Related
Hi all.
This is a little collection of things that i have been noticing while testing hacking issues on the phone.
Remember that those are "non-useful" (not to jailbreak) the phone, and just curiousity as topic.
Easy Hidden Menu Call
Do you need a search on the net to remember the hidden menu code? No more!. Test this phone-number string instead:
(Edited now): ##PROGRAMNITT
Max size for an app name/web favorite
Seems to be no max per se, but after doing some test, where i created title as: "chunk1chunk2chunk......chunkN" i was able to load a 1691124 characters title. Further than that, the browser seems to crash.
That's about a 3MB text string, just for the title. Would work well, when testing if several of them pinned reduce our 8gb storage(use storage) or doesn't (uses other).
Btw, you can pip up to 67 apps, (51 new) so... that's a max anyway,
Application Menu "About:blank" hack
Test this in the browser bar as direction: "about:blank". Kin IE will yell that it's not a supported protocol. Yeah, that's right. Let's dev a page on a local webserver with:
PHP:
<html>
<head>
<title>Mad redirection!</title>
</head>
<body>
<h3>Mad redirection tool!</h3>
<p> Testing: <div id="testTab"></div></p>
<p> Errors:
<div id="errorsTab"></div>
</p>
<script type="text/javascript">
var urlToTest = "about:blank";
try {
var test = document.getElementById("testTab");
test.innerHTML = urlToTest;
window.location=urlToTest;
}
catch (error) {
var err = document.getElementById("errorsTab");
err.innerHTML = "Error going to " +urlToTest+"<br/>"+error.message;
}
</script>
</body>
</html>
Browse it with the kin and you will land in the about:blank page, with the ability to be pinned on the application menu. Of course it will work, having the App link on the App menu, with a non working link (Kin still yells if you use it from menu).
Useless, but weird...
I do know that this is pure thread necromancy and that those are old news but:
a) if you are able to do the trick (using the sample html i posted) you can see that indeed it comes to about:blank and is shown as that on the title: "ABOUT:BLANK".
b) if you are so smart to change it to "about:lame" it goes there but shows a "Action canceled" webpage, where it suggest you to press the "refresh" button or use menu opcion "File -> work offline".
Like if you could.. rofl.
That means:
1) "about:" protocol is supported (at least about:blank) to be navigated BUT is nerfed from the direction bar. So other protocols could work. For example, smtp and ftp does trigger a popup from the IE, but res:// file:// and rtsp:// do not (even if they crash later, and rtsp opening zune for streaming).
2) This is a pure IE (with file menu,hopefully )
3) some other things can be tested, and every person can!
I upgraded the posted code, so it outputs an error when the redirection doesnt work (almost allways).
If you try it, remember not to end your url with \ (backslash) as it interferes with the doublequotes.
I've just completed testing a couple of things.
First, I successfully tested the "about:blank".
I also tried "about:", "about:about", "about:cache", and "about:home". These each resulted in the action canceled page described above.
I also tried the "file://" protocol, with the address "file://localhost/c:/" and received the following:
Errors:
Error going to file://localhost/c:/
Could not complete the operation due to error 80070005.
[edit] It seems that error 80070005 is given when you do not permission. The solution? Log on with administrator privileges... (see link)
Upon further testing:
about:desktopitemnavigationfailure works and displays "navigation cancelled" page.
about:navigationcanceled works and displays "navigation cancelled" page.
about:navigationfailure works and displays "navigation cancelled" page.
about:noadd-ons displays "navigation cancelled" page.
about: offlineinformation works and informs the user that the current page can not be viewed off line.
about: postnotcached works and informs the user that to refresh the current page, information entered in a form will have to be re-posted.
about:securityrisk displays "navigation cancelled" page.
about:tabs (unsuprisingly) displays "navigation cancelled" page.
I read that about:mozilla works in older versions of IE. However, it displayed the "navigation cancelled" page. You can also supposedly access the about:mozilla page using the following URL: res://mshtml.dll/about.moz
However, while this "res" protocol appears to be supported, I received the same permissions error as referenced in the above post.
I tested the mms protocol on a couple of working mms streams, but received the notification that the protocol is not supported.
I tried view-source://(random web address) and unsuprisingly was told that the protocol isn't supported. While this protocol works with some browsers, it doesn't seem to work on internet explorer even on a regular computer.
I tried the javascript protocol and it seems to work, but is different than about:, http:, etc. Mainly, it processes the javascript without leaving the script "address" in the address bar like we see with about: and http:
I was a little disappointed in this one, hoping to bookmark a javascript to test the videohamster flash video viewer for ipods, or itransmogrify for other flash files.
very nice work here. I like what you have done with this.
I'm glad that other than about:blank works (apart of the "action cancelled").
I took my time to install a wm6.5 emulator and test where do this "Action cancelled" come from in the pocket IE url bar.
They are from " res://.....navcancl.dll ".
Maybe there's a way to bypass the restrictions (the permission error) by calling some parameter in the "about:XXXX", but i can't bet on it.
Edit:
about:version seems to work (it auto-says "cannot find server", although my python custom-made-for-exploits server says that it delivered my html). But it keeps loading after the javascript redirection happens.... lol, so random .
One thought I had, that I have not had time to experiment with yet, is how deep the permissions restrictions go. For example, at times I have been logged on to a windows-based computer and have access to certain user-specific files but not to system files or to files or folders closer to the root. So for instance, we may be able to access the WinCE equivalent of "C:\Documents and Settings\<UserName>" using the file:// or res:// protocols even though we don't have permission to access "C:\".
Here's another potential avenue for information related to the "res" protocol. Apparently, it can be used to enumerate the software on a machine by identifying certain executables or dlls. (see here).
Unfortunately, the example cited in the article is not available so I can't view the code on how it was done. However, the results can be viewed here, where incidentally you can see the software installed on the computer that crawled this webpage.
Luckily, a manual or how-to paper is available here. I will try to check it out and see if I can figure out something useful.
i checked, it doesnt yell at you if you use a res:// but either if using ftp:// so the big problem is that you must pre-know the res:// uri before testing.
And in the best case, you will just get an image shown, ad js cannot give you the binary data.
anyway, i'm interested in this things....
Here's a couple other likely non-useful tidbits.
The browser will attempt to open the following filetypes with the Zune player:
.avi
.3gp
.mov
.fli
.mp4
.wmv
.wmx
When you open a VBScript in the browser, the script isn't executed, but it is displayed.
The mailto: protocol works from the browser and opens up the email dialog.
The following script causes the browser to hang (and deleting temporary files does not resolve the problem--but restarting the Kin does):
HTML:
<html><body onLoad=Demo()><script>
// MoBB Demonstration
function Demo() {
var a = new ActiveXObject("Internet.HHCtrl.1");
var b = unescape("XXXX");
while (b.length < 256) b += b;
for (var i=0; i<4096; i++) {
a['Image'] = b + "";
}
}
</script>
</body></html>
I haven't played around with the logs at all, but would this provide an error that gives some useful log output?
After some further testing, I discovered the Kin does not yell about the following protocols as being unsupported (in other words, they seem to be supported):
gopher://
nntp://
telnet://
news://
snews://
windowsmail.url.mailto://
windowsmail.url.news://
windowsmail.url.nntp://
windowsmail.url.snews://
johnkussack said:
Maybe there's a way to bypass the restrictions (the permission error) by calling some parameter in the "about:XXXX", but i can't bet on it.
Click to expand...
Click to collapse
I tried playing around with about:____, such as with the following types of addresses:
about:<input%20type=file>
about:<a%20href=C:\windows\>Click-Here</a>
but without luck.
I also tried the shell handler "Shell:" which seems to be another supported protocol, but again without luck. I tried the following Shell commands:
Shellrofile
ShellrogramFiles
Shell:System
Shell:ControlPanelFolder
Shell:Windows
Shell:::{21EC2020 shell:::{21EC2020-3AEA 3AEA-1069 1069-A2DD A2DD-08002B30309D}
Here are a couple more that I found other people sometimes try that I haven't tried (at least not yet):
shell:ControlPanelFolder
shell:::{35786D3C-B075-49b9-88DD-029876E11C01}
shell:::{208D2C60-3AEA-1069-A2D7-08002B30309D}
shell:::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
shell:::{450D8FBA-AD25-11D0-98A8-0800361B1103}
shell:::{E17D4FC0-5564-11D1-83F2-00A0C90DC849}
Ok, so this will be my last post in this thread tonight . For some unknown reason, you can access your emotes when in camera mode.... It doesn't do anything if you try to use one though.
great to hear about the shell::XXXX thing.
Does it trigger something? like about:blank or the other trigger a blank or a "cannot go" page.
btw, a real path on the phone (granted by the logs) is:
\Windows\eri.bin
That's assured , with the start backslash ("\\" if used on js code)
these hacks arent nonuseful
you should have called these hacks something other than non useful because we can use these little tips and tricks in combination with others to actually create an in browser jailbreak using the unrestricted protocols.
shell commands
try the net user admin <username> <password> console command in the shell protocol and see if you an bypass restrictions. theres no reason why console commands shouldnt work even though i havent tried this myself.
X-15D9W8491 said:
try the net user admin <username> <password> console command in the shell protocol and see if you an bypass restrictions. theres no reason why console commands shouldnt work even though i havent tried this myself.
Click to expand...
Click to collapse
Sorry, I'm not sure where you mean to do this. Unless I completely missed the revelation, so far, nobody has been able to get any type of shell/console access (as it doesn't really exist on a Windows Mobile OS anyway).
i called them as is, cause in first place, they were non useful, lol.
Although now, it could be a good try to get some "jailbreak" procedure.
as we dunno what windows mobile i6 can do, i guess we should/must try into a real mobile device (maybe my old pda too), or a win mobile 6.5 emulator, to test procedures (less restrictions), and then repeat on the kin (restricted).
I always though that the browser was the weakest part anyway
if you do tel: in the browser, and write anything after that it opens it up in a bubble....it lets you call letters, although it gives an error in the phone app
When using the TRACERT (Trace Route) in the programnitt menu I found a quirk.
Using 127.0.0.1 to Trace replies: WindowsCE
...that's obvious but interesting.
Using 127.0.0.0 to Trace replies: * 87 (30 times, hits limit and stops)
I have no idea why it would reply with the voicemail number....
Howdy folks!
I've been feverishly scouring the web and this site for ways around the internet sharing limitation that att puts on its phones. Sadly the xaps and provxmls didn't work well for me but I struck gold on google and I would like to share it with you! in xda post below, skip to registry editing unless you cant see internet sharing as option
long story short as shown here: http://forum.xda-developers.com/showthread.php?t=1233612&highlight=openmarketenabled Thanks sensboston for diggin it up.
do the following registry edits:
Now launch WP7 Root Tools and go to Local Machine -> Comm -> InternetSharing -> Settings and manualy add new value (+val button):
(this is description)>>Value Name: Name, Value Type: String, Value Data: Value ... hit save
Value Name: EntitlementURI, Value Type: String, Value Data: ./Vendor/MSFT/Registry/HKLM/Comm/InternetSharing/Settings/OpenMarketEnabled ... hit save
Value Name: OpenMarketEnabled, Value Type: dword, Value Data: 1 ... hit save
need more info? keep reading. sorry for crap presentation.
The Sasha Kotlyar has a post on his website that shows you the registry settings required (you can use only the first two, or go all the way to fully debrand). http://arktronic.com/weblog/2012-04-14/my-phone-my-rules
Prerequisites:
1. In order to successfully add the registry values you will need to start with mango version 7720 or 7740 and interop-unlock with windowbreak or
visit http://windowsphonehacker.com/windowbreak/ on your non-nokia mobile phone or visit windowsphonehacker.com/articles/the_windowbreak_project-12-23-11 for more info
1a. If you cannot use window break please find another method to interop-unlock. like heathcliff74 xap
2. Install Root tools: http://forum.xda-developers.com/showthread.php?t=1569832
3. Visit http://arktronic.com/weblog/2012-04-14/my-phone-my-rules
3a. Use Root tools to add the first internet sharing related value in your registry you will have to use "add value" button since it's not there originally!
3b. Use same to EDIT the "entitlement" value
Please make sure you spell everything in your registry correctly!
tested on samsung focus flash. Speedtest.net on pc showed pathetic 500kbps Down and 1mbps Up on "4g".
Good Luck and please show Mr. Kotlyar your gratitude for so clearly and simply showing the settings that need to be changed!
Also thank our window-break and root tools suppliers, jaxbot and Heathcliff74!!
Before reposting some very old hacks with outdated instructions (Shevron unlock isn't available more than year!) and referring to some unknown guys (who is "wonderful Sasha"?), try to search forum first: http://forum.xda-developers.com/showthread.php?t=1334248&highlight=internet+sharing
All these noobs "wonderful internet finds" have a xda roots.
sensboston said:
Before reposting some very old hacks with outdated instructions (Shevron unlock isn't available more than year!) and referring to some unknown guys (who is "wonderful Sasha"?), try to search forum first: http://forum.xda-developers.com/showthread.php?t=1334248&highlight=internet+sharing
All these noobs "wonderful internet finds" have a xda roots.
Click to expand...
Click to collapse
maybe you should revisit the portion of my post specifying how the various provxml and xap packages provided on this site haven't worked for me. I haven't seen those exact registry settings written out explicitly on xda, just long winded instructions for some ultimately useless xap deployment.
I visited the thread you mentioned (as well as others) many times and tried it without success. In perusing the thread I see no mention of the two settings that need be changed in the registry. I do see users reporting issues with their radios and some wondering whether it's undoable. These registry settings look very undoable to me but not that xap deployment.
another search for " internet sharing registry settings" comes up empty .
Simply editing the registry as shown was fairly easy and straightforward and it worked.
I merely hope someone else having a similarly fruitless search will find this useful.
Have you seen this (an year old!) thread? If you unable to find/apply, it doesn't mean the xda instructions are useless
P.S. Your post it's just an another proof: XDA needs more structured, clean and visible FAQ/wiki system.
Will these Registry values work with a HTC Titan 2, or is this just for Samsung devices. Please advise. I dont want to brick my phone. Thanks!!
sensboston, i didn't find that thread. it should be stickied. its much more concise and well organized than what i put up. thanks!
my advice to others, as someone who's only worked on one device to investigate this issue, is that if your device gives you the option to do internet sharing but att denies you this right with a message asking you to call them, then your condition may be cured simply with the registry settings. the fella in sensboston's link has an optima and the registry bit is the same. if your problem is more severe in that there's no internet sharing option, perrhaps you may check out that thread more carefully to see what's applicable to your device.
the regediting parts are the same and this makes me feel safe that it will work across devices. just remember, you edit entitlement value but add the openmarket dword
as a final word, i do love xda and all the work people do to support and develop here. didnt mean to link to / exalt an outsider instead of xda. google did point me in the direction of that site and not the xda post likely because i searched " focus flash internet sharing". sometimes it's hard to know what is device specific and what isn't.
I use a Focus Flash on AT&T
This is the post I followed for use Internet sharing option (Samsung Phones) http://forum.xda-developers.com/showthread.php?t=1334248
well damn now my phones bricked!
What you mean your phone is bricked. What the phone, And what you did before?
I have a PhoneGap application designed to work on multiple mobile platforms. I'm loading a dynamic HTML content from an external page on the Internet using jQuery Mobile. The problematic system is Windows Phone 7.
This is what I get from the external page, with the URL of the script tag already replaced to load from the phone instead of from the net to save bandwidth:
HTML:
<script type="text/javascript" charset="utf-8" src="x-wmapp1:/app/www/test.js"></script>
This works fine on Android, iPhone and even BlackBerry when I replaced the x-wmapp1: part by a respective counterpart (e.g. file:///android_asset/www/ on Android). However, on Windows Phone 7 it doesn't seem to work at all.
When I try to load the same URL via $.getScript function, it always returns a 404 eror, even if I try and load it with a relative path only.
Any suggestions?
First of all, this type of question may be better suited to the Software Development or Apps and Games sub-forums, as a lot of the people who hang out here are more familiar with homebrew hacks. I'll give it a shot, though.
First of all, what kind of path are you trying to use? I haven't tried loading scripts or images in HTML or JS, but to dynamically load content within the app itself typically requires some care with regard to the path. For example, is the JS file being built into the assembly (as a resource) or included alongside it (as content)? How about the HTML page?
This is a kind of lame approach, but one option that's sure to work is just inlining the scripts in the page, directly. That won't increase the total app size or load time at all, although it might make maintaining the app take a little bit more effort.
Thanks for the reply, I will try to post this into the more appropriate forum.
With regards to paths - you can see the path in the HTML snippet I provided in the original question. It's all a bit specific and we cannot afford to load JS directly from page, since that does increase the size of the resulting HTML, sent from an external PHP page, thus increasing bandwidth. This is the first reason why we chose to have all JS and CSS files directly bundled with the application and load them internally rather than from Internet.
Also, all of JS files are included alongside the application as content. I'm using the same approach for all images, since if they were included as a resource, they would not show in the application.
GoodDayToDie said:
First of all, this type of question may be better suited to the Software Development or Apps and Games sub-forums, as a lot of the people who hang out here are more familiar with homebrew hacks. I'll give it a shot, though.
First of all, what kind of path are you trying to use? I haven't tried loading scripts or images in HTML or JS, but to dynamically load content within the app itself typically requires some care with regard to the path. For example, is the JS file being built into the assembly (as a resource) or included alongside it (as content)? How about the HTML page?
This is a kind of lame approach, but one option that's sure to work is just inlining the scripts in the page, directly. That won't increase the total app size or load time at all, although it might make maintaining the app take a little bit more effort.
Click to expand...
Click to collapse
First question: have you set the IsScriptEnabled proerty on the control to True? It defaults to False, preventing scripting within the control. Also, changing it only takes effect
on navigation, so if you already loaded the page and then set this property, it still won't work.
Anyhow, I missed that your HTML was coming externally, and only the scripts and stylesheets were local. That's... interesting, and seems reasonable enough, and I can't find any info online that exactly matches your use case. The way you're structuring the script src URI looks weird to me, but I haven't messed with the WebBrowserControl very much at all.
One solution, though a bit hacky:
Use the WebBrowserControl's InvokeScript function to dynamically load scripts into your pages. To do this, you would first need to load the script file content into a .NET String object. The GetResourceStream function is probably your best friend here, combined with ReadToEnd(). Then, just invoke the eval() JS function, which should be built-in, and pass it the JS file content. That will load the JS into the web page, creating objects (including functions) and executing instructions as the files are eval()ed.
Of course, you'd need to do this on every page navigation, but you can actually automate it such that the page itself requests that the app load those scripts. In your app, bind the script-loading function to the ScriptNotify event handler, probably with some parameter such as the name of the script to load. Then, on each page served from your server to the app, instead of including standard <script src=...> tags, use <script>window.external.notify('load localscript1.js')</script> and so on; this will trigger the app's ScriptNotify function for you.
I hope that helps. I can see your use case, but somewhat surprisingly, I couldn't find anybody else online who had either run into your problem or written a tutorial on doing it your way.
Thank you for your reply, it was very informative. One question though - why do you think the way I'm structuring the SCRIPT URI is wierd? I tried to mess around with relative URIs and the such, however those would load the JavaScript file from Internet rather than from the application itself.
The problem I'm running into with your proposed solutions, however is that:
1. the project is a PhoneGap/Cordova application, using its own components, so I have no idea where I would look for IsScriptEnabled here (although this all worked on an older PhoneGap release, so I'm guessing they have it set up correctly)
2. injecting a script programmatically on each navigation would require me to rewrite much of the code we already use for other platforms, not to mention those custom Cordova components, which I don't even know if they can handle such thing
As for my user case - I was surprised to be the only guy on the internet with this methodology in place as well. So it either works for everyone else or nobody really thought of doing it my way, since it's basically an Internet application (maybe the don't want to disclose their sources, who knows).
CyberGhost636 said:
1. the project is a PhoneGap/Cordova application, using its own components, so I have no idea where I would look for IsScriptEnabled here (although this all worked on an older PhoneGap release, so I'm guessing they have it set up correctly)
Click to expand...
Click to collapse
In the WebBrowser properties.
CyberGhost636 said:
As for my user case - I was surprised to be the only guy on the internet with this methodology in place as well.
Click to expand...
Click to collapse
Of course you not "the only guy". I've tried to port/run a few HTML java-script based games on WP7 (Digger and couple more) more then year ago; they runs well with one HUGE exception - touch screen events are freezing scripts execution and make games not playable.
The "x-wmapp1:" URI scheme was what I was referring to. Not sure where that comes from, but I haven't done anything really with the WebBrowser control.
I have no knowledge of PhoneGap or Cordova; I assume they're "we write your app for you" frameworks? One would assume that such tools would know to set IsScriptEnabled, but you may have to do so manually. A bit of web searching on that direction may be fruitful - maybe earlier versions enabled scripting by default, and now it's disabled by default so you have to specify an option somewhere?
Injecting the script on navigation really doesn't require any major change to the server-side code. I mean, is sending
<script>window.external.notify('load localscript1.js')</script>
really much different from sending
<script type="text/javascript" charset="utf-8" src="x-wmapp1:/app/www/test.js"></script>
? If that's too different, you could instead send
<script src="http://yourserver.com/LoadLocalScripts.js"></script>
and put "LoadLocalScripts.js" on your server with the following code:
window.external.notify('load localscript1.js');
This has only a trivial increase in server traffic and load time, but lets you continue using external scripts instead of inline ones. Very little server-side change needed at all.
Now, the additional client-side code to support the window.external.notify and call InvokeScript... normally I'd say that's dead easy, because it is if you have any experience with the .NET framework, but in your case I get the feeling that this isn't so? I code to the framework, or to the underlying native code, and I tend to code "raw" (very little auto-generated code), so I'm not going to be able to help you solve the problems with a "make me an app" wizard unless I can see the code it generates for you.
For what it's worth, here's the approximate raw code that I'd use (it's over-simplified, but close enough):
void HandleNotify (String param) {
String[] parts = param.split(" ");
if (parts[0] == "load") LoadScript(parts[1]);
}
void LoadScript (String script) {
String content = Application.GetResourceStream(new Uri(script, UriType.Absolute)).ReadToEnd();
theBrowserControl.InvokeScript("eval", content);
}
void theBrowserControl_Loaded (...event handler args here...) {
theBrowserControl.IsScriptEnabled = true;
theBrowserControl.ScriptNotify += HandleNotify;
theBrowserControl.Navigate("http://yoursite.com");
}
the URI comes from Windows Phone itself, with this code, you can see for yourself:
var a = document.createElement('a');
a.setAttribute('href', '.');
alert(a.href);
also, I've been informed that this works in Cordova 2.0, so it might be a 1.8.1 bug... will try and see how it goes
thanks for your help so far!
Looks like it was a problem with PhoneGap 1.8.1 - after upgading to Cordova 2.0 (PhoneGap got renamed) it all works now... thanks for all the help!
Hey everyone, I've been a lurker for quite sometime, so I'm finally posting something. This is isn't in any of the dev sections because this is my first post.
When I first got my GNex (toroplus) was very annoyed with the capabilities of the gsd4t gps chip. Static navigation makes it really hard to use the chip for telemetry projects and the 1Hz position update doesn't give me enough sample data for the things I'm working on. I decided to do some investigation to see if it was limited to the hardware itself or the driver.
I scoured the forum, and tried a bunch of apps, found datasheets and the what not and nothing really improved my situation. I decided to take matters into my own hands and poke around lib_gsd4t.so (stock).
With verbose logging turned on, I noticed an interesting looking entry.
Code:
Hello EE downloder !!!.
{sgee.samsung.csr.com, instantfix.csr.com}, port : 80
Y3Nyc2xsOmROTkw5NnN1, /diff/packedDifference.f2p3enc.ee, format 2
EE_DOWNLOAD: EE_Download_Init done.
EE_Download_Init - returned 0 !!!.
EE_DOWNLOAD: EE_Download_Start successful.
EE_DOWNLOAD:EE_Download_Scheduler started; server_address=(sgee.samsung.csr.com,instantfix.csr.com), port=80, file=/diff/packedDifference.f2p3enc.ee
...
The string Y3Nyc2xsOmROTkw5NnN1 really stuck out to me. The character set fit in the base64 space which for some reason or another, developers seem to think base64 encoded text is somehow a good way to make things more secure. I have seen this numerous times. To me, it just makes it more noticeable that someone is trying to hide something.
So I went ahead and decoded the string and got
Code:
csrsll:dNNL96su
Just to be sure it wasn't some string unique to my phone, I checked where it most likely came from, which is the lib_gsd4t.so and it is indeed there (@offset 0x1b7429).
What's so special about that string?
I'm almost 100% sure that it is the username : password combo for downloading the SGEE data. I'm guessing it is using a post request (anyone wanting to use wireshark to packet sniff this can confirm) because there are extra parameters being used to retrieve the data.
Have I tried to access the file with those credentials?
No.
Why am I posting this?
I thought it was funny that the username and password are hardcoded in the driver and written to the logs. What's the point of having it password protected if you're just going to tell everyone the account credentials?
My actual job involves application security and I used this as an example for the other programmers on my team as to why we shouldn't ever mistake encoding for encryption and if you try to hide something, chances are you are actually drawing attention to it.
Oh also, is anyone interested in knowing more about the library. I have figured out quite a bit
How odd!
If you've figured out the gps drivers maybe you know how to make an updated file to disable static navigation? I op'd this thread http://forum.xda-developers.com/showthread.php?p=38684789 based on the ics version, but would love an android 422 based mod.
I posted my modded drivers. It may also require new configs.
afrotronics said:
I posted my modded drivers. It may also require new configs.
Click to expand...
Click to collapse
Did you ever figure out the proper request? (curl or wget?)
I am trying to write a module that hooks (first off all, later only specific) in/output streams and readers/writers to analyze the content.
First try was to hook java.io.Reader.read with all 3 read method signatures - this didn't show very much, so I guess it only hooks real java.io.Reader, and every method who overrides the specific method without calling super will not get hooked.
So I tried to just get all classes and look, if they are java.io.Reader.class.isAssignableFrom(every_single_class) //all classes that extend Reader, or a check if Reader r = new c();
- it turned out it is harder than i thought to get all loaded classes from a classloader.
Tried so far:
1. In desktop-oracle-java you could, via reflection, make the classes-field of a classloader (from the LoadPackageParam lpparam) visible, and it would contain an array of all classes. Android Java does not have this - this field simply doesn't exist.
2. Digging deeper into the android source, it seems like the VMClassLoader inside the normal classloader handles this, but it internally it calls a native loadclass method, so I can't access this data here.
3. My next try was to use the reflections.org lib (pulled via maven) - and every suggested method like getSubTypesOf(Object.class) and many others.
4. Now i tried to hook loadClass of classLoader, but this seemed to lead to an stackoverflow or something like that, i think.
5. I also tried to hook findClass of classLoader, but it seemingly never gets called?
So, what is the correct way to get all subclasses of java.io.Reader (inside a specific classloader) in XPosed framework? To me, it doesn't seem to be a too weird feature to have.
Also: Is there a way that I don't have to restart my phone after every new app version? Or to at least disable the "optimizing 100 apps" on every third boot. (Carbon rom, Android 5.1)
bump. im also interested in this
Very interestd topic!
I found a github project that should be able to do this, and I think I also found the according class.
github.com/baer-devl/DAMN/blob/master/src/at/fhooe/mcm14/damn/xposed/XHookAll.java (i'm currently not allowed to post real links because <10 posts)
There is also a 90-pages master thesis with about ~10 pages about hooking. If someone is interested, I can ask if the author allows to publish/upload it.