Related
Looking around the IMGFS, I found some undocumented capabilities that can be used in building an app (in addition to the standard ones mentioned in the WMAppManifest.xml file).
These are the extra ones I found, in case anyone is interested (from BasePolicy.xml):
ID_CAP_RINGTONE_ADD:Allows ringtone-marketplace applications to read/write into the Ringtones directory
ID_CAP_MEDIALIB:Access to the media library - read, play-back, etc.
ID_CAP_INTEROPSERVICES:Temporary Interop Service Capability.. To be removed by feature team
ID_CAP_SIMrovides access to SIM manager API
ID_CAP_SMSrovides access to SMS API
ID_CAP_WAProvides access to WAP API
ID_CAP_IDENTITY_USER:Allow an application to use a phone.info.dll to retrieve user properties
ID_CAP_TESTPUBLIC1:Small public test capability
ID_CAP_LOADUNSIGNEDMANAGEDDLL:Capability to load unsigned managed dll into chamber's process space
ID_CAP_LOADUNSIGNEDNATIVEDLL:Capability to load unsigned native dll into chamber's process space
ID_CAP_DEBUG:Allow an application to run in debugging enviorment.
---Edit---
I've tested each of these individually, and some work, and others don't.
ID_CAP_INTEROPSERVICES works
ID_CAP_RINGTONE_ADD works
ID_CAP_MEDIALIB works
ID_CAP_IDENTITY_USER works
ID_CAP_TESTPUBLIC1 works
ID_CAP_SIM ID doesn't work
CAP_SMS doesn't work
ID_CAP_WAP doesn't work
ID_CAP_LOADUNSIGNEDNATIVEDLL doesn't work
ID_CAP_LOADUNSIGNEDMANAGEDDLL doesn't work.
Note that even for the ones that work, Microsoft may still reject them in the app store.
I tested these by entering them in the WMAppManifest.xml in the XAP, and loading them on a windows phone device. This guy suggests that if it loads on the device, you have the permission: http://www.drdobbs.com/windows/227701092 and I think he's right. If you don't have permission, it doesn't actually load, and in every case, if it loaded it ran.
ID_CAP_RINGTONE_ADD - So i guess with next update we will get Custom ringtones that can b installed from an app
off topic can some one create utility that will do something about tuch sensetive buttons, when using camera if u tuch any of then by accident it exit camera, so u have to hold phone very carefully.
also, app to lock screen rotation would be nice.... any of thous features undocumented anywhere
P.S sorry for unrelated message
I think the ID_CAP_RINGTONE_ADD feature will only be enabled for the carriers (who knows what Microsoft really has in mind, though). The Windows Phone has done a good job (or lousy job, compared to what I desire) managing permissions so they can choose what capability to give whom.
Disabling other buttons shouldn't be hard if you can get to the native API. So once the phone is jailbroken......
Actually, Microsofts own Q&A on Windows Phone 7 states to look in the Marketplace for additional ringtones. Here is an excerpt and a link:
To find a ringtone in Marketplace
1
On Start, tap the arrow to go to the App list, then tap Marketplace .
2
Press the Search button.
3
Do one of the following:
•
To browse a variety of ringtones, type ringtones, then tap Enter .
•
To look for a more particular type of ringtone, type something more specific, like Halloween ringtones.
Tip
To hear what a ringtone or alert sounds like, tap Play .
Note
Marketplace may not be available in your country or region.
Click to expand...
Click to collapse
http://www.microsoft.com/windowsphone/en-us/howto/wp7/start/ringtones-and-sounds.aspx
All well and good having that, but why should we purchase a ring tone?
TheDisneyMagic said:
All well and good having that, but why should we purchase a ring tone?
Click to expand...
Click to collapse
Well, I don't see myself buying any, but this means an app could be made to create/add ringtones.
Long press on a song in Zune won't let you set it as the ringtone?
Iridox said:
Long press on a song in Zune won't let you set it as the ringtone?
Click to expand...
Click to collapse
Nope, I asumed this would be how it worked but no option in the list to do so.
Ah, that's a PITA >_>
naplesbill said:
Well, I don't see myself buying any, but this means an app could be made to create/add ringtones.
Click to expand...
Click to collapse
A whole app just to add a ringtone!?
naplesbill said:
Actually, Microsofts own Q&A on Windows Phone 7 states to look in the Marketplace for additional ringtones. Here is an excerpt and a link:
http://www.microsoft.com/windowsphone/en-us/howto/wp7/start/ringtones-and-sounds.aspx
Click to expand...
Click to collapse
To me that excerpt looks like you can download ringtones from the store, not that you can create an app to download ringtones. It would appear that Microsoft has an internal application that can add ringtones (which makes sense). These permissions are enforced by the OS, not the app store (maybe the app store does too). So if they want to be able to install ringtones, they need to give their own app permission to do so.
athompson said:
Looking around the IMGFS, I found some undocumented capabilities that can be used in building an app (in addition to the standard ones mentioned in the WMAppManifest.xml file).
These are the extra ones I found, in case anyone is interested (from BasePolicy.xml):
ID_CAP_RINGTONE_ADD:Allows ringtone-marketplace applications to read/write into the Ringtones directory
ID_CAP_MEDIALIB:Access to the media library - read, play-back, etc.
ID_CAP_INTEROPSERVICES:Temporary Interop Service Capability.. To be removed by feature team
ID_CAP_SIMrovides access to SIM manager API
ID_CAP_SMSrovides access to SMS API
ID_CAP_WAProvides access to WAP API
ID_CAP_IDENTITY_USER:Allow an application to use a phone.info.dll to retrieve user properties
ID_CAP_TESTPUBLIC1:Small public test capability
ID_CAP_LOADUNSIGNEDMANAGEDDLL:Capability to load unsigned managed dll into chamber's process space
ID_CAP_LOADUNSIGNEDNATIVEDLL:Capability to load unsigned native dll into chamber's process space
ID_CAP_DEBUG:Allow an application to run in debugging enviorment.
Visual Studio won't let you add all of them directly, but uncompress your .xap in the build directory, and add it manually.
If anyone is thinking of doing this, the phone rejected my attempts to do so. I tried to give myself ID_CAP_LOADUNSIGNEDNATIVEDLL, but it wouldn't even load on the phone. Oh well.
Click to expand...
Click to collapse
But if someone use these things in an application , I think microsoft doesn`t approve it in the market place!
amir_rafie said:
But if someone use these things in an application , I think microsoft doesn`t approve it in the market place!
Click to expand...
Click to collapse
Ya, not only that, they probably automatically check to make sure you don't try to use them. The phone automatically checks, too.
The main reason I put them here is because I couldn't find them documented anywhere on the web, and I thought it would be good to save someone the time if they started down the same path I did.
hopefully once there is a jailbreak that turns of security/cert checking we can add these capabilities to our apps. Im particularly interested in the p/invoke capability.
indiekiduk said:
Im particularly interested in the p/invoke capability.
Click to expand...
Click to collapse
YES! It would make the world beautiful and skies turn blue.
So I set up VS 2010 and tried debugging an app that had a simple DLLImport in it and ID_CAP_INTEROPSERVICES in the manifest, however it still crashed with a MethodAccessException. It was def a valid dll and method name because I took it from one of the DLLImports in the system.location .net dll decompiled with Reflector.
indiekiduk said:
So I set up VS 2010 and tried debugging an app that had a simple DLLImport in it and ID_CAP_INTEROPSERVICES in the manifest, however it still crashed with a MethodAccessException. It was def a valid dll and method name because I took it from one of the DLLImports in the system.location .net dll decompiled with Reflector.
Click to expand...
Click to collapse
Interesting. If your app installed, it means you were able to get the ID_CAP_INTEROPSERVICES permission, because if the phone rejects your permission, it rejects it at install time. Maybe the DLL path was wrong, like you need to do ..\DLLNAME.dll or something.
indiekiduk said:
So I set up VS 2010 and tried debugging an app that had a simple DLLImport in it and ID_CAP_INTEROPSERVICES in the manifest, however it still crashed with a MethodAccessException. It was def a valid dll and method name because I took it from one of the DLLImports in the system.location .net dll decompiled with Reflector.
Click to expand...
Click to collapse
Try a relative URI path. ./DLLName.dll
On the subject of Native Applications on Windows Phone 7:
A few days ago, an Application called "Network Profile" appeared in the Samsung Zone of my Omnia 7's Marketplace.
This app is the first external app that uses native code - The Marketplace says that it "Requires access to your interop services", and on opening the XAP on my PC, I found it to contain three native COM DLLs, alongside two .NET DLLs and a further native DLL with MUIs that appear to only serve to hold resources.
I'm not sure whether this can be linked to here, so I'm going to describe the interesting parts.
It has not one, but three XMLs - the typical WMAppManifest.xml (pastebin.com/uEJWdTuA), a WMAppPRHeader.xml (pastebin.com/AVcv7JUX) which seems to have something to do with PlayReady DRM, and most interestingly WMInteropManifest.xml (pastebin.com/NCVKP6kM).
There is also the AppManifest.xaml (pastebin.com/rRrB090h).
The NetworkProfile.dll has a number of COM Imports like so:
Code:
[ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("F1113B13-AAB8-45E9-91A5-CBE568C29612")]
internal interface INwProfInterface
The Constructor for the class containing all the COM Interfaces:
Code:
ComBridge.RegisterComDll("NwProfDLL.dll", new Guid("4A2580BA-11A3-49AB-AC98-C30B5E72D381"));
this.NwInterface = (INwProfInterface) new CNwProfClass();
ComBridge.RegisterComDll("SecVersion.dll", new Guid("DFE52822-B526-4913-807A-D2AABC7BF911"));
this.SecVerInterface = (ISecVersionInterface) new SecVersionClass();
ComBridge.RegisterComDll("COMRilClient.dll", new Guid("A18F6B1A-924E-4787-AA82-19F98B49CF5D"));
this.SecRILControlInterface = (ISecRilControl) new COSecRilControl();
Happy to answer any questions, and if allowed, either guide people to getting it themselves, or providing a download link to the XAP.
Sweet, good find! I downloaded that app. How did you get it off your phone? If you have a download link to the XAP no one will complain, either.
Hello XDA Community,
@DEVELOPERS: I need some developers with other devices to make things (at least parts of advanced explorer) work on other devices (i have a htd hd7). !Programming & Testing!
Please PM me
To bring all together what xda achieved for WP7, i wrote a helper app for the following tasks,
- File management
- Registry management
- Copy files from desktop to phone
- Copy files from phone to desktop
- Set max unsigned apps
- Provision any given XML
If you post in this thread how any of those features could be implemented on other devices, i will maybe implement them. You can always send me a modified version and i will maybe update this post with the new version!
Usage/(Release-)Notes on the website!
If you encounter any errors, or wanna give some feedback => just leave a post here or use the idea page or write me an email (go to contact on the homepage)!
I included the source code, so that anybody can modify it at will but do not use anything here for commercial purposes (contact me first).
Homepage for this project:
http://sites.google.com/site/yaafdevelopers/projects/advanced-explorer-for-wp7
You can give feedback / bugreports:
http://advancedexplorerwp7.codeplex.com/
(Go to Discussion or Issue Tracker)
You will find the latest version and the Release-Notes there. I will continue to watch this thread!
Because some people asked how to support/donate me:
I appreciate every donation! Thank you!
reddragon
He that is great stff... i am glad you added the source i was thinking about how this could work having had a little peek at the code in the samples that Ms provided.
wings over a thanks too
Question...If you send a file, where does the device dump it into the computer? I was getting an error sending the file to my computer at first, but then I configured correctly and it sends fine, but I don't know where it is...
Edit: Nevermind, I got it. Upload/Download Root folders. Good work on this app man. Pretty nifty. Uploaded a .doc from my laptop to the phone, copy/pasted it into My Docs and it appeared and opened on MS Office Word perfectly.
nice ! but ...
Nice app !
But can't send from \windows directory ?..
Re: can't send from \windows
Hey,
like i said in my first post i brought together what was achieved...
Im using the HTC app COM dll files for file system access. Actually you can send files from \windows but not all. (in usage or no access)...
If somebody knows a better way, or something for other devices => just implement and send it, or post here!
The problem: Now it works on my device, so I can do what i wanted to do (coping .pdf and other stuff on the wp7) I have not the time to search & wait for other devices.
I tried to code it very generic and emulated the System.IO namespace, so everybody can add his results or replace it with better results.
Just contact me and I will check the code and update the first post.
reddragon93
eternalemb said:
Question...If you send a file, where does the device dump it into the computer? I was getting an error sending the file to my computer at first, but then I configured correctly and it sends fine, but I don't know where it is...
Edit: Nevermind, I got it. Upload/Download Root folders. Good work on this app man. Pretty nifty. Uploaded a .doc from my laptop to the phone, copy/pasted it into My Docs and it appeared and opened on MS Office Word perfectly.
Click to expand...
Click to collapse
actually you can double tab any file and it should open from any folder.
To get PDF working I copy the file to the PDF reader (most likely the app will crash if Adobe reader is not installed), but you will not see anything as PDF reader just pops up with the file
Just like always contact me if there are file types missing!
cool app, ty
how long did it take?
hi reddragon93, thank you for your work, i've an lg optimus 7, is there an eta for explorer for other device?
i need it!!!
thank you so much!
gianlucarugby said:
hi reddragon93, thank you for your work, i've an lg optimus 7, is there an eta for explorer for other device?
i need it!!!
thank you so much!
Click to expand...
Click to collapse
I really can understand you because I needed this for myself (that's why I coded it in the first place)
But the answer is NO, because we have to wait until somebody finds a way to get access on other devices and shares the info (i will observe this thread for new infos).
And by the way you should not ask for ETA in developer forum (forum rules), but it's OK for me. Hope you will be the only one after my answer
I answered this question in my first post:
"If you post in this thread how any of those features could be implemented on other devices, i will maybe implement them"
Hope I answered your question.
reddragon
thanks, you were very kind,
apologize me for the ETA, i did not know, i'm just a student not a developer!
good work!
EDIT: I can't figure out how to mark a post as useful yet, so let me just say THANK YOU!!!
Awesome app. However, there are a few things that would be nice in terms of file types:
Any chance of getting support for loading .mobi files (Kindle ebooks)? I'd love to be able to sideload books that aren't in the Amazon store.
Currently, .log files won't open. Copy/renaming them to .txt should work, or a simple text reader/editor could be built-in.
Possible bug: the "Max unsigned apps" field in Settings is showing "Not set - (can't read from registry)" Setting it from within the app seems to work, though (and be remembered).
Feature request: ability to search the registry
Small change request: pressing Back on an Exception could do the same as OK (rather than exiting).
Overally, much thanks for an awesome tool!
Thanks for feedback
GoodDayToDie said:
EDIT: I can't figure out how to mark a post as useful yet, so let me just say THANK YOU!!!
Awesome app. However, there are a few things that would be nice in terms of file types:
Any chance of getting support for loading .mobi files (Kindle ebooks)? I'd love to be able to sideload books that aren't in the Amazon store.
Currently, .log files won't open. Copy/renaming them to .txt should work, or a simple text reader/editor could be built-in.
Possible bug: the "Max unsigned apps" field in Settings is showing "Not set - (can't read from registry)" Setting it from within the app seems to work, though (and be remembered).
Feature request: ability to search the registry
Small change request: pressing Back on an Exception could do the same as OK (rather than exiting).
Overally, much thanks for an awesome tool!
Click to expand...
Click to collapse
Thanks for your feedback!
(1) I really needed the app for myself (real pdf support) so... The Thanks Button is only visible with 5+ Posts
(2) i will pm you maybe if i find some spare time. This is most likely pretty simple to implement. Can you edit your (or create a new) post and describe what happens if you double tab a kindle book with the current version?
(3) yeah i saw this before but didn't thought it is important enough to implement. I don't have the time for the own Editor (you have to handle really big files for example) but i can do the renaming thing behind the scenes (remember renaming = copy+delete until a better solution is found).
(4) on first app start i have really no solution in determining how the value is set (no access on this key). So my solution was to set this text ("Not set - (can't read from registry)" until you set a value => then i save this value local to the app, and set it every time the app starts (It gets reset every time i connect the device to the PC anyway)
(5) "search the registry": I thought on this one... But this will not be of much use as we have not really much read access
NOTE: The Problem with the registry is that we have FULL WRITE access trough the provxml method but not very much READ access (HTC COM .dll)
(6) really? I'm satisfied with the current behavior. Without searching I don't know if this is a small change maybe it is, maybe not. At least it looks like one but that doesn't mean anything
reddragon
Thanks for the response, reddragon. I'm at work right now, so the .mobi thing will have to wait. It's a very common request among WP7 users around here, though.
I've found that selecting the Edit context item will open any file in Word, which is typically sufficient for viewing and even editing purposes! True plain text files open fine regardless of extension, and even binary files will usually have enough ASCII in them to determine useful info. You can also send any file (via email) from Word, if you want to email an attachment rather than just transfer to a PC.
Unfortunately, I've found that XML files just... don't work. Double-clicking them opens IE, which complains that it can't handle that file type. Selecting Edit on them looks like it's opening some Office app, but the app then closes and drops back into Advanced Explorer (no error). This is the currently problematic filetype, as a *lot* of data is stored in XML.
The "Registry Editor" app already provides registry search (and despite the security restrictions on read it *mostly* works) but without system copy-paste it's tricky moving data between apps. I enjoy being able to pan between the FS and registry... hell, I want a Windows (desktop) app that does this, now.
It looks like there's FS search (an option on the command bar, and a text box that appears) but I can't get it to do anything. Pressing Enter has no effect, tapping either Refresh or Search again just reloads the page. Am I using this right? It would be great to be able to either scroll long folders (\Windows) or find a filename behind a bunch of GUIDs.
Some files show as "0 b" size, even though they almost certainly aren't. Is that just because some program has an exclusive lock on them and their size can't be read in that state?
Any chance of the ability to create folders in the GUI (I think I see how to do it with provxml files, but that's not exactly convenient)?
Thanks for the explanations on the registry. I was wondering how you could write to locations that you can't read from... Also, I didn't know the sideload limit resets itself. That's something I'll have to watch out for, as I'm near the nominal sideload limit already. Hmm... maybe I should look into writing an app that lets the phone install a .XAP directly, to minimize the amount of PC connecting that's needed.
Sorry, I know that's a lot of comments and questions. If it helps, I showed this to a couple of other HD7 owners today, and the immediate response of both of them was "I've got to get that!" This is a great app, super-convenient and good for making the occasional Samsung Focus owner jealous ;-D
Actually, I'm a developer myself (mostly C/C++, but I know C#). I'll crack a look at the source when I get a chance (probably this weekend) but would you be interested in a patch if there's something I can improve? One thing I might add is an optional "Did you mean that?" prompt on the Back button, as it's a little too easy to hit and knock you clear out of the app (optional of course, as I understand some people don't have such problems).
Thanks again!
does anyone know the latest ETA on compatibility for samsung devices?
Some Answers
GoodDayToDie said:
Thanks for the response, reddragon. I'm at work right now, so the .mobi thing will have to wait. It's a very common request among WP7 users around here, though.
Click to expand...
Click to collapse
Like I said: I will pm you most likely, today or this weekend.
GoodDayToDie said:
I've found that selecting the Edit context item will open any file in Word, which is typically sufficient for viewing and even editing purposes! True plain text files open fine regardless of extension, and even binary files will usually have enough ASCII in them to determine useful info. You can also send any file (via email) from Word, if you want to email an attachment rather than just transfer to a PC.
Unfortunately, I've found that XML files just... don't work. Double-clicking them opens IE, which complains that it can't handle that file type. Selecting Edit on them looks like it's opening some Office app, but the app then closes and drops back into Advanced Explorer (no error). This is the currently problematic filetype, as a *lot* of data is stored in XML.
Click to expand...
Click to collapse
Yeah the best way to handle the edit mode would be an editor inside the app, but that's quite some work i guess... So if somebody is willing to write such a control just contact me!
But the current workaround is quite simple: Upload your file, edit it with the powerful editors you know and send it back to the phone...
In fact what i did was send the complete windows/applications folder and all files that where successfully send can be edited (on the others you have no access anyway).
GoodDayToDie said:
The "Registry Editor" app already provides registry search (and despite the security restrictions on read it *mostly* works) but without system copy-paste it's tricky moving data between apps. I enjoy being able to pan between the FS and registry... hell, I want a Windows (desktop) app that does this, now.
Click to expand...
Click to collapse
Well I think it's not that difficult to implement a search for registry. It's funny to say that all the time but I thought on this one too and if you look on the source code you will see that i positioned the search/filter text box out of the explorer pivot to use it for registry search or other purposes. If you find it really that useful with the current read restrictions... yeah I should just implement it...
GoodDayToDie said:
It looks like there's FS search (an option on the command bar, and a text box that appears) but I can't get it to do anything. Pressing Enter has no effect, tapping either Refresh or Search again just reloads the page. Am I using this right? It would be great to be able to either scroll long folders (\Windows) or find a filename behind a bunch of GUIDs.
Click to expand...
Click to collapse
In fact this is a filter function so that large folders can be loaded much faster. Just enter "a*" and make the keyboard disappear (tab anywhere else) and you see only the files/folders starting with "a". I don't know why "enter" on keyboard doesn't do anything, I will look into this. I should update the usage in my first post, thanks.
GoodDayToDie said:
Some files show as "0 b" size, even though they almost certainly aren't. Is that just because some program has an exclusive lock on them and their size can't be read in that state?
Click to expand...
Click to collapse
yep.
From the htc COM call i get 0 bytes....
GoodDayToDie said:
Any chance of the ability to create folders in the GUI (I think I see how to do it with provxml files, but that's not exactly convenient)?
Click to expand...
Click to collapse
Hehe, i thought on this one too as it is already implemented (just create a folder in UploadRoot drop a file and start downloading it to the phone => the folder gets created). I will look into this.
Can you (or anybody) provide me with an example on how to rename a folder via provxml. And in Yaaf.WP7.NativeAccess.IO.File i have in the "Move" method some code commentated. Can somebody please un-comment, debug and tell me why the hell this provision-xml is invalid / not working, thanks.
(ProvisionXml is completely new to me as this is my first smartphone)
GoodDayToDie said:
Thanks for the explanations on the registry. I was wondering how you could write to locations that you can't read from... Also, I didn't know the sideload limit resets itself. That's something I'll have to watch out for, as I'm near the nominal sideload limit already. Hmm... maybe I should look into writing an app that lets the phone install a .XAP directly, to minimize the amount of PC connecting that's needed.
Click to expand...
Click to collapse
I didn't look into that but i think it is not enough to simply create the guid folder and drop content there... Anyway you can use the "NativeAccess" Projekt to get all the access i used in the Explorer. But you have to create links from your main projekt to the COM-dlls so they get included into the xap file.
GoodDayToDie said:
Sorry, I know that's a lot of comments and questions. If it helps, I showed this to a couple of other HD7 owners today, and the immediate response of both of them was "I've got to get that!" This is a great app, super-convenient and good for making the occasional Samsung Focus owner jealous ;-D
Click to expand...
Click to collapse
That's what keeping me up i guess
GoodDayToDie said:
Actually, I'm a developer myself (mostly C/C++, but I know C#). I'll crack a look at the source when I get a chance (probably this weekend) but would you be interested in a patch if there's something I can improve? One thing I might add is an optional "Did you mean that?" prompt on the Back button, as it's a little too easy to hit and knock you clear out of the app (optional of course, as I understand some people don't have such problems).
Click to expand...
Click to collapse
I'm always interested in any patch especially support for other devices (I have a htc so I can't debug stuff for other devices :/ )
Yeah there could be an option for that. It's pretty easy to implement so... But i don't have this problem so i didn't realised that one.
GoodDayToDie said:
Thanks again!
Click to expand...
Click to collapse
Thank you for your feedback
Muzzy777 said:
does anyone know the latest ETA on compatibility for samsung devices?
Click to expand...
Click to collapse
Well I answered this on the first page of the thread already, thanks.
EDIT: I updated the program and my first post and implemented some of your feature requests
reddragon
Configuration Service Provider Reference for Windows Mobile Devices
Have you used the forum-search? You'll find a post which describes you how to get these books to your phone (it's by me). I can't give you the link because I send this from my HD7.
really great app. Also like the pc<->phone feature
I use it now very often, so I think it needs:
-2 Filebrowser Tabs
-or an option to "bookmark" certain folders
diboze said:
really great app. Also like the pc<->phone feature
I use it now very often, so I think it needs:
-2 Filebrowser Tabs
-or an option to "bookmark" certain folders
Click to expand...
Click to collapse
I talked to other people, at first this feature looks awesome, but after some time you would see that you don't use 2 tabs!
The bookmarking thing is a good idea...
Elerador said:
Have you used the forum-search? You'll find a post which describes you how to get these books to your phone (it's by me). I can't give you the link because I send this from my HD7.
Click to expand...
Click to collapse
I'm looking into amazon kindle... what i can do for sure is copy the file into the kindle folder and start amazon kindle...
But i forgot how to start a program via app-guid. I remember that i saw an COM.dll which can do that.
__ow said:
Configuration Service Provider Reference for Windows Mobile Devices
Click to expand...
Click to collapse
i know that link but i don't see how you can move folders (if it is possible)
reddragon
Love the update! Thanks for cluing me in on the workings of the filter; I wasn't trying wildcards and it therefore looked like it was always empty.
That said, a bug report (reproed on the older version too):
Registry manual mode can crash with a System.ArgumentException "Invalid fullpath".
Start Advanced Explorer
Pan to Registry
Tap "edit manual"
Observe exception
App crashes on hitting OK
Webserver (for Mango)
Webserver is now supported for Mango devices!
During NoDo this tool was used much for exploring the "\Windows" directory, but when Mango came none could explore it.
There is probably many new things to find in the new OEM Mangos (that could not be extracted till now (Exception's: ROM dumps))
Source code is available in attachment and should build without any problems (except for the dll reference)
- Follow stem 6 for Microsoft.Phone.InteropServices.dll errors
Install XAP => Navigate to the phone's IP shown in application => Browse and enjoy.
- Change password on first launch (its randomized)
Many thanks to davux for creating the base for this tool.
- Orginal NoDo thread Here
Changelog:
v0.1 - Initial Mango version release
v0.2 (iconizer)
- Thanks MarysFetus aka Suicide Clown for the great icon set and start screen, love em
- Many thanks to GoodDayToDie for informing me that this app can / and will run from now without the <"ID_CAP_INTEROPSERVICES">
- Removed old OEM dll's that where not used (xap size: 812 KB => 250 KB)
//fiinix
Nice works my friends... I Like It
Thankx
@fiinix:
Thx for porting the webserver to Mango !
As I remember the initial version from Davux had an on device execute feature.
Do you plan to implement execute feature ?
Could be very useful for exploring all .exe files in the windows folder.
Greetz
contable
Freaking awesome, man!
One suggestion: I don't believe this app does anything that requires ID_CAP_INTEROPSERVICES (that is, it doesn't need to open any driver handles). I may be mistaken about that, of course. If it doesn't, however, there's a real benefit to removing that capability as people with interop-locked phones could then run it. Note that the library used may try to do things requiring interop even though the app doesn't need it to.
In addition to its uses as a hacker's tool, I also want to point out that this app can be used to store files on the phone for easy transfer between computers. It's less convenient than true USB Mass Storage, but it works (even if you don't have the USB cable with you) so long as there's a WiFi access point that the phone and PC can both connect to.
Oh, and by the way, this app will run happily in the background if you use JaxBot's no-dehydrate hack. You can do other things then, even browsing the webserver from the phone's own browser! Of course, it will also use some resources.
Now slimmer, and no ID_CAP_INTEROPSERVICES
OK, this is just a modification of the XAP file - I didn't even recompile the source (thank you so much for including it, though!)
Things I did:
Removed ID_CAP_INTEROPSERVICES from the AppManifest. This will allow the app to be installed on interop-locked phones. It wasn't using it anyhow.
Removed the OEM-specific DLLs that are only useful if you have ID_CAP_INTEROPSERVICES. They weren't being used, but they made the download and install bigger.
Result: A smaller app that works exactly the same and can be installed on any Dev-unlocked Mango phone.
Really neat. Mind if I design some sort of decent icon for this app?
Regards, Suicide Clown
//Update:
finished the Icon:
Hope you like it.
MarysFetus said:
Really neat. Mind if I design some sort of decent icon for this app?
Regards, Suicide Clown
Click to expand...
Click to collapse
Sure, go ahead.
Its the freedom of XDA, do what you want
I added the new NativeIO_Mango.dll to my battery status app instead of the old filesystem.dll. I hope that's okay. Thanks so much for your great libraries.
singularity0821 said:
I added the new NativeIO_Mango.dll to my battery status app instead of the old filesystem.dll. I hope that's okay. Thanks so much for your great libraries.
Click to expand...
Click to collapse
The "NativeIO_Mango.dll" is actually a communicator for "Homebrew.csproj" containing COM+ "IWinSock" and "IFileSystem"
- Homebrew.csproj exists in this projects code.
The battery interop will not talk to NativeIO_Mango.dll (the "Webserver" will tho)
Phone.Battery.GetBatteryAdvanced()
-- goto here
---- DllImportCaller.lib.GetSystemPowerStatusExAdv7(ref str, true);
Homebrew.IO.Directory.GetFiles ( [path] )
-- cctor (static constructor) => Register("NativeIO_Mango.dll", "B0E4E41C-BE1D-4BA2-B8CE-7D632EA1CA37");
---- FileSystem.FindFirstFile ( ... ) & while FileSystem.FindNextFile( ... )
:here
Code:
[COLOR="DeepSkyBlue"]Registrer[/COLOR].Register(BasePath +
[COLOR="RoyalBlue"]#if[/COLOR] RUNNS_UNDER_MANGO
[COLOR="DarkRed"]"DllImportMango.dll"[/COLOR], [COLOR="DarkRed"]"434B816A-3ADA-4386-8421-33B0E669F3F1"[/COLOR]
[COLOR="RoyalBlue"]#else[/COLOR]
[COLOR="Silver"]"FileSystem.dll", "F0D5AFD8-DA24-4e85-9335-BEBCADE5B92A"[/COLOR]
[COLOR="RoyalBlue"]#endif[/COLOR]
);
Filesystem.dll is not used anymore in Mango version (its a NoDo dll)
"Thanks so much for your great libraries."
- Thank you so much
I could swear it didn't work without the filesystem.dll one time I tried haha. I guess that was something else
Thanks~
perfect! Now we'll look for regedit editing & file transfering. Any ideas?
Fiinix this is just amazing work! Because of you, I've need to rewrite a chapter of my thesis
Let me ask some questions regarding the supplied source code:
There are four folders inside the rar archive:
The Lib folder contains all OEM DLLs from Samsung, HTC and LG.
The Homebrew folder contains all old code from davux that is necessary to open up the sockets, files and registry entries (if needed?)
NativeIO_Mango contains your altered native DLL that can be used under Mango
The Webserver folder contains the actual WP7 application, that glues everything together into one nice app.
From the underlying workings:
Davux tried to build an API that resembles C# Sockets from the desktop. This way the C# Webserver project of jgauffin can be reused in the WP7 application. You removed from Davux's NativeIO project the references to all parts that require the native OEM DLLs (which is why GoodDayToDie stripped the unneeded DLL files and removed ID_CAP_INTEROPSERVICE to allow users without interop-unlock to use the app).
If this is so far correct, I'm wondering how some things in this application could work:
Ok, so you've removed the code that allows access to the filesystem and registry which uses the native OEM DLLs. How is it possible, that this application can access folders outside its Isolated Storage??? The application should not be allowed to access the windows folder nor any other folders? I know only of one folder, that should be read/writeable. Its a folder that heathcliff found in the policies, I think it was some kind of log folder. Or is readable access with WM6 native API to all files possible?
In WMAppManifest.xml stands ID_CAP_NETWORKING. This is necessary for navigating between different XAML pages but also necessary if we want to do something with the native network access. Can this capability removed or will the application break?
To sum up, if these assumptions are all correct, the policy system is partly useless from the moment on, where someone is capable to call native code, that does not require ID_CAP_INTEROP. This would theoretically allow a submission to the Marketplace?
Right now, I'm heavily confused and irritated, please explain me my error in thinking
PS: I tried to build the NativeIO_Mango project. I changed to release target and build. However, it exits with error message regarding the missing _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA setting. I've added it, but then I get 19 more errors. Each time it is unresolved external symbol.
Hi Rudelm,
I can't answer exactly what Fiinix did, but I can resolve a couple other points for you.
The OEM DLLs allow higher-than-normal app permissions (breaking out of the low-privilege "sandbox" that apps normally operate in). However, there are a few parts of the filesystem that can be accessed even without them, by design. One of those is the Isolated Storage for the app, which obviously needs to be readable and writable by the app. Another one is the install directory, which only needs to be readable so libraries and resources can be loaded (the webserver app doesn't allow you to browse this folder, but I'm confident that it could if it was coded to). The third is the Windows directory, which is also read-only (and many files and folders within it can't be read) but is similarly required because the app needs to be able to load system libraries (including the TaskHost.exe binary that hosts the app DLL). "Normal" apps can't access these folders simply because the Silverlight API doesn't have a function to open or list an arbitrary location on the filesystem (only within the isostore, which it abstracts the path to).
I don't know what happens if ID_CAP_NETWORKING is removed. It's quite likely the app would break, since that capability may be checked any time the app tries to open a socket (directly as this app does, or indirectly via the Silverlight APIs). You could experiment and do some research to find out, though. It would be interesting to see.
I wouldn't worry too much about apps in the marketplace running amok with native code (even in the low-privileged process, they could still do some harm). The ComBridge Silverlight API that is required to access native code at all is prohibited from use by independent software vendors - only Microsoft and their partners are allowed to use it for Marketplace apps. Somebody tried submitting a Homebrew app to the marketplace (another opportunity for some research, if you'd like to find out more) and discovered that the use of ComBridge is detected and blocked during the submission process.
There we go, a enchanted new version v0.2
- Optimization's from what everybody has told, the best from all worlds
thanks for the explaination!
It seems like a plausible idea that the native code and the WP7 app needs to access some of the folders to work. So the silverlight managed code won't grant access by design to the Windows folder. Can you tell me where this folder for the installation packages is?
Regarding the capabilities: I've checked it with the marketplace capability test tool:
Result Details
[INFORMATION] : Capabilities used by application :
ID_CAP_PUSH_NOTIFICATION
ID_CAP_NETWORKING
ID_CAP_IDENTITY_DEVICE
I've removed ID_CAP_NETWORKING and it immediately stopped working. No dialogue that shows the IP address, only username and password. That is at least good to hear
Regarding the marketplace certification: You could be right, I've also read somewhere that COM is only available to some third parties like Adobe and manufacturers. Maybe I try to submit a little test app that uses interop.
rudelm said:
thanks for the explaination!
It seems like a plausible idea that the native code and the WP7 app needs to access some of the folders to work. So the silverlight managed code won't grant access by design to the Windows folder. Can you tell me where this folder for the installation packages is?
Regarding the capabilities: I've checked it with the marketplace capability test tool:
Result Details
[INFORMATION] : Capabilities used by application :
ID_CAP_PUSH_NOTIFICATION
ID_CAP_NETWORKING
ID_CAP_IDENTITY_DEVICE
I've removed ID_CAP_NETWORKING and it immediately stopped working. No dialogue that shows the IP address, only username and password. That is at least good to hear
Regarding the marketplace certification: You could be right, I've also read somewhere that COM is only available to some third parties like Adobe and manufacturers. Maybe I try to submit a little test app that uses interop.
Click to expand...
Click to collapse
The Capabilities Test only checks through managed code and its caller references (Dll references, method usage within dll)
Why the ID_CAP_NETWORKING is needed is because of the WP7 policy system; ID_CAP_NETWORKING allows usage to those resource locations:
Allowance to "WINSOCK", windows socket API
Code:
<Rule Description="Authorization rule for capability ID_CAP_NETWORKING" ResourceIri="$(GLOBAL_RESOURCES)/WINSOCK/CONNECT" SpeakerAccountId="$(SYSTEM_USER_NAME)" PriorityCategoryId="PRIORITY_STANDARD">
- <Match AccountId="$(CAPMACRO_ID_CAP_NETWORKING)" AuthorizationIds="GENERIC_ALL" />
<Rule Description="Authorization rule for capability ID_CAP_NETWORKING" ResourceIri="$(GLOBAL_RESOURCES)/WINSOCK/LISTEN" SpeakerAccountId="$(SYSTEM_USER_NAME)" PriorityCategoryId="PRIORITY_STANDARD">
- <Match AccountId="$(CAPMACRO_ID_CAP_NETWORKING)" AuthorizationIds="GENERIC_ALL" />
<Rule Description="Authorization rule for capability ID_CAP_NETWORKING" ResourceIri="$(GLOBAL_RESOURCES)/WINSOCK/ACCEPT" SpeakerAccountId="$(SYSTEM_USER_NAME)" PriorityCategoryId="PRIORITY_STANDARD">
- <Match AccountId="$(CAPMACRO_ID_CAP_NETWORKING)" AuthorizationIds="GENERIC_ALL" />
<Rule Description="Authorization rule for capability ID_CAP_NETWORKING" ResourceIri="$(GLOBAL_RESOURCES)/WINSOCK/SERVICE_PROVIDER_CHAIN" SpeakerAccountId="$(SYSTEM_USER_NAME)" PriorityCategoryId="PRIORITY_STANDARD">
- <Match AccountId="$(CAPMACRO_ID_CAP_NETWORKING)" AuthorizationIds="GENERIC_READ" />
"Can you tell me where this folder for the installation packages is?"
\Applications\Install\9bfacecd-c655-4e5b-b024-1e6c2a7456ac\Install\
Nice, thanks for the policy entry. Where did you find it?
Regarding the installation path: I thought you ment a special path to the place where the compressed xap is deployed or something like that before installation. But now it is clearer to me why the application is able to access Windows, installation dir and isolated storage
I've tried to upload a small app with native code but as GoodDayToDie said, the marketplace will see that it contains access to native API and that my account isn't allowed to do that.
So the world is safe again, I'm calmed down now hehe
The policy is from a ROM dump: BasePolicy.xml (Currently got "WP7 Mango Build 7661" dump), i think its this one i downloaded: [DUMP]WP7.1 Build 7661 "Mango"
Some more clearance: \Applications\Install\{ The application Guid }\Install\
- Each application has its own isolation storage:
\Applications\Data\{Guid}\Data\IsolatedStore\
I don't know if it's possible but can you add access to /My Documents?
voluptuary said:
I don't know if it's possible but can you add access to /My Documents?
Click to expand...
Click to collapse
Sorry to say but the basics of this app allows only access to \Windows (dll reference location) as used for extracting of xap files, xml and dll (reverse engineer). You will probably need WP7 Root tools.
OK, time to give this subject its own thread. You can read about previous efforts here: http://forum.xda-developers.com/showthread.php?t=1113066. In particular, http://forum.xda-developers.com/showthread.php?t=1113066&page=11 is where I started.
Background: the policy database is essentially the Access Control List (ACL) store for WP7. ACLs are typically attached to objects (files/folders, registry keys/values, drivers/services, possibly even APIs). When a process tries to do something, the OS uses the process's security identifier (called a "Token", it identifies the account running the process and therefore the permissions that process has) and looks up the ACL specific to that operation. If the ACL authorizes that account to perform the operation, the kernel permits it. If not, it blocks the operation and indicates an error (most famously on WP7, 1260 or 0x4EC, meaning blocked by policy). For some OSes, like NT, that attachment is in the metadata which describes the object (for example, NTFS stores ACLs for each file and folder). Apparently, WP7 uses a centralized database of ACLs, stored as "policies", instead.
Why I'm doing this: the policy database is the key to fully unlocking the phone. I mean that literally; "full unlock" ROMs achieve that state by basically turning off policy enforcement. I don't necessarily want to do that - at least not phone-wide and constantly - but I want to be able to set my own policies, and possibly modify existing ones.
What can be done with it: well, one example is the subject of the thread I linked above: homebrew native EXEs require first being able to add policies for them. There are some other cool possibilities, like turning off ID_CAP_INTEROPSERVICES enforcement or allowing apps to write to the MaxUnsignedApp registry value directly. That gets around the risk of phones being re-locked and unable to interop-unlock again. Basically, it allows an app to do anything short of modify the ROM.
Purpose of this thread:
* Provide a central location of information about the policy system, policy database, and creation of custom policies.
* Collaborate on the project of understanding and modifying the policy database and policy system overall.
* Share interesting policies we've found in the database, or post custom policies that can be added to enable a cool hack.
* Discuss and share ways to preserve, going forward, our control over the policy system.
There has been concern raised that this work should not be mde public, because Microsoft will look at what we are doing and use that knowledge against us. There is some validity to that argument; if the work is done in secret, and any files posted that use the fruits of that work are heavily obfuscated, it would probably take Microsoft a little longer to block it if they decided to do so. Not terribly *much* longer though, I suspect - they have many tools at their disposal, full source code and documentation, and full understanding of the system in their engineer's minds. Any hack we find, they can reverse engineer or simply block access to whether or not they can read a thread about it here on XDA-Devs.
There's also the risk of malware. Malicious homebrew apps could abuse this knowledge to do serious damage to your phone, to steal info, and possibly even for direct financial effect (send premium SMS, for example). However, I see no real way around that problem; it's an inherent risk of unlocking a device. The simplest and best step to combat it is to not install untrasted apps, and the best way to be sure an app is trusted is to be able to analyze it. (This is one of the reasons I include the source for my apps, and encourage others to do the same.) Besides, it's already possible to do plenty of damage with existing homebrew hacks, yet somehow that problem hasn't materialized.
So, instead of secrecy, I propose openness. The best option we have to offset Microsoft's tools, knowledge, and source code is to collaborate, pooling the knowledge and effort of many hackers. If people want to keep certain things secret, by all means use email or PMs. In general, though, I think the failure to spread knowledge does more harm than good.
OK, that turned into a long enough intro that I'm going to post my first actual findings in a reply.
Policy-related files
There are actually two databases: one is for policies, and one is for accounts. They are located in \Windows\Security\ and are called policydb.vol and accountdb.vol. These files are locked (opened without sharing permitted) while the OS is running. There are two additional files in this folder: PolicyMeta.xml and PolicyCommit.xml. These files can be accessed using provxml, TouchXplorer, WP7 Root Tools, or HtcRoot Webserver.
The PolicyMeta XML file contains macros describing accounts, and metadata about the policies in the database. In particular, it contains a large number of bit masks that indicate different permissions. By itself, this file doesn't tell us much of use, but it will be a big help for understanding binary data in the the database. It's small and not commented, but easy to read.
The PolicyCommit.xml file contains the merged result of combining all the policy files on the phone. I don't know if anything actually reads this fine, but it's a nice human-readable (and searchable) view of the data that goes into the policy database. It contains a number of comments, but most are just where the various policies were merged from. It is the largest file.
The policy database file ("Volume" to use the term of the CEDB APIs) itself is large-ish (mine approaches a megabyte) and contains three CEDB databases. The first is a small single-record "database" (in SQL you'd call it a table) that appears to be used for transaction locking. The second is a single large record (several KB) that appears to be a bloom filter (Wikipedia has a pretty good article, the short version is that it is a quick and compact data structure for checking whether a given item is in a collection). The third database (named "PatternDBmultimap") is the real deal, containing thousands of policy records.
I haven't looked at the Accounts database much yet. It's smaller than the Policy database volume, but still a few hundred KB. A substantial portion of that is probably custom accounts created for each app that is installed (since each app has different permissions - specifically, each app has read and write access to a different set of folders - there must be a unique account for each).
The policies appear to come from a few sources. One of them is the many *.policy.xml files (the first part is usually a GUID) in the Windows folder. These files are locked in ROM, and define the core system policies (system accounts, permissions for system objects, etc.). The \Windows\Security\PolicyCommit.xml file (which is not in ROM, or even marked read-only) appears to be simply the result of merging all these files.
Another source of policies must be the application installer. Application-specific polices are not present in the PolicyCommit.xml merged file, but are in the database itself. It is reasonable to expect that they are created and removed by the package manager. This is a good sign for being able to modify policies ourselves.
The initial creation of the policy files appears to be up to a program, \Windows\PolicyLoader.exe. This program takes policy.xml files, merges them, and produces the merged result file and the policy database(s?). It's even possible to run it, given sufficient permissions. Unfortunately, it seems unable to modify the policies on a running device, and is believed to only run at first boot (or after a hard reset) or when an update CAB installs new policy XML files.
EDIT: Attaching the \Windows\Security\*.xml files from my phone, along with the decompiled source for PolicyLoader that was posted on the other thread.
The LG MFG app has a section for editing certain security policies. I can post the info from there, if it'd be of any help. By the way, it specifically says "Edit security policy through registry" so it might not be the same policies that you're talking about, I don't know.
EDIT: Actually, looks like those policies are a subset of the ones listed here: http://msdn.microsoft.com/en-us/library/bb416355.aspx
Analysis of the policy database
I wrote a function to dump the policy database to a text file (with inevitably some embedded binary). Each record in the database has four fields. I'll do my best to describe them below.
1) The first is a DATETIME struct (two 32-bit integers). This is the only 64-bit numerical type available except for a DOUBLE, so it might be selected just as a convenient way to store that many bits rather than because it's actually a date and time. In particular, when I converted them to actual dates and times, the years ranged from the 1970s well into future centuries... this seems an unlikely candidate for an actual set of dates.
What I think it actually is, is some kind of hash of the second field. It might be the index bits for the bloom filter, for example. The reason I think so is that, when there are multiple records with the same value in the second field, they also have the same value in this field, but even a slight difference in the value of the second field results in a very different first field.
This field is not unique, but it does appear to be the default sort order for the database. I don't know if that's ust because it's the first field, but it would make sense to have it be indexed using this field for fast lookup (binary search) after the bloom filter finds that the item is (probably) present.
2) This field is a binary BLOB struct (a size and a pointer). This field contains Unicode strings, sometimes with a bit of binary data (small, typically less than 20 bytes) tacked on the end. Strings plural; each one is NULL-character terminated.
This field appears to be the paths that indicate the object (or objects, since it can contain wildcards) that the policy applies to. If there is a policy in the XML for ResourceIri="/REGISTRY/HKLM/SOFTWARE/MICROSOFT/CAMERA/READWRITESETTINGS" then there will be a record in the database with the second field that would be written like this in C source code: L"REGISTRY\0HKLM\0SOFTWARE\0MICROSOFT\0CAMERA\0READWRITESETTINGS\0". I'm not sure what the occasional binary afterwards means, although there appears to be a specific value for a wildcard (represented in the source XML as ResourceIri=/PATH/WILDCARD/BASE/(*)", but the last part doesn't translate to Unicade the way you'd expect).
As mentioned above, I'm pretty sure that the first field is related to this one. Since the value of a bloom filter on this database would be to quickly establish "Is there a policy for this object?" it makes sense that the path (second field) is the data that gets hashed to produce the bits of the key. It's not really required to then store the key bits, but they make a reasoanble value to sort on.
3) The third field is also a binary BLOB, but the value of it is much more opaque. Typically in the range of 50-300 bytes in length, there are certain patterns that I've noticed within it (0x01 00 01/02 00 65 is a common prefix, and they typically end with 0x00 3X) but I have not yet determined what they actually represent.
Some logical possibilities are an account identifier (though that seems needlessly long for such a purpose) or possibly the permissions data directly. When the second field has a path to related objects (for example, the isolated storage of an application), the third field is often similar as well.
4) The fourth field is another DATETIME struct, but in this case is obviously not an actual date value. The high four bytes are (almost?) always 0xFFFFFFFC, and the low four bytes are typically 0x0000XXXX where the Xs can be anything. This value is not unique - there are numerous instances of 0xFFFFFFFC00000001, for example - but I'm not yet sure what it is.
The same guesses I offered for field 3 apply as well, with the caveat that it's probably not just a different representation of field 3 because two records can have the same value on field 4, and their field three values may not only differ, but be different sizes. I need to look at the XML files and see if there's a pattern between policies with the same field 4 and an equivalent data item in the XML.
I'm attaching the dump file I created of the policy database. It's best opened in a hex editor (Visual Studio does well enough) although you can also use Wordpad (Notepad won't respect the line endings). Wordpad can't show you the binary, of course, but it's a readable layout of the data.
The format is as follows:
ASCII string: "Index "
ASCII representation of an Integer for the index.
ASCII string: ": Prop0 (FILETIME): 0x"
ASCII representation of the DateTime, with a space between the high and low DWORDs.
ASCII string: " | Prop1 (BLOB, "
ASCII representation of the blob's integer size.
ASCII string: " bytes): "
Direct dump of the second field's BLOB buffer (multiple UNICODE strings).
ASCII string: " | Prop2 (BLOB, "
... and so on. I intentionally used ASCII to make the direct memory dumps, which are in UNICODE for the second field at least, stand out.
@Arktronic: Interesting. Those policies (in the registry) are a legacy holdover from WinMo, and at least some of them have been superceded by the new policy system, but the fact that LG gave them specific mention in their app suggests that they still have some relevance.
However, you're correct that those aren't the policies I was speaking of elsewhere in the thread. It may be a good idea to explore them both in parallel, though. Which ones does the LG app list?
Arktronic said:
The LG MFG app has a section for editing certain security policies. I can post the info from there, if it'd be of any help. By the way, it specifically says "Edit security policy through registry" so it might not be the same policies that you're talking about, I don't know.
EDIT: Actually, looks like those policies are a subset of the ones listed here: http://msdn.microsoft.com/en-us/library/bb416355.aspx
Click to expand...
Click to collapse
We already did some testing with those policy settings, but the ones granting more access were not available and the others could not get the app itself into an "unsafe" mode. But then again, I'm far from a professional when it comes down to these things, I just crossreferenced them all against the MSDN DB and looked for the ones that would make fileops possible, no luck.
I'm not sure if they added policies to the LG MFG app in the meanwhile (unlikely) but it might be worth it to investigate how the MFG app modifies those select policies.
GoodDayToDie said:
@Arktronic: Interesting. Those policies (in the registry) are a legacy holdover from WinMo, and at least some of them have been superceded by the new policy system, but the fact that LG gave them specific mention in their app suggests that they still have some relevance.
However, you're correct that those aren't the policies I was speaking of elsewhere in the thread. It may be a good idea to explore them both in parallel, though. Which ones does the LG app list?
Click to expand...
Click to collapse
The latest ROM's MFG app has the following policy IDs: 4104, 4105, 4108, 4109, 4110, 4111, 4113, 4119, 4120, 4121, 4124, 4131, 4132, 4141, 4142, 4143, and 4149.
The last one isn't in the MSDN doc; it calls itself "FIPS Self Test Policy" or SECPOLICY_FIPS_SELF_TESTS.
There are potentially useful things like SECPOLICY_OTAPROVISIONING (4111), which has the value of 3732 - no idea which flag(s) that represents - but if there's a way to send provisioning messages to WP7, that might open up quite a few possibilities.
I believe there's at least a chance for OTA provisioning. Sending custom SMS appears to be possible (click around from the link):
http://msdn.microsoft.com/en-us/library/ee498239.aspx
That said, it's almsot certainly either secured or disabled by default.
Hmm... does anybody want to take a shot at getting a decent decompile of lvmod.dll? I don't have the tools, though I probably should. Reading the disassembly is slow and painful.
I've found a few new things:
It's possible for two records to differ *only* on the third field, and even then the binary was more alike than not. Look at indexes 12 and 13 in the dump - they're really similar. They are built from the following policy rules (no promises on order):
Code:
<Rule PriorityCategoryId="PRIORITY_HIGH" ResourceIri="/REGISTRY/(*)" SpeakerAccountId="S-1-5-112-0-0-1" Description="TCB can do anything to all registry keys">
<Authorize>
<Match AccountId="S-1-5-112-0-0X02" AuthorizationIds="KEY_ALL_ACCESS, KEY_READ, KEY_WRITE, KEY_EXECUTE, GENERIC_READ, GENERIC_WRITE, GENERIC_EXECUTE, GENERIC_ALL, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE, STANDARD_RIGHTS_REQUIRED, SPECIFIC_RIGHTS_ALL, ALL_ACCESS" />
</Authorize>
</Rule>
Code:
<Rule PriorityCategoryId="PRIORITY_LOW" ResourceIri="/REGISTRY/(*)" SpeakerAccountId="S-1-5-112-0-0-1" Description="Catch all rule to allow Normal and above apps to read/write to all unnamed keys">
<Authorize>
<Match AccountId="S-1-5-112-0-0X23" AuthorizationIds="KEY_ALL_ACCESS, KEY_READ, KEY_WRITE, KEY_EXECUTE" />
</Authorize>
</Rule>
I would have thought that either the different permissions being granted, or the different accounts they were granted to, would result in a different fourth field... but no such luck. Time to look into this further.
The accountdb.vol file has two databases in it, GroupMemberships (1105 records on my phone) and Accounts (291 records). The latter is actually much bigger in terms of data size, though - 70KB vs 31KB for GroupMemberships. The records in GM must be very small, probably just pair mappings.
Hey GoodDayToDie,
Awesome job on sharing all this low level findings from underneat the hood of my favourite mobile OS. While i'm not capable of researching this myself due to lack of knowledge I love to read about how you (and other well known WP7 hackers as well of course!!) tackle the security and are willing to share this with the community to combine power. I think threads such as these are really necessary to get to the finish. Keep up the good work, i've got a strong feeling we will get there eventually .
THANKS
Looks to me like this is the policy database.
Here is an example set of policies that enable/disable tethering on the Arrive.
Is shows the values needed to create/add a policy to the policy database. HTClv.dll shoudl be able do set/modify these values using "LVModProvisionSecurityForApplication"
You may already know this, but figured I would share.
Also, HTC has regedit.exe and HTC uses it to provision/make registry changes.
I will attach the regedit4 file HTC uses to configure the radios.
This also defines where the key UserProcGroup defines the TCB chamber a driver runs under. see... "UserProcGroup"=dword:5 ; TCB chamber
Seems with using the registry editor, we could elevate any driver to the Kernel chamber.
See attached....
Thanks for the info Paul!
I've heard of the "LVModProvisionSecurityForApplication" API before, yes, and it might be possible to use it here (*really* depends on how it works; if it just reads the app's manifest file like the normal XAP installer does, that's not very useful). LVModAuthenticateFile, LVModRouting, and LVModAuthorize may be extremely useful, though. It also might be helpful to try reverse-engineering how it interacts with the policy database.
The weird thing is, I don't have any htclv.dll or htcpl.dll on my phone, at least not in the \Windows folder. Perhaps they were removed in an older firmware update? It certainly sounds like they would provide the APIs I need - only for HTC phones, true, but they would provide.
The policy.xml file is the standard format read by PolicyLoader.exe, but that doesn't really help unless I can convince PolicyLoader to modify the ploicy database on a running phone.
Elevating an (already installed) driver to TCB might be useful (although I'm not certain that LVMod route-to-chamber rules wouldn't interfere) but all the useful HTC drivers are already in TCB, and installing any more drivers... well, I haven't been able to make that work yet, even old versions of official drivers with the necessary changes to the DllName in the registry.
It's really too bad you can't join in on hacking this stuff though, you've got the right ideas. Do you by any chance have a NoDo restore point you could downgrade to in order to try out some stuff on the old firmware?
Dumped the account database
Turns out the account info is quite straightforward. There are four fields per record.
0) String - the SID ("S-1-5-112-0-0X10-0X00000024").
1) Int32 - 0 for accounts, 1 for groups.
2) Int32 - always 0 on my phone.
3) String - account or group name ("TCB" or "ID_CAP_FILEVIEWER:Capability for hybrid file view app such as PDF reader etc." or "Settings3.exe Chamber" or "9BFACECD-C655-4E5B-B024-1E6C2A7456AC").
Not sure why the third field is there if it's always 0, but OK. The first and last were obvious, and the second was easy to infer. The last record has no fields, and the three immediately before it are without a fourth field; not sure why. All three are groups, and their SIDs are:
S-1-5-112-700-4160
S-1-5-112-700-5132A485-ADEE-5842-9490-856FFFFF2D6D
S-1-5-112-700-A22CF327-25C3-DB2A-A8DF-7BE586F11FBD
This database contained no binary blobs, so the dump file is plain ASCII text (the strings were originally Unicode but converted to ASCII gracefully). In the interest of making it easier to analyze, I ran a quick pass over the dump with sed and produced a CSV, which is attached.
Then, there's the GroupMemberships database. I think this one is probably less important for our concerns, but I wanted to take a look anyhow. It's the simplest so far, though that's not necessarily good. Each record has two fields, and both are just 32-bit ints.
0) Ranges from 0x30000006 to 0x3F0004A6, though the the third through fifth hex digits are always 0. Includes duplicates.
1) Ranges from 0x31000008 to 0x3100007A, then from 0x32000380 to 0x3200038C. Includes duplicates.
The mappings appear to be many-to-many (each account in multiple groups, each group holding multiple accounts) as expected. I'm guessing the first column is accounts and groups, and the second is the groups that the account or group belongs to. Given that some values appear in both columns (through in different records), I'm guessing nesting of groups is allowed.
I dumped and CSV-d this database, and it is attached as well. Ideas as to what's up with it are welcome too.
How To Access The Metro Apps Folder
Windows 8 introduces a new type of apps called metro apps or modern apps.These apps can be installed with a tap from the windows store.This system works out great for the average consumer but its a nuisance for power users.And since most of the xda devs are power users I decided to write this guide to accessing the metro apps.The metro apps are installed in C/Program Files?Windowsapps/ This folder is hidden and locked away to prevent users from modding the apps.However there is a way to access the folder which I am going to describe in detail here.This procedure is really simple and there is absolutely no need to go into the command line like how I read in some other tuts I found on the web.
STEP 1
The Windowsapps folder is a hidden folder so first of all you will need to go to the control panel and display it in small icons view.Then go to folder options and tick the option that says show hidden files,folders and drives.After doing this click apply and ok and exit.Now when you navigate to c program files,you should be able to see a folder named windowsapps.It will appear in white.
STEP 2
Now double click on the folder.It will not open.Instead,you will get a warning saying that you currently don't have access to this folder.Click continue.Another warning will pop up saying that permission to open the folder has been denied.Click on the security Tab Link.
STEP 3
In the security tab,click on continue.A box will open which will list all the permission holders of the windowsapps folder.It will display TrustedInstaller as the owner.Click Change.A box will open up.Change The Owner to your name and click check names,correct it if you have written the wrong name.Click Ok.The permission will be changed.Check replace owner on subcontainers and objects too.
STEP 4
Now you will need to restart windows explorer for the changes to be effective.Now,you have complete access to the windowsapps folder.:victory:
USES
Now that you have got access to the folder,There are a great many things you can do..Ill list some of them to increase productivity.
1.Delete Preinstalled Useless Apps
2.Read the Source Code
3.Modify/Play around with the apps
etc etc
Enjoy Guys....Hope I helped.......
This has been posted here since at least the Win8 RTM, possibly before. Please search before posting. Also, I would expect a "power user" to already have "Show hidden files and folders" enabled and to be familiar with NT and NTFS permissions systems. Oh, and getting to Folder Options is way simpler than going through Control Panel; you can either open it right from the Explorer ribbon (View -> Options) or just via Start search.
Also, be aware that "Metro" is not the actual name of the interface anymore (officially); some metro transit agency apparently raised a legal fuss over it. The new name is (in classic Microsoft branding failure style) "Windows Store apps" although you'll occasionally hear "modern" used too. When I'm feeling snarky (at least 70% of the time I'm on this site) I call it TIFKAM (The Interface Formerly Known As Metro).
modifying metro app
i modified the code in one of my app's java script files, but it does not affect the app itself... just to check i even made the whole code a comment (with /*....*/) and still the app ran normally... why?
in the other hand if i touch the .css code or the html code the app crushes, even if i only want to change the color code.... why?
i will be thankful if someone could answer these two questions for me, it will help me alot....
thanks in advance
Pinto