WP7 - Registry - Windows Phone 7 Development and Hacking

i'm seeking either a code sample or library that needs to be added to view the registry. Or is the registry write only? I'm trying to make a backup of the currently device registry and then jsut play with it... a "precaution" for the device bricking

If you download the source to my IE Search Switch project (it's in the ZIP file) you will get a "Homebrew" library which includes a WindowsCERegistry class that gives read access to much of the registry. There are some areas which have tighter security and can't be read, though. If you use the device-specific functions, you *might* get more access than WindowsCERegistry provides.
You can see an example of how I use registry code in the app project.

Related

Declare Function Help

Hi
I'm simply trying to use a dll written in eVC, with a small app written in vVB.
The dll has mostly been wizard generated with an extra function call testing, which returns a 4 as an int.
I've compiled the dll as 'dll_test.dll' and after much messing about i've managed to register the pvbdecl.dll file which seems to be needed. Now i get the following error. 'dll_test.dll was loaded, but the DllRegistryServer entry point was not found'
I hope this is a small common problem? thanks for any help/hints in advance
just a follow up:
i cracked it. i was using the wrong naming convention in my dll. meaning that vb couldn't find the functions in the dll. (also removed some of the c++ stuff from the dll)
now i can use my dll with vb or c (using loadlibrary etc...). next step is to use it in c with just including the h file and linking to the lib file
if anyone is interested then let me know and i'll explain more.

XML help

I'm new to vb.net and writing my first app for windows mobile 6.
I need help with an XML reader/writer. Is there anyone willing to help me with this.
I have an AT&T Fuze and want to use the AT&T tab in manilla as a game tab
I can edit the file nessary(att_tabitems.xml) on my desktop with notepad and all works fine. But if I edit it on the phone with the program I made after saving the file It is half the size an the At&t tab in manila can't read the file; however, opening each file the origional and the one my app created on the phone they seem to have the same information in them. word for word.
I use the readfiles/writefiles options in vb to read and write the file. I think I need to use a method of writing XML I did try and use the System.XML xmlDocument to try and read in the xml file but was unable to get it to work.
I was hoping someone here had an example of an app they had writen that reads/writes XML on the smartphone.
Hmm...You are editing it with an app you made? Any chance you can PM me the source and maybe I can figure it out from there. My best bet would be that you are forgetting to Close() the file, creating an access issue...
I'd be able to give you a better answer if you send me the code

Making modifications & mergesmali

This is a new thread on the subject of modifying the system or
applications on the Nook. I'd like to see a separate thread on
modifying the kernel, but let's keep that off this.
The Basics
A bit of the system or an app is usually written in Java. Different
tools are used to compile and process it to the final product.
The Java Runtime Environment (JRE) is what allows you to run various tools and program on your host computer.
The Java Development Kit (JDK), version 6, update 33 contains the tools you need to work with Java
javac - the Java compiler
jarsigner - a tool for signing products
Android Software Development Kit (SDK), with downloads for Level 7 API.
Android Asset Packaging Tool (AAPT) - processes resources like images and layouts
Android Debug Bridge (ADB) - allows connection and debugging to your device
The final product is either an APK file or a JAR file, both of which
are basically ZIP files. Both of these contain a file called
classes.dex which contain the executable code. An APK file also
contains resources in a directory hierarchy. Some of these items,
like regular PNG graphics are exactly as you'd find them anywhere.
Other items, like "9 patch files" (9.png), are modified and others,
like XML files, are compressed. An APK file also contains a file
called AndroidManifest.xml that describes the product. Both APK
and JAR files can also contain signatures in the META-INF
directory.
Reverse Engineering
In the best of all worlds, you would have the original Java code that
the developers used to make the product. This is seldom available.
To work around this you need to backwards step the entire
process to get back to the original Java code. There is a problem,
the backwards process is not unambiguous. Yes, you can
backtrack to some Java code, that if compiled would work the
same as the original, but it would not look the same. Often the
intent of a piece of software is apparent from its layout. Also, you
will have none of the comments in the original code.
We can easily backtrack to an intermediate place between source
Java code and the final product. This is a place that does not really
exist in the original product generation process. We can take the
raw executable code out of a product and display it in a human
readable (and editable) form. "Smali" is the name of this
representation. It is analogous to assembly code. As stated, it
really does not exist as a language in the original compilation.
There is a software tool for taking apart a product and dissecting
it into the Smali code and the resources (if any). This tool also can
be used for compiling the Smali code back into the modified
product.
apktool, a tool for reverse engineering Android files
One of the main actions of the apktool is to take apart classes.dex
and generate a whole tree of files that end in the extension ".smali".
These files will have names like:
\NeatoApp\smali\com\bigcompany\neatoapp\MainView$23.smali
Modifying a Product
So, we can take a finished product, use apktool on it to take it apart
to pieces, modify some piece, then put it back together with
apktool. Modifying a resource like a graphic is easy, just modify
it (except 9.png, more later). Changing the wording of a popup
message is also easy. Changing the language of the interface
takes a bit more care to do it correctly. Modifying the Smali code
takes a bit of knowledge and done incorrectly can even brick your
device (repairable with a backup). If you have a chunk of Smali
code that someone modified for some reason, it's not too difficult
to open up your extracted Smali file, edit in the chunk, save it and
run apktool to put everything back together.
The Problem
We see this problem with kernels all the time, that some users want
a kernel with A, B, C and others want it with C, D, E. The number
of competing configuration gets out of hand. Moreover if you
come up with feature F, then you have to find a way to package
it up with A, B, C, for the first user and D, E for the second user.
A Solution
One possible solution is to let the user decide. You can distribute
options A-F independently and let the user install them themselves.
In principle, this means the user takes whatever version of
something they have on their device, apply a specific patch, then
reinstall it on their device. This would also open things up to
modifying different versions (for example Nook Touch vs. Nook
Glow) with the same mod.
mergesmali
mergesmali is a new tool for managing modifications to Smali
code. There is no particular magic behind it. It simply can replace
sections of Smali in a text file. It is agile enough to not rely on line
numbers or exact specifics of the Smali file. Here is a simple
example how you would use it to modify something:
Code:
adb pull /system/framework/android.policy.jar
apktool d android.policy.jar \Policy
mergesmali /v \Policy\smali\com\android\internal\policy\impl\LockScreen.smali landscapemod.smali
apktool b \Policy android.policy.jar
adb push android.policy.jar /system/framework
Mod Developers
We'll get to how to make the modification files for Smali soon...
Renate,
Great post! :good:
Could you add few words on logcat/ddms to help with troubleshooting, if a mod doesn’t work as expected, please?
Yes, I'm still working on this.
I've been patching the stock reader for dictionary and other things.
I was doing the patches on the 1.1.2 Reader.apk and it worked fine.
I just switched over to the 1.1.5 Reader.apk and it patched it fine without any changes.
This post addresses the developer side of things.
It is possible to patch Smali by hand.
For quick and dirty, this is not a bad solution.
The problem is that one must be aware of how many registers are used and for what.
In the first instance, if I need another register for my mod, that can push register references on other instructions out of the 4 bit range.
Also, if the stock code is revised later that can also change register references.
Even the simple addition of a debug print statement (Log.d) can affect things.
The solution is to always replace entire methods.
That way you are not fighting with conflicting code.
The logical place to keep your patches is in Java.
Obviously you can't have a standalone method, there has to be a class.
For instance, the stock Reader.apk has a place where it validates EAN (ISBN).
It checks for all digits, which bombs on sequences with dashes.
We want to replace that, easy enough, but we have to wrap it in the class.
Code:
package com.bn.nook.model.product;
public class Products
{
public static boolean isValidEan(String ean)
{
return(true);
}
}
Obviously this does not fully implement the class, but it has enough for our little method.
We do a normal compile of this, then apktool d it to the smali.
mergesmali can then scan through this smali and edit the stock smali from the apktool d'ed stock app.
A final apktool b, jarsigning and zipaligning puts it all back together.
But what if the method that we want to replace called some other method?
We would have to put something in our class to prevent compilation errors and to ensure that the smali code for our method did the correct invocation.
We end up writing stubs for these methods that do nothing.
If it's a void method, the body of the method is simply {}, for boolean types {return(false);}, etc.
But how do we make sure that mergesmali does not substitute these stub methods for the good methods already in stock?
Annotations.
By putting Annotations before each method, we can tell mergesmali what to do.
These annotations are preserved in the decoded smali.
They are subsequently deleted when mergesmali merges the smali.
Expanding our original example (this is just an example, not realistic):
Code:
package com.bn.nook.model.product;
import com.whoever.MergeSmali.*;
public class Products
{
@Ignore
public Products() {}
@Ignore
public static double complicatedOtherMethod(String ean, String msg)
{ return(0.0); }
@Replace
public static boolean isValidEan(String ean)
{
if (complicatedOtherMethod(ean, "Hello")<2.3) return(false);
return(true);
}
}
The @Replace tells mergesmali to replace this method.
The @Ignore tells mergesmali not to replace this method.
We need to have the stub for complicatedOtherMethod in the source.
Well, why is the constructor in there?
The compiler will generate a default constructor if we don't write one and it would have no annotation.
mergesmali prints an error if any method does not have an annotation;
There is also @Append for new methods that are not in the stock.
There is also @Delete to delete methods (that either have a super or not being used at all with the rewritten methods).
What's in com.whoever.MergeSmali.* ?
Code:
package com.whoever;
public class MergeSmali
{
public @interface Ignore {}
public @interface Replace {}
public @interface Append {}
public @interface Delete {}
}
The package is not important as long as it's an Annotation and the class/subclasses are as indicated.
collaboration?
Maybe we could start some sort of work distribution (and knowledge) towards fullfiiling some common goal for the NST.
Here's the Windows (command line) executable for mergesmali.
The basic usage is:
Code:
mergesmali /v [i]stock.smali[/i] [i]patch.smali[/i]
And here's the commands to integrate the new dictionary app to the stock Reader.
Code:
apktool.bat d Reader.apk \Reader
mergesmali /v \Reader\smali\com\bn\nook\reader\ui\ReaderMainView.smali ReaderMainView.smali
apktool.bat b \Reader NewReader.apk
It should generate the following message:
Code:
Replaced: public showLookupView()V
At this point you only have the question of how you are going to sign the modified Reader.
If you have resigned your whole system already, you can just resign with that and install.
You could also edit AndroidManifest.xml before the apktool b and delete the sharedid.
Then you could install it as a regular app after deleting the system app.
Renate NST said:
At this point you only have the question of how you are going to sign the modified Reader.
If you have resigned your whole system already
Click to expand...
Click to collapse
I guess no one did it... yet.
Renate NST said:
You could also edit AndroidManifest.xml before the apktool b and delete the sharedid.
Then you could install it as a regular app after deleting the system app.
Click to expand...
Click to collapse
I don’t understand Android security well enough.
There a discrepancy between documentation and how it works or maybe I don’t understand it at all.
Anyway – if Reader.apk is resigned, it should run under different user, thus loose access to shared databases (internal, annotations, bookmarks, etc.)
Do we need to fix permission to make them RW for everyone?
Could you check (ps) what user(s) "home", "library" and "patched reader" use on you nook now, please?
Annotations, bookmarks, last reading point are all providers implemented and used in Reader.apk.
As far as I can tell, there is no particular reason why Reader.apk uses a sharedId.
I don't have stock Home or Library running on my Nook.
I forget where I have Reader.apk installed right now.
It's been in /system/app or /data/app and worked fine in either place.
Resigning does not change user.
Renate NST said:
Annotations, bookmarks, last reading point are all providers implemented and used in Reader.apk.
Click to expand...
Click to collapse
I would expect the provider for Annotations, bookmarks is Reader.apk
They are not used anywhere else.
last reading point is used in Home.apk too.
Out of curiosity, where Annotations, bookmarks and last reading point providers are implemented?
In framework itself?
Renate NST said:
Resigning does not change user.
Click to expand...
Click to collapse
Ouch.
Stock reader runs as shared user.
If we resign it – it has to run as different one, according to security docs...
And it doesn’t matter if shared id is in manifest still or not.
I guess, I need to do some testing…
Ok, I meant resigning it with the system signature it can keep the same sharedId.
If you don't sign it with the same signature then you have to get rid of the sharedId.
It will then have a normal application user ID.
As far as I can tell, this should make no difference in anything.
But I have gutted most of the B&N stuff so I can't guarantee that in-store browsing or something else won't be affected.
Renate,
Could you answer this one:
ApokrifX said:
Out of curiosity, where Annotations, bookmarks and last reading point providers are implemented?
In framework itself?
Click to expand...
Click to collapse
And one more:
Is it difficult to mod and stock side-by-side?
Change app name + package for every class?
In Reader.apk
com.bn.nook.reader.providers.AnnotationsProvider
com.bn.nook.reader.providers.BaseDictionaryProvider
com.bn.nook.reader.providers.BookmarksProvider
com.bn.nook.reader.providers.LastReadingPointProvider
com.bn.nook.reader.providers.ReaderLocalProvider
(I'd like to know some time why the forums breaks words up.)
On your second question, that's an interesting one.
You'd have to change the package name all over the place,
not just in the manifest, but every smali file and every function call.
But sure, it could be done.
Renate NST said:
In Reader.apk
com.bn.nook.reader.providers.AnnotationsProvider
com.bn.nook.reader.providers.BaseDictionaryProvider
com.bn.nook.reader.providers.BookmarksProvider
com.bn.nook.reader.providers.LastReadingPointProvider
com.bn.nook.reader.providers.ReaderLocalProvider
Click to expand...
Click to collapse
Thank you!
Renate NST said:
(I'd like to know some time why the forums breaks words up.)
Click to expand...
Click to collapse
No idea…
Renate NST said:
Annotations, bookmarks, last reading point are all providers implemented and used in Reader.apk.
As far as I can tell, there is no particular reason why Reader.apk uses a sharedId.
Click to expand...
Click to collapse
Looking at B&N coding style, I won’t be surprised if Home.apk uses its own provider to read the "last reading point".
If this is the case sharedId in a must.
Renate NST said:
On your second question, that's an interesting one.
You'd have to change the package name all over the place,
not just in the manifest, but every smali file and every function call.
But sure, it could be done.
Click to expand...
Click to collapse
and every function call But it can be automated easily, right?
ApokrifX said:
If this is the case sharedId in a must.
Click to expand...
Click to collapse
No.
The "Last read" icon in the upper left corner broadcasts com.bn.nook.launch.LAST_BOOK
This is usually received by Home.apk, which uses the LRP provider in Reader.apk to get the EAN of the last book.
Home.apk then sends the intent android.intent.action.VIEW to Reader.apk with the path of the book.
Reader.apk then uses it's own LRP provider to get the actual LRP in the book.
None of this requires sharedIDs.
#2 Sure, that could be automated.
Renate NST said:
No.
The "Last read" icon in the upper left corner broadcasts com.bn.nook.launch.LAST_BOOK
This is usually received by Home.apk, which uses the LRP provider in Reader.apk to get the EAN of the last book.
Home.apk then sends the intent android.intent.action.VIEW to Reader.apk with the path of the book.
Reader.apk then uses it's own LRP provider to get the actual LRP in the book.
None of this requires sharedIDs.
Click to expand...
Click to collapse
Home shows "last book thumbnail" + on page #XYZ of #ABC also.
I recall you have deleted Home.apk.
Renate NST said:
#2 Sure, that could be automated.
Click to expand...
Click to collapse
Ok. I gotta take a look.Will try to do later today.
ApokrifX said:
Home shows "last book thumbnail" + on page #XYZ of #ABC also.
I recall you have deleted Home.apk.
Click to expand...
Click to collapse
Yes, my Library.apk replacement has a receiver for the com.bn.nook.launch.LAST_BOOK intent.
Even though Home.apk uses the Reader.apk to find LB & LRP for the preview,
it only uses LB to tell the Reader.apk what to open.
Reader.apk does its own homework checking LRP for the desired book.
This can easily be verified by opening a few books with a file manager.
Renate NST said:
Yes, my Library.apk replacement has a receiver for the com.bn.nook.launch.LAST_BOOK intent.
Even though Home.apk uses the Reader.apk to find LB & LRP for the preview,
it only uses LB to tell the Reader.apk what to open.
Reader.apk does its own homework checking LRP for the desired book.
This can easily be verified by opening a few books with a file manager.
Click to expand...
Click to collapse
Ok. I.e. it shouldn't be a problem to run side-by-side readers, right?
They both modify LRP, and Home will be able to pull it via stock reader.
Same idiotic question: do we need to need to change any permissions to let both readers access media databases?
As it stands, if I understand what you want to do,
you'd have to disable the providers in one of the Readers.
You can't have two providers responding to the same intents.
Is there some overwhelming reason why you want to do all this?
Renate NST said:
As it stands, if I understand what you want to do,
you'd have to disable the providers in one of the Readers.
You can't have two providers responding to the same intents.
Click to expand...
Click to collapse
I didn't realize until now, provider responds to URI, so better have one only to avoid problems...
Renate NST said:
Is there some overwhelming reason why you want to do all this?
Click to expand...
Click to collapse
To "not break existing functionality"
I see, it'll be too difficult to have both, too many changes are needed...
Just a bump, old posts don't have signatures.
mergesmali & other stuff can be downloaded from my signature blob.

Programatically set default file associations

In windows 8, programs "cannot" set themselves as the default to open a file. As a programmer, I want my power over the computer, so I have found a way to change the associations.
The "user choice" of the default file handler is located in the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\[extension here]\UserChoice
Unfortunately, this key is protected by some mystery hashing algorithm that incorporates the extension, your user account, and the program in some convoluted way.
Fortunately, we can, of course, set the default file handler by brutally deleting the other file handlers with extreme prejudice, making windows think that your program is the only available program capable of opening that type of file, thereby making it default.
These are located in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\[extension here]\OpenWithList
HKCR\[extension here]\OpenWithList
How to:
1-set your program as "default" the normal way, as you would in windows 7.
2-delete the OpenWithList keys located in HKCU and HKCR, and if necessary, the UserChoice key.
3-???
4-Profit
If you use this process, please post feedback so that I know it works. When I get around to it, I will write a program as an example.
cool thanks work form me
Thank you for sharing this information. It pointed me in the right direction.
To not let the users continually shift between the desktop and the default Store Apps (Metro applications), we want to start all images and videos in the desktop programs.
It didn't work on our versions of Windows 8 Pro. HKCR\[extension here]\OpenWithList was empty or it didn't exist. The solution for me was:
1) change as needed: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\[extension here]\OpenWithList
2) remove all the keys beginning with 'AppX' for the desired file extensions in [HKEY_CLASSES_ROOT\[extension here]\OpenWithProgids]
If the user can use a virtual registry, you probably need to delete it for the elevated administrator and the user.
The keys beginning with AppX are the links to the Store Apps.
(Do not forget to backup registry keys before making changes)
All the extensions for video and images:
.3g2, .3gp, .3gp2, .3gpp, .aac, .adt, .adts, .AIF, .AIFC, .AIFF, .ASF, .ASX, .AU, .avi, .bmp, .dib, .gif, .jfif, .jpe, .jpeg, .jpg, .jxr, .M1V, .m2t, .m2ts, .M2V, .m3u, .m4a, .m4v, .MID, .MIDI, .mod, .mov, .MP2, .MP2V, .mp3, .mp4, .mp4v, .mpa, .MPE, .mpeg, .mpg, .mpv2, .mts, .png, .RMI, .SND, .tif, .tiff, .TS, .TTS, .wav, .WAX, .wdp, .wm, .wma, .wmd, .wms, .wmv, .WMX, .wmz, .WPL, .WVX
I hope this information can helps someone.
Or right click on a file of the type you want to modify and go to open with...
Sent from my SCH-I510 using Tapatalk 2
JihadSquad said:
Or right click on a file of the type you want to modify and go to open with...
Sent from my SCH-I510 using Tapatalk 2
Click to expand...
Click to collapse
If you read the thread title, you would realize that this is referring to programmatic modification of default associations. MS "prohibits" programs from modifying the default file associations, so this is a valid workaround.

[Q] How to find methods and layouts to hook into without source code

I'd like to develop my first xposed module. So far I have worked through the official tutorial and compiled and read the examples. (I also made android apps before).
I want to make a module for the official Twitter app that removes certain content from the home timeline, such as "Who to follow", "While you were away" and sponsored tweets.
As a first step, I tried to change the color of these elements to red, which I didn't manage to do.
I unzipped and decompiled the app and looked for class and method names that seem helpful (most of them were obfuscated). I tried to hook into some of the methods, mostly nothing happend. I got some MedhotNotFoundExceptions and once the app crashed. I also tried to look for layouts to hook into with no success.
Do you have any hints on how to find the right point for my xposed hook?
Thank you
I also decompiled apps to hook them and it worked. You have to do so, because what's executed is the obfuscated code, and these are the names (classes, methods, variables) you need, even if you own the unobfuscated source code.
If you get MethodNotFoundExceptions, the problem must be somewhere else.
Decompile the apk with apktool. Then look throught the smali code (note that you have to know how the smali structure works, what does a method return, how are different parameters represented). For layouts I personally use DDMS' Hierarchy View. If you still have the method not found error, paste here how you are trying to hook and the original smali code.
Sent from my iPhone 6 Plus using Tapatalk
Check out this awesome tool. Converts smali back to java
https://github.com/google/enjarify
That's what i use

Categories

Resources