Related
I've looked around on this forum and others, but I haven't found a tool yet which allows for file browsing and upload/download from a Samsung WP7 device. Most of the tools available seem to be for HTC phones.
The "Advanced Explorer for WP7" allows browsing, but the desktop client to copy files off doesn't seem to work - whenever I try, I get an unhandled exception. Looking at the source code for the app, it seems that only limited file access is enabled for non-HTC devices.
Does anyone know any tools or a way to get files off the device onto a computer?
Thanks!
not yet as of now, but here http://forum.xda-developers.com/showthread.php?t=1021135 claims that he will release one soon
I saw that one - the reg editor works better than any others I've tried, so I have high hopes for the file browser part.
Since I saw people posting on how they got the Diagnosis app off and REed it, I assumed there was tool already available >_<
sorcy said:
I saw that one - the reg editor works better than any others I've tried, so I have high hopes for the file browser part.
Since I saw people posting on how they got the Diagnosis app off and REed it, I assumed there was tool already available >_<
Click to expand...
Click to collapse
My webserver is limited (e.g. it doesn't go through device drivers to enable more access), but this is how one may easily pull files off the device for the sake of RE (or whatever).
http://forum.xda-developers.com/showthread.php?t=877782
The webserver allowed me to get the Diag app off, thanks!
This is going a bit OT, but some folders in Windows did come up with error accessing contents, any idea why? Also, I noticed some of the files had size zero when downloaded.
Hello everybody,
I got a WP7 Samsung Focus and I want to port my old application to this device and join native forces for WP7
My plan is simple: I'll convert my app into a dll, rewrite new gui in C# (or whatever the way to do it on WP7). I saw multiple posts about calling native code (original from Cris Walsh: http://goo.gl/2Tjks). Then I saw a few posts mentioning that it's impossible etc etc.
So, a few questions:
0) can I do it for my app (I don't need marketplace exams etc, I don't care for that)? I know that some WinAPI could be unavailable/broken, all I ask at this point if it's possible to load and run native dll without changing or re-flashing ROM.
1) ms wants 100$ out of my pocket to be able to deploy to my own device (WTF?!). What can I do to deploy to my phone without paying the crooks? (VS2010 tell me to register there and registration askes for 100$).
2) Is there a sample project I could D/L and run, I have zero experience in C# and I have no idea how to load and call native DLL from managed code in WP7? All these half broken samples are totally useless to me, I simply wanted to working HelloWorld app that loads and runs simple dll.
thanks
0) Yes, what you describe is possible. There are lots of limits, though - WP7 applications have very low permissions, and calling native code doesn't fix that. Unless you need to edit something outside the app's own iolated storage, though, you're probably OK.
1) Aside from the official marketplace account ($100), there are a few options:
a) if you've got an LG phone, they come with a built-in registry editor that can be used to dev-unlock your phone. I forget the exact key you need, though.
b) if you've got a student email address (ends in .edu) you can try registering through DreamSpark. This is free.
c) if you don't mind rolling back to pre-NoDo (7004 or 7008) you can use ChevronWP7 Unlock (instructions available on this forum). If you don't have a restore point that far back you can flash an official ROM for that version.
d) if you don't mind waiting, ChevronWP7 Labs will be available at some point (no ETA that I've seen, but it's been talked about for months) and will provide dev-unlock (but not marketplace account) for a nominal fee.
2) There are lots of apps distributed with source, and most of them will use some native code. You could do a search on this forum for subject lines including the tag "[SOURCE]" and find several (I release source for all my apps). However, I suspect what you'd find most useful is Heathcliff74's guide to WP7 apps that use native code, which is on this forum at http://forum.xda-developers.com/showthread.php?t=1299134. It includes step-by-step instructions.
Hope that helps! I look forward to seeing your app. Also, don't hesitate to ask for help with the actual development; I suck at GUIs and Silverlight but am fairly proficient at C# if you need somebody who knows that language, for example.
There is an ETA for the new ChevronWP7 unlocker:only a few weeks away from launch!
Hi GoodDayToDie
GoodDayToDie said:
0) Yes, what you describe is possible. There are lots of limits, though - WP7 applications have very low permissions, and calling native code doesn't fix that. Unless you need to edit something outside the app's own iolated storage, though, you're probably OK.
Click to expand...
Click to collapse
At this point I want to make a DLL from my simple app and call a few functions that interact with filesystem and network. FS is needed only for simple stuff (loading config file etc) from installation folder and creating some temporary files for local storage. Network is tcp/udp, I guess network should be available.
GoodDayToDie said:
1) Aside from the official marketplace account ($100), there are a few options:
...
Click to expand...
Click to collapse
I did some search, it seem that I've done that part. Chevron dev unlock was pulled out from their site, but the old version remains scattered all over the board. There is a good thread a good thread on how to do it. It happens that my phone is 7004. Where can I get old ROM in case if something goes bad and I need to re-flash? Is it easy, am I risking to brick and loose my phone?
I just tried to run sample phone app and it runs on the phone. Initially it said that it was revoked by MS, I run dev-unlock one more time and now it works.
GoodDayToDie said:
2) There are lots of apps distributed with source, and most of them will use some native code. You could do a search on this forum for subject lines including the tag "[SOURCE]" and find several (I release source for all my apps). However, I suspect what you'd find most useful is Heathcliff74's guide to WP7 apps that use native code, which is on this forum at http://forum.xda-developers.com/showthread.php?t=1299134. It includes step-by-step instructions.
Click to expand...
Click to collapse
I'll try to search, hope I'll be up and running soon. Too bad WP7 is DOA. They always had much better tools than all these ghetto Symbian/Android/Xcode crapware tools... WTF is wrong with these guys, at the point when they were surpassed at speed of light by newbies iPhone and Android they made some backward steps to cut off most of the devs (but they added all these 500K Silverlight newbie devs...). I'm so disappointed with Android, seems like they hired all these retards who were fired at symbian: same **** tools
I downloaded a few samples and it seems that all of them contain prebuild dll's and all of them are COM dlls or something like that.
What I'd like to find is simple sample that contains src code to native WinMo dll and C# project that it uses.
As far as I know native dll cannot be build with latest tools (am I right?), but I can use cegcc or VS2008 to build native DLL's.
stuff like:
Code:
if (ComBridge.RegisterComDll("ComFileRw.dll", new Guid("EEA7F43B-A32D-4767-9AE7-9E53DA197455")) != 0)
is totally unknown to me. I would really like to avoid to even elarning anything about COM related stuff. I prefer not to mess up with code that isn't portable.
HI mtlgui,
unless Heathcliff finishes his WP7 Root Tools SDK, you don't have any other way to access native c++ code besides using COM. DFT (The DarkForcesTeam) released a firmware loader, that allows you to flash customized unsigned firmware. They were also able to do some native c++ coding with the WM API. However the used firmware for that is not public and it is limited to HTC devices.
Did you already consider to write your application in c#? Mango has now TCP/UDP socket support for outgoing connections. Incoming connections or services running on the phone aren't possible without using native code, at least for the moment.
Hi rudelm,
if the only way to use native is to build COM dll, then I'm OK with that. My app code is old and I'd rather throw my WP7 device to trash can than trying to rewrite my app in C#.
Eventually, down the road while hacking maybe I'll learn c# well enough to do anything with it other than GUI and calling native/COM dlls.
So, just to confirm my understanding. I need to write COM dlls that access native API (socket, filesystem, wavein/waveout etc) and then load these COM dlls and call their functions from C# (or whatever is the closest lang to c/c++ in the WP7 world).
@mtlgui:
You've pretty much got it. A few thoughts, though:
There is a webserver project available on this site. It includes source for its C++ native component (the library is called NativeIO; I can probably send you the source if you can't find it). It exposes registry, filesystem, and TCP server and client sockets to COM. Note that because this library was built for pre-Mango phones, just compiling it and shipping it may not work on Mango phones as many deprecated libraries were removed in Mango and if the DLL contains any references to them, it won't load.
Generally speaking, what you're asking for with TCP/UDP is possible, though you may have to code against the winsock API directly. It sounds like you're doing as little as possible with C#, so even if the Socket API that is available with Mango were sufficient for your app's needs, you wouldn't be using it.
Filesystem access... even if you have read access to your app's install folder (I haven't checked, though you should), you almost certainly won't have write access. Each app does have a writable "isolated storage" though, under \Applications\Data\{GUID}\Data\IsolatedStore\. I've only ever tried writing to it using C# though, so I don't know for sure if it's writable using the native APIs directly (should be, though).
It's probably perfectly OK to write your app as one big native DLL (hell, it *might* work to just change the build type from Application to Library, then rename main() or something like that). You will need to expose the library to COM, but that's easy. You can then write a very simple C#/Silverlight app (see Heathcliff's instructions, or just post the COM interface and soembody could write it for you). All the C# app needs to do is use ComBridge to access the native DLL, and call a "run()" function or something similarly simple.
For what it's worth, C# is very close to a superset of C++, at least on the desktop. The phone version is crippled a little by not allowing the use of pointers - everything has to be done with strongly-typed references instead, which can make network code a little annoying but is otherwise rarely a problem - but with a little experimentation you may find your disdain for C# to be misguided. It's a useful language to know it today's job market, if nothing else.
Why is your phone still on 7004? That's the launch retail build, something like eight months out of date. On the plus side, this means that things like ChevronWP7 Unlocker still work for you, as you found. On the minu side, it means you're putting up with bugs and missing features that you needn't be. Have you tried updating at all? If/when you do update, make sure to back up the restore points that the Zune software generates (they got in %localappdata%\Microsoft\Windows Phone Update\). That way, if you ever need to roll back to 7004, you can do it. Normally, only the most recent restore point is kept.
Flashing ROMs is safe so long as you don't try something like flashing the wrong one for your device. Unless your bootloader is unlocked (only possible on HTC), you can only flash official ROMs anyhow, which saves you from most of the risks. On the other hand, you're already on as old a ROM as you will find, and so long as you keep your restore points, you can return to it any time you want to, easily.
I'm googling now the board to find NativeIO and that webserver app. So far only references to it, but no src code.
I'm ok with isolated read/write access. All I care is persistent fs storage.
My phone is still 7004 because I just bought it so I can do some WP7 development. I don't want to mess up with updates at the moment.
As I understand from another post ComBridge is C#->COM->native c++ dll or any other dll that can be used, right? I'm just learning some COM to learn enough to start actually programming for the phone. I see that I can pass whatever data I want, but I don't seem to be able to see a way to register callbacks so that native/COM could call back to C#
mtlgui said:
I'm googling now the board to find NativeIO and that webserver app. So far only references to it, but no src code.
I'm ok with isolated read/write access. All I care is persistent fs storage.
My phone is still 7004 because I just bought it so I can do some WP7 development. I don't want to mess up with updates at the moment.
As I understand from another post ComBridge is C#->COM->native c++ dll or any other dll that can be used, right? I'm just learning some COM to learn enough to start actually programming for the phone. I see that I can pass whatever data I want, but I don't seem to be able to see a way to register callbacks so that native/COM could call back to C#
Click to expand...
Click to collapse
Basic introduction to native code and COM, including references to more background info: http://forum.xda-developers.com/showthread.php?t=1299134.
Callback from C++ -> COM -> C# can be done. Decompile the WP7 Acrobat Reader app. You'll see how it works.
Ciao,
Heathcliff74
Erm sorry but can someone explain to me what's chevronwp7 in simple words? I know it's like a jail break or something and it can sideload apps or something. can someone explain to me these few things:
1) what's sideloading?
2) are there any risks involved using it?
3) does it allow me to download any apps from the marketplace or something? if not, what can I do with it?
sorry I'm kind of a noob about wp7. just asking this coz I was thinking of getting a new phone, either android or wp7. Thanks in advance!
This really belongs more in the Q&A forum, but...
Sideloading is the process of installing an application onto your phone directly from a PC, instead of using the marketplace. Apps for sideloading are packaged in ZIP files with the extension changed to XAP. They work almost exactly like marketplace apps (there are a few small differences).
In order to sideload applications, your phone needs to be developer-unlocked. There are multiple ways to do this. ChevronWP7 Unlocker, which only works on the first two versions on WP7 (not on any build 7389 or higher), is an unofficial technique, which some have referred to as jailbreaking. There are other techniques, such as registering for a marketplace developer account (or getting help from somebody who has registered), or using the forthcoming ChevronWP7 Labs (same guys, different project), or using the registry editor built into LG phones. That's all that dev-unlock is, incidentally - a registry edit. It is a perfectly normal change, nothing close to the level of lackery of jailbreaking in iPhone.
Technically, there are no risks to dev-unlocking your phone, although I suppose using some of the unofficial methods do carry risks if done incorrectly. However, there are definitely risks to sideloading applications. Sideloaded apps can make changes to your phone - in some cases, big changes, potentially including malware or making your phone not work - and they haven't gone through the verification process that Microsoft uses to keep harmful software out of the marketplace. In general, the apps published through XDA-Developers are reputable, but there is no guarantee. Even an app that is not intended to be harmful could mess something up by accident. I and some other developers post the source code to our apps, partially as a way of allowing people to check and ensure that our apps do only what they say they do.
Developer-unlocking does not allow you to install marketplace apps without paying for them. That's not at all what this forum is about, and asking about it is not a good idea - at best, you'll probably just get the thread locked. Please go elsewhere if you want to talk piracy.
What sideloading is useful for is installing apps that, for whatever reason, Microsoft doesn't allow in the marketplace. These apps range from small tweaks to the phone (adding a custom theme color or changing notification sounds, for example), to adding features that aren't officially available (things like Internet tethering for a PC), to opening up the phone's security completely and allowing you to do nearly whatever you want with it.
I hope that answers your questions. As to WP7 vs. Android, that really depends on what you want out of the phone. In either case, it's not a good topic of discussion for the development and hacking forum.
so in a way, chevronwp7 enables the phone be able to download third-party apps from the net? like how android can download .apk files?
Right now, ChevronWP7 Unlocker typically doesn't enable anything - it hasn't worked since the first versions of WP7, nearly a year ago. If you have a really old phone or flash a really old ROM, I guess you could still use it.
However, you're correct that developer-unlocking a phone (which is what ChevronWP7 Unlocker did) allows you to download third-party apps off the Internet (or develop them on your own PC) and install them to the phone using USB. Unless you're using a custom ROM, you can't install them straight to the phone; instead you use one of the many XAP deployment tools.
WP7 application packages are files with the .XAP extension (I believe it originally stood for "XNA Application Package). I believe they are similar to Android's .APK files, though I haven't actually cracked one of those open to look.
Hi hackers!
Found something pretty cool while I was digging around looking for new interop-unlock hacks. The bad news is that it looks like it's not usable for interop unlock, the good news is that it's still pretty cool.
This previously required a dev-unlock, but no longer does. It does not require interop-unlock. It works on all phones (as far as I know).
UPDATE 3: ZIP file usable on non-unlocked phones EDIT: I think this will not work on most phones. Sorry! The XAPs still work, if you can sideload them
I've added a ZIP file that can be used to switch the OEM Marketplace without needing to sideload a XAP at all. Instructions are inside, but basically you tap the XML file for the OEM you want, then reboot the phone.
UPDATE 2: Dell Apps.xap, Nokia Apps.xap (v2)
The Dell apps collection is hidden, like the Nokia one was (see Update 1 below). The only app I was able to find was "Newsroom" (another app kind of like HTC Hub). If there are others, please let me know and I'll try to find them.
Nokia has collected their apps into a single marketplace section, like HTC/Samsung/LG. The new Nokia Apps.xap reflects this, so disregard the Update 1 note below for Nokia, and download the new XAP!
UPDATE 1: Nokia Apps.xap (See the Update 2 note - Nokia Apps.xap has been changed)
Be aware that this app works a little differently. Rather than actually adding a "Nokia" store to your Marketplace list, it just enables your phone to access Nokia's apps though the normal marketplace. Not sure why some OEMs did their own store and others didn't, but that's why it wasn't working before (it isn't a stand-alone store section).
An easy way to find the Nokia apps is to do a seach for a well-known app, like Nokia Maps. Then, open it and tap the "More from Nokia Corporation" link. This will take you to a list of all of Nokia's apps.
WHAT IS IT?
Install a XAP or tap an XML file in the ZIP, and restart your phone. Then, open the marketplace, and you'll discover that, instead of "HTC Apps" or "Samsung Zone" or whatever your default is, you can install OEM apps from a different OEM.
WHAT CAN I DO?
If you want to install Nokia, HTC, Samsung, LG, or Dell apps, open the ZIP file on your phone, look for the OEM name you want, and tap the XML file immediately under that OEM name. You'll need to restart your phone before the Marketplace changes.
If you want to help out, give me as much info as you can about the other OEM marketplaces (Toshiba/Fujitsu, perhaps?)
IS IT DANGEROUS?
Well, it's a hack. There's always *some* danger. However, you don't need to worry very much. The phone will automatically revert the Marketplace after a day or so. You can also get your proper marketplace back by installing the corresponding app/tapping the desired ZIP.
However, you *really* should keep an up-to-date restore point any time you're messing with stuff like that, especially with new hacks. If something screws up and doesn't straighten out, restore a backup or hard-reset and it will fix itself.
EDIT: The ZIP does not appear to work on most phones. The XAP files should still work on 7.8, though.
WHO CAN I THANK?
Well, aside from myself thanks go to:
Heathcliff74, for the XAP deployer hack and the Samsung marketplace configuration file.
Schaps, for TouchXplorer (let me find the relevant file).
Voluptuary, for info about both OEM and MO marketplaces (working on those).
wpxbox, for the info about "Nokia collection".
CAN I ASK A QUESTION?
You just did, or at least, I did for you. Please see the next post after this one for FAQ. Otherwise, feel free to post a reply with your question. Please, if it's at all relevant, include the make, model, and version of your phone and OS/firmware.
OK, I know you all will have some questions. I'll try to collect them, and their answers, here so people don't have to read every post.
If you ask a question that is already answered here, I may facepalm and/or use sarcasm.
DO I NEED TO RUN THIS APP?
No, you don't. It doesn't do anything at all after installing. In fact, I re-used another app that I had handy, so the message you see isn't even accurate!
WHY DOES THE MESSAGE IN THE APP TALK ABOUT INTEROP UNLOCK? CAN I USE THIS APP FOR INTEROP UNLOCK?
It talks about it because I reused in interop-unlock app (which works exactly the same way, but with a different file). This app will not interop-unlock your phone, or even allow you to do so. However, it doesn't need interop-unlock, either. Furthermore, why are you running the app? You don't need to; none of the instructions say to run it.
CAN I DELETE THE APP?
Yes. Once it's installed, you can delete it immediately if you want to.
HOW DO I GET MY OWN OEM'S MARKETPLACE BACK?
You can either install the corresponding XAP and reboot, or you can wait a day or so for the phone to recover on its own.
HOW CAN I GET BACK TO AN OEM MARKETPLACE THAT I ACCESSED BEFORE?
Remove the app (and any variant of it), if it's currently installed. Then, install it again. Then, reboot as before, and you should see the marketplace corresponding to whatever XAP you used.
WHY DON'T ALL APPS WORK?
Many apps will use native drivers to do their work. These drivers are specific to each OEM's firmware, and are baked into the ROM. Apps that don't need special permissions, like the Samsung Now app or LG's Look n Type, should work. Apps that have high permissions or do device-specific things, like a Network Profile app or HTC Sound Enhancer (if it ever appears again) won't work on other phones.
SOME OF THESE APPS HAVE ID_CAP_INTEROPSERVICES, CAN WE USE THEM FOR INTEROP UNLOCK?
No. The apps may appear to work (even on interop-locked phones) because they were installed from the Marketplace and have valid signatures. However, they won't actually be able to do anything useful, because the wrong drivers will be installed (see the previous question).
CAN YOU ADD A XAP FOR ANOTHER MARKETPLACE?
Sure, once the required configuration data is available. This can be tricky - for example, the values for HTC and Samsung are "HTC" and "Samsung", respectively, but the one for LG is actually "LGE" (LG Electronics). I don't know what they are for Toshiba/Fujitsu, and I'm not sure I have everything from Dell, and I don't have any others. Any help here would be appreciated!
CAN I ACCESS MORE THAN ONE OEM MARKETPLACE AT ONCE?
No, sorry. I tried to build support for multiple OEM markets, but it didn't work. The last one overwrites the previous.
WILL APPS KEEP WORKING AFTER THE MARKETPLACE REVERTS?
So far, yes. I don't know whether they'll get updates, although I suspect they will.
CAN SOMETHING BE DONE ABOUT APPS COMPLAINING THEY DON'T WORK ON MY PHONE?
Sadly, no (nothing safe). Most of the LG and Samsung apps that I've tried work just fine (interop aside) on my HTC phone. It helps that in Mango, a lot of formerly interop capabilities (like compass for LG ScanSearch) are now in the official APIs. Some apps will still check though, and there's nothing I can do about that.
CAN WE ACCESS MARKETPLACES FOR OTHER OPERATORS?
It's probably possible, but I haven't bothered to try yet. If there are interesting apps for carriers that work outside of that carrier's network, I'll give it a shot. It's a different file but the structure is very similar.
IS THERE A LIST OF APPS KNOWN TO WORK?
Courtesy of user JusThinK, as of 1 Feb 2012:
JusThinK said:
Converter
FunShot
HTC Hub
Look n Type
MiniDiary
Notes
Now
Photo Enhancer
Photo Studio
Photo Stylist
Photogram
ScanSearch
SmartShare(previously know as Play To - Working fine on with my Samsung HDTV)
ToolBox
Click to expand...
Click to collapse
can you just deploy all three and have access to all 3 sources in marketplace?
once you install apps from the other oem sources, and the market reverts back, do you lose the apps you have installed?
No. I tried to build it so you could access multiple OEM marketplaces at once, but it didn't work - only ever used the last one in the config file.
Apps stay installed and runnable even after the marketplace reverts. However, I can't promise they'll receive updates. I think they will, but I haven't been testing this long enough to find out.
Dell's marketplace string is "Dell"
Nokia's marketplace string is "Nokia"
I still haven't figured out Fujistu's.
thanx dude,
The 3 xap files are working on the HTC Trophy.
But the LG apps that you can download, if you run the downloaded app from LG place. He said Only for LG devices.
So are you editing the files in the 'keepers' folder? I had found those some time ago and posted them HERE back in October. I thought they would lead to this since when they were deleted the OEM marketplaces would simply go away, same can be done to remove the carrier marketplaces, but I had trouble getting them off my device to really look at them.
Be warned though in my similar pre-mango hack with the registry we found that changing the OEM marketplace values made the DRM wig out and would prevent any apps from starting. The only way to fix it was a full reset or restore to a point before the modifications were done.
I would guess that if you edit LKG_MOStoreConfig.xml you could do the same thing with carriers.
OEM's:
Samsung
HTC
LGE
Dell
Nokia
MO's:
Att
Tmous
Tmode
I am pretty sure these are case sensitive too so keep that in mind.
Thanks GoodDayToDie
this solution it gives me solved my phone not show OEM App in market
Just wondering and perhaps some people might want to test with me if we set LKG_MOStoreConfig.xml and LKG_OEMStoreConfig.xml to read only will it stay set instead of only lasting a few days?
The reason I want this is becuase I want at&t's stupid marketplace entry to remain GONE so I edited LKG_MOStoreConfig.xml to this:
Code:
<ConfigurationFile version="1">
<MOStore>
<setting id="MOName"></setting>
<setting id="MOStoreName"></setting>
<setting id="MOStoreID"></setting>
<setting id="MOStoreEnabled">False</setting>
</MOStore>
</ConfigurationFile>
Now I'm just guessing that this is how it should look since like I said before I never could get the original files off my phone to look at them.
@voluptuary: That would probably work (in fact, the "false" alone is probably enough). Marking the file read-only may or may not be sufficient.
@cyclonemon: You're welcome! I didn't even realize people were having that issue but yes, it should help there too.
I am confused, can't I do this already with Milkman's WP7 3MktPlace? I can search/list 3MktPlace apps . I can add new info such as Nokia to the application. It finds and saves the XAP to the PC and from which I can deploy it to the phone.
ok, after reading more carefully, the program process above would require interop unlock, your route doesn't
@voluptuary (again): Thanks for the OEM names. I'm pretty sure I tried "Nokia" and it didn't work, but I'm trying it again (I did the edit on the phone during testing, and that's pretty typo-prone). For what it's worth, they are not case sensitive (a good thing, since the official casing for Samsung is actually SAMSUNG).
EDIT: Confirmation, "Nokia" does not work.
You're exactly right about which file I'm replacing (you can see that if you crack the XAP). I was looking to use the embedded provxml in MOConfig to do interop-unlock, but it looks like the process which reads that file doesn't have the required permissions. I could do something for the MO marketplaces too, but I'm really not sure there's value to it; do the MOs have apps that are useful if you're not a subscriber?
So far, no DRM wig-outs. I'm hoping it works when I don't mess with the registry. We shall see.
@derausgewanderte: This method doesn't use up unsigned app limit (aside from briefly, when the configuration app is installed). It also allows updates from the phone itself.
GoodDayToDie said:
@derausgewanderte: This method doesn't use up unsigned app limit (aside from briefly, when the configuration app is installed). It also allows updates from the phone itself.
Click to expand...
Click to collapse
I see, thanks for the clarification.
just for your info. Milkman's program works with "Nokia" if that helps.
Thanks, but... neither "Nokia" nor "Dell" are working. It's rather annoying. Samsung I had the actual file to work from, but LG[E] I figured out on my own, and it works. Not so with Nokia or Dell though.
Nokia on the marketplace has the string nokia.
As this seems a nice hack, be very carefull with changing the OEM name of your phone. Doing this a couple of times will invalid something with the DRM and will force you to do a hard reset. You will not be able to run any app installed trough the MP otherwise and you will not be able to install anything.
I dont know for sure if the same thing would happen trough this method, but I'm not going to try it out. I tried it with editing the registry and if you do that about 5 times, your phone cant do anything without a hard reset.
I'm posting this to avoid problems, not to kill this hack. Because its defenetly good work, but before any complications arise, be warned.
Marvin_S said:
Nokia on the marketplace has the string nokia.
As this seems a nice hack, be very carefull with changing the OEM name of your phone. Doing this a couple of times will invalid something with the DRM and will force you to do a hard reset. You will not be able to run any app installed trough the MP otherwise and you will not be able to install anything.
I dont know for sure if the same thing would happen trough this method, but I'm not going to try it out. I tried it with editing the registry and if you do that about 5 times, your phone cant do anything without a hard reset.
I'm posting this to avoid problems, not to kill this hack. Because its defenetly good work, but before any complications arise, be warned.
Click to expand...
Click to collapse
Yes yes please heed this warning. It happened to me.
I'm aware of the problem with the registry editing method. I can't guarantee it won't happen here (make sure you have a recent backup!) but I'm hopeful. I've made far more than 5 changes, and while I haven't had it in this state for weeks yet, I have for days, and so far no problems at all.
EDIT: @VoodooKing: Just to confirm, your problem was with the registry tweak method, right? If you hit that problem with these XAPs, please let me know.
GoodDayToDie said:
@voluptuary (again): Thanks for the OEM names. I'm pretty sure I tried "Nokia" and it didn't work, but I'm trying it again (I did the edit on the phone during testing, and that's pretty typo-prone). For what it's worth, they are not case sensitive (a good thing, since the official casing for Samsung is actually SAMSUNG).
EDIT: Confirmation, "Nokia" does not work.
You're exactly right about which file I'm replacing (you can see that if you crack the XAP). I was looking to use the embedded provxml in MOConfig to do interop-unlock, but it looks like the process which reads that file doesn't have the required permissions. I could do something for the MO marketplaces too, but I'm really not sure there's value to it; do the MOs have apps that are useful if you're not a subscriber?
So far, no DRM wig-outs. I'm hoping it works when I don't mess with the registry. We shall see.
Click to expand...
Click to collapse
Yeah, I can't get Nokia to work either, however my Lumia 800 never had a "Nokia Marketplace" to begin with on the phone so that may have something to do with it. I think the other programs that have been mentioned are pulling apps in a slightly different way than what acctually happens on the phone. I would guess pehaps there is some handset ID matching or something on the phone marketplace whereas with the PC/Web based methods there isn't. (just guessing)
On a side note I tried setting the MOConfig to read only (like I said before) and while att's marketplace still sadly came back, it came back different. It used to be "AT&T AppCenter(tm)" now it reads "AT&T Featured" so that is odd. As for carrier app usefullness IMHO the at&t ones are garbage but I can't speak to any other carriers.
You have to search for Nokia apps in the marketplace for them to show up. There is no Nokia store.
Yes changing registry a few times caused my phone to not launch apps and install from marketplace. I think I changed the name more than 5 times.
As it is known that HTCUtility.dll will provide complete, unrestricted access to the TCB chamber on HTC devices, can this be used to unlock (at any level) the OS?
I have not heard anyone speaking of it and exists on my HTC Arrive. Seems to be a bypass for unrestricted access to anything within HTC devices.
I am looking at it myself, but thought I would share.
See details here...
http://labs.mwrinfosecurity.com/files/Advisories/mwri_htc-htcutility-kernmem_2011-11-10.pdf
Your link is down
very interesting but you link is down so please fix it so I can take a look. I too have a HTC arrive and have been working on an unlock.
Don't know what happened to the link.
Here is the link to the google docs version.
https://docs.google.com/viewer?a=v&...1C1HkN&sig=AHIEtbTwK-r8RyAyFmt1ai119m7EVAqsNA
-Paul
This looks promising, I'd like to know if what's written there is true ...
The paper is a couple months old, so it *could* have been patched by HTC... but hey, it also might not have been! This bears investigation post-haste.
It's easy enough to use this to execute some arbitrary code at high permissions, which is certainly useful as-is (do things like unrestricted registry and filesystem access). The real potential of it, though, is to turn off the security restrictions for specific apps. Essentially, get the benefits of a "fully unlocked" ROM but on a stock ROM, and only for the apps you specify.
One thing to note here: this is still going to require an interop-unlocked phone. It's opening a handle to a driver, and just like everything else that does so, it needs ID_CAP_INTEROPSERVICES. This is great news for owners of interop-unlocked/unlockabe phones (since this makes interop-unlock useful again) but probably doesn't help on 2nd-gen phones or on the Arrive (unless you want to roll back to NoDo, in which case this can probably be used to make an interop-unlock that works on Mango, though it wouldn't be easy).
I hope some one gets this working for the Arrive ASAP
Oh this was talked about a while back. It was patched back in NODO
Really? The paper is from only 3 months ago (assuming USA numeric date style, 2 months otherwise). You don't typically publish security advisories for things that were patched more than 6 months prior.
In any case, HTCUtility.dll still exists on my phone. No idea yet if that IOCTL still works, though. I'll try it out in any case, and report back.
For those asking about it for the Arrive though, you're likely out of luck even if this works. It is *not* a way to interop-unlock a phone, and it is *not* a way around interop-unlock. It's a way to do more things on an interop-unlocked phone. You can't even reach a driver (which is what HTCUtility.dll is) unless your app has ID_CAP_INTEROPSERVICES - that's what the capability is actually for, accessing drivers - and you can't install a homebrew app with that capability unless interop-unlocked (or on pre-Mango).
GoodDayToDie said:
I'll try it out in any case, and report back.
Click to expand...
Click to collapse
Thank you
GoodDayToDie said:
Really? The paper is from only 3 months ago (assuming USA numeric date style, 2 months otherwise). You don't typically publish security advisories for things that were patched more than 6 months prior.
In any case, HTCUtility.dll still exists on my phone. No idea yet if that IOCTL still works, though. I'll try it out in any case, and report back.
For those asking about it for the Arrive though, you're likely out of luck even if this works. It is *not* a way to interop-unlock a phone, and it is *not* a way around interop-unlock. It's a way to do more things on an interop-unlocked phone. You can't even reach a driver (which is what HTCUtility.dll is) unless your app has ID_CAP_INTEROPSERVICES - that's what the capability is actually for, accessing drivers - and you can't install a homebrew app with that capability unless interop-unlocked (or on pre-Mango).
Click to expand...
Click to collapse
Yeah I think it was mentioned here on XDA and it was believed to already have been patched.
I think by "patch" they mean that Interop was restricted as of Mango, thereby securing this exploit, in Mango. But for those that are Interop unlocked, this should still grant full access to everything else.
Just my observations. I have an Arrive and am not Interop unlocked yet, so I can't test it.
Looking at the hand-free provisioning to see if I can find a way to leverage that....
-Paul
It works. I successfully opened a handle, read a kernel-mode memory address, modified it, confirmed the modified value, and restored it.
Next trick: finding something really useful to change. Ideally, probably the process security info - if I can simply elevate a given process to full permissions, then I'm golden.
Will share code soon. If somebody knows where I can find the important part of the process info, let me know - I have a little familiarity with NT process contet blocks, but none with CE ones (if it even uses such a structure).
GoodDayToDie said:
It works. I successfully opened a handle, read a kernel-mode memory address, modified it, confirmed the modified value, and restored it.
Next trick: finding something really useful to change. Ideally, probably the process security info - if I can simply elevate a given process to full permissions, then I'm golden.
Will share code soon. If somebody knows where I can find the important part of the process info, let me know - I have a little familiarity with NT process contet blocks, but none with CE ones (if it even uses such a structure).
Click to expand...
Click to collapse
All the information looks like it is in the advisory. KDataStruct is what you want. That is equivalent to the PEB in Windows CE.
GoodDayToDie said:
It works. I successfully opened a handle, read a kernel-mode memory address, modified it, confirmed the modified value, and restored it.
Next trick: finding something really useful to change. Ideally, probably the process security info - if I can simply elevate a given process to full permissions, then I'm golden.
Will share code soon. If somebody knows where I can find the important part of the process info, let me know - I have a little familiarity with NT process contet blocks, but none with CE ones (if it even uses such a structure).
Click to expand...
Click to collapse
Can you confirm this works only on already Interop Unlocked device ?
Thx for your efforts.
Could htclv.dll be helpful in setting security on an app? It supports the following functions:
LVModInitialize LVModUninitialize LVModAuthenticateFile LVModRouting LVModAuthorize LVModGetPageHashData LVModCloseAuthenticationHandle LVModGetHash LVModProvisionSecurityForApplication LVModDeprovisionSecurityForApplication LVModGetSignerCertificateThumbprint LVModSetDeveloperUnlockState LVModAuthorizeVolatileCertificate LVModGetDeveloperUnlockState
In particular the "Deprovision Security for App" and "Get/set DeveloperUnlock" or maybe "Authorize Volatile Certificate"....
Or maybe htcpl.dll which seems to be the HTC policy engine interface. Supports:
GetFunctionTable PolicyCloseHandle PolicyEngineInit PolicyRuleAbortTransaction PolicyRuleAddRawData PolicyRuleBeginTransaction PolicyRuleBuildRawData PolicyRuleCommit PolicyRuleCommitTransaction PolicyRuleCreate PolicyRuleDelete PolicyRuleFindFirst PolicyRuleFindNext PolicyRuleGetInfo PolicyRuleOpen PolicyRuleParseRawData PolicyRuleReadRawData
These all look good to modify the security policies on HTC, assuming Interop-Unlocked.
-Paul
@dragonide: Confirmed, this requires interop-unlock since the very first step is opening a handle to a driver.
@Paul_Hammons: The LVMod functions look quite interesting indeed. Where are you getting these functions from (straight out of the DLLs, or some doc somewhere, or decompiled code, or...?), are they user or kernel entry points, and what permissions do they require? The ability to modify app security doesn't do as much good if you already have to be high-privileged to call it, though it might simplify my current goal.
@n0psl3d: Cool, I'll get to work on it.
@n0psl3d: KDataStruct contains kernel information, but I'm pretty sure what I need is in a PROCESS struct (such as is pointed to by pCurPrc). The problem is, I can't find any documentation for that struct. I'm searching online but so far coming up empty. CE doesn't seem to use PEBs or TEBs as I've seen them on NT (not terribly surprising, but annoying).
EDIT: I'm downloading the Embedded CE toolkit, which comes with source code. It'll take a while but hopefully that will have what I need.
OK, digging through the CE source I've found some interesting things. No idea if this will work yet; it'll be exciting just to make it compile.
PROCESS struct -> hTok (handle to a Token) -> phd (PHDATA, pointer to the handle data) -> pvObj (PVOID to the actual object, which is probably a TOKENINFO) -> psi (pointer to ADBI_SECURITY_INFO) -> contains the actual ACLs and privileges, and can be created from an account ID.
Probably the easiest option is to find a relatively high-privilege process and clone its token or some such. Token re-use (if I increment the reference count, this should work) may be easier. Modifying an existing token might also be doable.
Anyhow, I'm not going to have this finished tonight, but it'll get there. For those wondering wht you can do with this, it basically breaks you out of the sandbox entirely. You can call any function, access any resource, etc. that is available to a userland process (executing in kernel mode is also possible but trickier). Practically speaking, this makes all the other high-privilege COM DLLs useless - instead of ComFileRW, just use the file IO methods (anywhere you want), instead of DMXMLCOM just call ConfigProvXml directly. Even things like launching native EXEs directly should become possible (run those Opera ports on a stock ROM, for example).
I'm sorry, I still don't know what any of that means. But it sounds good! I wish I knew how to do this kind of stuff. Thanks for all of your work!