I know this may seem rhetorical, as most people use their PDA as WiFi clients. However, i've noticed a plethora of cheap SDIO WiFi cards, many of them OEM's. In fact, I have an Ambicom branded SD WiFi card which is actually the same OEM card as produced by Spectec in Taiwan. Unfortunately i haven't seen a pocketpc driver by them that supports the softap function. The specs for the cards show that they can do "Host AP Mode", which is what it takes.
What this means, is that with these cards it should be possible to turn the Harrier/(Blueangel with SD Wifi Card) into an actual Access Point.
My knowledge of how the Windows Mobile kernel operates and its packet routing infrastructure is pretty much nil. I have seen that you can add ICS (Internet Connection Sharing) as a catalog option when compiling a rom for Windows CE. An older product called Segue SoftAP by PCTEL actually did something similar while running under Windows XP, and utilized the built in ICS on it. I'm just curious if anyone knows of a way to build a ROM that something like this could be done through. I've never even seen a DHCP server for pocketpc, so there would need to be a few new things written for sure.
I would just like to know if this is absolutely impossible to do because of the operating system, i know that the hardware can do and handle this, easily.
Also, to know if there is an interest in having something like this by the users in the community.
Would be nice with a video capture device - streaming video from the handset directly to connections.
IH.
Actually, personally i was planning on using it with the Sony PSP to have internet access for it...
There would be many benefits to having the device set up as an access point. Almost limitless.
I guess i'll answer my own question. Apparently there is no routing built in to the OS (PocketPC).
However, companies like airscanner have managed to write drivers which interface to NDIS 6.0 for a firewall. Someone writing a packet router would be really cool.
Mmm at last, the thing was discovered, and just experimentation is needed, so we can test the syncing (Cheack Thread Page 3).
Old post text:
Code:
Mmm as I am far from a selfish guy, and have been asked about this, i think that i will share in an independent thread for anyone to see.
Note that this comes from my own ideas, not tested as i cannot use MTP protocol anymore.
[SIZE="5"]Responsability Disclaimer[/SIZE]
This may be agains DCMA or laws about reversing in your country. It's not probably being that way as is a development to interoperate with an unsupported OS (linux) and its one of the exceptions, but i'm not responsable for any liability you can have or imagine.
[SIZE="5"]What is this for?[/SIZE]
This is the procedure to follow before thinking in hacking the phone itself, trying to get to write and read files from the device.
It could faild and serve to no purpose or be gold, depending on the success of the tests.
In the best case, this will lead to the reading and writing of files at will to the device storage.
[SIZE="5"]USB protocol Pre-Knowledge (fast)[/SIZE]
I know you dont wanna know about it, and i am far from an expert but i must just express that USB devices support two operations:
[B]Bulk Transfers[/B] -> Big chunks of data, used mostly for the common data transfers up to 512Bytes per transmission (at a max/time).
[B]Interrupt Transfers[/B] -> Short chunks of data, used for changing settings on the device or short burst of information.
For your personal knowledge, MTP protocol instructions are bunch of hex codes and [U]they use bulk transfers for all of the MTP instructions[/U].
[SIZE="5"]Required items - Gathering[/SIZE]
- Working Kin
- Windows OS as host OS
- USB sniffer / monitor (I like Usblyzer, has trial for 30 days)
- CPU with virtualization capabilities (google how to check)
- Vmware
- Mac OSX image dvd (Snow leopard)
- Software & registration from MacSpace for Kin Media Sync
[SIZE="5"]Procedure[/SIZE]
- Unplug the kin & close all zune software opened.
- Install OSX in an vmware machine
- Install and setup Kin Media sync for mac
- Kill the process that launches zune when you plug the device ("ZuneLauncher.exe")
- Plug the kin now. Use a port where no other device is, so try to put it not together with other usb device like mouse/keyboard which could send packets and confuse the capture.
- Install and setup usb sniffer for windows.
--- Set it to sniff/capture at the USB port where the kin is (it's a tree view structure, so easy to see where to put the check). [U]Dont do it at the left of the KIN device!!![/U] do it on the bus/port as you will disconnect the kin later. Press start capture.
--- Open the zune software and visually check that the sniffer is capturing data (eeeeeeeeeeeeaaaaaaasssssyyyyyyy as it appears there). If it doesnt, you'r doing it wrong, probably cause the port/bus issue.
--- Close zune
--- Reset the capturing (stop, dont save, start).
- Open the virtual machine if it isnt.
- In the virtual machine you should have Kin Media Sync installed, which autolaunches if you have plugged the phone (virtually).
- In the virtual machine window bottom right (vmware border) you will see an item with usb icon. Hover over it and see if the tooltip says KIN. If there are more, look for the right one. Right-Click on it and pick "Connect (Disconnect from host".
- Hopefully, the usb sniffer on Windows would turn mad and begin capturing data, while Kin Media Sync is opening on the OSX virtual machine.
- I cant remember if it does put the label "Connected" at the Kin (you should remember that window from the Zune syncing :P). If it does, close Kin Media Sync and stop the capture on the windows usb sniffer. Else, do a sync before closing (doesnt matter what).
- Save the captured log as a file (in my case, Usblyzer file).
[SIZE="5"]Yeah, but why this is better than other software?[/SIZE]
Other users (and myself) have tried software that uses the MTP software which has some success on getting info from the device but fail when it comes to do reading or writing to the device.
I guess it's probably because the rest of the protocol, the private part that microsoft uses (MTPz) has some control values through the usb that turn on/off device properties, among ones is the one to write/read files.
My first idea was to understand this through the Zune software, but as i said many times, it uses DRM (Janus) to protect the songs (sigh!) and the mtp specification varies if using DRM protection, so i can never find out a way to solve it, without hacking the Zune software cryptography itself (not my intention at all) or became an old man finding how to bypass it. In any case, the Zune software does a RSA challenge-response handshake to the kin before calling to MTP-OpenSession, i can assure that, so its out of reach.
On the other hand Kin Media Studio for the OSX has no official DRM and it can just do easy syncing, so it's pretty much obvious for a dev guy (i am, haha) that its an easiest way to replicate. So i tried to go that way and i was correct, so it just does normal operations through usb and control interrupts.
The problem is that the native sniffers from OSX only capture 16 bytes of data through the usb bus, so messages over that cipher were not reachable for me at the moment. I contacted apple USB master guys about getting a bigger limit, and the resumed answer was something (just much more politely) like: "you'r screwed & stuck with 16 bytes".
So the only approach is to emulate Kin Media Sync in an OSX virtual machine under a windows os machine for the best sniffer software. Another bad point for the fruit logo machines.... (and i'm an owner... imagine a hater!). Here is why I stopped, as my normal working device (laptop) is kinda old and has no VMX/virtualization support, so i couldnt setup the virtual machine for OSX, stopping all the needed setup.
[SIZE="5"]From sniffed data to magic[/SIZE]
At this point, comes the complicate part. Understanding & testing the packets sent to the device to make things work. This is the part where i was going to operate with a new device or my current one if it wasnt bricked/stuck.
The problem appears with this structure (what is on the logged sniffed session):
- Plug the device
- Device <-> OS Handshake (Interrupt/Bulk transfers possible)
- Kin media sync queries (Interrupt transfers)
- Kin media write/read enable (Interrupt transfers)
- Kin media MTP Open session (Bulk transfer)
- Kin media MTP GetStorageInfo (Bulk transfer)
..... more MTP xxxxx (bulk transfer)
- Kin media MTP Close session (bulk transfer)
- Kin media write/read disable (Interrupt transfers)
- Kin media bye bye sync queries (Interrupt transfers)
(if unplugged, the ones below)
- Device <-> OS Goodbye (Interrupt/Bulk transfers possible)
- UnPlug the device
As some of you may realize, normal MTP software used didnt make the "read/write enable" cause the kin is not a standard device. So they fail. Once some person identifies which of this interrupt values make the kin "Connected" window shown and also enables it to be writable, profit comes.
So to test this and later make it published, you need a program to communicate with the device itself and do what some of you called "send hex codes to the kin" (which technically is "bulk and interrupt transfering values to the kin")
There seems to be none, so i code one from scratch and could polish it a bit and giveaway as a Netbeans C++ proyect.
I had some success and it works ok as i reused it(almost all the code) to operate my G15 on linux, iluminating keys and using the LCD pixels.
[SIZE="5"]This can brick my device?[/SIZE]
The short answer to this is NO. The long answer is no again, but cannot be sure of what happens enabling the the device settings while testing. It may become frozen and need to be restarted for example.
During the few test i made, mine refused to operate within my usb program and it was autosolved by libmtp-tools, which did a protocol reboot and it just work as is without doing nothing.
Anyway, i was aware that it was better than getting stuck with the phone "as is".
mmm All being said above, i just leave space for you guys to think what you wanna do with the info and questions that may appear.
Thanks but Hardware Virtualization came up as a no on my laptop.
I hope someone else tries.
I know I know I have to change my username as there are many similar and it gets confusing.
Thanks for taking the time for all the above text
I had a quick read-over what you put, but haven't looked at everything in detail. My wife had a baby yesterday morning, so I'm finding myself rather busy as of late.
Anyway, I'm more than happy to run some tests. Here's what I have access to right now (at home), with much more available when I get back to work in two weeks:
XPS m1530 laptop running x86 Windows 7 (dual-boot to Ubuntu 10.10 running as the Joli OS front). No Hardware Virtualization available for this system, though it can run VMWare for 32-bit Windows OS's.
Macbook Pro (Intel 64-bit archetecture) running 10.6.7 Snow Leopard. Can set up virtual machines if needed, using VMWare, but I'm not sure if that's necessary or not.
Powerbook G4 (PPC) running 10.5.x (latest 10.5 build). Can't run virtual machines, but can be used if another source is helpful to trace.
My personal KIN TWOm running the M OS build. Can technically be reverted back to the TWO (non-M) OS, but I'd rather not lose everything as it's my working phone.
My wife's TWOm, not activated. I can probably play with this more, as she isn't ready to use it yet, but I'd be in trouble if I bricked it.
At work, I have access to a number of different computers and OS's, as needed. I don't think this would be necessary, but they are still there.
John, can I ask where you're at? I've gotten the notion that you're not in the US, as you've said you don't have access to a CDMA network. Is there any way we can get your phone to a US Verizon store for assistance?
klamation said:
Macbook Pro (Intel 64-bit archetecture) running 10.6.7 Snow Leopard. Can set up virtual machines if needed, using VMWare, but I'm not sure if that's necessary or not.
Click to expand...
Click to collapse
This has hardware capabilities (VMX feature), but you should have to install XP (or 7) through bootcamp and then install the OSX there, as the host must be windows. Anyway, you'r "lucky" as 64 bit machines can get up to 32 bytes from the usb bus, so 2x my limitation (not enough but more).
klamation said:
John, can I ask where you're at? I've gotten the notion that you're not in the US, as you've said you don't have access to a CDMA network. Is there any way we can get your phone to a US Verizon store for assistance?
Click to expand...
Click to collapse
I'm from Europe, so most phone network is common GSM with some 3G implementations. I didn bought the phone from verizon, so have no relation to them and hence, no way to give them the phone expecting a working return (why should they in any case?).
johnkussack said:
This has hardware capabilities (VMX feature), but you should have to install XP (or 7) through bootcamp and then install the OSX there, as the host must be windows. Anyway, you'r "lucky" as 64 bit machines can get up to 32 bytes from the usb bus, so 2x my limitation (not enough but more).
Click to expand...
Click to collapse
After I read the details of what you want to do, I thought the same thing. I have 64-bit Windows 7 set up on a bootcamp partition (I actually use VMware Fusion to run it, most of the time, but can natively boot into it, if I need). I have never been successful at setting up an OSX VM though, as it's not officially supported. If you have any reference on how to do it, I'm all ears. I'll do more research into it after posting this.
johnkussack said:
I'm from Europe, so most phone network is common GSM with some 3G implementations. I didn bought the phone from verizon, so have no relation to them and hence, no way to give them the phone expecting a working return (why should they in any case?).
Click to expand...
Click to collapse
Considering the phone is less than a year old, it should still be under warranty. I know I've taken phones into their stores before and had them reimage them. I should try that with the KIN to see if they can do it (if the stores actually have the ability to reimage a KIN phone, indicating they have a ROM of it)
I could assist, I have a tri-boot of vista, 7, and OS X.
I doubt that there is a 128 bit processor emulator, let alone the OS...so wouldn't a solution be to use the same technique ,but "freeze" the process to collect data being transferred?
When I mean freezing, I mean slowing the USB data transfer speeds (using hardware underclocking, on the computer and/or phone)
@klamation
http://www.redmondpie.com/how-to-install-os-x-snow-leopard-in-vmware-windows-7-9140301/
Also, it could be a hackintosh image, i guess. At least if it is able to install the kin media sync software...
awesome71717 said:
...
Click to expand...
Click to collapse
i didnt understand anything beyond the 1st line.
there is no need to slow anything as it was a OSX kernel limitation thing, period.
John,
Why do we need 64bit vmx capability to capture messages when the Zune Software is successfully messaging with 32 bit on windows machines? Obviously I am missing something important.
Dave
kintwouser said:
....Dave
Click to expand...
Click to collapse
You'r missing a more detailed reading of the first post.
Quoteing myself:
My first idea was to understand this through the Zune software, but as i said many times, it uses DRM (Janus) to protect the songs (sigh!) and the mtp specification varies if using DRM protection, so i can never find out a way to solve it, without hacking the Zune software cryptography itself (not my intention at all) or became an old man finding how to bypass it. In any case, the Zune software does a RSA challenge-response handshake to the kin before calling to MTP-OpenSession, i can assure that, so its out of reach.
Click to expand...
Click to collapse
John, I was talking about halting the processor of the phone to allow the cache of data to be recorded and cleared. Once cleared, the processor will resume and the cycle can be repeated until the data is fully collected.
Anyway, has anyone found a jtag port on the board?
awesome71717 said:
John, I was talking about halting the processor of the phone to allow the cache of data to be recorded and cleared. Once cleared, the processor will resume and the cycle can be repeated until the data is fully collected.
Anyway, has anyone found a jtag port on the board?
Click to expand...
Click to collapse
I guess that it would be feasible in a parallel universe. And not mentioning that it's a host os "problem" (st#### OSx), not the phone fault.
Also please posting random ideas without thinking about what you say. A jtag? really?
And in the random case where you can plug one JTag cable/homemade adapter.... how the hell will you use it? with what program? with what known hardware specific schematics?
We cannot handle a USB writing... forget about other access...
Trying to start up Mac OSX 10.6 on a dell 630 laptop but keep getting a cpu has been disabled by the guest operating system error. Maybe I can get a newer copy of MAC that will work.
@ kintwouser
If you are having problems, look for kexts oriented around vmware or your own hardware if you're using hardware acceleration.
@John
Ah. Well then I'll just hop into my Delorean that I modified to travel to alternate dimensions, rather than just through time.
Ok ok I'll try to resist irking you any further.
I just reread the Kin Media Sync to asure it, and you can install it over a 10.5.6 Osx which is the labeled "Leopard" (as is), so i guess easier to get.
Maybe a little hackintosh image would do the same thing, as we dont really need compatibility... as long as the Media Sync works i wouldnt care about having audio on the virtual machine, or networking.. whatever.
On my own plain of existance, i tried to follow the url i posted and went till 95% of the installation, but Virtual machine didnt keep installing, so i had to turn the pc (was about 3 hours). I guess i will try with another different image or my official leopard dvd's.
It's kinda weird in my case, using a macbook with windows to vitualize a OSX... haha.
I've been trying to install SL for about 30 hrs now with no success. I've tried three different versions. VMware 7 is OK here but ACPI errors keeps disabling the CPU during osx install. I have edited the vmx file to no avail. Some suggested that I need kext files but I can't install them if osx isn't installed. I'll keep trying as it is a quest now.
don't know if i am breaking the agreements of this forum since i didn't read it (ala the latest south park episode) but here:
http://tehparadox.com/forum/f51/snow-leopard-10-6-6-vmware-hackintosh-newbies-1973493/
No editing needed. You just need to get VMware Workstation from the official site and use that custom vmware osx image. I have tested it and it works. Now if only I had the phone I could really do some testing.
zero2duo said:
don't know if i am breaking the agreements of this forum since i didn't read it (ala the latest south park episode) but here:
http://tehparadox.com/forum/f51/snow-leopard-10-6-6-vmware-hackintosh-newbies-1973493/
No editing needed. You just need to get VMware Workstation from the official site and use that custom vmware osx image. I have tested it and it works. Now if only I had the phone I could really do some testing.
Click to expand...
Click to collapse
Great find, i'm downloading it atm. Well, i think they could have chosen a (mega)better site but's ok. Queued downloads.
I will try the "installation" in my bootcamped windows XP plus vmware and then kin media sync.... Now I need a phone too, heehehehehe.
John,
I got a 10.6.7 VM running on my Win7 bootcamp partition. I followed the steps you mentioned and was able to capture some USB sniff/trace logs of browsing the device and copying a file. (inexperience during the initial sync missed the bulk of the sync).
You can find the file at www.kyleandelin.com/KIN - let me know if this helps or if you need something more?
Phew, i saw a little pack of problems hahaha (unexpected!)
While i stopped doing this, there was a new version released (2.0) and its format is not readable with 1.6 (version i have).
Installing 2.0 didnt solved the issue, as it says that was captured with a 64 bitOS version and it's not compatible with 32 bits version..... The 2.0 is the first one that included the support for 64 bits.
Man, this is all against us haha.
So... possible solutions:
- Install v1.6. May not work on 64bit os
- Install v2.0 as 32 bit verison. May not work on 64 bits or may be autoinstalled and set to 64bits.
So... what to do from here:
Please, confirm my theory before going further.
- Perform a capture from unplug state (needs to be from start). Must include the plugin till kin shows the connected status.
- Stop the capture session.
- Check the captured data in usblyzer.
- Look for the first "Request" column with "Bulk or Interrupt transfer" value.
--- If there is no suck column in all the capture session, the whole process is futile (no MTP protocol would have been transfered) and we should rethink our options.
--- If there is, please check that its column "Raw data" contains at least "10 00 00 00 01 00 02 10 ... " or a very close value.
If i'm right, and the column matches, it means that usblyzer has successfully captured the mtpz OpenSession request. Also, if it was that way, the "magic" instructions would be the before it.
If there are more than 1 and it's not the first one, please check for it .
I am finally gonna get a new (working) device, so i think that things are going to be a bit fun in some time.....
This time, just MTP, no Qualcomm random options testing.. (hahahahaha)
I currently have a fireTV, two fireTV sticks, and a Raspberry pi all running XBMC (my plan is to replace the Raspberry pi with one of the sticks eventually). Each of these units currently keeps it's own database which makes them a pain to keep in sync. What I would like to do is move to a shared mysql database to keep track of my library, watched status, etc.
I know this can be done on a computer which is always on, but I would rather not have a PC running constantly just for this purpose. Is there any way to host the mqsql server on the FireTV (which is always on anyway)? Has anyone tried this?
I tinkered a little bit just trying to get it to work on my tablet using Ulti Server but could never get XBMC to successfully connect to the database.
My other option is to try and host it on my RT-N66U asus router as explained here: http://www.hints.dk/en/2013/03/13/mysql-server-on-rt-n66u-or-rt-ac66u-for-shared-xbmc-library/ but that requires a bit more modification than I really wanted to do.
collindv said:
I currently have a fireTV, two fireTV sticks, and a Raspberry pi all running XBMC (my plan is to replace the Raspberry pi with one of the sticks eventually). Each of these units currently keeps it's own database which makes them a pain to keep in sync. What I would like to do is move to a shared mysql database to keep track of my library, watched status, etc.
I know this can be done on a computer which is always on, but I would rather not have a PC running constantly just for this purpose. Is there any way to host the mqsql server on the FireTV (which is always on anyway)? Has anyone tried this?
I tinkered a little bit just trying to get it to work on my tablet using Ulti Server but could never get XBMC to successfully connect to the database.
My other option is to try and host it on my RT-N66U asus router as explained here: http://www.hints.dk/en/2013/03/13/mysql-server-on-rt-n66u-or-rt-ac66u-for-shared-xbmc-library/ but that requires a bit more modification than I really wanted to do.
Click to expand...
Click to collapse
1. Where is your media coming from? If a NAS or HTPC... why not host MySQL on there?
2. If you plan to retire the Pi, host the DB on there. This isn't as speedy as some would like but I haven't researched this recently and only had a 256mb Pi at the time.
3. If you have a hosted domain, it most likely comes with a MySQL DB (or several). You could use this option but again, it may not be the fastest due to latency.
3. From my experience on the Windows side, the problem with your UtilServer DB is probably related to a firewall. You need to figure out how to let Android openly communicate on port 3306.
fairplay89 said:
1. Where is your media coming from? If a NAS or HTPC... why not host MySQL on there?
2. If you plan to retire the Pi, host the DB on there. This isn't as speedy as some would like but I haven't researched this recently and only had a 256mb Pi at the time.
3. If you have a hosted domain, it most likely comes with a MySQL DB (or several). You could use this option but again, it may not be the fastest due to latency.
3. From my experience on the Windows side, the problem with your UtilServer DB is probably related to a firewall. You need to figure out how to let Android openly communicate on port 3306.
Click to expand...
Click to collapse
Thanks for the response!
1. Media is hosted by the RT-N66U wireless router. It can be modified to host MySQL but it requires some hacking to make it happen. Doable but not as elegant as I would like.
2. Yes, I considered that option but I have another project in mind for the pi. Still might go this route though.
3. No hosted domains
4. Certainly a possibility, although when I tried it I had the UtilServer DB and SPMC on the same tablet and still couldn't get a connection using the localhost address. I don't remember the exact errors I was getting (this was a few weeks ago).
This is actually a really interesting question. I know that there is android software to host a MySQL server, but never considered sideloading it on the FireTV for XBMC/Kodi library until now. I'm going to look into this prospect this weekend. I'll report my findings.
I haven't tested this being hosted from the FireTV yet, but I can confirm that I can host the database for Kodi on Android via my phone. I used Servers Ultimate Pro to do it and was able to connect from my phone as well as from the FireTV. I'd assume that it would work just fine from the FireTV as well, but still need to confirm.