[IDEA/REQ] Simple wallet app - Windows Mobile Software Development

I've used Sony Ericsson phones before I went over to WM-phones, and on the SE phones there is a standard app that is very simple, but genious.
It is a very simple app to remember your pin numbers and/or passwords.
It works kind of like this:
At first use, you select a password and a control word. You enter the password every time you enter the program and it then displays your control word so you can check that you wrote the right password.
Whatever password you enter at program startup will get you inside, no error messages or anything. But entering the wrong passord will also display your control word wrong - whatever it might be. When inside all stored pins/passwords are displayed, but only if you write the correct password when entering they are correct. That way someone not knowing the password will not be able to tell if they actually guessed the password as the "pin numbers" show anyway, but with completely randomized numbers. So they are basically just waisting their time.
Not sure if I managed to explain so anyone can understand or if there is such an app already? I've tried dosens of wallet apps, but not succeded in finding one that is as simple and good as the one in SE phones.

I've been wanting something like this for a while. I can't use the last one I had (Flexwallet) since I had to hard reset and lost the registration number.

There are bunch of free apps to do this on your Windows Mobile device:
Cryptowallet
http://www.freewarepocketpc.net/ppc-download-cryptowallet.html
KeePassPPC
http://www.freewarepocketpc.net/ppc-download-keepassppc-v0-4-4.html
LockCrypt
http://www.freewarepocketpc.net/ppc-download-lockcrypt.html
Blender
http://www.freewarepocketpc.net/ppc-download-blender-v1-1.html
eSec
http://www.freewarepocketpc.net/ppc-download-esec-v1-0.html
You can also browse some more security related apps here:
http://www.freewarepocketpc.net/ppc-tag-secur.html
Hope that helps !

If you are interested in iPhone like interface, check this out
Password Safe
It's free too.

Related

Lock/Enter PIN to unlock

Hey there,
I use 1and1 for my exchange access and they require you to use some sort of security enforcement policy on your phone. On windows 5 I was able to put in a 4 digit pin and set it to only ask me for it after 24 hours of non-use. It also asked me for it on reboot. I keep my keypad locked because there's nothing I hate more than having my phone dial random people. To do this of course, I just held down the end key untill the screen locked. To unlock it, I just pressed the center button on the d-pad and the asterisk key. Everything was peachy.
Well in windows 6, they still require me to enter a PIN in and everything, BUT I cannot change the time in which it requires me to enter my pin to unlock. Additionally, every time I screen lock my phone I have to enter my PIN which is incredibly annoying.
Is there some sort of reg hack that I can fix this with?
No, the point of security enforcement is to protect the device from having sensitive data stolen and as a result these kinds of policies can not be overridden through any fashion except settings on the exchange server. You need to contact 1and1 and ask them to remove this policy, or switch to another exchange provider.
4SmartPhone doesn't pull this stuff.
Thanks for the response, but I don't think I made myself clear enough.
I don't want to bypass the security, I don't care about that.
I just don't want to have to enter my password every time I want to use my phone. Who does that?
Start>Settings>security>device lock
from there you should be able to adjust the phone's lock settings.
whether you want to get round it or not, it is most likely the policy set at 1 & 1's end and they need to adjust it at their end....
it might be that this function on the exchange works differently on the server cos it is windows mobile 6.
As WM6 is optimised for Exchange 2007, it could be a bug in the MS Activesync set up when using these policies on an exchange 2003 SP2 server.
I don't have a WM6 excalibur, but i can test it with an S710 and our Exchange 2007 server if you want....?
One more thought, delete the exchange partnership, and then go into the lock settings. Turn the lock on and set it to 24 hours.
Then go back in and turn it off. the time settings should stay at 24 hours even though it is turned off.
Then set up the exchange server. if you are lucky, it might just stay at 24 hours instead of the OS default of 0 minutes.
Be lucky....
try this:
Enable changing password lock time:
In the registry do the following:
\hklm\security\policies\policies\00001023 from 0 to 1.
i have the same problem with 1and1 using a cavalier with wm6. my real problem is that sometimes at startup the device gets stuck in t9 and will not recognize the numbers in my pin so i have to hard reset the device. 1an1 say they have nothing to do with the security password and will not help
Disable T9
Heh-heh, I never liked the T9 thingie on my T-Mobile Dash/HTC Excalibur. To turn the T9 on and off (toggle) press alt and then press space. This should toggle the T9 function of WM6 smartphones. At least, it did on my Dash.
Now, on with my crusade to unlock my Dash!!...
turning the t9 off is the same on the cavalier, but the problem is that sometimes this test rom decides to turn it back on at start up and other times it does not. it is really pissing me off.
thanks for the suggestion though. i just really need a way to dissable this security password.
joedm said:
try this:
Enable changing password lock time:
In the registry do the following:
\hklm\security\policies\policies\00001023 from 0 to 1.
Click to expand...
Click to collapse
The phone gives an error screen and says "unable to perform this operation".
on my wm5 ppc i removed the exchange account yet I can't turn off the pin security. Now thats annoying.
you can also try this: http://forum.xda-developers.com/showpost.php?p=1269318&postcount=7
I haven't tried it myself =)
joedm said:
you can also try this: http://forum.xda-developers.com/showpost.php?p=1269318&postcount=7
I haven't tried it myself =)
Click to expand...
Click to collapse
cool that worked thanks!
Before you can change the registry keys, you need to run the "Application and CID" unlock program provided on this site. I did it on my Cavalier and it worked like a charm.
Any ideas anyone?
Hey mtvkilledusall -
Did you ever get this figured out? It is annoying the ****e out of me!!!
I'm the Exchange admin, and I'm considering turning off this "feature" for my device.
Like you, I just want to be able to KEYLOCK the device (so it doesn't dial 911 in my pocket, etc.), but I'd still like to keep the security.
This used to work fine on my MDA. Very annoying.
mtvkilledusall said:
Hey there,
I use 1and1 for my exchange access and they require you to use some sort of security enforcement policy on your phone. On windows 5 I was able to put in a 4 digit pin and set it to only ask me for it after 24 hours of non-use. It also asked me for it on reboot. I keep my keypad locked because there's nothing I hate more than having my phone dial random people. To do this of course, I just held down the end key untill the screen locked. To unlock it, I just pressed the center button on the d-pad and the asterisk key. Everything was peachy.
Well in windows 6, they still require me to enter a PIN in and everything, BUT I cannot change the time in which it requires me to enter my pin to unlock. Additionally, every time I screen lock my phone I have to enter my PIN which is incredibly annoying.
Is there some sort of reg hack that I can fix this with?
Click to expand...
Click to collapse
Same issue here after upgrading from Samsung Blackjack 1 to a Blackjack II, WM6 and 1and1 Exchange server. On top of that, after configuring exchange, my phone also looses the menus quick access numbers. Very frustrating.... Anyone found a fix yet?
Thierry.

Email Settings Not Saving Correctly

I'm hoping someone can help me with this.
Using EnergyRom 28008 on a Touch Pro 2 I can't download email off of Comcast. I've had it working on a previous version of the ROM but I don't know why (if it was something I did, if it was the Rom, or some other variable).
Two things get my attention, but they may be nothing. First, is that after I've entered my email password, and save the settings, when I return to settings there are about twice as many stars in the password field as there are letters in my actual password. This occurs if I use manual setup or not. I'm thinking there's a chance it just fills the field with the same number of stars no matter what the real length of the password as a security measure. Or, it's saving my password incorrectly.
The other thing which gets my attention is that in the username field it saves it as "[email protected]" instead of just leaving it as "username". Saving and coming back, it's always adding on the "@comcast.net" part. I'm pretty sure this has to be a problem as Comcast wants the "@comcast.net" part left off.
Does anyone know of a solution? Is this just one of those wait and see things? They'll fix it eventually? Or is it a problem specifically with NRG's ROM? Is there a known solution, perhaps a registry setting I could change to work around the auto-botch effect? Any help would be very appreciated.

[Q] set the "lock phone after" setting to more than 15 minutes

Hi!
I have a corporate app installed on my desire, which requires a screen lock with password to be enabled, and i can't seem to find a workaround, so the password stays
The only thing i can think of is to increase the timeout, until the phone gets locked, and i need to insert the password.
And here comes the problem. In my previous ROM, the maximum timeout was 15 minutes, and in my current ROM, there is no such option, to set a timeout, the phone locks right wenn i turn off the screen.(and i can unlock it only with the password...)
So here's the question: how can i set this timeout to more than 15 minutes. Where is this setting stored ?
I already googled, and found nothing. I was digging with sqlite3 in /data/data/com.android.providers.settings/databases/settings.db, but i can't find this. Maybe it is more hardcoded ?
Please help me! This thing is killing me!!!
Well if your device is payed and given to you by your employer he has the right to put some restricting software on it (although I've never heard of such an android).
And what is this corporate app? Is it developed by your company, if it's strictly for use within the company, then no other one, besides the people in the company would know whether it has a function for more than 15 min timeout.
If you have permissions to install apps see if "No Lock" from the market works.
3722 said:
Well if your device is payed and given to you by your employer he has the right to put some restricting software on it (although I've never heard of such an android).
And what is this corporate app? Is it developed by your company, if it's strictly for use within the company, then no other one, besides the people in the company would know whether it has a function for more than 15 min timeout.
If you have permissions to install apps see if "No Lock" from the market works.
Click to expand...
Click to collapse
It is my own phone, the software is developed by my company. It installs a policy,that requires a phone lock password to be set. In the system... This lock can have a timeout, but maximum 15 minutes. I'd like to change this to 2hours or even a day. But there is no such option in the GUI, this is why I want to find where this setting is stored in the system.
I think you may have configured your Microsoft Exchange email on your phone. If you do that then the IT admins have the right to enforce a lock screen after 15 minutes. I have the same problem. Unfortunately there's nothing you can do about it, except look for a software that can over-ride the lock-screen.
There used to be a software called LockPicker. But I heard it does not work with Froyo anymore. So my suggestion is that either learn to live with it, or look for an overriding software
drumster said:
I think you may have configured your Microsoft Exchange email on your phone. If you do that then the IT admins have the right to enforce a lock screen after 15 minutes. I have the same problem. Unfortunately there's nothing you can do about it, except look for a software that can over-ride the lock-screen.
There used to be a software called LockPicker. But I heard it does not work with Froyo anymore. So my suggestion is that either learn to live with it, or look for an overriding software
Click to expand...
Click to collapse
Yes, I found this thread also,and that setting is stored in that database I mentioned in the first post. The problem is, in my case it is not exchange. It is a different story.
There must be a solution for this. I mean if there is a setting in the GUI, then it must be stored somewhere! And it must be possible to change it...
It sound like they use a crypto-software or ssl certificate, if you bypass it or try to bypass it.
Your phone can be locked or not fully functional, and your it admins will be angry
I think there is a little misunderstanding here. Let me rephrase my question!
Does anyone know how to set the "lock phone after" time in the security settings menu of the phone to a value higher than 15 minutes?
If you don't see that option, then you are using a sense-less rom. I found it only in roms using sense.
It is a system setting, not an application password. I will try to create screenshots today, so you can see what I mean

Dump Your Phone Memory

Follow these steps to dump all of your phone's memory. What use is this? It can be used to locate your MSL code if other methods fail. This method should work even if your phone is "bricked". This could potentially be used to retrieve lost information. At the very least it contains all your texts.
I am also currently exploring a possible security fail on the part of android/google. My phone dump contains my google account password in plain text....not just once. It has my password in plain text over 120 times. I am investigating how this could be. My google password is unique to that one account, and it is paired with my google login in the phone dump. I have not input the password in any other place outside of when I first setup my phone. I have not input that password in any app or browser. You may want to check if your login credentials are also being mishandled and possibly logged.
Phone Dump: (portions of this were taken from the PRL guide)
Connect your phone to your computer using a USB cable.
Open Device Manager.
Ports > LGE Android Platform USB Serial Port > Properties > Port Settings > Advanced > COM port number
Make a note of your COM port number.
Download and install QPST v2.7.
Open "QPST Configuration".
In the "Ports" tab, if your com port isn't listed, select "Add New Port" and write in your com port as "COM#" (# being the number you noted in step 4). Verify that your com port is listed.
Make sure your phone appears in the the "Active Phones" tab.
Run the "Memory Debug" program from QPST.
With your phone connected via USB and selected via the "Browse" button, press "Get Regions".
This will reboot your phone into "Download mode". You will most likely lose the connection to your phone because download mode uses different drivers and possible a different port. Go into device manager -> Ports (COM & LPT) and find your phone's new COM port.
Go into the QPST configuration and setup the new port.
Go back to the "Memory Debug" program, browse for your phone again, and select "Get Regions" again.
This time it will show you a bunch of options. Leave them all checked and select "SaveTo" and pick an empty folder to dump your phone memory to. This will take up a little over 500 megs.
It will take a good amount of time to finish (possibly 30 min to an hour).
When you are done, you will have the following files:
Code:
adsp_rama.bin, adsp_ramb.bin, adsp_ramc.bin, adsp_rami.bin, mdsp_rama.bin, mdsp_ramb.bin, mdsp_ramc.bin, mdsp_regs.bin, load.cmm, ebi_cs0.bin, and ebi_cs1.bin
If you want your MSL code, open ebi_cs0.bin with a hex editor. Look at the following HEX addresses:
Code:
0162ABCE
01BA6BDC
Both should contain your 6 digit MSL code in plain text.
If you want to find your ESN:
Code:
0104B5C2
What is more interesting is when you search in both ASCII and Unicode for your google account password in ebi_cs0.bin and ebi_cs1.bin. This is a raw dump of your phone memory. It will contain your contact list and other person information, but I see no reason for your account password to be logged in plain text. Another user has already reported finding his password using this technique. Please search for yourself and report back what you find. My guess is that this is not unique to the Optimus V.
Update:
I changed my account password. My phone then prompted for my new password. I entered it in. I then synced my contacts, rebooted, and then dumped the contents of my phone. My new password was in there in plain text twice. The old password was still there too. Something is logging my internet traffic or my keyboard inputs.
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
JerryScript said:
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
Click to expand...
Click to collapse
Thanks! With you that makes 3 of us to experience this. The address for the password(s) are different for me which is expected. Where as the MSL code would be located in a certain unchanged portion of the phone, this mysterious log would constantly be changing and could even be fragmented over the flash drive. I don't have (UID FLAGS) anywhere in either file.
What I also have is many Groove IP references with my Groove IP related google login and password. This looks like it is capturing it as internet traffic. I don't see why Google or Groove IP would log a password they both have encrypted access to.
mmarz said:
Something is logging my internet traffic or my keyboard inputs.
Click to expand...
Click to collapse
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
obijohn said:
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
Click to expand...
Click to collapse
There are a few reasons I don't buy this as being the cause.
Where would this unencrypted keyboard log be? I have data2ext going. My password was found on my internal phone partition. Whatever is doing this has permission to modify files outside of the data folder.
My password was present repeatedly. Even when I changed my password, it appeared twice even though I had only entered it once.
You have to manually select when you want to add words to the dictionary, otherwise all your misspelled tweets would be added. In password fields, this is not possible because only a single letter is inputted at any given time. No word is ever developed.
My other passwords are not in this log file. For example, my titanium backup password that I have to constantly use when I restore backups is not in here. Also my internet search phrases and other relevant items that I have typed in.
Update:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
mmarz said:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
Click to expand...
Click to collapse
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
csrow said:
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
Click to expand...
Click to collapse
Wouldn't this mean that you have to enter a verification code when entering your normal password, but if malware were to steal your application specific password that you created just for your phone, they could access your account using it and bypass the verification process?
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
csrow said:
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
Click to expand...
Click to collapse
No, they work on any device. There is no way for google to know what device is using it. You personally assign them for that phone, but if the password were to be stolen, then it can be used on any device. Also, if your account were to be compromised, you wouldn't know which password was stolen. With each application password you create, you are allowing another passcode that can be used to access your account. This seems very unsafe.
Update: I just tested this and I am right. I can use the same application specific password on all my apps and phones. So if this password were to be stolen, anyone could use it to login to my account. This is a major fail on the part of google....again.
Update2: Application specific passwords can be used to create login tokens. That means you can use a program like trillian to log into your gtalk using it, and then use the login token it produces to get access to your main google account through a web interface.
Well, that completely defeats the purpose of 2-part authentication. Oh well.
I hope you've reported this security hole... because obviously the intent is to be more secure than it actually is.
Which hole are you referring to? How google's two step verification is worthless because of one step passwords they force you handout to automated login apps? How Android's own password storage system keeps passwords in plain text and protects it by setting the file permissions to "please don't read this"? Or are you taking about how putting all these issues aside, I can still see my password in plain text in some sort of data capturing log that I found in a data dump of my phone's internal memory?
If you are talking about the last one, I'm still trying to find out exactly where the password is being stored in the dump and by what process. I've been searching through my phone's internal memory while it is on, but I can't seem to find it. I also want to rule out malware or something stupid that I might be doing before I start yelling about the sky falling. If more of you guys try this out, maybe we can rule out malware since all of us can't have the same bug. It really can't hurt your phone to dump it. It only takes 40 mins of your time.
(The more I learn about this stuff, the angrier I get.)
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
ummkiper said:
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
Click to expand...
Click to collapse
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
srmuc69 said:
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
Click to expand...
Click to collapse
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
ummkiper said:
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
Click to expand...
Click to collapse
Any luck? I did the same thing but as I have read in many other blogs the LG Optimus V times out in qpst, so did mine too.
I still have information in the file and I found the NV_ITEM_ARRARY in the file. What I do not know is how that array is built, e.g. is there a developer guide for CDMA phone where they detail the information. I was looking for the 1192 nv item and it should start wit the length like 0A for 10 digits of the AA Password. No luck so far without knowing what the bytes are and from just locking for 0A you get tons of hits.
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
srmuc69 said:
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
Click to expand...
Click to collapse
yeah the dump should have all nv items.the hard part is figuring which ones are which.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
well the mnha and mn aa are paswords needed to get your data working when you want to use a different phone ie the Samsung Epic on virgin mobile.you can clone all info from the optimus v to the epic but with out those password data will not work.i may not be inclined to do this anymore since the motorola triumph is coming out.meaning i wont need to find a better phone and clone this one.

Disable the lock code if needed (By-pass exchange policy)

TESTED ON MANGO, AND WORKED FINE
Gentlemen,
I have found the reg key in some posts to disable the lock code for the windows phone, if you have configured the exchange e-mail account in Phone.
I was unable to view the specific reg key in normal registry editor. So I have converted the reg key to an xap file by using provxml method. And you can apply the key even if you don't have the registry editor app installed on your device.
Steps:
1. Deploy the xap file to your developer unlocked device.
2. Launch the app.
3. Tap on the green button, it should gibe you a success message.
4. Uninstall the app.
5. It may require to restart the device, since this is a registry change.
5. U r done. Now u will be able to turn off your phone security code even if you have configured the exchange e-mail account in your phone.
I have tested on my chevron unlocked HTC HD7, and it is working fine.
Hope some one will be looking for this.
Note: it's recommended to keep your phone with lock code enabled, but sometimes we need to keep the phone unlocked for some reasons.
If you install this xap, it will enable another wonderful feature..
By default, the 10 invalid attempts will erase ur phone. But after you install this xap, the password will be locked out for 1 min after 5 invalid attempts. Then after each attempts, the lockout time will double. I have tried untill the phone lockedout for 64 minutes. Then I stopped trying with the invalid lock codes. It will help you to keep the data safe, if anyone play with the phone, especially kids.
Note: Please don't try after 5-6 attempts if the phone didn't get locked out, may be this not compatible on your device. You may lose your data. I applied this on my T-Mobile HD7, and it is working fine.
Hit thanks if you like my post..
Thanks
JAZEEL
So I just applied the registry change in your provxml, and it temporarily works,i.e. it enables the option in the lock and wallpaper screen to disable the password, but next time you sync email the policy is reenforced and you have to set a pin again.
Are you also changing the permissions to that reg key in your xap somehow? haven't got a machine with the dev tools handy to try the actual xap out.
benneh said:
So I just applied the registry change in your provxml, and it temporarily works,i.e. it enables the option in the lock and wallpaper screen to disable the password, but next time you sync email the policy is reenforced and you have to set a pin again.
Are you also changing the permissions to that reg key in your xap somehow? haven't got a machine with the dev tools handy to try the actual xap out.
Click to expand...
Click to collapse
I have tested myself, and it's a permanent solution. It's stays for ever. But I don't know what will happen if you reconfigure the exchange account..
Is there any way to keep a timeout for the lock? I find it very irritating to enter the unlock code every time the device wakes up
@OP, what is the reg key for the change? You must know that to make an XAP?
timmymarsh said:
@OP, what is the reg key for the change? You must know that to make an XAP?
Click to expand...
Click to collapse
This is the key which deploys through the xap..
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001023"=dword:1
Doesn't Work ...
Hi I tried this unlocker but it is not working for me every time I connect to the computer (Zune and Windows Phone Device Manager) it relocks and have to chevron unlock again.
Any suggestions?
Hello OP,
I have a Sprint HTC Arrive, I got the following message just trying to launch the xap file:
(WARNING)
(The carrier doesn't exist in database. Please contact your carrier for connection setting and go to Setting>cellular>edit
APN for further configuration.)
Theres no APN in my settings that I see, any help would be great, thanks
Striving said:
Hi I tried this unlocker but it is not working for me every time I connect to the computer (Zune and Windows Phone Device Manager) it relocks and have to chevron unlock again.
Any suggestions?
Click to expand...
Click to collapse
This is to disable the lock code on the phone if you have enabled the exchange account which will force to put the lock code.
To permanent developer unlock, please search in xda, someone already posted it before and I have applied that on my HD7.
purian23 said:
Hello OP,
I have a Sprint HTC Arrive, I got the following message just trying to launch the xap file:
(WARNING)
(The carrier doesn't exist in database. Please contact your carrier for connection setting and go to Setting>cellular>edit
APN for further configuration.)
Theres no APN in my settings that I see, any help would be great, thanks
Click to expand...
Click to collapse
I have checked on my HTC HD7 T-Mobile unlocked.. It's working fine..
Search for the reg key for your specific device, and if you find I will help you to deploy it on your device..
jazeelkk said:
This is to disable the lock code on the phone if you have enabled the exchange account which will force to put the lock code.
To permanent developer unlock, please search in xda, someone already posted it before and I have applied that on my HD7.
Click to expand...
Click to collapse
Thanks for the response funny a little while after I realized that is was for something other than the dev unlock. And happily I have gotten have way there I am unlock but have to make sure I remember to put phone in flight mode before connecting it.
rhn said:
is there any way to keep a timeout for the lock? I find it very irritating to enter the unlock code every time the device wakes up
Click to expand...
Click to collapse
i 2nd that!
jazeelkk said:
I have checked on my HTC HD7 T-Mobile unlocked.. It's working fine..
Search for the reg key for your specific device, and if you find I will help you to deploy it on your device..
Click to expand...
Click to collapse
Thanks for your response, the only reg i've ever found to disable the lock on my device is the one you posted and built into your xap file. For some reason the reg doesn't exist in my phone and I can't create it either.
Most likely why you put this together for us. But on my end here, I now have to app to my phone, once I go to launch it I get the message from my previous post, it just wont deploy/launch. Any ideas up i'm for trying.!!
Thank you,
The reg key is protected, so you can't browse to it, but you can still use a tool like advanced explorer to set it by manually specifying the full path and value to change.
I was able to set the value manually like this, but like I mentioned the value is set back automatically next time your phone sync's with exchange. The policy must get checked on every sync with exchange, and gets set back if your exchange server requires a PIN policy.
From what I can ascertain this XAP simply sets that value, so you would have to run this xap after every sync which isn't a great solution.
barrychon said:
i 2nd that!
Click to expand...
Click to collapse
I have tried it as mentioed in some old posts. But it is not working. Only thing I could do is to activate the ON/OFF button with this reg key, so that I can disable the code at any time.
I presume you guys know this already, but just for the heck of it.
You're bypassing a policy. A policy that's most likely you companies' policy. If you do lose your phone and people are able to access files or e-mails that are highly important and/or confidential, you could take the blame for leaking this information.
This could mean the company would sue you for all kinds of things, and it would be very much possible they would fire you. There is a reason the policy is enforced.
I can see why you want to disable the policy, but, as said, there is a reason your company wants that policy on a device that connects to their Exchange server and it's not to annoy you.
EvilWhiteDragon said:
I presume you guys know this already, but just for the heck of it.
You're bypassing a policy. A policy that's most likely you companies' policy. If you do lose your phone and people are able to access files or e-mails that are highly important and/or confidential, you could take the blame for leaking this information.
This could mean the company would sue you for all kinds of things, and it would be very much possible they would fire you. There is a reason the policy is enforced.
I can see why you want to disable the policy, but, as said, there is a reason your company wants that policy on a device that connects to their Exchange server and it's not to annoy you.
Click to expand...
Click to collapse
You are right. I recommend to keep the phone locked always.
It meant for some situation, where we need the phone need to be stayed unlocked. Atleast we should have the option for it.
EvilWhiteDragon said:
I presume you guys know this already, but just for the heck of it.
You're bypassing a policy. A policy that's most likely you companies' policy. If you do lose your phone and people are able to access files or e-mails that are highly important and/or confidential, you could take the blame for leaking this information.
This could mean the company would sue you for all kinds of things, and it would be very much possible they would fire you. There is a reason the policy is enforced.
I can see why you want to disable the policy, but, as said, there is a reason your company wants that policy on a device that connects to their Exchange server and it's not to annoy you.
Click to expand...
Click to collapse
Thanks mum. But seriously...
I think this is a perfect example of a security policy being set which isn't realistic, so users find workarounds. Like when you mandate everyone has a 50 character password which has to be changed once a week, everyone simply ends up writing them down on post it notes.
The PIN code every time you want to use your phone is bloody annoying. It could improved to make it more useable, e.g.:
Only require a PIN if it's been more than 30 minutes since you last entered it.
Only require a PIN when accessing data in exchange like calendar/email.
Specify certain actions which don't require a PIN unlock, e.g. playing music or games.
Anyhow this is mostly irrelevant as this hack is only temporary and the setting reverts so that's a killjoy.
benneh said:
Thanks mum. But seriously...
I think this is a perfect example of a security policy being set which isn't realistic, so users find workarounds. Like when you mandate everyone has a 50 character password which has to be changed once a week, everyone simply ends up writing them down on post it notes.
The PIN code every time you want to use your phone is bloody annoying. It could improved to make it more useable, e.g.:
Only require a PIN if it's been more than 30 minutes since you last entered it.
Only require a PIN when accessing data in exchange like calendar/email.
Specify certain actions which don't require a PIN unlock, e.g. playing music or games.
Anyhow this is mostly irrelevant as this hack is only temporary and the setting reverts so that's a killjoy.
Click to expand...
Click to collapse
Lol, you have a point, but or colleague above is quite correct, the policy is enforced for a reason. At my company, such an offense can mean instant dismissal
(if you use exchange for just calendar and contacts, as i do, a pin is not required to unlock, the policy is only enforced for email strangely enough....)
I agree the Pin should be how it was in WM 6.5 where you could have it only ask after 2 hours or evey 24 in some cases. That way if was a good balance. This business of requiring the PIN every time you look at your phone is crap. I have removed it from my droid device and I am fornunate that my company will not hassle me over it. Still though its a bunch a crap to enter it every 5 minutes.

Categories

Resources