Related
I have been reading XDA-Developers for sometime and have marvelled at the ingenuity that many of you demonstrate in solving problems - I have now registered and here is my first post and hope someone can help - Digital Signing for applications we develop for WM5 is a real pain especially if you need privileged access to run as it is up to the carrier or device OEM if they want to grant you use of the certificate. I guess if you were selling software this could mean they could withold permission because they had a competitive application, all smacks of anti-trust...unprivileged access is more straight forward but is no good if you need to access the kernel or other specialist processes. I note from the XDA WM5 part of this forum that someone had changed a rom so that it would not moan at unsigned apps. Does anyone know if this change would allow any unsigned "privileged" application to be used on a JASJAR - if so does any kind person have the ability to create a CAB file that could or program that could enable this condition and another to revert to normal operation. This would make a huge difference for those wanting to develop and test apps on a device instead of just the PC emulator however it would still require signing to get the end result available for others to use on their devices - I guess we would also have to consider if this "modifying" app also needed to be signed to run in the first place - nice one MS :evil: , the user is no longer allowed to decide what he wants to install :roll: .
According to MSDN there is a tool in the WM2005 SDK called createcert.exe that allows you to create certificates for test purposes.
I didn't have much luck with it my self, but I haven't read all the documentation, so I probably screwed up when creating the certificate.
Have you tried it?
If you make it work, could you please give me some advice on it. Thanks!
When we were back on NoDo there were quite a few homebrew apps that used native code to apply tweaks to WP7 devices. Most of those apps seized to work after the device is upgraded to Mango. There a several reasons for this behavior. I've done research on this, because I wanted to make WP7 Root Tools compatible with Mango. In this topic I'd like to explain how developers can fix their apps to work on Mango again. It has taken me quite some time to compile this guide, but I hope to give the Homebrew development on WP7.5 Mango a boost.
This guide is NOT about creating homebrew executables (exe-files) for WP7. This guide aims to utilize native code DLL's (C++ / ARM) from within your Silverlight app.
Note that with native code you get access to a lot of extra API's. But that does not mean you automatically get access to resources you normally won't have access to. For example, you can use the CopyFile() API. But if you try to copy a file to the \Windows folder, you will get errorcode 0x4ec (1260), which means "Blocked by policy". So you are still bound to the rules of the sandbox of your app. If you want Full Root Access for your app, you have to wait for a new version of WP7 Root Tools, which will allow you to give your app root-access. I'm also working on an SDK for that, which wraps all common task into a neat managed library. But don't hold your breath for that, because it's all taking a bit longer than I expected.
To understand everything in this guide you need basic knowledge of C++, COM-interop and Silverlight for Windows Phone. If you are new to all this, you might want to do some reading on these topics first. Currently there is no way to debug the native code. The only thing you can do is create test-functions which return formatted debug-info. This makes things pretty difficult. Read the guide carefully, because a little mistake can make your app crash easily!
Important note: If you have any long-running tasks, they may work fine while you are debugging. But you need to make sure that you start a new thread to run this code. Because, when you run without debugger the WatchDog will monitor your application and if the User Interface thread is blocked for more than 10 seconds the WatchDog will exit your app ungracefully!
It has been suggested that native homebrew DLL's need to be signed with approved code-signing keys. This is in fact not true! You can use native DLL's on Mango devices, which are not signed at all!
Basically there are two reasons why homebrew apps are not working anymore:
- Interop Lock
- DLL's were built against libraries, which are not supported anymore on Mango
Interop Lock is discussed in this thread. Interop Lock is a new protection mechanism in WP7.5 Mango. Basically it means you can't use apps with ID_CAP_INTEROPSERVICES, unless a device is Interop Unlocked. Without ID_CAP_INTEROPSERVICES an app can't call any drivers. And most homebrew apps call these drivers directly or indirectly. So if an app uses the Interop Capability, it can only run on devices that are Interop Unlocked. If you're going to build an app that uses this capability on Mango, you'll have to give your users instructions on how to apply Interop Unlock on their device.
Most of the native code libraries that were used on NoDo, were based on a hand full of projects. These projects were created and then extended for their own needs by other developers. The result was that most of these projects had the same project-types and library-references. In Mango, a lot of DLL's that were not used anymore by Microsoft, have been removed from the OS. Mostly in the ShellCore. The DLL's were meant for MFC-type functionality, which was never even supported on WP7. Actually, these DLL's are not even used by the homebrew apps either, but there are references to these DLL's in the homebrew libraries, which will cause the library to fail loading into memory. You can see this behavior when you try to run an app with non-Mango-compatible native code on an Interop Unlocked device from within the Visual Studio 2010 development environment. When the COM-class is instantiated it will throw an COMException: "COM object with CLSID '{...}' cannot be created due to the following error: The request is not supported." This is errorcode 0x80070032. This exception is actually caused due to the fact that the previous call to RegisterComDll() failed. If you get the returnvalue of that function you should have 0. In this case the return-value is probably 0x8007007E, which is "Module Not Found". This actually means that you directly or indirectly refer to a DLL, which cannot be found on the device. To fix this we need to create a clean project and add our new or existing native code to that project.
Here are the steps to setup your development environment and create a new, clean project for your native code. Please keep in mind that this guide is still work-in-progress. I may add more detailed instructions and examples later on, when people ask for it.
Update 2011/10/15: Some improvements in the guide, based on comments of rudelm and GoodDayToDie.
Install Visual Studio 2008 with latest service pack and hotfixes. Make sure you install C++. You need Visual Studio 2008, because the necessary SDK does not support Visual Studio 2010.
Install Windows Mobile 6 Professional SDK Refresh.
Install Visual Studio 2010 with latest service pack and hotfixes. You need this to create your Windows Phone Silverlight app.
Install Windows Phone SDK 7.1.
Download the attached Microsoft.Phone.InteropServices.zip. After you downloaded the zip-file, open the file-properties and make sure the file is "unblocked" (Windows will block downloaded files). Some unzippers, including the built-in unzipper from Windows will mark the unzipped files as "blocked", which would give problems later on if you don't unblock first.
If your developmachine is 32-bit you go to "C:\Program Files\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone71" or if you have a 64-bit machine you go to "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone71". Extract the DLL from the zip-file in this folder.
Open the Visual Studio Commandprompt and change directory to the folder where you just extracted the DLL. Then enter this command:
Code:
SN -Vr Microsoft.Phone.InteropServices.dll
In the same folder there is a subfolder called "RedistList". Open that folder and open the file "FrameworkList.xml". Add this line to that file:
Code:
<File AssemblyName="Microsoft.Phone.InteropServices" Version="7.0.0.0" Culture="neutral" ProcessorArchitecture="MSIL" InGac="false" />
Thanks to Tom Hounsell for this tip!
Install the latest version of Zune.
Open Visual Studio 2008 and create a new project.
Choose Visual C++ / Smart Device / ATL Smart Device Project and fill in a name and location for your native library. Do NOT choose MFC, or your library won't work on WP7! The name will be the name for the DLL. Later on you will create a COM-class. Choose a different name for your library and for your COM-class!
In the new wizard click "Next".
Remove the "Pocket PC 2003" from the Selected SDK list and add "Windows Mobile 6 Pro SDK" to the selected SDK's. Click "Next".
In "Application Settings" keep everything default and click "Finish".
Set your configuration to "Release", because you won't be able to debug anyway.
Go to Project Properties / Configuration Properties / C/C++ / Preprocessor / Preprocessor Definitions and add this: _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA
Right-click the project and click "Add" / "Class" and choose "Simple ATL object".
In the new dialog enter the "Short name" for your COM-class. All other names are filled in automatically. Keep those names default to avoid naming-conflicts. Also make sure the name of your COM-class is different from the name of the library. All other options can are default, so you can click "Finish" now.
The basic layout for your native project is now ready. Note that you have these files: for your library you have a header-file (.h), a code-file (.cpp) and a COM-definition-file (.idl) and for your COM-class you have a header-file (.h) and a code-file (.cpp). I will refer to these files in the following steps, so make sure you can identify these files.
The COM-class you have now is based on IDispatch. IDispatch is the COM-interface that supports reflection-like functionality. The COMBridge in WP7 does not support this interface. Instead we should use IUnknown, which is the base-interface for all COM-objects and supports reference-counting.
In the header file of your COM-class you can see the public inheritance of IDispatchImpl. This is no problem and you can leave it as it is. But you can also see this COM-mapping:
Code:
COM_INTERFACE_ENTRY(IDispatch)
You need to remove that line.
In the IDL file of your library you need to change the inheritance of the COM-class from IDispatch to IUnknown.
Your native code layout is now ready to add your methods. A method in COM-class should always have HRESULT as return-type. This value should be 0 or positive in case of success (normally use constant S_OK for success). If you have an errorcode which should throw a COMException do a logical OR with 0x80070000 and return that value. If you want to return a variable, you'll to declare that as parameter of your method and decorate it as returnvalue in the IDL-file. The parameter-types are bound by the definition of COM. You can read about the supported COM-datatypes here and here. Study those parameter-types closely, because any mismatch in your managed and unmanaged declarations will make your app crash definitely. You need to add all your methods in 3 different places: in the COM-class code, in the COM-class interface and in the IDL-file. Later on you need to add an exactly matching interface to your managed code. All the declarations have their own specific format and decoration. I will give an example of two different functions for these 3 files. Note that in these examples, the COM-class was named "Native", so the class implementation is called "CNative" and the interface is called "INative". You have to change that if your class has a different name.
In the COM-class implementation (.cpp-file) add this code:
Code:
STDMETHODIMP CNative::TestMethod1()
{
BOOL result = ::CopyFile(L"\\Windows\\0000_System.Windows.xaml", L"\\Windows\\Test.xaml", TRUE); // This will fail due to insufficient privileges. This is expected behavior to show how errors can be handled.
if (result)
return S_OK;
else
return 0x80070000 | ::GetLastError();
}
STDMETHODIMP CNative::TestMethod2(BSTR InputString, BSTR* OutputString)
{
size_t size = 1000; // in chars
TCHAR* msg = new TCHAR[size];
wcscpy_s(msg, size, L"\0");
LPWSTR value = new WCHAR[20];
_itow((int)wcslen(InputString), value, 10);
wcscat_s(msg, size, L"Length of string is: ");
wcscat_s(msg, size, value);
*OutputString = SysAllocString(msg);
delete[] msg;
delete[] value;
return S_OK;
}
In the interface of the COM-class (.h-file) add this code immediately after END_COM_MAP():
Code:
STDMETHOD(TestMethod1)();
STDMETHOD(TestMethod2)(BSTR InputString, BSTR* OutputString);
Locate your interface in the IDL-file of the library. This may look a bit weird, because there are a lot of attributes that decorate the empty interface. Add these declarations to your interface (note the decoration of the parameters, read more here):
Code:
HRESULT TestMethod1();
HRESULT TestMethod2(BSTR InputString, BSTR* OutputString);
Now we need to locate two GUID's and copy them in a text-file, because we need these GUID's later on. These GUID's are in the IDL-file. We will call the first GUID "interface-GUID". It is the "uuid" in the tag RIGHT ABOVE the interface-declaration. We will call the second GUID "coclass-GUID". It is the "uuid" in the tag RIGHT ABOVE the coclass-declaration. There also a "uuid" in the tag above the library-declaration, but we don't need that one.
Open Visual Studio 2010 and create a new project: Visual C# / Silverlight for Windows Phone and choose a project-type, name and location.
Now go back to your native project in Visual Studio 2008. The compiled result DLL of this project will be used in your Windows Phone app. To make sure you always use the latest version of the native DLL in your Windows Phone app, you can add a Post Build Event to this project. This example assumes you will have a folder with a subfolder for the native solution and a subfolder for the Windows Phone solution. Go to Project Properties / Configuration Properties / Build Events / Post-build Events and add this (change the paths according to the soluton-foilder you will create for your Windows Phone app):
Code:
copy "$(TargetPath)" "$(SolutionDir)..\MyApp
If you checked the option "Create folder for solution" when you created the Windows Phone project, you may want to add another subfolder "\MyApp" to the path.
Now build your native project! The compiled DLL should now also be copied to the folder of your Windows Phone app.
Create a new file called "WPInteropManifest.xml" in the folder of your managed Windows Phone app. Copy this content in the file:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<Interop>
</Interop>
Switch back to Visual Studio 2010. In the solution explorer click on "Show all files". Your native DLL and the "WPInteropManifest.xml" should be shown now.
Select the "WPInteropManifest.xml" file and in the file-properties set "Build action" to "Content" and set "Copy" to "Always". You will always need this file in your project, regardless you will be calling drivers or not. If you don't have this file in your project, you won't be able to use your native DLL.
Select your native DLL and in the file-properties set "Build action" to "Content" and set "Copy" to "Always".
In the solution explorer, right-click on the project and choose "Add Reference". Then select "Microsoft.Phone.InteropServices".
Open the "WMAppManifest.xml" file and add this line below the other capabilities:
Code:
<Capability Name="ID_CAP_INTEROPSERVICES" />
Later on, you can try if your app will work without this capability. If you only use native code without calling drivers (directly or indirectly), you don't need the capability and your app will also work on devices that are not Interop Unlocked then. This specific example does not call any drivers, so in this example the ID_CAP_INTEROPSERVICES can be omitted and then it would run on non-Interop-Unlocked devices.
Now add a code-file to your project and copy this code into the file. You need the the coclass-GUID and interface-GUID you copied into a text-file earlier and you also need to replace the name of the class and interface to the names you used. Also note that the declaration must be an exact match (order and parameters) with the declaration in the IDL-file, although the IDL-file is differently formatted.
Code:
using System.Runtime.InteropServices;
[ComImport, ClassInterface(ClassInterfaceType.None), Guid("YOUR-COCLASS-GUID-GOES-HERE")]
public class CNative
{
}
[ComImport, Guid("YOUR-INTERFACE-GUID-GOES-HERE"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface INative
{
void TestMethod1();
[return : MarshalAs(UnmanagedType.BStr)]
string TestMethod2([MarshalAs(UnmanagedType.BStr)] string InputString);
}
Note that the interface is declared as IUnknown.
Now you need to call the native code. You can add this code to the constructor of your Page or to the eventhandler of a button, or anywhere you like. Be sure to replace the DLL-name, interface-name and class-name and use your coclass-GUID. The exception is a well-known error-code and the exception will be casted to a UnauthorizedAccessException, instead of a COMException.
Code:
uint retval = Microsoft.Phone.InteropServices.ComBridge.RegisterComDll("WP7Native.dll", new Guid("YOUR-COCLASS-GUID-GOES-HERE"));
INative MyNativeCodeInstance = (INative)new CNative();
string result1 = "OK";
try
{
MyNativeCodeInstance.TestMethod1(); // UnauthorizedAccessException is thrown due to insufficient privileges. This is expected behavior to show how errors can be handled.
}
catch (Exception ex)
{
result1 = ex.Message;
}
string result2 = MyNativeCodeInstance.TestMethod2("Hello, Mango!");
MessageBox.Show(result1 + Environment.NewLine + result2);
You can now run your project! Be sure that you deploy it to your device. The emulator won't work, because you project uses native ARM code. The emulator runs on x86, so your native DLL won't load in the emulator.
When you go more advanced, you may need the Marshal-class. For example to copy a native memory-block to a managed byte-array. Be aware that there are actually two "Marshal" classes. There is "Microsoft.Phone.InteropServices.Marshal" and "System.Runtime.InteropServices.Marshal". They both look the same. But be sure you are using "Microsoft.Phone.InteropServices.Marshal", because it will allow you to do a lot more! Most methods in "System.Runtime.InteropServices.Marshal" will throw a MethodAccessException, because they are tagged [SecurityCritical], while the same methods in the other Marshal class will work.
I hope this will help you port your homebrew apps to Mango or create some fresh new homebrew! If you created an app with native code, drop me a line here. Show me your Screen Recorders, Accent Changers and more!
Ciao,
Heathcliff74
looking fwd to the native apps , a universal screenshot apps would be awesome..
Update :
scratch that, just ready that the app will be bound to the rules of the sandbox of your app.I guess that means no universal screenshot app yet
Its time to get native! Thanks Heathcliff.. I think I have a very good idea on something I could use native code for.. Ill pm you =)
Sent from my SGH-i917 using XDA Windows Phone 7 App
Suddenly, awesomesauce! Wow, big thanks Heathcliff74! Eve since you said you'd figured out homebrew native DLLs on Mango, I was really excited to see what people could do. I never guessed the real reason homebrew DLLs didn't work on Mango, although in retrospect this makes sense. You're awesome for investigating this for us.
Thoughts that immediately come to mind:
Update the existing screen capture apps.
Update the existing WebServer app.
(As part of the above) update the sockets DLL so we have server sockets again.
Explore how much filesystem access we have. Can files be copied from one app's isostore to another app's isostore?
Explore accessing drivers. The HTC update breaks filesystem access for HTC homebrew, but maybe there's another driver entry point we can use.
Investigate direct access to the SMS store (message backup?)
... and so much more. Oh, this is going to be fun!
the0ne said:
looking fwd to the native apps , a universal screenshot apps would be awesome..
Update :
scratch that, just ready that the app will be bound to the rules of the sandbox of your app.I guess that means no universal screenshot app yet
Click to expand...
Click to collapse
Hi!
Screenshots apps are definitely possible! The API for this can be called from within the sandbox and using OEM drivers it is possible to switch off dehydration. I already discussed this with fiinix and gave him this info. And I believe he almost has a Mango version ready.
Thanks for writing the article
Ciao,
Heathcliff74
great to hear about the progress
thanks Heathcliff74 for sharing!
Wooohooo nice HowTo! I will definitively try it and will report later. However, that will require that I go back to NoDo and back to Mango first. I'm not looking forward to that procedure... anyways awesome work Heathcliff, thank you!
@GoodDayToDie: you mentioned that the HTC libraries are fixed regarding file access. Julien Schapman from TouchXplorer mentioned something like that a while ago on twitter. Do you have any additional information on that topic? Is it just the DLL files from the HTC apps or is it something with the Mango HTC Update? I'll hope this is reversible, if I go back to NoDo and want to try Heathcliffs instructions :/
@rudelm, I only have experimental knowledge; I haven't dug into the actual update. However, the way that things like ComFileRW.dll work is by calling into some high-permission module in the HTC firmware (probably a driver using an IOCTL, though it could possibly be an RPC call to a privileged process) which then executes the requested action with high permissions. That's why the HTC DLLs don't do anything on other phones; they can't talk to the component that actually does the work.
My guess is that the HTC update simply turned off whatever it was that the COM DLLs are calling into. It could be more complex than that - for example, they could be trying to validate the caller, and prevent it from being used by homebrew - but whatever they did, neither DLL works anymore once you have the HTC update *even though the DLLs themselves did not change.*
Is it reversible? Well, "fixing" whatever component they were calling into is one option. Using Heathcliff74's Root Tools to gain full permissions on a "normal" homebrew app is another. There might be more, but it would need more study.
Thanks. Will try it. Hopefully i can get "GetPhoneNumber" from Windows Mobile 6 SDK to run or maybe trying http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx
GoodDayToDie said:
@rudelm, I only have experimental knowledge; I haven't dug into the actual update. However, the way that things like ComFileRW.dll work is by calling into some high-permission module in the HTC firmware (probably a driver using an IOCTL, though it could possibly be an RPC call to a privileged process) which then executes the requested action with high permissions. That's why the HTC DLLs don't do anything on other phones; they can't talk to the component that actually does the work.
My guess is that the HTC update simply turned off whatever it was that the COM DLLs are calling into. It could be more complex than that - for example, they could be trying to validate the caller, and prevent it from being used by homebrew - but whatever they did, neither DLL works anymore once you have the HTC update *even though the DLLs themselves did not change.*
Is it reversible? Well, "fixing" whatever component they were calling into is one option. Using Heathcliff74's Root Tools to gain full permissions on a "normal" homebrew app is another. There might be more, but it would need more study.
Click to expand...
Click to collapse
uhoh... sounds pretty bad for HTC users. If it was a firmware update, we will have a bigger problem. I will try to revert back to Nodo and will try Heathcliffs instructions for Native Code first. InteropUnlock is still something I need to try for Mango
rudelm said:
uhoh... sounds pretty bad for HTC users. If it was a firmware update, we will have a bigger problem. I will try to revert back to Nodo and will try Heathcliffs instructions for Native Code first. InteropUnlock is still something I need to try for Mango
Click to expand...
Click to collapse
No worries. I did some testing with contable and we just got confirmation that my exploits for HTC will still work on HTC Interop Unlocked Mango devices (needs a little adjustment, but No Problem!) Still working on a version of WP7 Root Tools for Samsung/HTC/LG RTM/NoDo/Mango!!
Ciao,
Heathcliff74
A screenshot app is allready there:
TouchXperience for Mango from Schaps.
Atm there is only missing the WPDM Mango update for being able to save the screenshot...
Heathcliff, could you please try to fix that HTC bug first? I am running into this problem with the HTC update and now my old code does not work anymore But at least my phone is finally interop unlocked because I could deploy the app on Mango but I get this error:
COM object with CLSID '{C6BD09B4-96AA-4524-89C4-665A15DD7C9B}' cannot be created due to the following error: The request is not supported. .
Which is one of the errors you mentioned on the first page. So far, so good
rudelm said:
Heathcliff, could you please try to fix that HTC bug first? I am running into this problem with the HTC update and now my old code does not work anymore But at least my phone is finally interop unlocked because I could deploy the app on Mango but I get this error:
COM object with CLSID '{C6BD09B4-96AA-4524-89C4-665A15DD7C9B}' cannot be created due to the following error: The request is not supported. .
Which is one of the errors you mentioned on the first page. So far, so good
Click to expand...
Click to collapse
I don't get what you mean. What HTC bug? What HTC update?
Ok, I will explain it:
There was a HTC Update when I upgraded from Mango B2 Refresh to the Mango RTM from Microsoft. It was followed by a smaller HTC Update. It was called HTC Update for Windows Phone. You can read it here in my blog.
Yesterday, I decided to revert back to NoDo, so that I could Interop Unlock my HD7 before I upgrade to Mango RTM. I did this with these tools and instructions from petbede.
However, ansar found out, that MS changed the update procedure and included the HTC update directly in the 7720.68 update.
Now you mentioned yesterday, that you and contable found a solution to use the HTC DLLs although there was this HTC update on our phones. That was when I already feared that the HTC update will break everything I tried so far.
So I called it the HTC bug, because it breaks my stuff
rudelm said:
Ok, I will explain it:
There was a HTC Update when I upgraded from Mango B2 Refresh to the Mango RTM from Microsoft. It was followed by a smaller HTC Update. It was called HTC Update for Windows Phone. You can read it here in my blog.
Yesterday, I decided to revert back to NoDo, so that I could Interop Unlock my HD7 before I upgrade to Mango RTM. I did this with these tools and instructions from petbede.
However, ansar found out, that MS changed the update procedure and included the HTC update directly in the 7720.68 update.
Now you mentioned yesterday, that you and contable found a solution to use the HTC DLLs although there was this HTC update on our phones. That was when I already feared that the HTC update will break everything I tried so far.
So I called it the HTC bug, because it breaks my stuff
Click to expand...
Click to collapse
I see. Well, I didn't find a solution. I just checked if MY exploit still works. And it does! I don't even know what you use exactly (I assume you use some HTC DLL's, but I don't know which and I don't know which functions). I don't use the HTC DLL's myself. Mainly because I don't want to get copyright issues when releasing WP7 Root Tools. Just look at the current release of WP7 Root Tools. No OEM code in there. So I don't think I can fix that for you.
Ciao,
Heathcliff74
Hm ok, I understand. I was using a HTC dll for changing a registry value (overriding DHCP DNS Server). However, it is interesting to know why the HTC DLLs all of sudden stopped working after this update. The DLLs inside the HTC tools seem to be the same size and should not be changed by the update.
But this shouldn't then influence the DLL made with your instructions in this thread i guess?
@rudelm:
The HTC devices have HSPL support, so why you don´t flash the latest xboxmod rom ? This saves a lot of time and all available types of unlocking can be sent via cab sender.
For writing registry keys or doing file operations you can use DiagProvXML til Heathcliff has finished the next version of WP7 Root Tools.
Is there any other reason why you are updating your phone the official way ?
@rudelm: The HTC DLLs don't actually have elevated permissions by themselves. To do things that an app n ormally lacks permissions for (like accessing the whole filesystem or writing to the registry), it needs to call into a high-permission component (probably a driver or a high-permission process). All HTC had to do to make the registry and filesystem COM DLLs stop working is to change that component so it didn't do what the COM DLLs told it to do.
@contable: I've heard enough reports of things that *should* work on HTC phones not working on the custom ROMs that I'm hesitant to install one. Then there's the risk of bootloader issues. Then there's the lose-all-your-data-because-your-phone-gets-reformatted issue - until I have my backup app working fully, I prefer to avoid the last one in particular.
Edit: If you are looking for working attachments, please look at this posting.
@contable:
I need an unmodified version of WP7 for my master thesis. The other thing is that I don't want to play around with HSPL without having the original SPL or firmware. It's like GoodDayToDie said: I'm still hesitating of the said reasons.
@GoodDayToDie:
The HTC applications still work and they were not updated afaik. So they are using the same DLL files. If there would be some driver running in TCB or ECB and they changed something, then their applications should stop working too. However, they can still be executed without problems. I am not sure what DLLs are used by advancedexplorer, but I think it were also the HTC dlls. My own application which used the HTC dlls stopped also.
@Heathcliff:
I've tried your instructions and found some errors in it:
step 23: *OutpuString = SysAllocString(msg); instead of *OutputString = SysAllocString(msg);
step 25: ; missing after OutputString)
step 28: add \MyApp to path, because VS2010 Solutions always have a subfolder with the same name of the solution
step 36: [return : MarshalAs(UnmanagedType.BSTR)] should be [return : MarshalAs(UnmanagedType.BStr)]
step 37: result 2 needs a type => string result 2 = ...
on first run:
Error 1 Could not load the assembly file:///C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone71\Microsoft.Phone.InteropServices.dll. This assembly may have been downloaded from the Web. If an assembly has been downloaded from the Web, it is flagged by Windows as being a Web file, even if it resides on the local computer. This may prevent it from being used in your project. You can change this designation by changing the file properties. Only unblock assemblies that you trust. See http://go.microsoft.com/fwlink/?LinkId=179545 for more information. NativeTestApp
Click to expand...
Click to collapse
This is because you forgot to register the DLL first. Look here: http://thounsell.co.uk/2010/11/avoi...g-the-interopservices-library-to-the-wp7-sdk/ and then down in the comments:
You must open the visual studio 2010 command prompt as administrator and call:
SN -Vr Microsoft.Phone.InteropServices.dll
then close and reopen Visual Studio, now it should work
Click to expand...
Click to collapse
In addition that, you will have to unblock the file in Windows Explorer, Properties of the file. Otherwise you will get this error in Xaml view:
Could not load file or assembly 'Microsoft.Phone.InteropServices, Version=7.0.0.0, Culture=neutral, PublicKeyToken=24eec0d8c86cda1e' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)
Click to expand...
Click to collapse
This unblock will only work, if you use the Windows Explorer in administrator mode. The DLL file should be copied to a path were every user can access the file. Unblock it there and move it than back to the WindowsPhone71 folder. I've extracted it directly to the WindowsPhone71 folder and I couldn't change its properties there.
I've created a VS2008 and VS2010 sample project on your instructions and tried to add some comments to the sources. I've attached them to this post. Here are a few extra information to my project:
Interface-GUID: D28D8CB9-F8BC-4379-9D0A-FA77C87EF814
coclass-GUID: 7300CD4A-03F4-4569-B2D8-F1515385D46D
COM Class: NativeTestClass
INativeTestClass and CNativeTestClass
Always results in retval 0 and this exception:
System.MethodAccessException was unhandled
Message=Attempt to access the method failed: System.IO.FileInfo..ctor(System.String)
StackTrace:
at Microsoft.Phone.InteropServices.ComBridge.RegisterComDll(String dllFileName, Guid clsid)
at NativeTestApp.MainPage.actionButton_Click(Object sender, RoutedEventArgs e)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(MouseButtonEventArgs e)
at System.Windows.Controls.Control.OnMouseLeftButtonUp(Control ctrl, EventArgs e)
at MS.Internal.JoltHelper.FireEvent(IntPtr unmanagedObj, IntPtr unmanagedObjArgs, Int32 argsTypeIndex, Int32 actualArgsTypeIndex, String eventName)
Click to expand...
Click to collapse
I've rechecked every step but I am still stuck. The phone itself should be interop unlocked, otherwise I couldn't have deployed the app with the capability activated. Could you please look into it? I know this error from my earlier attempts to access the HTC dll directly, but then I used the NativeLibrary here from XDA which took care of all the GUID things etc.
The result of probably more than 100 hours of solo hackery: a working COM DLL for allowing any application to elevate itself to SYSTEM (root) permissions.
What you need:
An interop-unlocked HTC phone. Sorry second-gen and Arrive users.
A working HtcUtility driver. It's possible some HTC update at some point crippled this. It works for me; if it doesn't work for you let me know what updates you have.
What it does:
Allows changing the security token of any application to give that app unrestricted permissions. At this point, you can call any user-mode API, perform any operation, with full access.
It also allows you to read or write any value from memory, even kernel memory (this is how it modifes the security token).
What it can be used for:
Darn near anything. If it can be done while the phone is booted, you can do it.
What it can't be used for:
Modifying the ROM - the R and O stand for "read only" and they mean it.
Interop-unlocking a phone - it requires interop-unlock to get root in the first place.
How to use it:
In your app, include the HtcRoot.dll library.
Include the code from DriverAccessTest.cs in the test app (defines the COM API and enables using it).
Call the OpenHtcUtility function (will throw an exception if your device is incompatible).
Call the MakeMeRoot function (can also throw exceptions).
(OPTIONAL) Call the ReturnZeroIfRoot function to make sure your app is elevated (does not throw exceptions, will return an error code if you get one).
Do stuff with SYSTEM permissions (probably using another COM DLL, such as for registry or filesystem access).
Call the RestoreToken function (failure to do this *might* cause a kernel memory leak).
Call the CloseHtcUtility function (OS will probably handle this if program just exits).
What you can do right now:
Try the test app. It should pop up a series of messge boxes. Hopefully none of them say anything like "FAILURE".
Report any bugs or failures you discover.
Build things with this library, and publish them!
Breakdown of the download:
There are two folders in the ZIP, one for the Visual Studio 2010 C#/Silverlight XAP project, and one for the Visual Studio 2008 C++/COM DLL project.
The test XAP is in the HtcUtilityTest\bin\Debug folder.
The native (COM) DLL is also available in that folder, or under its own project.
If you want to mess with this, I'm going to assume you are already familiar with hybrid native/managed development for WP7. If not, Heathcliff74 has posted an excellent tutorial on this forum.
Special thanks to:
Heathcliff74 for the hybrid app tutorial and interop unlock info.
Paul_Hammons for the links and info about HtcUtility, the driver that makes this possible. Thread: http://forum.xda-developers.com/showthread.php?t=1434793
Supported devices / firmware versions / ROMs
All HTC devices (if interop-unlocked and with the right firmware numbers) should be compatible.
Some custom ROMs work, some do not. This will depend on the version of the firmware that the ROM's HtcUtility driver is taken from.
I believe I compiled the test app as Mango-only, but the native library doesn't care at all.
Compatible:
Stock ROMs with compatible firmware for HD7, Trophy, Mozart
HD2 (BttF [XBmod-Yuki] v2 SP1)
Not compatible:
Firmware version 2250.21.51004.401 or newer
Verizon Trophy firmware version 2305.13.20104.605 or newer
DFT ROM with build 8107, Firmware 5.10.401
Arrive (except on pre-Mango), Titan, Radar, Titan 2 (no interop-unlock)
Others are untested or results are incomplete.
Goals and future work:
Support more devices:
* Try and add support for newer firmware.
* Help ROM cookers ensure the library is supported.
* Look for similar openings in other OEM libraries.
Future-proofing:
* Allow installation of a mod to support this capability after known updates.
* Resilience against possible future updates.
* Allow users with incompatible devices to downgrade (possibly to NoDo), install the mod, and be able to use the phone after upgrading.
Improve the library:
* Fix some memory leaks.
* Clean up the code - remove dead code and improve comments.
* Allow reading/writing more than 4 bytes at a time from managed code.
* Add APIs to elevate other processes (by name or ID) to SYSTEM.
Develop homebrew around the library:
* Support accessing common APIs (filesystem, etc.).
* Resurrect the Advanced Explorer app, perhaps (registry and filesystem).
* Support native app launching on stock ROMs.
Also reserved
Reserved for OP #2
It does not work on HTC 7 Mozart (HTC Europe):
Error to Write the value 1337 to test address - System.Runtime.InteropServices.COMException (0x8007001F): A device attached to the system is not functioning
Click to expand...
Click to collapse
OS: 7.10.7740.16
Firmware: 2250.21.51101.401
Radio: 5.71.09.02a_22.51.50.21U
Boot: 5.11.2250.1(133487)
Please include the full error message or a description of what went wrong.
Failure on fully updated devices is unfortunately possible - my phone is (intentionally) a few updates behind. I'm looking into ways to make it work anyhow (either sending an older CAB update to roll back, or using the root acess to create an unlocker/root-enabler that survives subsequent updates). I'm going to look into how the full-unlock ROMs differ from standard ROMs, and see if I can do the same thing in running software.
Does it works with custom roms?
If the custom ROM has a working HtcUtility driver, then yes. My goal is to unlock the kind of capabilities normally restricted to custom ROMs on stock firmware, though.
@bleh815: Thanks for the report. That's frustrating; it looks like it is capable of doing read but not write. Write might just be restricted in what addresses is allowed, or it might be disabled entirely (the driver gives the same error code for every problem that I've encountered so far). Time to figure out
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
B) what restrictions that update introduces
C) how to work around those resrtictions (possibly by downgrading and then using root access to add something that will still work after upgrade).
GoodDayToDie said:
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
Click to expand...
Click to collapse
I've just downgraded a mozart of mine back to stock NoDo (TMOB-DE) to find out which OEM update breaks (actually fixes) it.
Cool, thanks! It's one of the post-Mango HTC updates; a Microsoft update wouldn't have modified an HTC driver, and my phone has all the pre-Mango HTC updates but it still works.
.
..........
Hi, at first it says "SUCCESS!", then it says "Trying to open a file gives error 1260" and then it says "Now opening a file gives error 0" and finally "Finally, opening a file gives error 1260".
System informations:
OS=7.10.7720.68
Firmwareversion=2250.21.12200.162
Radio=5.68.09.05a_22.50.50.21U
Bootloader=4.6.2250.0(129185)
HTC 7 Trophy.
That is *exactly* the sequence of messages it is supposed to give!!
In particular, the messages I need to see are the "SUCCESS" (the rest is potentially interesting info, but not very important) and then the "Now opening a file gives error 0".
The "SUCCESS" means that a sequence of read/write tests succeeded.
The "Now... error 0" means that the process has been elevated to full permissions.
The "Finally... error 1260" means that the security token was successfully restored at the end, so it was unable to open the file again. This is the expected and correct behavior.
I don't recognize your Firmware Version number; I'm guessing it's specific to your phone. What method did you use to upgrade to Mango?
how do i install it?
Tried on interop-unlocked HTC Surround, not working Tested any call in VS debug mode - no luck at all.
I can confirm that it works with any OS version, from 7004 to 8107.79
On a HTC 7 Mozart (TMOB-DE) it works with firmware 2250.21.13201.111 (Stock NoDo ROM) but the hole gets fixed with 2250.21.51101.111 (1st Post-Mango HTC Update).
You guys are gods taking programming to a hole new level!
I wish to see ms take you all more serious and not let wp7 fail like minmo6.5 did!
I wish I could get on your level!
I realy need some help lerning basic silverlight my self!
But I have read how hybrid working ant this is just fantastic!
conradulations on all your developments so far you guys are truly amazing!
Oh, that code, beautiful reading that!
Thanks for sharing this learnfull code!
I'd like to try it on my Verizon HTC Trophy, I would love to get file access back....
I downloaded the package and I even have VS 2010 installed but beyond that I have no idea as I am not a programmer.
Can someone post a compiled XAP for us to try to see if our phone works with it or not ?
Or some step by step VS 201 directions to try would also be helpful.
@Ttblondey: *FACEPALM* The path to the test XAP is given in the opening post. You install the XAP on your phone using any XAP deployment tool. It requires that your phone be interop-unlocked; Heathcliff74 has a nice long thread about that. The app is called called HtcUtilityTest. Run it, and report the results. If you want to actually *use* the DLL, the instructions for doing that are given too but you need to write some code.
@sensboston: PLEASE give a more complete report! Success and error messages, at the least. Also, your phone version info. Thanks!
@bleh815: THANK YOU! I mean, it's a little annoying to know how far back this was fixed ("First post-Mango HTC update" means the one that was included *with* Mango for most people, or the one after that?) but good to know. Now, to look at exactly what they changed...
@jackrabbit72380: Thanks man! As for working with it yourself, like I mention below, I'm planning to provide a universal homebrew library that people can easily use to do whatever they want.
@fiinix: You're welcome! Honestly, I didn't expect anybody to call my mess of debug-commented and mildly hacky C++ "beautiful" but that hack itself *is* pretty awesome. My only concern with using it is the risk of a context switch causing the wrong app's token to get overwritten, and I should probably look into that, but I think it's OK for the moment. There are bigger fish to fry.
In the meantime, it should open up a huge list of capabilities for tools like your DllImport project. I'm currently considering reviving Advanced Explorer (like TouchXplorer + Registry Editor, but open source; was never ported to Mango though) using the root access instead of using ComFileRW and the provxml driver. Let me know what you want to do with it!
One other thing I'd like to add is the ability to easily elevate *another* process; it's not hard to do but I haven't written it yet. This could be handy for apps where we don't have the source code (for example, elevate Schaps registry editor, which uses low-privilege native code for browsing, so it can read *all* registry locations instead of just some of them).
@DavidinCT: Well, running the test app is easy, just install the XAP. It just runs a battery of tests though, it doesn't actually *do* anything useful. To get filesystem access, you'll need to write some native code (which means using Visual Studio 2008 and the CE/Smart Device plug-in, see Heathcliff74's toturial on the subject). Basically, you would first use this DLL (accessed via COM, you can look at my own C# code for how to do that) to opent he driver handle and elevate the process to root. You could then write your own COM DLL that uses the standard Win32 filesystem APIs (CreateFile, etc. - all are documented on MSDN) and exposes those APIs, or the results of them, to managed code via COM. Then, back in your phone app (the one that called into my HtcRoot DLL) you can call into your own DLL to access the file system.
If that's too big a leap, don't worry. I plan to release a general-purpose high-privilege homebrew DLL that exposes some of the most-used functionality (filesystem, registry, provxml, and other things by request), is easily extensible (possibly using something like the DllImport project, where you just specify the function you want to call and the DLL it's located in right from C#), and that will be a lot easier to hack with. You'll still need to know C# and basic Silverlight, but it'll be a lot easier (and hopefully useful without knowing any C++ or COM).
GoodDayToDie, you are amazing, always keeping me interested!
When starting the test xap, I get the below, it then goes into the "Page Name" and that's it.
Device Info here, running a FullUnlock DFT Rom by a Chinese dev from the DFT Forum.
Nonetheless, top work on getting this started and can't wait to keep reading about the progress!
XeKToReX
Download: www.wp7roottools.com
Today I am proud to announce the immediate availability of WP7 Root Tools 0.9 alpha and WP7 Root Tools SDK 0.1!
WP7 Root Tools 0.9 brings true Root Access to devices with stock ROM's, but it also works on devices with custom ROM's and Full Unlock. Your device needs to be Interop Unlocked to use WP7 Root Tools!
This is still an alpha-release, because there are a lot of new hacks and the tools are still not feature complete! I have rewritten about 75% of all code from the previous release. So before you install WP7 Root Tools you should make a backup of your device. WP7 Root Tools will make changes to system settings and, although this has been tested, it is still possible that a problem occurs. In that case you want to have a recent backup of your device. Installing WP7 Root Tools will be your own responsibility. The author of WP7 Root Tools and the SDK cannot be held responsible for any damages caused directly or indirectly by installing and using WP7 Root Tools or the SDK!
Windows Phone is a closed system to protect the user and his/her personal data from malware and to protect the intellectual property of the developers. The downside of this closed system is that homebrew developers are very limited in their ability to control and tweak a Windows Phone device. With WP7 Root Tools I attempt to open up the system in a gentle way, so that users stay in control of their device, while homebrew apps can get more control to get the maximum power out of your Windows Phone device!
WP7 Root Tools 0.9 now has a File Explorer, Registry Editor, Certificate Installer and a Policy Editor! Thanks to true Root Access on Windows Phone, this new version of WP7 Root Tools will work a lot faster than previous releases and it supports a lot more devices!
WP7 Root Tools should work on these devices:
- Samsung first and second generation devices
- LG devices
- HTC first generation devices with Mango v1 drivers (SPL 4.x or lower)
- Samsung first generation devices with custom ROM and Full Unlock
- HTC first generation devices with custom ROM and Full Unlock
On devices with stock ROM's WP7 Root Tools need to install Root Access. The first time it runs, a 2-phase-installation will start. The app will inform you to start the first install-phase. Then the device will reboot after a few seconds. After the reboot you need to start WP7 Root Tools again immediately! Then the second phase of the installation will start and your device will be rebooted again. After the second reboot you are ready to use WP7 Root Tools. You can use the Policy Editor to give other homebrew app a "trusted" status. With this you will give the app Root Access privileges. So be very careful to which app you give Root Access!! You are responsible for giving access to an app! If you are not sure, read the forums to decide if an app is trust-worthy.
I also created an SDK, which developers can use to profit from Root Access. It provides a way to gain access to the filesystem and the registry (and more) from their managed Silverlight application. No need to worry about COM interop and C++ anymore! The package contains a read-me with short instructions. More details and examples will follow soon! Over the last days Rafael Rivera from the Chevron WP7 team has tested the SDK and he is finishing up the first homebrew app that will use my SDK. He is planning to release his Backup-app soon.
I also need to thank some people for making this possible:
- My wife! (for having to put up with me while doing all this hacking!)
- YukiXDA (for helping me with research on policies)
- Justin Angel (for sending me a NOKIA)
- Cees Heim (for supplying an HTC device for testing)
- Rafael Rivera and Chevron WP7 team (for pioneering WP7 Unlocking)
- HD2Owner (for helping me make custom ROM's for testing)
- fiinix (for helping me with research on policies)
- Ultrashot
- xb0xm0d
- AndrewSh
- Ondraster
- Barin
- Football
- Cmonex
- GoodDayToDie
- Jaxbot
- Dennis Wilson
I will update the guides and manuals on www.wp7roottools.com and here on XDA in the next coming days. I need some time to update all of it.
Have fun with Homebrew now!
Heathcliff74
reserved*****
reserved***** (2)
reserved***** (3)
reserved***** (4)
thank you for your hard work
SO AWESOME!!! Thank You SOOOO Much!!!
big thx 4 all your work man!thxthxthx...
Sent from my OMNIA7 using Board Express
Previous Versions
Thanks for your great work. Do we need to uninstall previous versions before installing the latest version? I have .8, how do I install .9?
Great news, thanks a lot! Successfully installed on Focus and Surround, no problems at all.
But I've tried "BT file transfer" and "Opera mini" (after install I've enabled "trusted" status for the apps): both apps not working properly. Should we expect updated versions of these apps (built with your SDK) or it's some another issue?
Fantastic work, Heathcliff74. Oh man, this is going to be awesome.
Suggestion: use one of your reserved posts to compile a list of trusted apps that benefit from policy elevation.
Two that I've found so far (one of mine):
Root Webserver (in my sig) - runs better with Root Tools than ever before.
TouchXperience - gives way more access through WPDM.
Two others that are in development:
LockWidgets - the preview build has some bugs, but it can be run with Root Tools.
XapHandler - the test build has some known issues (can't install or update if the app is already installed) but fresh install works at least some of the time.
Awesome work! I can confirm that the install works perfectly on an LG Quantum.
Big day!
I need some free space in C:/ to make backup.
sensboston said:
Great news, thanks a lot! Successfully installed on Focus and Surround, no problems at all.
But I've tried "BT file transfer" and "Opera mini" (after install I've enabled "trusted" status for the apps): both apps not working properly. Should we expect updated versions of these apps (built with your SDK) or it's some another issue?
Click to expand...
Click to collapse
WP7 Root Tools will give Root Access to Silverlight apps. DFT BT and Opera Mini both use native executables. You can't give the executables root access with WP7 Root Tools (in fact, you only give the launchers Root Access). These apps could possibly be recompiled to run under TaskHost.exe (as all Silverlight apps do), but I'm not sure about the inner workings of the apps. You'd have to ask the developers.
I will investigate this matter. With all the hacks I have now, I should be able to give Root Access to executables too, but that needs more research.
Ciao,
Heathcliff74
@sensboston: Those tools both require additional native binaries. WP7 Root Tools elevates apps, including all the DLLs they load (which is how the SDK works - it's a homebrew DLL, similar to the old Native.dll and company). However, it doesn't work with out-of-process binaries. Opera requires an EXE (which is obviously its own process) and BT File Transfer requires a driver.
In theory, supporting these would be possible. They'd need to be signed, and the certificates added to the Code Integrity store, but that's already possible. However, they'd also need new policies added. The current version of Root Tool only supports modifying the policies for installed TaskHost (Silverlight/XNA, possibly including some native code) apps, not adding policies for other apps.
BTW, although it's very limited, it turns out that Application.GetResourceStream can be used on files outside the app (with sufficient permissions). That means, if you want to write an app that only needs to access existing files at known locations, you don't even need to mess with native code... although the Root Tools SDK will make it quite easy to do such apps anyhow.
Thanks HeatCliff
Thanks man for this wonderfull pice off work
Heathcliff74 Installed on My Omnia 7 Thanks a lot for your Hard Work
JamesAllen said:
Thanks for your great work. Do we need to uninstall previous versions before installing the latest version? I have .8, how do I install .9?
Click to expand...
Click to collapse
You can just reinstall. No need to uninstall. From this new version on (version after 0.9) you better do an "UPDATE". Not all xap-installers support updating. A lot of them will do a full-install-cycle. If you do a full-install-cycle, you'll loose the permissions and you will have to do the 2-phase-install sequence again. If you do an in-place-update, you will keep the permissions and everything keeps working as expected.
Heathcliff74
Damn, doesn't work for me.
Verizon HTC Trophy
OS 7.10.8107.89
Firmware: 2305.13.20110.605
Hardware: 003
Thanks for the work! Hopefully I'll see support later. I probably updated to the HTC v2 drivers at some point.
dreamcaster012 said:
Damn, doesn't work for me.
Verizon HTC Trophy
OS 7.10.8107.89
Firmware: 2305.13.20110.605
Hardware: 003
Thanks for the work! Hopefully I'll see support later. I probably updated to the HTC v2 drivers at some point.
Click to expand...
Click to collapse
Hmm. are you interop unlocked? I'm no expert with HTC's but that versionnumber looks like your drivers are not that new and could possibly be supported. If you are not Interop Unlocked, then read the opening post of my Interop Unlock thread. At the end of that post is a section specifically for Verizon Trophy's
Heathcliff74
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Download here: www.wp7roottools.com
NEW: WP7 Root Tools 1.2 is released! It includes an Accent Color editor and Internet Sharing unlock now.
WP7 Root Tools
With this tool you get root-access to your WP7 device. The current version contains the Policy Unlock Installer, a registry-editor, a file-explorer with many file-operations, certificate-stores, a policy-editor, a tweaks-section and an Accent color editor. This is your all-in-one system-tool for Windows Phone 7.
If you like this app, you can donate to buy me a beer (or two).
With WP7 Root Tools I attempt to open up the system in a gentle way, so that users stay in control of their device, while homebrew apps can get more control to get the maximum power out of your Windows Phone device!
Supported Devices
Samsung first and second generation devices with Interop Unlock
LG devices
HTC first generation devices with Mango v1 drivers (SPL 4.x or lower)
Samsung first generation devices with custom ROM and Full Unlock
HTC first and second generation devices with custom ROM and Full Unlock
NOKIA devices with custom ROM and Full Unlock
Your phone needs to have at least INTEROP-UNLOCK. If you get error 0x81030120 when you deploy WP7 Root Tools to your device, then please read this guide! WP7 Root Tools will also work on devices with Full Unlock. If you want to know more about the different types of unlocks or if you want to know why WP7 Root Tools may or may not run on your WP7 device, you should read this guide.
License Agreement
WP7 Root Tools and WP7 Root Tools SDK are Copyright by Heathcliff74 / www.wp7roottools.com in 2012 - 2013
This license governs use of the "WP7 Root Tools" software. If you use the software, you accept this license. If you do not accept the license, do not use the software.
You are free to redistribute the software, as long as the copyright, conditions and disclaimer of this license are present whenever you distribute any portion of the software.
The software is licensed "as-is". You bear the risk of using it. The developer gives no express warranties, guarantees or conditions. To the extent permitted under your local laws, the developer excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
Redistributions of the copyrighted software may not be sold, nor may they be used in a commercial product or activity without first obtaining explicit permission of the developer.
Don't be stupid, make a backup!!
This tool is still in alpha stage. That means not yet properly tested. This tool also provides you with high privileges with which you can alter low level settings and data on this device. All this may result in unexpected and undesired behavior, which may ultimately damage your device. Use this tool with care and use it at your own risk. The developer of this tool cannot be hold responsible for any kind of damages, caused directly or indirectly by using this tool.
You can find backup-programs here on XDA. For example WP7 Easy Backup Tool by MarcHoover or WP7 Backup App by hx4700 Killer.
Installation
On devices with custom ROM and Full Unlock, the installation of WP7 Root Tools will be pretty straight-forward. You install the XAP and it works. On devices with stock ROM's WP7 Root Tools need to install Root Access. The first time it runs, a 2-phase-installation will start. The app will inform you to start the first install-phase. Then the device will reboot after a few seconds. After the reboot you need to start WP7 Root Tools again immediately! Then the second phase of the installation will start and your device will be rebooted again. After the second reboot you are ready to use WP7 Root Tools.
Update to a new version
If you have an earlier version of WP7 Root Tools installed and you have WP7 Root Tools Policy Unlock, I strongly advise to UPDATE the app, instead of doing a full install-cycle. Many XAP installers will do a full install-cycle. That can lead to problems, because during the installation WP7 Root Tools will temporary loose its Root Access. In that case WP7 Root Tools needs to do the 2-phase-installation again. This is usually not a problem, but future OEM- or OS-updates could make it possible that the reinstall will not be possible. So, to be on the safe side, first make a backup of the device (use a backup tool from the XDA forums) and then use a XAP installer that has the possibility to update an app. One such utility is XAPDeployX 0.9.
Registry Editor
The registry editor in WP7 Root Tools allows full Root Access to the registry. Be very careful with your tweaks, because this may profoundly influence the behavior of your device.
To delete a registrykey or -value you can tap-and-hold the item and choose delete in the context-menu.
The new version also has Advanced Search functionality.
File Explorer
The file-explorer supports all file- and folder-operations, like copying, moving, renaming and deleting files and folders. To select multiple files at once, you can tap an item on the left, which will pop up selection-boxes.
When you select files and folders with the selection-boxes, the file-operations can be chosen from the Applicationbar. It is also possible to tap-and-hold an item and choose the file-operation from the context-menu.
You can tap on an item to launch or open it. It might be necessary to give the app that needs to open the file root-privileges first. The new version of WP7 Root Tools allows you to give Root Access to System Apps like Office Mobile. So if you've given Root Access to Word, you can tap txt-files in any location to open them with Word. The new version will also allow you to give Root Access to Homebrew Native executables. The file-explorer shows whether an executable is "Installed" or "Not installed". If you tap (or tap-and-hold) on an executable that is not yet installed, you can choose to unlock the executable, give Root Access and launch it.
The new version also has Advanced Search functionality.
Certificate Installer
You might wonder why I created a certificate installer, because it is already possible to add certificates. When you email a certificate to yourself and tap that attachment, WP7 will install it. But if you install like this, the certificate will always be installed in the "Root" certificate store. With my certificate installer you can also install in "CA", "My" and "Code Integrity" stores. This may be very useful for hacking attempts. You can install a certificate by browsing to the ".cer" file and tap it. The possibilities for getting a certificate file on your phone will follow below. If you start installing certificates on your phone you should consider making backups in advance. I once experienced Zune going totally bezerk after installing certs. Zune took 100% and lost connection with the phone all the time. Everything was back to normal when I deleted the certs. In this version there is no view on the certificate stores available yet. In a future version you will be able to view the contents of all the certificate store and also uninstall certificates from there.
Certificate Store
You can browse the 4 certificate stores. Tap-and-hold will show a context-menu. You can delete certificates or save them as a .cer file. Be aware that if you delete a certificate you can do severe damage to the system. So, be careful with that!
Policy Editor
The Policy Editor will show a list of all the installed apps. You can use the Policy Editor to give other homebrew app a "trusted" status. With this you will give the app Root Access privileges. So be very careful to which app you give Root Access!! You are responsible for giving access to an app! If you are not sure, read the forums to decide if an app is trust-worthy. The new version will also show System Apps. This is done because for devices that make use of Policy Unlock, it is useful to give Root Access to System apps sometimes. For example to open txt-files outside the My Documents folder.
It is also possible to launch apps from this list, by tapping on the app. But some apps will fail to start from here, because their default task is not configured correctly. This is not an issue in WP7 Root Tools, but those apps were simply not designed to be launched like this. They are listed anyway, because it could be useful to give Root Access to these apps.
Policy Unlock v2 also allows xap-packages with special configs to automatically give unlock Native Homebrew executables when the app is given Root Access. Read more in the "For developers" and "Desktop Sync" sections.
I've been working on unlocking Native Executables for a really long time now. Ever since I started this thread on XDA. I know it has been possible to run native executable using Full Unlock. But Full Unlock is only possible on WP7 devices with unlocked bootloaders. With the introduction of WP7 Root Tools Policy Unlock v2 also devices which have only Interop Unlock can now run these programs! But that was not the only goal. This unlock has become a prestige-project for me. Because I wanted to fully understand and control the WP7 Policy Engine. I now finally succeeded in doing this
So, is Policy Unlock v2 the same as Full Unlock?? No. But almost! Unfortunately, Policy Unlock still doesn't allow you to run Homebrew drivers, like the DFT Bluetooth stack. Later on I will try to apply the Policy Unlock hacks on the drivers too.
Tweaks
WP7 Root Tools adds a few Search-providers for Internet Explorer. You can choose it here. There are some more tweaks to customize your devices. From WP7 Root Tools 1.2 on, there are tweaks for unlocking Internet Sharing and for running Automatic Data Configuration. If your operator has blocked Internet Sharing, WP7 Root Tools can attempt to configure Internet Sharing and bypass the barrier that is installed on the phone. This probably won't work on LG devices, because their drivers don't support Internet Sharing. This unlock is only meant to unlock the operator barrier. Running Automatic Data Configuration can be useful when you switched 3G network and your phone has wrong settings for the data connection or the settings have become otherwise defective. If you have more ideas to add to this page, leave me a note.
Accent Color Editor
Add your own accent colors and select colors in real-time. Fully compatible with WP7.8.
Multi-language
The current version supports 18 languages: English, Dutch, Russian, German, Portuguese, Chinese, Hungarian, Czech, Spanish, Slovak, Polish, Italian, Greek, French. And these languages are available in separate downloads: Turkish, Arabic, Albanian and Serbian. The translations are done by volunteers and some elements by translation-engines. So the translations may not be perfect. Following versions will improve and add more translations.
For developers
I also created an SDK for developers, who can use to profit from Root Access. It provides a way to gain access to the filesystem and the registry (and more) from their managed Silverlight application. No need to worry about COM interop and C++ anymore! The package contains a read-me with short instructions. More details and examples will follow soon here on this site!
The new WP7 Root Tools has Policy Unlock v2 to unlock Homebrew Native Executables. You can do that using the WP7 Root Tools Explorer. But if a developers want to use such binaries in an app, it would be very user-unfriendly if the user needed to unlock these binaries manually. For this purpose I added functionality in the WP7 Root Tools Policy Editor. When an app is give Root Access, it will scan the app for a file called RootAccess.xml. If present, the xml is parsed and the binaries that are listed will automatically be given Root Access too. This is the format for RootAccess.xml:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<RootAccess>
<Executable File="Native\NativeApp.exe" />
<Executable File="Native\NativeWinApp.exe" >
<Destination Path="\Windows\NativeWinApp.exe" />
</Executable>
<Library File="Native\NativeLib.dll" />
<Library File="Native\NativeWinLib.dll" >
<Destination Path="\Windows\NativeWinLib.dll" />
</Library>
</RootAccesss>
Take these notes into account:
The Destination paths are optional
Libraries are signed in Source and Destination
Executables are signed in Source and Destination
Executable gets policies in Source and Destination
File-path-attribute-value is relative to app path
Destination path is absolute
The first app that makes use of this feature is Ultrashot's WMDC Launcher, which can be used for Desktop Sync, as described in the next section. Ultrashot will soon make Opera Mini compatible with Policy Unlock too.
Desktop Sync
Ultrashot has released WMDC Launcher some time ago. Back then it was only possible to use that on devices with Full Unlock. With the introduction of Policy Unlock v2, it is also possible to run the app on devices that are compatible with WP7 Root Tools. Ultrashot has added RootAccess.xml to the xap-package, so the app will automatically be configured when it is given Root Access. Warning: it may take a while to apply on all unlocks, so be patient and let WP7 Root Tools do its job.
After WMDC Launcher is installed, given Root Access and lauched, you can use it to sync file-system and registry with your PC. On the PC you need to have Zune installed and running, and you need to have Windows Mobile Device Center installed and running. After that you Windows Phone will show up as Mobile Device in Windows Explorer.
For unrestricted remote Registry editing you can use Registry Workshop, or similar. In the registry editor you have to connect to the Mobile Device.
Thanks!
Special thanks to these people:
HD2Owner: for a lot of patience, learning me how to make my own test-ROM's.
Ultrashot and Cotulla: for a lot of nice hacking-chat-sessions and exchange of ideas.
CeesHeim: for providing a test-device.
AndrewSh, Ondraster and many others: for moral support.
Thanks to these people for helping with the translations: AndrewSh, HD2Owner, Paulo Santos, Reker Chen, Balcsida, Tukacs Gábor, Pavel "Paulos" Valach, Esteban Reche, David E. Salazar Paris, Brano Grenuš, Budniu, Fabio Di Peri, Chemeng, Alexandre Thouvenin, Orhan Bozkurt, Hassan Selim.
Version history
0.1 - 2011/04/04 - Initial release: only registry-editor
0.2 - 2011/04/13 - Performance improvements and minor fixes
0.3 - 2011/04/14 - Bugfix in registry-editor
0.4 - 2011/06/14 - File browser added
0.5 - 2011/06/24 - File Explorer with basic file operations and certificate installer
0.6 - 2011/09/17 - Compatible with Interop-Unlocked Samsung Mango devices
0.7 - 2011/09/17 - Bugfix in registry-editor
0.8 - 2012/01/02 - Session and Multi-Tasking awareness + Mango UI improvements (better responsiveness)
0.9 - 2012/03/28 - Complete rewrite of the app (many device supported, full root access, policy-editor, etc)
0.10 - 2012/09/02 - Many user interface enhancements, Multi-file operations added, Improved performance in file-explorer, Shell handling added in file-explorer, better error handling and reporting and lots of small bug-fixes.
0.11 - 2012/09/03 - Bug-fixes and better device support.
0.12 - 2012/11/12 - Policy Unlock v2, 16 languages, launch apps from applist, applist also includes all system-apps now, advanced file-system-search, advanced registry-search, certificate Stores, tweaks-section, many bug-fixes and performance improvements.
0.13 - 2012/12/04 - Many bug-fixes and performance-improvements.
1.0 - 2013/01/05 - Bug-fixes and User Interface-improvements.
1.1 - 2013/03/26 - Added Accent Color editor and bug-fixes
1.2 - 2013/05/07 - Added color values to Accent Color editor, improved data-connection speed tweak, added Internet Connection Sharing unlock, added Automatic Data Configuration function, added shell-handler in Explorer for provxml-files, removed wrong buttons on Device tab, disabled cache for filesystem and searches, removed ads for better Root Tools experience
- Reserved -
- Reserved -
I have a question - can I add my cert to store (authority store, though I don't know which) in order to acquire ability to install self-signed cabs? My LG Panther has locked bootloader, so it looks like the only way to update at least to 7004.
Useless guy said:
I have a question - can I add my cert to store (authority store, though I don't know which) in order to acquire ability to install self-signed cabs? My LG Panther has locked bootloader, so it looks like the only way to update at least to 7004.
Click to expand...
Click to collapse
Nope, not quite, I am not best to describe the full problem but essentially there's another certstore stored on the device, when phone boots in to update mode it uses that cert store located in the ROM
Sent from my Samsung Focus S using XDA Windows Phone 7 App
These are great things
Thank you my friend
Useless guy said:
I have a question - can I add my cert to store (authority store, though I don't know which) in order to acquire ability to install self-signed cabs? My LG Panther has locked bootloader, so it looks like the only way to update at least to 7004.
Click to expand...
Click to collapse
The answer is: I'm not sure. It is not possible to add certs to a store for updating. But it might be possible to change the file which keeps the certs for cab updating. It needs more research. Some of this has already been discussed here.
Heathcliff74
Really good work......like it .......
Thank you....
Did you missed all trusted ?
djtonka said:
Did you missed all trusted ?
Click to expand...
Click to collapse
I considered implementing that. But I think it is dangerous. If there will ever become some type of malware on WP7, you would be very vulnerable. So I decided not to implement such option.
Heathcliff74
You are the Boss
Does registry expolorer keeps last opened location after restart or reopen cos only File explorer can do this so far?
How to unlock the native code?
I have installed opera mobile but don't work...
Inviato da mio OMNIA 7 usando Board Express Pro
A bug or a normal behavior?
First of all, i would like to really thanks you for this great tool. I would like to just ask some questions:-
I updated my wp7root tool 0.11 using XapHandler, and Everything went ok. After that i needed to open the Office hub but to my surprise it didn't work. I did a soft-reset just to find out that my start screen is Black . To be honest i got panicked though i have an update that i can reinstall. After few mins digging i found out that certain feature in the phone a still working (like search, voice commands etc.) I used the voice command and opened Wp7root Tools 0.12 and went through Policies just to find out that almost every System Apps were untrusted including Start App. When i trusted Start App i got my Start Screen back .
My questions are:-
1. is this (the untrusted start app) a bug?
2. Is it intentional that all the System App to be untrusted? if not
3. Do you have a list of System Apps that were trusted Originally?
Hope you have answers to those q.
Thanks
djtonka said:
You are the Boss
Does registry expolorer keeps last opened location after restart or reopen cos only File explorer can do this so far?
Click to expand...
Click to collapse
Dunno which registry editor you've been using. But my registry-editor does remember its last location.
Jonny Rosworth said:
How to unlock the native code?
I have installed opera mobile but don't work...
Inviato da mio OMNIA 7 usando Board Express Pro
Click to expand...
Click to collapse
Ultrashot is working on that. It needs a little bit of tweaking to be compatible with Policy Unlock.
kurdland said:
First of all, i would like to really thanks you for this great tool. I would like to just ask some questions:-
I updated my wp7root tool 0.11 using XapHandler, and Everything went ok. After that i needed to open the Office hub but to my surprise it didn't work. I did a soft-reset just to find out that my start screen is Black . To be honest i got panicked though i have an update that i can reinstall. After few mins digging i found out that certain feature in the phone a still working (like search, voice commands etc.) I used the voice command and opened Wp7root Tools 0.12 and went through Policies just to find out that almost every System Apps were untrusted including Start App. When i trusted Start App i got my Start Screen back .
My questions are:-
1. is this (the untrusted start app) a bug?
2. Is it intentional that all the System App to be untrusted? if not
3. Do you have a list of System Apps that were trusted Originally?
Hope you have answers to those q.
Thanks
Click to expand...
Click to collapse
Ok. That's remarkable. I have no clear answer. Can you tell me which device and which ROM (stock, custom, ..) you use and which OS version and which OEM firmware?
It sounds to me that this is some form of Inception between Full Unlock and Policy Unlock (that should normally work, but I can't possibly test all different devices and unlock at forehand).
Normally only very few system apps are defined to have Root Access. And "Start" is NOT one of them. I don't have a cleanly installed device to check which apps should have Root Access, but there are really only a few. I don't understand why the Startmenu would need Root Access in your case. And it is not a bug that "Startmenu" is not having Root Access. It actually surprises me that you could fix it this way.
Heathcliff74
Hi Heathcliff74 i´ve the same thing on my rom,i am using the mirolg tangoromhttp://forum.xda-developers.com/showthread.php?t=1751911 and !updated! my old roottools with sending the xap to my email account and downloading it on my device,after update (xap deployer by ultrashoot) i had to give roottools fullacces/trusted permissions for running,as the man obove said,there is nothing of the system marked as trusted(in roottools),but all is running correctly !
Omnia7xdax said:
Hi Heathcliff74 i´ve the same thing on my rom,i am using the mirolg tangoromhttp://forum.xda-developers.com/showthread.php?t=1751911 and !updated! my old roottools with sending the xap to my email account and downloading it on my device,after update (xap deployer by ultrashoot) i had to give roottools fullacces/trusted permissions for running,as the man obove said,there is nothing of the system marked as trusted(in roottools),but all is running correctly !
Click to expand...
Click to collapse
Just to be clear: You do NOT have a problem with missing Startmenu, right?
Because most system apps should NOT have Root Access. If your system apps do NOT have Root Access, but everything works fine, then there is NO problem!
Heathcliff74 said:
Dunno which registry editor you've been using. But my registry-editor does remember its last location.
Ultrashot is working on that. It needs a little bit of tweaking to be compatible with Policy Unlock.
Ok. That's remarkable. I have no clear answer. Can you tell me which device and which ROM (stock, custom, ..) you use and which OS version and which OEM firmware?
It sounds to me that this is some form of Inception between Full Unlock and Policy Unlock (that should normally work, but I can't possibly test all different devices and unlock at forehand).
Normally only very few system apps are defined to have Root Access. And "Start" is NOT one of them. I don't have a cleanly installed device to check which apps should have Root Access, but there are really only a few. I don't understand why the Startmenu would need Root Access in your case. And it is not a bug that "Startmenu" is not having Root Access. It actually surprises me that you could fix it this way.
Heathcliff74
Click to expand...
Click to collapse
Thanks for the quick answer!
Sry i didn't menssion that i have an original HTC ROM, with dev. unlock and introp-unlock installed. My device is HTC HD7, Os version 7.10.8773.98 and OEM firmware 2250.21.51101.
Hope those info will help you. I will try to make a video clip reproducing the event, hopw that will help you even more.
Yours
Omar
kurdland said:
Thanks for the quick answer!
Sry i didn't menssion that i have an original HTC ROM, with dev. unlock and introp-unlock installed. My device is HTC HD7, Os version 7.10.8773.98 and OEM firmware 2250.21.51101.
Hope those info will help you. I will try to make a video clip reproducing the event, hopw that will help you even more.
Yours
Omar
Click to expand...
Click to collapse
Hm. The fact that you have a stock ROM makes this only more weird. I still can't think of a possible explanation.
Did you toggle Root Access for system apps before the problem occurred? Any other remarkable things you've done with your phone that may explain this?
Did you use earlier versions of WP7 Root Tools without problems?
Sry,yes i ahve absolutely no problems,everything works fine,i was only not sure if the systemapps must have no permissions
Heathcliff74 said:
Hm. The fact that you have a stock ROM makes this only more weird. I still can't think of a possible explanation.
Did you toggle Root Access for system apps before the problem occurred? Any other remarkable things you've done with your phone that may explain this?
Did you use earlier versions of WP7 Root Tools without problems?
Click to expand...
Click to collapse
Hi again!
No i didn't toggle it Before the problem. I just installed it then when i tried office, it didn't work and then i found out about the problem. And to be honest i really didn't do anythink remarkable either. My privous experiance with WP7Root Tools and really good, didn't have any problem Before.
Please check your PM i sent you a link to the video clip i did about the problem. OBS!!! No sound
Yours
Omar
Awesome and great job.... Your hard work is very much appreciated!!
WP7 Root Tools v 0.12 alpha updated just fine and is functioning perfectly on my HD7 running Deepshining 7.8.
Thank you!