Hi all,
has someone tried to get privileged access to wp7 via calls to conmanclient3? The RemoteAgent settings are all there (C:\ProgramData\Microsoft\Phone Tools\CoreCon\10.0).
Visual Studio 2010 does use the new CoreCon 10 files if it deploys to a real wp7 device. If it deploys to the emulator it does use the 5.1 files instead.
It looks like the settings for the 10.0 files differ from prevoius versions as the SmartDevice Tools of VS2008 (Plattformbuilder 6 based) won't work with the new files.
But in theory it should be possible to get access via a RemoteAgent (h__p://msdn.microsoft.com/en-us/library/microsoft.smartdevice.connectivity.remoteagent(v=VS.90).aspx), shouldn't it?
As cormanclient3, CMAccess and friends are all signed by microsoft and consist of native code it would be interesting to talk to someone who has already created a RemoteAgent based connection to a smartdevice. Is there someone out there?
Best regards,
-tobias
From the WP7 Developer Tools Application Deployment Tool, I'm pretty sure it's only using the CoreCon 10.0 files.
My RemoteExecute program here is using the Device classes (though I might have rewritten it a bit to get the Device.ConManServer), I'll now try the sample you linked too, and see if I can get it to work. File manipulation using the ConManServerseems to give lots of "Access Denied" errors, which I'm trying to work out why, and there's some stuff to be done with registry access as well, but this is the only way I've yet found of controlling the device from a desktop, without extra on device apps.
I check it with procmon, if you deploy to the emulator is loads the 5.01 files.
The MSDN Sample from above won't work as the service ids are from an older ce version. You need to use the ids from the file in corecon 10 addon folder.
do you get "access denied" or "not implemented" errors? Would be interesting if there is another set of files in the platform builder 7 which do implement additional functionality. I'd seen your remote execute program but I think the trick is to get a remoteagent running (looks like that's what visual studio does to get the debugger working).
regards,
- tobias
kuerbis2 said:
I check it with procmon, if you deploy to the emulator is loads the 5.01 files.
The MSDN Sample from above won't work as the service ids are from an older ce version. You need to use the ids from the file in corecon 10 addon folder.
do you get "access denied" or "not implemented" errors? Would be interesting if there is another set of files in the platform builder 7 which do implement additional functionality. I'd seen your remote execute program but I think the trick is to get a remoteagent running (looks like that's what visual studio does to get the debugger working).
regards,
- tobias
Click to expand...
Click to collapse
Ah, I'm just checking the Application Deployment tools, rather than the debugger, which would be a lot more useful... I think the emulator isn't really emulating, it's running using x86 code, and just acting like a WP7 environment (unlike the older emulators that emulated the entire hardware).
Will find the IDs for corecon 10 then, as that might make things work! (I've got device connections working, device name is "Windows Phone 7 Device".
I get Access Denied with most of them, though there is at least one function that's not implemented somewhere (I can't remember which one it is though!). The file manipulation APIs are quite different in the latest version of Microsoft.SmartDevice.Connectivity, with things like ProvisionDevice() not exisiting at all.
Will look at getting a RemoteAgent running, the functions are all there, and implemented, I just need the right IDs.
I can upload my code somewhere if you want (it's a little messy though!)
The result of probably more than 100 hours of solo hackery: a working COM DLL for allowing any application to elevate itself to SYSTEM (root) permissions.
What you need:
An interop-unlocked HTC phone. Sorry second-gen and Arrive users.
A working HtcUtility driver. It's possible some HTC update at some point crippled this. It works for me; if it doesn't work for you let me know what updates you have.
What it does:
Allows changing the security token of any application to give that app unrestricted permissions. At this point, you can call any user-mode API, perform any operation, with full access.
It also allows you to read or write any value from memory, even kernel memory (this is how it modifes the security token).
What it can be used for:
Darn near anything. If it can be done while the phone is booted, you can do it.
What it can't be used for:
Modifying the ROM - the R and O stand for "read only" and they mean it.
Interop-unlocking a phone - it requires interop-unlock to get root in the first place.
How to use it:
In your app, include the HtcRoot.dll library.
Include the code from DriverAccessTest.cs in the test app (defines the COM API and enables using it).
Call the OpenHtcUtility function (will throw an exception if your device is incompatible).
Call the MakeMeRoot function (can also throw exceptions).
(OPTIONAL) Call the ReturnZeroIfRoot function to make sure your app is elevated (does not throw exceptions, will return an error code if you get one).
Do stuff with SYSTEM permissions (probably using another COM DLL, such as for registry or filesystem access).
Call the RestoreToken function (failure to do this *might* cause a kernel memory leak).
Call the CloseHtcUtility function (OS will probably handle this if program just exits).
What you can do right now:
Try the test app. It should pop up a series of messge boxes. Hopefully none of them say anything like "FAILURE".
Report any bugs or failures you discover.
Build things with this library, and publish them!
Breakdown of the download:
There are two folders in the ZIP, one for the Visual Studio 2010 C#/Silverlight XAP project, and one for the Visual Studio 2008 C++/COM DLL project.
The test XAP is in the HtcUtilityTest\bin\Debug folder.
The native (COM) DLL is also available in that folder, or under its own project.
If you want to mess with this, I'm going to assume you are already familiar with hybrid native/managed development for WP7. If not, Heathcliff74 has posted an excellent tutorial on this forum.
Special thanks to:
Heathcliff74 for the hybrid app tutorial and interop unlock info.
Paul_Hammons for the links and info about HtcUtility, the driver that makes this possible. Thread: http://forum.xda-developers.com/showthread.php?t=1434793
Supported devices / firmware versions / ROMs
All HTC devices (if interop-unlocked and with the right firmware numbers) should be compatible.
Some custom ROMs work, some do not. This will depend on the version of the firmware that the ROM's HtcUtility driver is taken from.
I believe I compiled the test app as Mango-only, but the native library doesn't care at all.
Compatible:
Stock ROMs with compatible firmware for HD7, Trophy, Mozart
HD2 (BttF [XBmod-Yuki] v2 SP1)
Not compatible:
Firmware version 2250.21.51004.401 or newer
Verizon Trophy firmware version 2305.13.20104.605 or newer
DFT ROM with build 8107, Firmware 5.10.401
Arrive (except on pre-Mango), Titan, Radar, Titan 2 (no interop-unlock)
Others are untested or results are incomplete.
Goals and future work:
Support more devices:
* Try and add support for newer firmware.
* Help ROM cookers ensure the library is supported.
* Look for similar openings in other OEM libraries.
Future-proofing:
* Allow installation of a mod to support this capability after known updates.
* Resilience against possible future updates.
* Allow users with incompatible devices to downgrade (possibly to NoDo), install the mod, and be able to use the phone after upgrading.
Improve the library:
* Fix some memory leaks.
* Clean up the code - remove dead code and improve comments.
* Allow reading/writing more than 4 bytes at a time from managed code.
* Add APIs to elevate other processes (by name or ID) to SYSTEM.
Develop homebrew around the library:
* Support accessing common APIs (filesystem, etc.).
* Resurrect the Advanced Explorer app, perhaps (registry and filesystem).
* Support native app launching on stock ROMs.
Also reserved
Reserved for OP #2
It does not work on HTC 7 Mozart (HTC Europe):
Error to Write the value 1337 to test address - System.Runtime.InteropServices.COMException (0x8007001F): A device attached to the system is not functioning
Click to expand...
Click to collapse
OS: 7.10.7740.16
Firmware: 2250.21.51101.401
Radio: 5.71.09.02a_22.51.50.21U
Boot: 5.11.2250.1(133487)
Please include the full error message or a description of what went wrong.
Failure on fully updated devices is unfortunately possible - my phone is (intentionally) a few updates behind. I'm looking into ways to make it work anyhow (either sending an older CAB update to roll back, or using the root acess to create an unlocker/root-enabler that survives subsequent updates). I'm going to look into how the full-unlock ROMs differ from standard ROMs, and see if I can do the same thing in running software.
Does it works with custom roms?
If the custom ROM has a working HtcUtility driver, then yes. My goal is to unlock the kind of capabilities normally restricted to custom ROMs on stock firmware, though.
@bleh815: Thanks for the report. That's frustrating; it looks like it is capable of doing read but not write. Write might just be restricted in what addresses is allowed, or it might be disabled entirely (the driver gives the same error code for every problem that I've encountered so far). Time to figure out
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
B) what restrictions that update introduces
C) how to work around those resrtictions (possibly by downgrading and then using root access to add something that will still work after upgrade).
GoodDayToDie said:
A) what update causes the problem (I'm on 2250.21.30102.531, HD7, stock ROM)
Click to expand...
Click to collapse
I've just downgraded a mozart of mine back to stock NoDo (TMOB-DE) to find out which OEM update breaks (actually fixes) it.
Cool, thanks! It's one of the post-Mango HTC updates; a Microsoft update wouldn't have modified an HTC driver, and my phone has all the pre-Mango HTC updates but it still works.
.
..........
Hi, at first it says "SUCCESS!", then it says "Trying to open a file gives error 1260" and then it says "Now opening a file gives error 0" and finally "Finally, opening a file gives error 1260".
System informations:
OS=7.10.7720.68
Firmwareversion=2250.21.12200.162
Radio=5.68.09.05a_22.50.50.21U
Bootloader=4.6.2250.0(129185)
HTC 7 Trophy.
That is *exactly* the sequence of messages it is supposed to give!!
In particular, the messages I need to see are the "SUCCESS" (the rest is potentially interesting info, but not very important) and then the "Now opening a file gives error 0".
The "SUCCESS" means that a sequence of read/write tests succeeded.
The "Now... error 0" means that the process has been elevated to full permissions.
The "Finally... error 1260" means that the security token was successfully restored at the end, so it was unable to open the file again. This is the expected and correct behavior.
I don't recognize your Firmware Version number; I'm guessing it's specific to your phone. What method did you use to upgrade to Mango?
how do i install it?
Tried on interop-unlocked HTC Surround, not working Tested any call in VS debug mode - no luck at all.
I can confirm that it works with any OS version, from 7004 to 8107.79
On a HTC 7 Mozart (TMOB-DE) it works with firmware 2250.21.13201.111 (Stock NoDo ROM) but the hole gets fixed with 2250.21.51101.111 (1st Post-Mango HTC Update).
You guys are gods taking programming to a hole new level!
I wish to see ms take you all more serious and not let wp7 fail like minmo6.5 did!
I wish I could get on your level!
I realy need some help lerning basic silverlight my self!
But I have read how hybrid working ant this is just fantastic!
conradulations on all your developments so far you guys are truly amazing!
Oh, that code, beautiful reading that!
Thanks for sharing this learnfull code!
I'd like to try it on my Verizon HTC Trophy, I would love to get file access back....
I downloaded the package and I even have VS 2010 installed but beyond that I have no idea as I am not a programmer.
Can someone post a compiled XAP for us to try to see if our phone works with it or not ?
Or some step by step VS 201 directions to try would also be helpful.
@Ttblondey: *FACEPALM* The path to the test XAP is given in the opening post. You install the XAP on your phone using any XAP deployment tool. It requires that your phone be interop-unlocked; Heathcliff74 has a nice long thread about that. The app is called called HtcUtilityTest. Run it, and report the results. If you want to actually *use* the DLL, the instructions for doing that are given too but you need to write some code.
@sensboston: PLEASE give a more complete report! Success and error messages, at the least. Also, your phone version info. Thanks!
@bleh815: THANK YOU! I mean, it's a little annoying to know how far back this was fixed ("First post-Mango HTC update" means the one that was included *with* Mango for most people, or the one after that?) but good to know. Now, to look at exactly what they changed...
@jackrabbit72380: Thanks man! As for working with it yourself, like I mention below, I'm planning to provide a universal homebrew library that people can easily use to do whatever they want.
@fiinix: You're welcome! Honestly, I didn't expect anybody to call my mess of debug-commented and mildly hacky C++ "beautiful" but that hack itself *is* pretty awesome. My only concern with using it is the risk of a context switch causing the wrong app's token to get overwritten, and I should probably look into that, but I think it's OK for the moment. There are bigger fish to fry.
In the meantime, it should open up a huge list of capabilities for tools like your DllImport project. I'm currently considering reviving Advanced Explorer (like TouchXplorer + Registry Editor, but open source; was never ported to Mango though) using the root access instead of using ComFileRW and the provxml driver. Let me know what you want to do with it!
One other thing I'd like to add is the ability to easily elevate *another* process; it's not hard to do but I haven't written it yet. This could be handy for apps where we don't have the source code (for example, elevate Schaps registry editor, which uses low-privilege native code for browsing, so it can read *all* registry locations instead of just some of them).
@DavidinCT: Well, running the test app is easy, just install the XAP. It just runs a battery of tests though, it doesn't actually *do* anything useful. To get filesystem access, you'll need to write some native code (which means using Visual Studio 2008 and the CE/Smart Device plug-in, see Heathcliff74's toturial on the subject). Basically, you would first use this DLL (accessed via COM, you can look at my own C# code for how to do that) to opent he driver handle and elevate the process to root. You could then write your own COM DLL that uses the standard Win32 filesystem APIs (CreateFile, etc. - all are documented on MSDN) and exposes those APIs, or the results of them, to managed code via COM. Then, back in your phone app (the one that called into my HtcRoot DLL) you can call into your own DLL to access the file system.
If that's too big a leap, don't worry. I plan to release a general-purpose high-privilege homebrew DLL that exposes some of the most-used functionality (filesystem, registry, provxml, and other things by request), is easily extensible (possibly using something like the DllImport project, where you just specify the function you want to call and the DLL it's located in right from C#), and that will be a lot easier to hack with. You'll still need to know C# and basic Silverlight, but it'll be a lot easier (and hopefully useful without knowing any C++ or COM).
GoodDayToDie, you are amazing, always keeping me interested!
When starting the test xap, I get the below, it then goes into the "Page Name" and that's it.
Device Info here, running a FullUnlock DFT Rom by a Chinese dev from the DFT Forum.
Nonetheless, top work on getting this started and can't wait to keep reading about the progress!
XeKToReX
Hello! i'm only today start read documentation by Xposed modules. And i have question.
For example in class android.os.UserManager has method getMaxSupportedUsers that return int.
Can i with xposed module hook calling of this method and override return value ? For simple, I want that method always returns 6.
Or is it impossible with Xposed?
P.s. sorry for my bad english
Yes, its possible.
PBombNZ said:
Yes, its possible.
Click to expand...
Click to collapse
Can you show the link where I can read about it or some small sample?
Firstly I recommend going to https://github.com/rovo89/XposedBridge/wiki . its made by rovo89 himself. Enough to help you get started and understand how xposed works. You could also look up some other developer's xposed module source code on github. It will help you understand how the to hook methods and stuff by looking at other people's code.
This guy's code is pretty basic but could be useful to understand how it works. https://github.com/veeti/DisableFla...isableflagsecure/DisableFlagSecureModule.java. This guy hooks the setFlag and setSecure methods of the Window class and SurfaceView class respectively and overrides the outcome. this will probably be system wide though, but you can change it so it only is enabled for certain applications. Also look at his "AndroidManifest.xml" and "assets/xposed_init" files. The Android Manifest contains xposed information and the the xposed_init file contains the full class name of the class which contains all the hooks (which tells xposed where to find your hook methods).
Hope that helps.
hi
if i want to begin developing mikro modules for xposed , how would i set up the android emulator in android studio (or possibly something else ) ?
and get a good glimpse of xposed related logs so i can debug correctly.
up until now i only programmed java script (firefox addons) and a onetime a native c++ program with opencv , so for java theres some heavty learning curve for me on how to get this all up and running, especially since this isnt running on my pc but in a virtual environment so i need to debug correctly .
is android studio emulator even the way to go for xposed module dev?
thanx everybody for your hard work
-------------------------------------------------------------------
i may have more questions, so mods is it ok to use this thread? (ill not post module specific stuff in here )
Hi,
I started last week on xposed module.
I've installed android studio and followed 2 guides to make my first app.
https://forum.xda-developers.com/showthread.php?t=2709324
https://blog.attify.com/xposed-framework-android-hooking/
Happy coding!