Develop Bugs

[UPDATED-06-APR-2011] New XAP installer, in-place app update, no dev tool and more...

Please download XAPDeployX-V0.9.zip, it is the latest and greatest version
If you have any of the 0x89xxxx errors, please download the attached "vs_sdeprolightup-enu.zip" file and run it.
Hi,
attached you'll find a new XAP installer which has quite a few unique selling points.
- In-place update on the phone: In-place update on the phone, e.g. if you already have Version 1.0.0.0 of an app installed on the phone and install 1.0.2.0 an in-place update will performed. No more full "uninstall-new install" cycle required. Your settings, custom files etc. won't be removed (same as marketplace update)
- CoreCon2 based, e.g. Phone Dev Tools are no longer required for application deployment!
- Deploy from file or URL: You can either specify a file or an URL. If you enter an URL the installer will automatically download the xap.
- Own protocol "wphome": Zune's one-click download for homebrew apps. Automatically install homebrew XAPs with a click on a hyperlink. If you want, you can register the application for the wphome protocol. The application will then be allowed to handle urls like wphome:www.test.com/test.xap and will automatically start as soon as you click on such a link.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
To be able to use "wphome" hyperlinks, you have to click on "Register protocol..." once.
wphome Testlink: wphome:http://www.nextbestgeek.com/wp-content/uploads/2011/03/helloworld.xap (for testing after you've installed the tool and registered it for the protocol)
After you've opened a XAP file, details will be shown in the top bar.
This is the first step in my plan to provide a homebrew marketplace.
Updated V0.6 - 1-APR-2011
+ Full Log
+ Multiple tweaks, bugfixes
Updated V0.7 - 2-APR-2011
+ CoreCon2 based, e.g. Phone Dev Tools are no longer required for application deployment! [*]
+ Drag'n'Drop support. Just drag and drop any xap from explorer to the tool.
[*] You need a working CoreCon2 installation. If CoreCon2 is not installed on your pc (normally only installed with the Phone Dev Tool) the tool will detect it and download a small installer.
Updated V0.8 - 2-APR-2011
+ Fixed "No addional data: Could not extract XAP file" Bug
+ XAP-Information is show much faster now
+ CoreCon2 Installer now online. You won't need the full Phone Dev Tools for this XAP Deployer
Updated V0.9 - 6-APR-2011
+ Selected Target will now be automatically saved
+ Deploy-Menu for XAP files. Registers a file handler for *.xap and provides a "Deploy" menu entry in file's context menu.
General Prerequisits
- Phone has to be unlocked (either dev, chevron or any other method)
- Zune has to be running and has to be connected to the phone
- Windows Vista or Windows 7, according to users: Windows XP
Regards,
-k

nice
+1 for this step into homebrew marketplace creating ;D
edit: some xaps show info, others dont show info and just say "done" when trying to deploy.

awsome job.
+1 as well

@diboze: Can you provide a xap which doesn't show info? (XNA Apps might not show an image but name, description, version & author should always be shown)
"Done" means -> Deployment finished
The app does currently not check if the Max Apps limit is reached. Therefore done means either "deployment finished" or "could not deploy because max apps is reached".
UPDATE V06 - 1-APR-2011:
- There is no "Done" anymore. You have a full-fledged activity log now.
- Max App error is now reported in log
-k

Thanks for your time.. hopefully this develops further. Your most recent was done on April 1, 2011 right? and not 2010..

Awesome stuff man!

I'm going to assume that in order to successfully deploy, you still need the Windows Phone Dev Tools installed, right?
Otherwise, it's a really great looking and convenient app. I look forward to more updates.

Fantastic... thanks, gonna try it

It shows "Done" but there's no App installed

clicheboy said:
It shows "Done" but there's no App installed
Click to expand...
Click to collapse
Can you send me the log (as seen in the third screen shot) or copy&paste it here?
-k

ChevronWP7 unlocker doesn't work on NoDo. In order for this to be useful beyond a niche number of users, there needs to be a way to easily unlock the phonse so that XAPs can be deployed.
I see no mention of that in the OP.
Why list a good app on that for free (if it's not free it will get pirated with the XAP being there for everyone) when you can just list it on Zune Market place for 99 cents and make some money. For responsible adults the fee to join the developer program isn't that bad.

V0.7 will only require CoreCon installed
Hi,
prjkthack said:
I'm going to assume that in order to successfully deploy, you still need the Windows Phone Dev Tools installed, right?
Click to expand...
Click to collapse
Glad you've asked. Version V0.7 will no longer use the SmartDevice.ConnectivityDll but will talk to CoreCon (ConMan2) direct. This way you'll only need a ~4MB download to deploy successfully and won't have to download the Dev Tools package.
-k

it says "No addional data: Could not extract XAP file".

linkju said:
it says "No addional data: Could not extract XAP file".
Click to expand...
Click to collapse
same problem here

kirimaru89 said:
same problem here
Click to expand...
Click to collapse
+1
,,,,,,,,,,,,,,,,

linkju said:
it says "No addional data: Could not extract XAP file".
Click to expand...
Click to collapse
Yes, looks like there are some XAPs around which have a different ZIP-Header value. Besides not showing the name, image & description this message shouldn't have influence to the deployment capabilities.
BUT: I've replaced the ZIP stack and now any XAP-file can be read. The reading is even a lot faster.
Therefore: FIXED
In addition:
CoreCon2 installer is also online -> if you don't have the Phone Dev Tools already installed you won't have to just for XAP deployment. XAPDeployX installs a minimal set of required files (< 1MB) on its own.
-k

Fable: Coin Golf error
I get the Following:
Deployment started Fable: Coin Golf
Connecting to device... success
Application Fable: Coin Golf not yet installed. Full-install cycle.
Deployment FAILED with the following ERROR:
Installation of the application failed. XAP package signature is not valid or the WP manifest file is invalid. Re-sign with valid signature and fix the manifest file.
_______________________________________________________________
Any ideas? How to fix that.

xdamir said:
Installation of the application failed. XAP package signature is not valid or the WP manifest file is invalid. Re-sign with valid signature and fix the manifest file.
_______________________________________________________________
Any ideas? How to fix that.
Click to expand...
Click to collapse
Based on the error message, you've tried to deploy a non-homebrew xap, e.g. a xap file downloaded from zune marketplace. These files are digitally signed and cannot be deployed as the tool does not remove any security measures.
-k

I have the following error. Some info wold be appreciated
Deployment started TouchXplorer
Connecting to device...
Deployment FAILED with the following ERROR:
0x89721508

wick3d00 said:
I have the following error. Some info wold be appreciated
Deployment started TouchXplorer
Connecting to device...
Deployment FAILED with the following ERROR:
0x89721508
Click to expand...
Click to collapse
Have the same problem with test XAP

KINO [Kin Opensource-FileManager]

Hi there!
As i said on a thread (bit long time ago), i had the intention of making an opensource file manager for the kin.
So i have been working on for two days, and i'm reserving this thread for its releases and descriptions.
It will be given as donationware, which means that you can take it for free and donate if you wish (or not to... )
SECURITY DISCLAIMER
- As you can imagine, by using this tool you have not guaranteed the operational state with your device and is provided "as is". You are the only responsable on the effects if could have on your device, even though i tested locally all the options for hours. Like you do for 3rd party non-certified software.
- DO NOT, i repeat DO NOT unplug the device nor close the program while writing or reading from the device. Errors states are unknown and you may scr3w up your flash memory.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
- If during the usage, it takes long, WAIT for the transmission to end. Errors are handled by the program and in the last cases there are 2 to 3 levels of error treatment, notificating you in the info box and storing a brief description on the "error.log" file when it's ultra. (I'm still human, new errors can appear).
- IF during this usage the kin gets a "Connected" window and the program is clossed without closing that window, then it's the time where you can unplug and it will reset the device communication values, pluggin again. If you reach this state without doing magic, notify it to solve the bug.
Characteristics
- Libusb driver given for the kin (needs to remove the Zune one)
- Windows (XP,7) 32/64 bits. Linux (through Mono), Mac Osx(through Mono Framework) Compatibility
- Developed in pure c# (using libusbdotnet)
- Developped in layers:
----> Usb
----> Mtp Functions
----> Mtp<->Interface manager
----> Interface
Images V0.01
Requirements
- OS:
---> Windows
------->Net Framework 2.0
------->Libusb-win32 driver(provided below)
---> Linux
------->Root mode to access the devices.
------->Mono
------->Libusb 1-0 components
---> Mac OsX (Checked with Snow Leopard, PAIN IN THE ASS)
-------> Mono framework
-------> Libusb-1.0 source (sourceforge)
----------> Modern OSX compile for 64 bits. Mono needs 32 bits. Compile (as root) with:
Code:
sudo su
./configure CC="gcc -m32"
make CC="gcc -m32"
make CC="gcc -m32" install
*Note: it takes a looooooooooooooooooong time to load the first time. be patient
*Note2: if mono yells about needing X11 for Winforms, download Wireshark for OSX, which has X11 easy installation inside (needed for it).
Download links
Kin Driver (libusb-win32): (Create one with InfWizard for the kin PID and VID)
32 bit version: http://www.mediafire.com/?0nhrdn7f5je6dcx
64 bit version: (please use above version)
Source: ***Still needs a bit more documentation, cleaning and binary testing for errors ***
* Note that i DONT have a 64 bit hardware, so i based its compatibility on the failed running in my Windows 7 (aka "this is for other architecture error")
** Note that to use this driver you MUST remove the Zune driver. I recommend to test it on a clean virtual machine first
Functions
- TreeView Kin Storage explorer (Auto Resyncs after each operation)
---> Select one or multiple items with the checkboxes next to them.
- Batch upload to the kin (to the root of the tree)
---> Select one ore more files from the selection dialog and go go go. Any file, anytime
-------> **Danger** pressing twice will upload files twice, be patient.
- Multiple file download from the kin
----> Mark any file from the tree and press "Download". The file will be downloaded to a subfolder "Downloads" next to the exe, where the tree storage has been replicated.
-------> **Danger** Folder and Playlists and other files are just logical, and have no size, so program deals with them as folders (and are created emptied in the local system at the pc)
- Multiple file delete
-------> Mark any file from the tree and press "Delete". After confirmation, the files selected will be removed from the device.
-------> **Danger** Folders are not deleted. Infobox at the bottom will inform you if a file could not be deleted.
-------> **Danger** I trickied it so the storage root could not be deleted... ahhh smart little fellas.. you were already thinking in that huh! rofl.
Known issues
- During my random tests around, i found that sometimes (dunno why exactly), the kin <-> Kino communication skips a step, messing up the mtp communication schema. The solution i used in this release was to show the root storage without children nodes. As this case is an error, you should tell me if you know a repeatable way to get it so i can retest and solve it.
To keep going with the kin, close Kino, and unlock the Connected window (slide your finger over it) and unplug & plug the usb again.
F.A.Q.
- Q: No donation button in the end?
- A: Nope. Just when it proves to be useful .
- Q: This works with Kin One devices?
- A: No. I only have access to Two (bricked) and TwoM devices, so cannot test for the little round turtle.
- Q: Do you provide a driver for Kin?
- A: Yes. It is only a bridge from the programs to the libusb-win32 functions. Unfortunately, you would have to remove the zune driver (Hardware manager) before using this one.
- Q: This bricks kin devices?
- A: At all.
- Q: This can hack the device?
- A: No. This is only a tool to upload and download files to your kin. If later it's used to hack, good anyway
- Q: Can this upload *any* file to the kin storage?
- A: Yes, binary files like exe, cab,pdf, ... will be labeled as 0x3000 (undefined filetype) for the kin.
- Q: Can i take the code and make my version called OmgKinManager?
- A: Yup. It would be a nice detail to include a little text in "about..." regarding me though

kk, apart from the above, i'm a bit stuck on the uploading procedure, doing it dinamically, not with known filesizes like i tested before.
I will try to get it to work and allow multiselection file dialogs.
Later, downloading, which is easier, as i just request files. I will try to make the selectable tree work, so several files can be downloaded at a time.
Btw, the tree is not a demo, it's my real storage, being asked to the kin. It's a long process, as i ask for the id's and their values to the kin to create a Tree structure, later parsed by the interface.
Whenever that and deletion is done, i will upload both the driver and the program/source to the public.
For Zune's functionality lost scared people, i would suggest to try on a windows virtual machine first (which i will do to test for .net framework requirements and so)

Way cool imn glad to see some progress

Nice work! I spend a lot of time on this forum reading posts and 75% of the time it's your post. You've spent a lot of time working on this project and we all appreciate it. Expect a donation from me in the near future

I'm speechless.

Hey john, you have only gotten into the media section correct? What type of things have you gotten to do if i may ask. If you want, I can help get "into" the other parts of the phone. A.K.A contacts. That's my main concern right now. I could care less of customizing the OS (which I will get to if you care to lend a hand.) Since I don't want to Say anything just yet, send me an email to [email protected]. I would like to help. I'm on my phone at the moment but tomorow I'll post how i got the phone into a writeable state (which I don't know if it still work. I've only tested twice.) If it doesn't work tomorrow, I'll donate my time during the week helping you guys. I may need to get a new battery.
P.S. It's taking me awhile to do this becuase I dont want to brick my phone. Im definately not using my enV touch!

please, read the faq above. this is not a hacking thing, but a sync one.
to be honest, i dont care about contacts cause i dont use this phone to make calls and i just wanted it to be more open. pinned apps or phone settings storage would be my only interest apart storage folder.
also, i dont want to keep secrets or long term waiting things. post what you want or dont post, but dont make it a teaser of nothing. plus i dont wanna go emailing people.

Props to you. Great utility, if it were able to get deeper into the system. Then it would be golden.

Edited for many reason

As some other forumeer seems to have gotten into the phone system, imma halt this development till acess range is shown (filesystem / storage / settings), if any.
There's no need to redo all the required mtp subsystem if we can get there by other (easier) means. OS native explorer, for example.

just go ahead and work on it in case the other guy fails. ^.^

oaktree333 said:
just go ahead and work on it in case the other guy fails. ^.^
Click to expand...
Click to collapse
Nice future-sight on this post

I just tested the file upload in the command-line again with static (coded by hand) filesizes.
Here is a new vid (hahaha famous ultralowres) where a file is upload to a just-formatted kin (CB+power).
File: dstpa.mp4 (BEP- Don't stop the party), 33.1MB
Destination: Kin storage root
Playable after upload: yup!
Mp4 tags: At all .
Just a upload showcase, not just naming the procedure .

nice nice ^.^
more freedom in file management I like.

woot goodjob

I have to give you kudos for your dedication. You kept at it even after you bricked your first kin.
I patiently await a release.

I'm trying to get the alpha release up today (tonight here).
I was in the mood and moved my coding-ass. Solved most of the problems on-the-go, but downloading.
I'm trying to allow multidownload keeping same directories on the pc... just cause i wanted to... rofl.

Hummmmm,
EVERYDAYIAMSHUFFLIN
Mmm after discovering several things, and implementing a lot of bugfixes (didnt know some things about MTP), there it is.
here, and all the versions are updated and uploaded in the 1st post, among the driver for it.
As posted there, i suggest to use it on a virtual machine with .net framework 2.0 cause the removal of the zune's driver for the kin.
You can now take your kin and (if the driver & program behave correctly), upload the files you want to the Kin.
Any type of file, any time.
I'm pretty naughty telling this, but apart from uploading....... i don't check for the file contents... so if any of you want to turn a .exe into .mp4 to look for exploits i wouldnt blame you for testing....
Double naughty if i say that Zune doesnt load info from the files itself, but only what was transfered from MTP (.. poor fella)
You can check that, cause it will only load the filename and name of the mp3, ... cause i did that (before today, i just sent filename, which makes its name blank on zune, like you saw in my video from BEP).
Hope you all enjoy and no errors appear.. rofl.
Btw, there's no donate option, cause i think it's more fair to think about that when the program is known to work, and not just alpha releases .
It's 02:53 AM here, so i better go to bed, to work tomorrow and that things....

I just wish this thing could play games lol.

@Johnkussack
Wow. I have to say thank you for putting your time and effort into really hacking this phone. I can't wait to see someone get android or wp7 running on this thing (if it's even possible with the hack you have, I'm not sure). Ether way, thanks for everything.

[Release]XapSpyAnalysis - a graphical tool for runtime analysis

Hi XDA developers!
Today I present you my first open source software called XapSpyAnalysis. You can download a compiled version and the sourcecode at xapspyanalysis.codeplex.com. It is an extension to Behrang Fouladis excellent XapSpy tool.
First, you need to use XapSpy. You need to start XapSpy and select a XAP package you want to analyse. It will be unpacked, stripped from its licence information, patched, signed and repacked. The next step is to launch the Emulator. This is automatically done from XapSpy. After it is booted, the application will get deployed to the emulator. After this is completed, XapSpy will inform you, that you can run the Monitor from inside XapSpy. This is where XDEMonitor kicks in. It will log all method calls and its variables it can get from the emulator log window. When you are finished, you can stop the recording and save the file to your harddisk.
This file can be loaded into XapSpyAnalysis. It will parse the file and display its raw content in the first tab. You can now switch between different views. You can display a table that contains all method calls with their variables, the DLL file from where the method call originates and its time. The next tab lists all method names and their number of calls. The next tab lists statistic values like how many method calls were registered and how many of them were unique method calls.
The final tab displays a graphical analyis of the method calls. The x axis displays the point of time, when the method was called. The y axis displays the number of method that was called. This is an unfortunate restriction from the used graphic framework. You can find a legend on the right side of the diagram. It maps the numbers to method names. But you can also point your mouse cursor on any of the data points in the diagram. A tooltip will be availabe that shows you the corresponding method name.
Now some screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This screenshot shows an application, that crashes three times. You can see this from the data points starting with method 0 (InitializeComponent) and method 22 (Application_UnhandledException).
This screenshot shows an application that is properly executed and closed. It starts with method 0 (InitializeComponent) and calls a camera chooser (which is why method 0 is again called). This is a good example to see how Windows Phone 7 Multitasking and tombstoning works, because you can see when the methods Application_Deactivated and Application_Activated are used.
I hope this tool might be useful for some of you, especially when you want to understand how an application works. The apps can be even obfuscated. You will than only see method names like A, B, C etc. You can even check what other applications do, when they crash and that without having the source code.
If you have any ideas or find some bugs (and there will be bugs ) you can write me here on XDA or at Codeplex bugtracker. Already existing bugs and limitations can be found in the codeplex documentation.
Cheers,
Markus

rudelm said:
Hi XDA developers!
Today I present you my first open source software called XapSpyAnalysis. You can download a compiled version and the sourcecode at xapspyanalysis.codeplex.com. It is an extension to Behrang Fouladis excellent XapSpy tool.
First, you need to use XapSpy. You need to start XapSpy and select a XAP package you want to analyse. It will be unpacked, stripped from its licence information, patched, signed and repacked. The next step is to launch the Emulator. This is automatically done from XapSpy. After it is booted, the application will get deployed to the emulator. After this is completed, XapSpy will inform you, that you can run the Monitor from inside XapSpy. This is where XDEMonitor kicks in. It will log all method calls and its variables it can get from the emulator log window. When you are finished, you can stop the recording and save the file to your harddisk.
This file can be loaded into XapSpyAnalysis. It will parse the file and display its raw content in the first tab. You can now switch between different views. You can display a table that contains all method calls with their variables, the DLL file from where the method call originates and its time. The next tab lists all method names and their number of calls. The next tab lists statistic values like how many method calls were registered and how many of them were unique method calls.
The final tab displays a graphical analyis of the method calls. The x axis displays the point of time, when the method was called. The y axis displays the number of method that was called. This is an unfortunate restriction from the used graphic framework. You can find a legend on the right side of the diagram. It maps the numbers to method names. But you can also point your mouse cursor on any of the data points in the diagram. A tooltip will be availabe that shows you the corresponding method name.
Now some screenshots:
This screenshot shows an application, that crashes three times. You can see this from the data points starting with method 0 (InitializeComponent) and method 22 (Application_UnhandledException).
This screenshot shows an application that is properly executed and closed. It starts with method 0 (InitializeComponent) and calls a camera chooser (which is why method 0 is again called). This is a good example to see how Windows Phone 7 Multitasking and tombstoning works, because you can see when the methods Application_Deactivated and Application_Activated are used.
I hope this tool might be useful for some of you, especially when you want to understand how an application works. The apps can be even obfuscated. You will than only see method names like A, B, C etc. You can even check what other applications do, when they crash and that without having the source code.
If you have any ideas or find some bugs (and there will be bugs ) you can write me here on XDA or at Codeplex bugtracker. Already existing bugs and limitations can be found in the codeplex documentation.
Cheers,
Markus
Click to expand...
Click to collapse
Fascinating! I'll have to check this out against my xaps

I tried to follow the instructions but they were a bit confusing. The program crashes every time I select a XAP

@snickler: I am looking forward to your feedback
@MJCS: Ok, where do you get stuck? I still need to write a better documentation I guess
You downloaded Behrangs XapSpy and replaced the XDEmonitor files with the files from my version? Do you use the WP7 or WP7.5 SDK? There is an important difference regarding the naming of the emulator. In WP7 it is called Windows Phone 7 Emulator, while in WP7.5 it is just Windows Phone Emulator.

I am using 7.5
**
Ahhh I just noticed the 7.1 binaries. Now it works. Thank you!!!

Glad to hear I am really looking forward to your feedback!

AES128 Encryption and other stronger Security in bada 2.0

Preview_Image.qmg.dcf
Code:
application/vnd.securecid:00000blabla
Encryption-Method:[B]AES128CTR[/B];padding=;plaintextlen=0000347100
Delivery-Type:'[FL]'#harharidxot
Protection of Themes...
Best Regards
Edit 1.
It seems funny protection for Samsung Apps Store content...
Apps. Themes, etc...
application.xml.dcf
manifest.xml.dcf
Click to expand...
Click to collapse
This remember me on BREW MIF files...
It could be that IMEI is involved...

yes
these *.dcf stuff really pissed me off
I was trying to integrate Facebook update in my last custom ROM but with no success due to these new stuff
Best Regards

Caution with sharing files with *.dcf
Maybe your IMEI or something else privat is in this package...
To identify Spoofer...
This remember me on BREW and encrypted MIF files...
It seems bada will be now more BREW Clone... with Trial Version by time...
or rent an App
Stupid Question...
Is *.dcf since KJ1 or also in previous Versions like KH3 and so on?
Best Regards

it was in BUKI1 and XPKH3 as i recall

Media file encoded with DRM (Digital Rights Management) copy-protection; used by some cell phones for saving protected ringtones, pictures, videos, and other media clips; similar to a .DM file, but the rights object, which allows the encrypted data to be played back, is contained in a separate file.
Because DCF files are saved in a protected or "locked" format, they can typically only be opened using an authorized DRM-compatible cell phone.

dcf protection was in every 2.0 beta firmware. Starting from KH1 for S8500. Application.xml and Manifest.xml files and all files of installed themes. In new themes from Samsung Apps (with Content Type "Theme " instead of "Native Application" like for bada 1.x themes) smt files are also protected. Personally I'm happy for that as theme creator
dcf is also used for .js files in installed widgets. In bada 1.x.

Trzebiat said:
dcf protection was in every 2.0 beta firmware. Starting from KH1 for S8500. Application.xml and Manifest.xml files and all files of installed themes. In new themes from Samsung Apps (with Content Type "Theme " instead of "Native Application" like for bada 1.x themes) smt files are also protected. Personally I'm happy for that as theme creator
dcf is also used for .js files in installed widgets. In bada 1.x.
Click to expand...
Click to collapse
Haha yes you right i see your some works but its interesting to make all compeltely changing gui... If Samsung make's better theme creator then we dont need to decrypt anything !!!
Maybe you make fall her some trick's
My last works big deception cause theme creator not verry complete
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Tigrouzen said:
Haha yes you right i see your some works but its interesting to make all compeltely changing gui... If Samsung make's better theme creator then we dont need to decrypt anything !!!
Maybe you make fall her some trick's
Click to expand...
Click to collapse
Yeah, I know. Even the new STD sucks. I can do more modifications manually than directly in STD, for example - colors of the whole interface. It's more than 90 elements (fonts in Messages, Email, read/unread, sliders, background). And STD allows to change color of only six elements... No comment. Even not all icons can be changed. I mean Gtalk icon, which is no supported in STD, but I can make that icon works manually

Trzebiat said:
Yeah, I know. Even the new STD sucks. I can do more modifications manually than directly in STD, for example - colors of the whole interface. It's more than 90 elements (fonts in Messages, Email, read/unread, sliders, background). And STD allows to change color of only six elements... No comment. Even not all icons can be changed. I mean Gtalk icon, which is no supported in STD, but I can make that icon works manually
Click to expand...
Click to collapse
Same do it but take to many time. The tricks 's i want to know ist this lol

Trzebiat said:
Yeah, I know. Even the new STD sucks. I can do more modifications manually than directly in STD, for example - colors of the whole interface. It's more than 90 elements (fonts in Messages, Email, read/unread, sliders, background). And STD allows to change color of only six elements... No comment. Even not all icons can be changed. I mean Gtalk icon, which is no supported in STD, but I can make that icon works manually
Click to expand...
Click to collapse
Could u please tell me what all are editable manually in bada 2.0 and how to do that....Thanx in advance

dcf is also used for .js files in installed widgets. In bada 1.x.
Click to expand...
Click to collapse
Thanx.
I'm not using Widgets...
Will try to find such files for investigation.
Best Regards

Compared Font between S8500 and S8530...
*.dcf files is clear...
But also Appinfo.sys minor changes...
Signature.xml is same... and the others...
Certificate RSA 1024 is clear...
For AES128CTR we could find the Key... I think.
AES 128 Bit Key seems 16 Byte long...
Best Regards

Code:
ftypSADF
SADC_GetFileHeader Sucess!
Interesting... *.oap files
Code:
SAMSUNGAPPSDRM
Can be find also in apps_compressed...
*.app files from Kies seems different...
Btw.
bada 1.x Apps installed via Kies on bada 1.2:
No *.dcf
Same install package on bada 2.0:
*.dcf files...
So encryption seems from handset... not from Samsung Server...
Best Regards

Delivery-Type:'[FL]'#359______7-
Click to expand...
Click to collapse
Caution... if you copy *.dcf files or upload somewhere.
Not forget to remove your IMEI.
Best Regards

adfree said:
Code:
ftypSADF
SADC_GetFileHeader Sucess!
Interesting... *.oap files
Code:
SAMSUNGAPPSDRM
Can be find also in apps_compressed...
*.app files from Kies seems different...
Btw.
bada 1.x Apps installed via Kies on bada 1.2:
No *.dcf
Same install package on bada 2.0:
*.dcf files...
So encryption seems from handset... not from Samsung Server...
Best Regards
Click to expand...
Click to collapse
SADF :
The sadf command is used for displaying the contents of data files created by the sar(1) command. But unlike sar, sadf can write its data in many different formats (CSV, XML, etc.) The default format is one that can easily be handled by pattern processing commands like awk (see option -p).
The sadf command extracts and writes to standard output records saved in the datafile file. This file must have been created by a version of sar which is compatible with that of sadf. If datafile is omitted, sadf uses the standard system activity file, the /var/log/sa/sadd file, where the dd parameter indicates the current day.
The interval and count parameters are used to tell sadf to select count records at interval seconds apart. If the count parameter is not set, then all the records saved in the data file will be displayed.
All the activity flags of sar may be entered on the command line to indicate which activities are to be reported. Before specifying them, put a pair of dashes (--) on the command line in order not to confuse the flags with those of sadf. Not specifying any flags selects only CPU activity.
SADC :
The sadc command samples system data a specified number of times (count) at a specified interval measured in seconds (interval). It writes in binary format to the specified outfile or to standard output. If outfile is set to -, then sadc uses the standard system activity daily data file, the /var/log/sa/sadd file, where the dd parameter indicates the current day. By default sadc collects all the data available from the kernel. Exceptions are interrupts and disk data, for which the relevant options must be explicitly passed to sadc (see options below).
also SAR :
The sar command writes to standard output the contents of selected cumulative activity counters in the operating system. The accounting system, based on the values in the count and interval parameters, writes information the specified number of times spaced at the specified intervals in seconds. If the interval parameter is set to zero, the sar command displays the average statistics for the time since the system was started. If the interval parameter is specified without the count parameter, then reports are generated continuously. The collected data can also be saved in the file specified by the -o filename flag, in addition to being displayed onto the screen. If filename is omitted, sar uses the standard system activity daily data file, the /var/log/sa/sadd file, where the dd parameter indicates the current day. By default all the data available from the kernel are saved in the data file.
I investigated from Network Samsung application and i see they use SAP Network with ABAP and some BAPI
http://www.sdn.sap.com/irj/scn

Code:
(DRM_ENGINE_EMERALD)[File Path]
../SHP3/AppSvc/Drm/OMADRM/Engine/Emerald/content/Drm2[B]DCF[/B]Control.cpp
Best Regards

adfree said:
Code:
(DRM_ENGINE_EMERALD)[File Path]
../SHP3/AppSvc/Drm/OMADRM/Engine/Emerald/content/Drm2[B]DCF[/B]Control.cpp
Best Regards
Click to expand...
Click to collapse
You can find source on Android but i dont know wich version !!!
Need more search :
http://pastebin.com/97YDhD0r

Emerald
http://www.emeraldinsight.com/index.htm?PHPSESSID=paevk4ahgnr8k6hs3al9fsg0i1
http://www.nttdocomo.co.jp/binary/p...echnical_journal/bn/vol12_4/vol12_4_052jp.pdf
Source but for Symbian S60
http://www.koders.com/c/fidA3ABFA85C2AAD94E2E2AFABEBC5F981F03F80BDA.aspx?s=sort

Found this during install...
licenseblabaDigits.xml
after an while
licenseblabaDigits.xml.dec
Then you can read such things...
http://www.w3.org/2001/04/xmlenc#kw-aes128
Code:
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
<xenc:CipherData>
<xenc:CipherValue>[B]44 Bytes...maybe - 2[/B]</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
Best Regards

http://wso2.org/library/knowledge-base/how-does-soap-message-encryption-work

[HACK] Using complete Windows API in Windows Store app (c++)

As we know, MS prohibits using most of standard Win32 API in Windows Store applications. Obviously there are lots of ways to overcome this limit and to call any API you like, if you are not going to publish your app on Windows Store. And here is one of them.
Idea is really simple and rather old (lots of viruses use it): search for kernel32.dll base in memory, then parse its exports for LoadLibraryA and GetProcAddress, call them - and get profit.
Writing here so this post can be indexed by google.
Partial code:
Code:
void DoThings()
{
char *Tmp=(char*)GetTickCount64;
Tmp=(char*)((~0xFFF)&(DWORD_PTR)Tmp);
while(Tmp)
{
__try
{
if(Tmp[0]=='M' && Tmp[1]=='Z')
break;
} __except(EXCEPTION_EXECUTE_HANDLER)
{
}
Tmp-=0x1000;
}
if(Tmp==0)
return;
LoadLibraryA=(t_LLA*)PeGetProcAddressA(Tmp,"LoadLibraryA");
GetProcAddressA=(t_GPA*)PeGetProcAddressA(Tmp,"GetProcAddress");
CreateProcessA=(t_CPA*)PeGetProcAddressA(Tmp,"CreateProcessA");
HMODULE hUser=LoadLibraryA("user32.dll");
MessageBoxA=(t_MBA*)GetProcAddressA(hUser,"MessageBoxA");
MessageBoxA(0,"A native MessageBox!","Test",MB_OK);
STARTUPINFO si;
memset(&si,0,sizeof(si));
si.cb=sizeof(si);
PROCESS_INFORMATION pi;
CreateProcessA("c:\\Windows\\system32\\cmd.exe",0,0,0,FALSE,0,0,0,&si,&pi);
}
Complete project is attached. It contains sources and compiled appx files for side-loading.
Code compiles fine for x86/x64 and ARM, tested on x86/x64. Can someone test it on ARM? Ability to sideload metro apps is required.
The application should output a MessageBox, then execute cmd.exe.
A note: Windows Store application runs in a sandbox and as a limited account, so most of API returns "access denied". You can check this in a launched CMD - it displays "access denied" even on a "dir" command because normally "modern ui" apps don't have even read access to c:\.
To overcome this - add "all application packages" full control to the directories/objects you like (for example to c:\).

Works perfectly on my Windows 8 x64 Tablet :good:... its not ARM based though ...

Can i use this to run a non-store app?
Here is the catch, I have managed to get the installed (not the installation) file from a kind member here on XDA. But when I paste the folder in:
C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe
The app isnt seen on the metro UI?
Any way to start a scanner of some sorts so that I can see the app in Metro.../?
THanx a ton!
Plz feel free to laugh a little at my noobish question...im stil learning..

Works perfectly on my surface RT!
but type dir in CMD returns "access denied".

There are no code signature checks from the command prompt that you launch.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Code:
#include <iostream>
void main()
{
std::cout << "Hello RT World!\n";
}
Compiled as an exe with info in http://stackoverflow.com/questions/...op-programs-be-built-using-visual-studio-2012

Open properties of your disk c:, go to the security tab and add "ALL APPLICATION PACKAGES" == full control. In this cage "dir" command would work, and your apps would be able to access whole filesystem.

Sorry if it's unrelated, but does RT check signatures for loaded DLLs too? Can one run regedit and change some system CLSID to point to unsigned library, will it be loaded?

Simplestas said:
Sorry if it's unrelated, but does RT check signatures for loaded DLLs too? Can one run regedit and change some system CLSID to point to unsigned library, will it be loaded?
Click to expand...
Click to collapse
Unless the dll is loading with a restricted security policy (such as through a Metro app) it is checked, yes.

Excellent work on the 'App1' technique of starting a cmd prompt from a modern app, and the fact it can run other unsigned cmd line apps.
Note that the cmd prompt still runs in the modern app container and probably has lots of restrictions
And also it only runs when the modern app is running and effectively freezes when the modern app goes into the background and suspends
Don't seem to be able to run win32 gui apps from the cmd prompt it starts -- they start but immediately terminate, presumably because the full win32 stuff cant initialise in a modern app container.
But can tum gui win32 api's, like the create dialog one, from the App1 modern app
Luckily we can also test, investigate and debug this on an intel Windows 8 system (dual monitor is best) when trying to work out what is going on, and then test on ARM after that.

@Simplestas: LoadLibrary is also blocked, I'm afraid. One fo the first things I tried was creating a DLL compatible with the built-in rundll.exe program and using that. It failed to load the third-party library.
@xsoliman3: Don't forget the debugger. You can't run it on the RT device right now, but there are (official) tools for debugging RT apps remotely. That should allow connecting to the child process and seeing what happens as it starts up.

GoodDayToDie said:
@Simplestas: LoadLibrary is also blocked, I'm afraid. One fo the first things I tried was creating a DLL compatible with the built-in rundll.exe program and using that. It failed to load the third-party library.
@xsoliman3: Don't forget the debugger. You can't run it on the RT device right now, but there are (official) tools for debugging RT apps remotely. That should allow connecting to the child process and seeing what happens as it starts up.
Click to expand...
Click to collapse
Great seeing you again!
Anyways, I determined from some work with the VS Remote Debugger that the integrity checks are enforced in ZwCreateUserProcess. But, I bet LoadLibrary has its integrity checks in user-mode, since it normally doesn't access any functions using a call-gate to the kernel on Windows 7, which would mean we can modify it to allow us to load unsigned DLL's.
However, with this vulnerability, I had a different. What about allowing a native application to open, such as Notepad, and before it reaches the entrypoint, remotely injecting a different application to be ran (this would involve some sort of custom LoadLibrary + CreateRemoteThread pair of functions)? With the VS Debugger, you can already attach to any native process in user-mode and modify running code, data, and even the context (e.g. registers and similar data).

That suggestion is possible, and for trivial operations (i.e. replacing some strings in a program, or causing it to take one branch instead of another) people have already done so. Doing a wholesale replacement would be tricky, but should be possible (perhaps aided with WinDBG scripts or similar).

GoodDayToDie said:
Doing a wholesale replacement would be tricky
Click to expand...
Click to collapse
Not so tricky, I've already made a prototype on desktop Win8. Just make an ARM DLL that implements a PE loader using only 2 WinAPI functions - LoadLibrary (used only to get kernel32 handle) and GetProcAddress. Inject that DLL code and data sections via debugger, fixup relocs (you can minimize their amount in your "loader DLL" by not using global variables, placing all code into one file, not using CRT at all, and so on, ARM makes it easy to create position-independent code), and call your injected code via debugger passing it the address of LoadLibrary and GetProcAddress as parameters. Your code than would do what you wish - load and execute an unsigned DLL that you specify.
With this trick you can load EXE files too, as all ARM EXEs contain relocs by default.
But this way is too inconvenient to the end-user, so should be avoided. I really think that MS left enough holes for us to "unlock" unsigned apps on retail WinRT devices.
I'm already thinking on buying an Asus tablet with 3G (instead of waiting for a better device that I wish), so after NY holidays I'll join your game

Ah, that's a much more clever approach than actually trying to load the full program using the debugger itself... if it works. LoadLibrary triggers the same signature check that CreateProcess does (or rather, the system calls that they do will perform that check; if it was user-mode we could bypass it with the debugger). Your method may work, but since the desktop doesn't have the signature check anyhow, prototyping it there doesn't actually mean it will work on RT. Try it out and let us know how it goes, and if it works, posting your source would be awesome!

GoodDayToDie said:
Ah, that's a much more clever approach than actually trying to load the full program using the debugger itself... if it works. LoadLibrary triggers the same signature check that CreateProcess does (or rather, the system calls that they do will perform that check; if it was user-mode we could bypass it with the debugger). Your method may work, but since the desktop doesn't have the signature check anyhow, prototyping it there doesn't actually mean it will work on RT. Try it out and let us know how it goes, and if it works, posting your source would be awesome!
Click to expand...
Click to collapse
He doesn't mean making a prototype and importing from kernel32.dll. He means manually mapping the PE file, then using either CreateRemoteThread or modifying the context of a thread already launched to run it once it's in the memory address of another process. It's basically DLL injection with our own implementation of LoadLibrary. It would work because LoadLibrary doesn't use any system calls except to map memory (and mapping memory doesn't have integrity checks of any sort, and it shouldn't be design -- e.g. VirtualAlloc).
A bigger problem I thought of is automating this. I took a quick peek with Wireshark at my remote debugging session and saw HTTP with what appeared to be a proprietary protocol. In order to automate this from another computer (or any mobile device for that matter), we would need to reverse engineer the protocol. Or, an alternative would be to hook into Visual Studio once the debugging session is launched (maybe just a nice VS plugin would work?).

mamaich said:
Code:
void DoThings()
{
char *Tmp=(char*)GetTickCount64;
Tmp=(char*)((~0xFFF)&(DWORD_PTR)Tmp);
while(Tmp)
{
__try
{
if(Tmp[0]=='M' && Tmp[1]=='Z')
break;
} __except(EXCEPTION_EXECUTE_HANDLER)
{
}
Tmp-=0x1000;
}
if(Tmp==0)
return;
Click to expand...
Click to collapse
I was looking through the provided sample -- wouldn't our own GetModuleHandleA implementation be a better way of doing this? I'm just thinking should the alignment be changed in kernel32.dll it may be better to have something like this:
Code:
522 if (!name)
523 {
524 ret = NtCurrentTeb()->Peb->ImageBaseAddress;
525 }
526 else if (flags & GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS)
527 {
528 void *dummy;
529 if (!(ret = RtlPcToFileHeader( (void *)name, &dummy ))) status = STATUS_DLL_NOT_FOUND;
530 }
Source: http://source.winehq.org/source/dlls/kernel32/module.c#L504
Grabbing the Peb (NtCurrentTeb()->Peb) would involve pulling from the FS register at offset 0x30. Implementing this on ARM could be trickier, as I'm not sure of the inline assembly or availability of intrinsics (not to mention, it would be stored somewhere else than the FS register).
Now, for the PC, it appears __readfsdword is available as an intrinsic, so this *should* work on x86 installations of Windows 8.

mamaich said:
Not so tricky, I've already made a prototype on desktop Win8. Just make an ARM DLL that implements a PE loader using only 2 WinAPI functions - LoadLibrary (used only to get kernel32 handle) and GetProcAddress. Inject that DLL code and data sections via debu
Click to expand...
Click to collapse
I think this approach (of injecting own loader as far as understand) has such problem(even if implemented & automated)
Loaded exe can have own dependant dlls(any complicated-usefull proj has) that it cant load because of signing checks (and even more problems if it uses dynamic loading of own dlls and getprocaddress)
Or do i miss somth in your idea?

Will I be able to read/write to a parallel port using this method? Do the limited store apps have sufficient permissions to do that? Writing to a parallel port requires calling
Code:
hndleLPT = CreateFile("LPT1",(GENERIC_READ | GENERIC_WRITE), 0, 0, OPEN_EXISTING, 0, 0);
. Will this succeed?
Will I be able to successfully load this: http://www.highrez.co.uk/Downloads/InpOut32/default.htm ?
---------- Post added at 03:01 PM ---------- Previous post was at 02:11 PM ----------
This looks like an improved method to get the base address:
http://tedwvc.wordpress.com/2013/07/19/finding-the-kernel32-dll-module-handle-in-a-windows-store-app-using-approved-apis/

You should be able to do that using CreateFile2, which is permitted in Store apps already (no need to use the rest of the Win32 API). As for the permissions, I don't know, but it will probably work.
I mean, assuming your computer *has* an LPT port. I haven't seen one of those in a while...

how about the other way round? can a desktop app have access to the full windows 8 api (including those reserved for win store apps only)?