its contents.
The Setup
I'll use my current setup as an example.
I have the program installed on the SPV M700 (HTC P3600 - HTC Trinity) which is connected directly to the car battery. The connection is via a 3way cigarette lighter adapter with a USB port, so there was no need to modify the smartphone; I simpley used the normal mini-usb cable to keep it permanently connected inside the (back) boot of my car (next to the spare wheel).
I've installed one of the stable and "light" version of a custom rom got from the www.xda-developers.com forum.Once the program was installed and the device is set-up for GPS (GPSID configuration) and data connection, it's ready for commands.
On the other side, I have an Android phone which i use to send sms text commands.
Inside RCAgent
The initial idea was to have multiple "Agents" listening on different services; one agent to monitor and respond to SMS commands, another agent for Email commands, another for Twitter status updates, etc. All of these "Agents" would run simultaneously depending on user preference and settings. All commands are held in a single FIFO (First-in-first-out) queue for later processing.
Due to limitations on the platform and time restrictions, i have only managed to complete the SMS Agent and a "Debug Agent", which is basically a visible interface on the device to simulate SMS commands - The "Debug agent" is switched off when the application is deployed (i.e. on "Release" build).
The application also has what i call "Monitors" which actively monitor the battery level, current location, speed, etc. These monitors can be switched on or off individually and will accept parameters to configure its variables.
It also currently uses GPSID (GPS Intermediate Driver) to retrieve the location from the GPS hardware. The platform needs to be configured to use the correct port, otherwise the program wouldnt receive any data.
There are plans to implement an alternative GPS access method using Serial ports but i was having some problems with the SerialPort class in the emulator while testing. In the meantime GPSID is the preferred method for majority of the cases.
GPS signal and location information sent from the chip is not always accurate due to signal noise so the application has some tolerences set. In my tests, the speed was also not accurate - e.g it would claim its moving at 2.6knots while it was idle.
The GPS location is deemed to be valid when it meets two conditions; the Horizontal Dilution of Precision (HDOP) is less than 5.0 and there is a minimum of 4 "fixed" satellites.In addition, Internally the application "buffers" some valid locations before acting on the data, depending on the monitor (some capture 10 locations, some 20, etc). I found this to be the best way to ascertain the current location/condition despite some drawbacks.
Currently, most of the settings are saved in the external storage in an XML file. Only the parameters for the monitors are currently saved to this file, the application does NOT switch on the monitors when the program is restarted/rebooted.
All commands are formatted similar to a console based application.
The replies are sent to the original sender - one instance for each sender. This means multiple alerts can be set for each sender and each sender being able to configure the settings in isolation.
Example: Sender 1 would want to be notified when battery level reaches 40% percent, while Sender 2 may want to be notified when it reaches 20%. Both will be alerted when it reaches the set level.
Monitors and alerts
The following monitors are currently implemented:
Battery Level Monitor (bmon)
Parameters: switch on/off, Alert level in percentage
Default: alert level set to 20%
Alerts the sender when the battery level of the device drops below the alert level. When the device is charged above this level, another message will be sent to indicate this.
Geofence Monitor (gfmon)
Parameters: switch on/off, alert hours, radius in km, latitude and longitude
Default: alert hours set to whole day (00-00), 1km radius, current location
When the monitor is switched on, it will wait for couple of valid GPS Locations so that it can determine the current location and set it as its virtual "fence". The default "fence" is set to the current location at a radius of 1km. When the device moves outside of this fence, the sender (who switched ON this monitor) will receive an alert message. Another alert message will be sent when the device/car comes back inside this fence.
The fence can be set manually by specifying the radius, latitude and longitudal coordinates.
Alert hours - this can be set so that alerts are only sent at a certain time in the day. For example, I would only want to be alerted if the car moves outside the fence between 10pm till 7am (10pm-7am) while i'm sleeping to warn me of theft.
To keep things simple, only hours can be specified (no minutes or seconds). The start and end hours can be specified as 24-hour components, separated by a dash. E.g 21-7 would be 9pm to 7am (the following day).
Movement Monitor (gmmon)
Parameters: switch on/off, alert hours
Default: alert hours set to to whole day.
This generates two alerts (like most of these monitors). One when the vehicle (i.e device) start moving and another when it stops moving. Like the Geofence monitor, the alert hours can be set in the same format.
Speed Monitor (gsmon)
Parameters: switch on/off, speed alert level
Default: 50knots speed alert level
Alerted when speed exceeds the configured level or the default of 50knots ( ~57mph, 92km/h) and another when it falls below this level.
Geo Area Monitor (gamon)
Parameters: switch on/off, radius in km, latitude, longitude, name
Default: None
This monitor is similar to the geofence monitor in its operation but it allows specifying multiple areas. Each area can be registered by specifying the latitude, longitude coordinates, the radius and a human-readable name/label. When the car/device enters one of these areas, it will alert by sending back a message with the current coordinates, along with the information about the area that triggered it.
Example use: I usually get picked up and dropped off from work so I've set one "area" on this monitor to the location of my workplace. When i'm expecting someone to pick me up from work with my car, i will be alerted when the car arrives in the vicinity so that i can start preparing to leave.
Tracks Log Monitor (tracksmon)
Parameteres: switch on/off, log duration
Default: Log for 10 minutes.
This oddly named "Monitor" will generate track/path files saved to the external storage card (currently KML format only). When it is switched on, it will log for the specified number of minutes (10 minutes by default) before automatically switching off and saving the track information to a file.
Phone Call Reboot Monitor (crmon)
Parameters: switch on/off, phone number, number of rings in seconds
Default: Sender's number, 15 seconds of ring
Another oddly named "Monitor" will basically reboot the phone by receiving a phone call. The Monitor will wait until the specified number (sender's number by default) calls and let it ring for set number of seconds (15 seconds by default) before automatically rebooting the device.
The reason for this monitor is; in case the messaging system hangs and is unable to receive any sms text messages/internet/email, the phone may need to be rebooted. In the absence of these services, phone calls usually still work so this was implemented to signal a reboot and hope the device start working again.
The Remote Commands
"@rc" is the prefix for all SMS commands that will be intercepted by the program. Commands and parameters are separated by spaces and are all in lower case.
version - Gets the version of the currently running program
Parameters: None
Example: @rc version
Response: Version of the program.
alarm - Sets the volume to high and plays alarm5.wav from the \Windows directory. Volume level is restored after playback.
Parameters: Repititions (default 3)
Example: @rc alarm 4
Response: N/A. The audio file will be played 4 times.
gp - Get Position - Gets the current location (if available within 5 minutes)
Parameters: "false" to not apply GPS tolerances (i.e a location will be returned even if HDOP is over 5.0 and satellite count is less than 4).
Example: @rc gp false
Response: Current location, even if it's not validated by internal tolerances/rules. Information may be unreliable.
Example 2: @rc gp
Response: Returns a valid location if its available within 5 minutes or a failure message if no valid location is received from the GPS chip.
More parameters will be implemented later, to specify length of timeout and the com port number.
callback - Try to call the senders number automatically. This may be useful if you want to hear whatever's going on in the surrounding area.
Parameters: Phone number
Example: @rc callback
Response: N/A. It will try to dial the number that is specifiedor by default, call the number that sent the command.
reset - Reboot/restart the phone
Parameters: None
Example: @rc reset
Response: N/A. It will force a reboot
exit - Exits out of the program, all monitors switched off.
Parameters: None
Example: @rc exit
Response: N/A. It will switch off all the monitors and exit out of the program.
webupdate - Will download the updater file which will quit the program once an update is available and has been successfully downloaded. Currently, automatic update is only available through my website.
Parameters: None (yet)
Example: @rc webupdate
Response: A text message to indicate whether the updater file was downloaded and executed. Once the updater is active, it will download the latest version of the program and kill the currently running program and restart the new version automatically. Currently, no messages are sent to indicate whether it was able to execute the program. It will, however, add a note in the next response if the app was updated.
monitors - Batch operation on the monitors. Switch all on/off/reset/status/etc.
Parameters: on/off/reset/status
Example: @rc monitors on
Response: It will respond with the monitors that were loaded and switched on.
Note: 2 monitors are currently excluded from this list and will not be switched on. Area Monitor and Tracks Monitor will need to switched on manually - this is by design - which i may change in the future. This behaviour can be changed from within the XML settings file (set "OnByDefault" to true).
msg - Sends a message to the specified number/contact via the device. Will "Echo" by default (message will be sent to the sender).
Parameters: Recipient phone number, message
Example: @rc 07800000000 This is a test
Response: It will send the message "This is a test" to07800000000
Note: If the number is omitted, it will be sent back to the sender.
ftpdl - Debug log sent to the set FTP address (currently fixed).
Parameters: None (yet)
Example: @rc ftpdl
Response: A message will be sent back to indicate success or failure
bmon - Battery Monitor settings and status
Parameters: on/off/status/reset, level
Example: @rc on 10
Response: The monitor will be switched and a message indicating that the alert level was set to 10%
Example 2: @rc status
Response: A message indicating whether the monitor is active and the current alert level
crmon - Call Reboot Monitorsettingsand status
Parameters: on/off/status/reset, phone number, number of rings
Example: @rc on07800000000 10
Response: The monitor will be switched on and monitor all incoming phone calls. Once a call is received from07800000000and rings for 10 seconds, it will force a reboot.
Note: "status" will send a message back with information about its current settings.
gfmon - Geofence Monitorsettingsand status
Parameters: on/off/status/reset, alert hours (default: whole day)/radius in km, latitude, longitude
Example: @rc gfmon on 0.5 55.12345 -2.12345
Response: This will switch on the monitor, set the latitude (55.12345), longitude (-2.12345)and radius (0.5km or 500 metres) of the virtual "fence". A Message will be sent back to indicate this new information.
Example 2: @rc gfmon reset
Response: A message sent back to indicate settings were set to defaults and a new virtual "fence" will be set once a valid location has been determined (with the default radius of 1km).
Example 3: @rc gfmon on 21-3
Response: It will set the alert hours of 9pm to 3am (the following day). Alerts will be generated if they happen between these times.
gmmon - Geo Movement Monitor settingsand status
Parameters: on/off/status/reset, alert hours (default: whole day)
Example: @rc gmmon on 9-17
Respone: Monitor switched on with alert hours set to 9am to 5pm.
gsmon - Geo Speed Monitor settingsand status
Parameters: on/off/status/reset, speed limit/level in knots
Example: @rc gsmon on 60.8
Response: Monitor switched on, with speed alert set for 60.8 knots (or 70mph).
gamon - Geo Area Monitor Settingsand status
Parameters: on/off/status/reset, radius in km, latitude, longitude, name/label
Example: @rc gamon on 0.556.12345 -3.12345 Some random location
Response: A new alert area (with latitude of56.12345, longitude of-3.12345, radius 500 metres and the label "Some random location")will be added to the list. When the device enters the area, it will send a message with the area information and the current location (along with the distance) and another message when it leaves the area.
Note: "@rc gamon status" switch will send a message back with the list of registered areas.
trackmon - Track Monitor settingsand status
Parameters: on/off/status/reset, max minutes for log
Example: @rc on 20
Response: The monitor will be switched on and will try to capture locations for 20 minutes. The track file (currently KML format) will be saved in the external storage with the current time and date as the filename. The file can be uploaded with the "upsdfile" ("listsd" will list the file names) command below (Warning: it will currently only upload files to my website). This KML file can be imported into Google Earth to plot the path.
cmd - Special sub-commands - cmd by itself without any parameters will return a list of available commands
cmd uptime - gets the uptime of the currently running process (RCAgent)
cmd deldl - Deletes Debug Log file
cmd dloff - Debug Log switched off - no data written to file
cmd dlon - Debug Log switched on
cmd ction / ctioff - Switches on/off cell tower information in every message
cmd listsd - List SD - Lists the files in the root of the storage card and their size - Warning: might be a long list.
cmd ftpsdfile - FTP SD File - Sends the specified file to the set ftp (currently, it will only upload to my ftp)
cmd upsdfile - Upload SD File - Uploads the specified file to the set website address (currently, it will only upload to my website)
cmd updl - Upload Debug Log - Uploads the Debug Log file to the set website address (currently, a folder on my website)
cmd help - A lengthy description of each command.
* For Monitors: "on" and "off" options will switch on/start and off/stop the monitors, respectively. The "Status" option will indicate the current status and settings. And finally, the "Reset" option will set all the settings of the monitor back to its defaults values.
** For sanity, long messages are truncated to a maximum of 5 messages (160 characters x 5).
I can take this for a test drive.
My device is a Touch Pro 2 on Verizon network (CDMA). Get pretty good GPS. Also have 16gb SD card so should be able to write the debug log files as you are looking for.
Let me know.
Thanks.
i'll try on hd mini...
Thanks guys.
Hope you realise this software has no visible interface? You will need another phone to send the messages.
I'm compiling a little user guide over the next few days so you'll be able to use it. I've put it on my website for now (don't worry, its a personal site, no ads or anything) so i can update it from anywhere. Once complete, i'll probably paste it all here.
Stay tuned!
Okay guys, i've updated everything here.
Please give me your feedback.
Remember to use a good (preferably unlimited) SMS/text/data plan for this so it doesn't bankrupt you!
For testing purposes you may want to consider allowing interaction on the app-installed phone. I dont have a second phone.
tq
I was debating whether to keep the "Debug Agent" active and thought it would be pointless for the purpose of this app ("remote control...") and may not be useful for real-life [beta] testing.
But, you can send the commands to your own number and use it that way.
mk27 said:
I was debating whether to keep the "Debug Agent" active and thought it would be pointless for the purpose of this app ("remote control...") and may not be useful for real-life [beta] testing.
But, you can send the commands to your own number and use it that way.
Click to expand...
Click to collapse
I'll try that out & revert.
Thanks
Well guys, do you have any feedback for me?
I'm instal and testing
RCAgent 1.0.4210.39687
HTC s740 ROM 1.12.402.0 10/25/08
Radio 0.24.30.24
Don't work.
I can not set the GPS COM port.
The program uses GPSID.
In system settings, there should be an icon for "External GPS" (or GPS Settings, or might be something else depending on the firmware). You can set the port using that.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
don't work
I've attached the GPSID settings program. Use that to set the hardware port and select "Manage automatically".
I used this program, but it still does not work.
I checked all configurations.
The problem is that except for the GPS receiver does not turn on. Neither nor GPSID RCAgent not start the GPS receiver.
Programs Navigation (maps) work very well.
dr_Henio said:
I used this program, but it still does not work.
I checked all configurations.
The problem is that except for the GPS receiver does not turn on. Neither nor GPSID RCAgent not start the GPS receiver.
Programs Navigation (maps) work very well.
Click to expand...
Click to collapse
Interesting. Are you willing to send me the RCAgent.log file for me to analyse?
I change the phone. Now working.
Can you add to the sms link to a map with GPS/CELLID coordinates?
Using it. Loving it.
Hi mk27,
I am using RCAgent in in LG-GM750 WM6.5 in my car since 25th March 2012 and loving it. However I would be interested to know if you are still working on it. I would love to see updates, gprs and more functionality added. It seems to respond quite well through SMS so definitely working. Today I texted me that the car was moving over the 50knots speed limit and then again that it was under the speed limit.
It would be good to see an email being sent, or location updates on a map. May be as someone suggested, the sms could be in a google maps format.
Are you planning to make it open source at all?