Related
lbjohnny said:
I is watching to following this on you maybe not yes
zune://pocketnow.com/windows-phone/wp7-live-services-security-reportedly-cracked-full-hd2-port-imminent
WP7 Live Services Security Cracked, Full HD2 Port Imminent?
File under: News
By: Evan Blass | 11:59 AM 6-Jan-11 | 8 Comments
Highly-regarded Windows Mobile developer and XDA senior moderator Da_G has reportedly been able to bypass the Genuine Advantage security protection on Windows Phone 7, enabling him to get live services like Xbox, Marketplace, and Zune working on an HTC HD2. The news was casually passed along by senior member AndrewSh, a user with over 1,000 posts. With the Dark Forces Team -- the group behind MAGLDR and HD2 NAND Android booting -- having successfully gotten WP7 running on HD2, the only real challenge up to this point has been enabling full functionality with regards to the services that "phone home" to Microsoft.
Notably, it was Da_G himself who lamented on the heavy cloud-based security back in November, stating that:
"Nearly all the major functions on the device operate by shuttling data to and from the “cloud”, presenting different methods to the user for getting their data on to the device. However as these services interact quite a bit with Microsoft’s own servers, they have considerably beefed up the security in this area. Each device contains a “Device Provisioning Partition” or DPP that contains a unique certificate assigned to the device at the factory. Each certificate is verified locally by the device in several places, and also uploaded and verified by the “Cloud” for each transaction. Loading Windows Phone 7 on to a device that did not originally come with the platform would result in having an invalid certificate, and these services will not function properly."
Well apparently Da_G has found a way to fool or otherwise bypass this Device Provisioning Partition, so that when a WP7 build is eventually released for HD2, it should be almost fully functional (although it will still require the use of a RAM loader, as opposed to a direct flash a la Windows Mobile). Since Da_G has been maintaining radio silence on XDA since Christmas, this development has yet to be verified, so we'll update when this becomes official.
Source: XDA
Thanks: HD2owner
Click to expand...
Click to collapse
I have source code for this as a (disgruntled) M$ employee: posting via WIKILEAKS.
proof!
.
.
.
Ok, this may sound a little stupid but please bear with me....
I'm a student, so I have a ".edu" email address which allowed me to sign up for a free dev account.
Although I'm on a Mac I'm downloading parallels desktop so I can get zune software.
From what I understood from reading these forums...I can use the dev tools and unlock my device with Zune?
Is this essentially the same as using Chevron unlocker?
I can't use Chevron Unlocker because I have a HTC Arrive that has the NoDo update already applied...but if I use the above methods, it would be the same...no?
Yes, as far as I am aware.
I am also a student in the uk with an .ac.uk email
I have signed up and my account is started being activated today, will let you know! I am on NoDo too
I also have a .edu account, so this means I can sign up as a developer and get the official unlock code? Would I actually have to do any developing for them to keep my account open?
I don't have NoDo yet but will want to unlock it once it's available (AT&T branded Focus).
This would be interesting because it say's I can have up to 3 registered devices under my Dev Account.
I personally just created it so I could unlock my NoDo Arrive, but I might actually try at creating some apps...I wonder if it's really that hard
its a little more complicated than what it first seems, but nothing too hard.
Sign up through dreamspark, that gets you your account.
To dev unlock the phone you use the windows phone tools that you get through dreamspark, but it wont let you unlock it untill you have activated your developer account through geotrust
To do this on a student account you have to submit and application to microsoft first. I just created a basic dice roller, there are guides on the internet for how to make this app, it only took me two hours to do using the guide, and 1 day after submitting the app to microsoft I got an email from geotrust asking me to validate my account.
To validate you need to fill in the form with a photocopy of your driver licence or passport and email/fax it to them, they then tell microsoft all is good, and your account is activated
But yeh, if your a student, then its definetly worth doing, because you will effectively be "jailbroken" but in a completely legit microsoft are happy way.
The major problem with an actual developer unlock, is there is a limit on the number of applications you can side-load at the same time - 3 for student accounts, 10 for individual/corporate accounts, if I remember correctly. Makes it difficult to use them for homebrew - I know I had more than 10 homebrew applications together.
loomx said:
its a little more complicated than what it first seems, but nothing too hard.
Sign up through dreamspark, that gets you your account.
To dev unlock the phone you use the windows phone tools that you get through dreamspark, but it wont let you unlock it untill you have activated your developer account through geotrust
To do this on a student account you have to submit and application to microsoft first. I just created a basic dice roller, there are guides on the internet for how to make this app, it only took me two hours to do using the guide, and 1 day after submitting the app to microsoft I got an email from geotrust asking me to validate my account.
To validate you need to fill in the form with a photocopy of your driver licence or passport and email/fax it to them, they then tell microsoft all is good, and your account is activated
But yeh, if your a student, then its definetly worth doing, because you will effectively be "jailbroken" but in a completely legit microsoft are happy way.
Click to expand...
Click to collapse
So if we have a student developer account we have to create an app first? Exactly what guide did you use?
I have "ZERO" coding experience, even though I do dabble in web development...is it hard to do? I'm not asking someone to hold my hand, just point me in the general direction.
Isn't there a "hack" available on these forums that allows you to "sideload" more than the limits?
I mean essentially a person could use the free Dev Account to unlock their device, then use the registry hack (available on these forums) to allow more than the limit for sideloading....
...or am I missing something?
Yup there is a hack somewhere, I might give it ago, but TBH, im happy to install the reg editor do the edits and unistall it, then do the same for ringtones and unistall it and so on, and just keep 3 that I really need.
After a bit of googling, it seems it might be even simpler...
You still need to have the Dev tools download from dreamspark, but someone posted that all you need to do is this...
Create a new project.
Build the project.
Look in the bin directory that was created.
Find the .xap.
Then submit that
loomx said:
Yup there is a hack somewhere, I might give it ago, but TBH, im happy to install the reg editor do the edits and unistall it, then do the same for ringtones and unistall it and so on, and just keep 3 that I really need.
After a bit of googling, it seems it might be even simpler...
You still need to have the Dev tools download from dreamspark, but someone posted that all you need to do is this...
Create a new project.
Build the project.
Look in the bin directory that was created.
Find the .xap.
Then submit that
Click to expand...
Click to collapse
So even though it's a "shell" app (empty app) and it would get rejected by AppHub...all that really matters is that you submit something for GeoTrust to send you the verification email???
I'm interested in this aswell. I've just updated to nodo.
I'm currently studying computer science at uni and tempted to do a WP7 app for my final year or in my spare time.
Developer Unlock is the same thing as what Chevron does.
For students that are interested, Microsoft provides the Dreamspark program where they give students access to free software, development tools and WP7 developer registration
ducylowycz said:
So even though it's a "shell" app (empty app) and it would get rejected by AppHub...all that really matters is that you submit something for GeoTrust to send you the verification email???
Click to expand...
Click to collapse
Exactly. That's all you need. Once you submit it you'll just get an email from "GeoTrust" (Hotmail marked it as spam), and then you'll be on your way.
If you like in a country were Marketplace isn't available yet it complicates things a bit.
Even if you get a student account tied to your swedish live-account(like I did) you can't access the Marketplace. But you can still submit apps and get them published with that account!
The only solution here is to get a UK/USA live-account and then jailbreak your phone.
So when NoDo gets released I have to choose between running my own apps or run apps from the Marketplace.
The live account on your phone, doesnt have to match the live account of your developer account as far as I am aware.
My phone is now Dev unlocked and on No-Do.
If you install advance config,it can make it so you can sideload as many apps as you want
Do you think there should be a tut for doing this?
I was thinking of creating one because, as of now, this is the only option to "unlock" our devices.
Ok...I have everything installed but when I "build" the app and submit it to Apphub, it just gives me an exception out of range error...
Any insight?
ducylowycz said:
Do you think there should be a tut for doing this?
I was thinking of creating one because, as of now, this is the only option to "unlock" our devices.
Click to expand...
Click to collapse
It's pretty simple - register your student email with dreamspark
submit an app (doesn't even have to work) to get geotrust to start the identity process
when you verify your identity wait 2 business day
You now have the option to have 3 devices that can be unlocked
For the respective device, go and edit the registry to increase the app loading limit to unlimited (student has I think 3) and you're done
Legit chevron. unlocked device for sideloading. I'll be getting my brother to do it for his phone as well as his school too! Although I can see an impending rape of this...
It's also pretty profitable...
my country is not in the list box, singapore is the closest one, im from indonesia, any suggestion?
domineus said:
It's pretty simple - register your student email with dreamspark
submit an app (doesn't even have to work) to get geotrust to start the identity process
when you verify your identity wait 2 business day
You now have the option to have 3 devices that can be unlocked
For the respective device, go and edit the registry to increase the app loading limit to unlimited (student has I think 3) and you're done
Legit chevron. unlocked device for sideloading. I'll be getting my brother to do it for his phone as well as his school too! Although I can see an impending rape of this...
It's also pretty profitable...
Click to expand...
Click to collapse
I just spent 2 hours to figure out the tools and built a quote of the day app. Just submitted it. Will wait for Geotrust to contact me.
Well although many might abuse it, it will expose students to the platform. MS has really good tools. I am not a computer major, but I managed to build an app in 2 hours. I am quite exited about my app..and I will definitely read more about the tools and try few more things.
PS: now I need to buy a windows phone device :-D
Do you have a locked phone with Nodo?
So, at this moment your chances are:
Restore the phone to previous version (from Zune)
If your device is LG, you can use the integrated registry editor to unlock it
Buy a developer account subscription
What if your country is not supported by the Marketplace to buy a developer account subscription?
Well, you can ask someone to unlock your phone via remote desktop with their account, then apply any relock prevention
You can use Yallapps unlocking service
I was thinking on update chevron for nodo. There is no marketplace in my country to test and check what is the token used by the developer unlocker application from the phone tools.
Recently I discovered yallaapps (where everyone can register and unlock their phones). It is very unfair compared to the standard marketplace rules (you can upload only free apps, and like 3-4 every 80 dollars).
Anyone here have a yallaapps account to share? (via remote-ethernet usb for example) and unlock my phone to check what is the token, and test if microsoft did something to avoid chevron.cer, etc... I can work some nights trying to get an updated unlocker for us.
Comments?
I've thought about this too. But I have an unlocked Omnia 7 now, with NoDo. And I'm kinda afraid to test for locking/unlocking, because it might lock my phone, while not being able to unlock again. Only a restore of backup or reflash firmware would possibly fix that, but I too busy to risk that now. If it wasn't for that I would've tried a couple of things.
With registry access we can set the value of HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\PortalUrlProd to anything we like. Set it to something like this: http://www.wp7unlock.com. That site does not exist, but that doesn't matter. Note that I mention "http" and not "https" to make it easier. Then add this url to the hosts-file on your computer. Open a http-server on port 80 which logs all http-requests. Now run ChevronWP7 unlocker and try to lock / unlock. Note: Don't try this if your device is upgraded to NoDo and unlocked, and you wish to keep it like that. You can grab the exact request. That is the first step. But this may already lock your device, if you got it unlocked. You need an unlocked device in the first place to edit the registry. If you got the exact http-request that is sent by the NoDo-device, you can manually try to send it to the original url: https://developerservices.windowsphone.com/Services/WindowsPhoneRegistration.svc/01/2010. Now grab the response. That will be the second step. Having the request and response may already provide very useful information and help us further.
I think the chance of getting your device re-locked is small. But only someone who is doesn't matter restoring a backup or older firmware in order to re-unlock should try this. If someone feels like testing this, we may get a start on unlocking NoDo.
Ciao,
Heathcliff74
I'm just guessing here, I haven't actually done any research into it, but I believe the patch was relating to the certificate - aimed at the fact that ChevronWP7 relied on WP7 accepting an untrusted certificate being used by the unlocking server if that certificate had been installed to the phone's store. Simply doing some basic checking on the certificate to ensure it's from a trusted authority for example, is probably the route Microsoft took, or something along those lines.
I'm kinda busy with other things right now, but I'll have to get a copy of a NoDo ROM at some point and take a peak at the relevant files.
Another possibility is to hide a registry editor in some app and submit it to the marketplace. But soon or later they will notice the trick.
Pretty convenient the LG devices with their integrated registry editor...
The odds of being able to sneak any app with the InteropServices capability into the marketplace is pretty low, I think. Without that capability, you can't access COM, which means no native code, which means no registry editing.
GoodDayToDie said:
The odds of being able to sneak any app with the InteropServices capability into the marketplace is pretty low, I think. Without that capability, you can't access COM, which means no native code, which means no registry editing.
Click to expand...
Click to collapse
I am just guessing here, but can't you download a dll file to the isolatedStorage, then on the next app start use that file (for example the samsung dll to edit registry keys used by samsung "root" tools)?
hounsell said:
I'm just guessing here, I haven't actually done any research into it, but I believe the patch was relating to the certificate - aimed at the fact that ChevronWP7 relied on WP7 accepting an untrusted certificate being used by the unlocking server if that certificate had been installed to the phone's store. Simply doing some basic checking on the certificate to ensure it's from a trusted authority for example, is probably the route Microsoft took, or something along those lines.
I'm kinda busy with other things right now, but I'll have to get a copy of a NoDo ROM at some point and take a peak at the relevant files.
Click to expand...
Click to collapse
Ok.. Think with me please.. I am by no means a HTTP or SSL expert, but I know a little bit about it. So please correct me if I'm wrong.
HTTPS is HTTP over SSL. SSL does a handshake for encryption keys. Any HttpListener will support this. And SSL with mutual authentication will also do a certificate check. Tom, if what you said is true, then we should install a genuine certificate for developerservices.windowsphone.com. I'm sure some devs have one laying around for us to use. The phone will accept it, because a certified authority has issued it. That would solve things at the end of the WP7 device.
Now the important part. As far as I know, but I may very well be wrong about this, the certificate is only verified on the end of the server. In this case that would be our own HttpListener on the local PC with the hosts-file containing a mapping for developerservices.windowsphone.com to 127.0.0.1. I think the WP7 device does not validate the server, isn't it? So when we let our server accept the certificate, we're done. We can let it accept the certificate with this line of code:
Code:
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
Would that do the trick???
Ciao,
Heathcliff74
eried said:
I am just guessing here, but can't you download a dll file to the isolatedStorage, then on the next app start use that file (for example the samsung dll to edit registry keys used by samsung "root" tools)?
Click to expand...
Click to collapse
I'm guessing now. But I think the capabilities are stored somewhere. And if you didn't have the Interop-capability when you installed the app, you will still not be able to load a COM-dll later on. Also, I don't think you will be able to call LoadLibrary on a file in the IsolatedStorage.
And in my WP7 Root Tools, there are NO Samsung dll's. Only my own code. Both native and managed dll's are written 100% by me. No copyrighted dll's from another party in my code. I explicitly avoided that, because my app will never be banned for that reason. I think Julien Schapman's Windows Phone Device Manager does ship the HTC dll's (not 100% sure about that though). I think he might have a problem with that if he ever want to sell his product.
Ciao,
Heathcliff74
Heathcliff74 said:
Now the important part. As far as I know, but I may very well be wrong about this, the certificate is only verified on the end of the server. In this case that would be our own HttpListener on the local PC with the hosts-file containing a mapping for developerservices.windowsphone.com to 127.0.0.1. I think the WP7 device does not validate the server, isn't it? So when we let our server accept the certificate, we're done. We can let it accept the certificate with this line of code:
Code:
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
Would that do the trick???
Ciao,
Heathcliff74
Click to expand...
Click to collapse
Just a guess here, but I would say that it's the phone who verify the certificate, not the server. That's why you had to install the chevron cert on the phone.
Im not up to date on how these certificates work and where or how they are approved and if there is a difference between certain certs but i was wondering about the cert that we used by xboxmod when he released those omnia apps for all devices or was that just another way to get xaps to work instead of resigning them? Could it be used if not?
I did a bit of reading up on SSL and certificates. I'm still not sure about alot of things, but this is what I get from it:
SSL sets up a secure transport layer by exchanging encryption-keys. And it also supports client-authentication and server-authentication. Authentication can take place by letting one party send its certificate and let the other verify it. For a client this usually means that the issuing party sent a generated certificate against which it can be authenticated. A server is authenticated by its certificate. The certificate needs to be verified. The verification is done by checking the certification-path. The issuers must be trusted by the verifying device. I'm not sure, but I don't think it is normally necessary to install a certificate when you genuine unlock your device. If it is necessary, then that means that the unlock server from Microsoft does client-authentication too. But that is not important when we want to spoof that server with a http-server on our localhost (like ChevronWP7), because we can just skip the client-authentication. We simply don't care about that.
(nico) said:
Just a guess here, but I would say that it's the phone who verify the certificate, not the server. That's why you had to install the chevron cert on the phone.
Click to expand...
Click to collapse
I think the unlocking software on the WP7 device probably does something like this (pseudo-code):
Code:
if (!SecureConnection.Server.IsTrusted())
{
LockDevice();
return;
}
If the server is not trusted, the unlock will fail. So Chevron has its own built-in http-server. With its own certificate. Except that certificate is normally not trusted by the WP7 device, because that certificate is not signed/issued by one of the Certified Authorities that is known by the device. So in order to let the IsTrusted() succeed, a certificate must be installed on the device first. That certificate adds the signing authority (self-signed by Chevron) to the trusted authorities.
Now in NoDo, if Tom is right, Microsoft changed it into something like this:
Code:
if (!SecureConnection.Server.IsTrustedByCertifiedAutority())
{
LockDevice();
return;
}
That means, that it does not only verify if it is trusted, but the top of the certification-path must be a Certified Authority. In this case a self-signed certificate is not accepted anymore.
I have access to the certificate-stores on my Samsung Omnia 7. But for that the device needs to be unlocked. So, that is not useful for unlocking devices. And that exploit only works on Samsung devices.
Now that I understand this better, I see that my previous proposal won't work. But it gives me something to think about. Got to get a way around that.
lucasryan said:
Im not up to date on how these certificates work and where or how they are approved and if there is a difference between certain certs but i was wondering about the cert that we used by xboxmod when he released those omnia apps for all devices. Was that a cert that just allowed us to use those apps to work on other devices just like we do now by resigning a xap to work from another brand, or is it a cert that might could be used?
Click to expand...
Click to collapse
That was some developer-certificate from the WinMo 6.5 SDK or something. It didn't really do anything other than invalidating the signature, which in combination with removal of the DRM file in the XAP would remove the DRM-protection. It works even better to simply remove the certificate from the file. The certificate was simply to replace the valid certificate with an invalid one. The certificate from xboxmod is not of any use here.
Ciao,
Heathcliff74
ok I understand now how they work and what it needs to be. Alot more to it than i was thinking, so there is a chance to find a cert somewhere. somehow.
Very good information, I am not too much into SSL security also. I have an Idea for a new unlocker (not based in chevron's method):
Someone in a Marketplace-enabled country buys a subscription
An application uses that subscription + the code inside the Developer unlock application to unlock a phone
Then the same application deploys (and executes) a xap (like samsung tools) to prevent the device relocking
The same application then deletes the device from the developer account
So, with a minor cost, we can have unlocked phones. I don't know if the dev account can get blocked if the user unlocks and "relocks" a lot of devices, but if one account is good for 10 phones, its fine ($10 usd each unlock)
lucasryan said:
ok I understand now how they work and what it needs to be. Alot more to it than i was thinking, so there is a chance to find a cert somewhere. somehow.
Click to expand...
Click to collapse
No. These are the best kept secrets in the industry. When those key leak a lot of DRM is compromised. And in most systems certificates, once compromised, can be revoked (through updates that are pushed or pulled). The ChevronWP7 guys did a brilliant job in finding the loophole in the server-authentication. I think Microsoft has closed that one now. But maybe there's another loophole in the unlocking system.
There might also be other attack-vectors. If we can get XML-provisioning working from outside the device we can set the registry-values to unlock the device. Maybe OTA Provisioning can be done with WP7 devices.
Another possibility for XML provisioning can be found in this dll:
Code:
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.DeviceConnectivity.Interop.10.0\v4 .0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DeviceConnectivity.Interop.10.0.dll
You can open it in Reflector. There's a class called DevicePackageClass. It has a method called ProvisionDeviceXML(). So I tried using it, but when I instantiate the DevicePackageClass it gives me an error:
Retrieving the COM class factory for component with CLSID {E987B9DE-8471-11DB-96A9-00E08161165F} failed due to the following error: 80040154 Class not registered (REGDB_E_CLASSNOTREG)
The class is actually a wrapper for a COM class. So I looked it up in the registry. It seemed to be found in this dll:
Code:
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\dip.dll (VSD Device Integration Package)
But is actually part of Visual Studio 2008, not Visual Studio 2010. The dip.dll is not installed with Visual Studio 2010. So I figured I might have a better chance with this dll:
Code:
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DeviceConnectivity.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DeviceConnectivity.Interop.9.0.dll
But it gives me the same error. I also tried to register dip.dll with regsvr32. The registration worked, but the error was still the same. I even tried to access dip.dll directly, but I still couldn't create the COM class DevicePackageClass ("Can't create object").
So if we can somehow instantiate that class we might get XML provisioning working and unlock the device directly in the registry. Needs more research.
Ciao,
Heathcliff74
eried said:
Very good information, I am not too much into SSL security also. I have an Idea for a new unlocker (not based in chevron's method):
Someone in a Marketplace-enabled country buys a subscription
An application uses that subscription + the code inside the Developer unlock application to unlock a phone
Then the same application deploys (and executes) a xap (like samsung tools) to prevent the device relocking
The same application then deletes the device from the developer account
So, with a minor cost, we can have unlocked phones. I don't know if the dev account can get blocked if the user unlocks and "relocks" a lot of devices, but if one account is good for 10 phones, its fine ($10 usd each unlock)
Click to expand...
Click to collapse
Microsoft scans the apps that are submitted for the marketplace. I doubt very much this will ever pass through. And if it will Microsoft will block it as soon as they find out. And it also needs the InteropService capability, which will never be allowed in the Marketplace.
Heathcliff74 said:
Microsoft scans the apps that are submitted for the marketplace. I doubt very much this will ever pass through. And if it will Microsoft will block it as soon as they find out. And it also needs the InteropService capability, which will never be allowed in the Marketplace.
Click to expand...
Click to collapse
My idea was not an app for the marketplace but a desktop app like Chevron
eried said:
My idea was not an app for the marketplace but a desktop app like Chevron
Click to expand...
Click to collapse
Ohw. Sorry. Misunderstood. I get what you meant. But you're gonna need new dev-accounts all the time. Everytime Microsoft will block one dev-account after a certain amount of unlocks, you'll have to get a new one. Who is willing to get all these accounts? This will probably run out very fast.
Heathcliff74 said:
Ohw. Sorry. Misunderstood. I get what you meant. But you're gonna need new dev-accounts all the time. Everytime Microsoft will block one dev-account after a certain amount of unlocks, you'll have to get a new one. Who is willing to get all these accounts? This will probably run out very fast.
Click to expand...
Click to collapse
Of course, but I personally don't have a problem about paying $10-$40 usd to unlock my device. Even $100-$200 seems fair to me for the complete developer account, but I can't pay here in Chile
eried said:
Of course, but I personally don't have a problem about paying $10-$40 usd to unlock my device. Even $100-$200 seems fair to me for the complete developer account, but I can't pay here in Chile
Click to expand...
Click to collapse
Personally I don't like the idea, that I just bought a device of €550 and I have to pay another €100 to actually be able to have control over the device. I also needed to put in countless hours of work to get access to my system and to be able to set the colordepth for instance.
To be real honest, I really don't like the locked-down nature of the device. I liked Microsoft for their open systems (not open source, but highly customizable etc). And I also highly appreciate their developer tools and SDKs. And I love Silverlight. But if I would have known that the phone was so much locked down, I may have considered a Samsung Galaxy S instead of Samsung Omnia 7. Both great phones with super AMOLED etc. WP7 looks much better than Android, but Android is an open OS, which I would prefer. I think Microsoft should have made 2 flavors of WP7; one locked down version for the privacy-freaks and an open version for the tweakers. Anyway, I have the Omnia 7 now with WP7. And I will get it open, even if I have to break it open myself.
Heathcliff74 said:
Personally I don't like the idea, that I just bought a device of €550 and I have to pay another €100 to actually be able to have control over the device. I also needed to put in countless hours of work to get access to my system and to be able to set the colordepth for instance.
To be real honest, I really don't like the locked-down nature of the device. I liked Microsoft for their open systems (not open source, but highly customizable etc). And I also highly appreciate their developer tools and SDKs. And I love Silverlight. But if I would have known that the phone was so much locked down, I may have considered a Samsung Galaxy S instead of Samsung Omnia 7. Both great phones with super AMOLED etc. WP7 looks much better than Android, but Android is an open OS, which I would prefer. I think Microsoft should have made 2 flavors of WP7; one locked down version for the privacy-freaks and an open version for the tweakers. Anyway, I have the Omnia 7 now with WP7. And I will get it open, even if I have to break it open myself.
Click to expand...
Click to collapse
Nobody likes a locked device.
But I do understand the Microsoft posture about this.
Hello all,
I'm trying to develop a Hybrid Application for WP7 (using a COM Bridge), but I'm facing some problems.
MS just approve a few RIL API for hybrid applications and my app needs communication with Sim card. So, if I use those API which aren't approved by MS, my app will not pass by MS Verification...
Does anybody had some problem like mine? Is there any way to access simcard without use the RIL API?
Thanks in advance!
No, Microsoft allows native development only to OEMs
Actually, if you just use the APIs approved by Microsoft and preload your app on a Phone, MS will approve it.
My problem is: Simcard API (at least the one that I need) is not allowed by Microsoft...
@bebe_evil:
Do you have any record of any non-OEM and non-carrier third-party app using COM or any other native functionality? It's not supposed to be permitted to third parties. The only apps I know that do this are all made by Microsoft or one of its big partners, or are homebrew.
As I briefly posted on my blog Monday, Mango will no longer support the deployment of XAPs containing the ID_CAP_INTEROPSERVICES flag. This means you won't be able to deploy your web servers, root tools, and other assorted unsupported hackery.
With our sanctioned, dirt cheap unlock service around the corner, trying to jailbreak NoDo (without upgrade hacks) is a waste of time. I believe the ROI on time spent on hacking this interop limitation is much greater.
This limitation is implemented in PacmanInstaller.exe (on the phone); it scans the manifest for the flag and bails with HRESULT 0x81030120.
As Mango FFUs haven't been released yet, I haven't tested upgrade path 'hacks'; worse, this behavior doesn't appear to be reproducible in the emulator limiting current testing to those w/ Mango phones. (That should change in the next few weeks, hopefully.)
I'm interested to see what ideas you guys have!
How does Microsoft even explain this? What's the point in allowing your unlock officially and then blocking the very functionality we unlock devices for?
Maybe this is a temporary problem?
As far as Microsoft is concerned the new Unlock variant is for people who want to develop for their devices but without intention to publish the results to the Marketplace, e.g. people who want to play around with things.
If you're a Nokia Dev today you get the unlock for free - allowing people to access undocumented APIs is not what Microsoft wants to happen but more to make people experiment with the platform and then perhaps publish their work to Marketplace later on - but that would not be able to happen if those experiments used COM-Interop which is not allowed on the Marketplace.
Well, this way, from an end user perspective, unlocking is useful only for piracy. Getting sideloading without extended capabilities is a weird proposition.
Re hacking Mango, I guess people need to get it on their phones somehow to begin with.
In the other thread I requested that everyone who upgrades makes a wireshark log and post it here, so we can tear it apart. I also left some instductions there.
Plz also let know if apps with native code survive the upgrade and if the chevron unlock with prevent relock survives the update.
Ciao,
Heathcliff74
mfw i already found out a possible solution how to bypass this.
>NoDo needed before Mango.
No trolling. Also, cant say it here on xda, then the Microsofties will pick it up and block...
>Trusted people i can tell, sry.
Thanks for sharing this secret, but up to this moment, Ansar way (flashing stock ROM, then using advanced configuration utility to avoid relocking) is the only effective way.
One could write an application for NoDo, for example a ChevronWP7 Homebrew Enabler, that uses native APIs to modify manifests of homebrew applications found on the phone. Then upgrade to Mango.
There are lots of upgrade scenarios but we have to remember -- new phones will only ship with Mango.
yeah lets tell rafael and his ms homies how the people here try to hack mango, so that he can tell ms to fix it before mango released to everyone.
I hope you wont tell a thing in the public @ fiinix, jaxbox, heathcliff
diboze said:
rafael and his ms homies
Click to expand...
Click to collapse
Really? Rafael informs us of an important issue that we should try resolving, and your response is "OMG he's in bed with Microsoft let's ostracize him"? That saddens me.
@arktronic: please...you cant be this naive...
I won't dignify that with a response.
Oh wait...
There seems to be a way ... for current NoDo users. It is similar to what happened going from original 7008 to NoDo ... in terms of unlocking. I will stop there.
I'm curious, is the ID_CAP_INTEROPSERVICES merely a flag that the xap contains native code, or does the executive actually forbid the application from running native code unless the flag's present?
i.e. could we modify the xap to remove this flag, but still run the native code app on the phone?
elyl said:
I'm curious, is the ID_CAP_INTEROPSERVICES merely a flag that the xap contains native code, or does the executive actually forbid the application from running native code unless the flag's present?
i.e. could we modify the xap to remove this flag, but still run the native code app on the phone?
Click to expand...
Click to collapse
The flag must be present.
diboze said:
yeah lets tell rafael and his ms homies how the people here try to hack mango, so that he can tell ms to fix it before mango released to everyone.
I hope you wont tell a thing in the public @ fiinix, jaxbox, heathcliff
Click to expand...
Click to collapse
You're an idiot.
Here are some things to consider then:
Can something be done to the XAPs to allow the flag? Signing? Other XML file modifications that, in turn, would allow the flag to be used?
Can something be done to the system? A registry change perhaps?
Have any new flags been added to Mango that might also allow low-level system access?
It seems more complicated that just the flag.
Homebrew apps or resigned apps (like Scansearch, or HTC apps) won't run, but official manufacturer apps (Scansearch on LG, HTC apps on HTC) run fine.
So it seems to depends on some certificate.
Also, installing an apps then upgrade to Mango keeps the app on the phone, but it won't allow you to launch it (no error, just launch and quit).
(nico) said:
It seems more complicated that just the flag.
Homebrew apps or resigned apps (like Scansearch, or HTC apps) won't run, but official manufacturer apps (Scansearch on LG, HTC apps on HTC) run fine.
So it seems to depends on some certificate.
Also, installing an apps then upgrade to Mango keeps the app on the phone, but it won't allow you to launch it (no error, just launch and quit).
Click to expand...
Click to collapse
Ah, thanks for testing that. So that means installing an application then upgrading won't be as easy as it sounded.
One test would be to sign a XAP and place your root certificate in the CA store (with Heath's toolset).
diboze said:
yeah lets tell rafael and his ms homies how the people here try to hack mango, so that he can tell ms to fix it before mango released to everyone.
I hope you wont tell a thing in the public @ fiinix, jaxbox, heathcliff
Click to expand...
Click to collapse
I too hope everyone will be a selfish bastard and will never get anything done.
Arktronic said:
Here are some things to consider then:
Can something be done to the XAPs to allow the flag? Signing? Other XML file modifications that, in turn, would allow the flag to be used?
Can something be done to the system? A registry change perhaps?
Have any new flags been added to Mango that might also allow low-level system access?
Click to expand...
Click to collapse
I'm trying some things with the package manager. I haven't got anything yet, but I got some ideas I yet have to try. I'm working on flagging an app as "not being sideloaded".
(nico) said:
It seems more complicated that just the flag.
Homebrew apps or resigned apps (like Scansearch, or HTC apps) won't run, but official manufacturer apps (Scansearch on LG, HTC apps on HTC) run fine.
So it seems to depends on some certificate.
Also, installing an apps then upgrade to Mango keeps the app on the phone, but it won't allow you to launch it (no error, just launch and quit).
Click to expand...
Click to collapse
Ok. So it looks like the package-manager doesn't allow the interop-flag for apps with a full install-cycle through side-loading. The flag is probably allowed for upgrades and marketplace-installs (including DRM licenses). And the PolicyEngine (runtime system) requires the dll's to be signed properly or else it will deny interop to native code.
WithinRafael said:
Ah, thanks for testing that. So that means installing an application then upgrading won't be as easy as it sounded.
One test would be to sign a XAP and place your root certificate in the CA store (with Heath's toolset).
Click to expand...
Click to collapse
Please refer to the opening post of this thread. For the purpose of code-signing the certificates in the "Code Integrity" store are used. The certificates in that store would probably need a signing-root in the CA store. The means that you have to create a certificate that has the properties of a "Code Integrity" certificate AND the properties of a "CA" certificate and then add this cert to both "Code Integrity" and "CA" stores. Then use the private key to sign all the dll's.
If you look at the certs in the "Code Integrity" store, then all, except the one used for LPC singing have this:
Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)
Enhanced Key Usage: Code Signing (1.3.6.1.5.5.7.3.3), Unknown Key Usage (1.3.6.1.4.1.311.10.3.14)
If you look at the certs in the CA store, then you see that they all have:
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
That means that you have to create a cert with:
Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)
Enhanced Key Usage: Code Signing (1.3.6.1.5.5.7.3.3), Unknown Key Usage (1.3.6.1.4.1.311.10.3.14)
Than add this to "Code Integrity" and "CA".
You have to create the cert with OpenSSL. You can't create such a cert with Visual Studio tools.
I already created such a cert. I will create a new version of the WP7 Root Tools and sign the dll's with this cert. And I will make an option to install/uninstall the public cert in "Code Intergrity" and "CA". I advise everyone who wants to try this to first make a backup! Then, when you have this version of the WP7 Root Tools installed and you used it to install the certificates too, then you should try to upgrade to Mango and see if the WP7 Root Tools are still working.
I will let you know when I got this new version of the WP7 Root Tools ready.
Ciao,
Heathlciff74