Related
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Quick question?
Are the CAB's signed, if not are you installing the 'signed' unsign CAB 1st .
Edit: Thinking more about this (and realising that the 1st thing you do is disable signing in your ROM's ) can you provide a little more info about the CAB's (maybe an offending CAB if the content is not private?).
I managed to replicate this issue with a CAB that had a warm reset as part of it's install process (seems to bork the autoexec batch process) and I have had a similar issue with a CAB that just contained some simple OMA in the _setup.xml.
John
yes, that's the point. But how to make any Unsigned CABs become Signed?
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
djwillis said:
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
Click to expand...
Click to collapse
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
gamescan said:
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Click to expand...
Click to collapse
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
huangyz said:
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
Click to expand...
Click to collapse
So, where did you found the signed Disable_Cert.cab?
faria said:
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
Click to expand...
Click to collapse
Sorry to ping an old thread - flogging to proceed immedietly after...
Being that this is a windows device, isn't there a flag that can be passed when executing the cab - like you can on a windows installer application? Similar to setup.exe -q or whatever you're trying to do. Some flags set the answers to yes, admin mode... you get the picture. Does the cab installer engine allow similar flags to get passed with the cab execution command?
In PPC, it calls wceload.exe to install and uninstall a cab.
As shown in http://msdn2.microsoft.com/en-us/library/ms926281.aspx , the only possible argument is to ask or not ask for destination, but no quiet mode.
How can you call wceload.exe manually at ExtROM installation may be a question.
I'm newbie I have problem when want to downgrade to original rom update form XDA Website i'm try upgrade to WM 2005 but i cannot to returnt please give me solution
make sure activesync is completely disabled. right click on it's icon (near clock). In the options or settings menu, uncheck two checkboxes, one is "USB connection" and second also something about detecting/connecting to device.
Once you do that, AS icon should be greyed out with little red X on it.
The idea behind this is you don't want AS interfering when you plugin the device for upgrade, yet you do need the AS drivers to make the actual connection between firmware upgrade proggy and H/W device.
if u download helmi_c rom, just copy the files to PH20B1 folder and run MaUpgradeUt_noID.exe. also take out SD card too for now.
I'm not uderstand i'm download
http://www.my-xda.com/downloads/Xda_IIs_Upgrade_v140242.exe
but i cannot use cause shown error 120
ok i have try use MaUpgradeUt_noID.exe but i cannot upgrade it show error connection
first, what is the brand and model number for your pda there?
Hi, can someone here send me the OEM_FLASHDRV.dll file from their Trinity so I can patch it to do what's stated in the topic title, cheers.
Patcher complete; download here.
File now signed, redownload
manual DLL included now
If you tell my how I'll gladly do it. I get access denied when I try to copy it via Vista explorer.
ZakMcRofl said:
If you tell my how I'll gladly do it. I get access denied when I try to copy it via Vista explorer.
Click to expand...
Click to collapse
get it from a ROM dump of an OS image on your computer, not from the PDA
Olipro said:
get it from a ROM dump of an OS image on your computer, not from the PDA
Click to expand...
Click to collapse
There it is....
It is from RUU_Trinity_DOPODASIA_WWE_1.23.707.6_6275_1.35.00.11_108_Ship.exe
ok, it's done, enjoy
Thanks. Although being the noob that I am right now I don't exactly know how this will help me
I saved a copy in case I need to edit the ExtROM someday.
Sorry, I can't find any change after patch , please help, I realy want to put some software in the ext_rom.
eddietse said:
Sorry, I can't find any change after patch , please help, I realy want to put some software in the ext_rom.
Click to expand...
Click to collapse
you still have to unhide the ExtROM manually, and sadly, I haven't quite worked out certificate deployment, so you need to use Security Configuration Manager to drop the developer certificates onto your device.
Olipro said:
you still have to unhide the ExtROM manually, and sadly, I haven't quite worked out certificate deployment, so you need to use Security Configuration Manager to drop the developer certificates onto your device.
Click to expand...
Click to collapse
I've unhide my Trinity. But after I run the patch, I can't see my extrom anymore. I can't unhide it again...
ok, sorry guys, I forgot to sign the dll... I'll do it later.
you STILL have to put the developer certificates on the device yourself though.
Olipro said:
ok, sorry guys, I forgot to sign the dll... I'll do it later.
you STILL have to put the developer certificates on the device yourself though.
Click to expand...
Click to collapse
So Olipro have you signed the .dll??
yes, I've recently been indulging in the consumption of booze down the local pub, so sorry for the delay; it's done now.
Remember that you still need to provision the developer certificates onto your device yourself.
I'm afraid that the Security Configuration Manager still finds the app "Unsigned".
Any further help would be appreciated.
sammis said:
I'm afraid that the Security Configuration Manager still finds the app "Unsigned".
Any further help would be appreciated.
Click to expand...
Click to collapse
the application is unsigned... the dll that gets put on your phone by the app however is not.
Olipro said:
the application is unsigned... the dll that gets put on your phone by the app however is not.
Click to expand...
Click to collapse
I'm afraid that i may be a bit on the slow side but i can't make heads or tails out of this process,i've read the Hermes posts and still nothing .
If you find the time please post a step by step guide as to how the app can be signed with a privileged certificate as that seems to be the problem.
sammis said:
I'm afraid that i may be a bit on the slow side but i can't make heads or tails out of this process,i've read the Hermes posts and still nothing .
If you find the time please post a step by step guide as to how the app can be signed with a privileged certificate as that seems to be the problem.
Click to expand...
Click to collapse
no... it's not.
the application just needs to be executed on your device, the DLL that is placed on the device needs to be signed... which I have done.
specifically, it's OEM_FLASHDRV.dll that I signed, and no, you can't view it till it's on your Trinity.
Let me tell you what i did,i ran the Security Configuration Manager, changed the configuration from locked to Security Off then pressed Provision.unhid the EXROM using Hermes_MountALLExTrom,transfered the patch to the PPC and ran it .
I got the message Extrom Patched Resetting..,i reset the device but alas no extrom.
sammis said:
Let me tell you what i did,i ran the Security Configuration Manager, changed the configuration from locked to Security Off then pressed Provision.unhid the EXROM using Hermes_MountALLExTrom,transfered the patch to the PPC and ran it .
I got the message Extrom Patched Resetting..,i reset the device but alas no extrom.
Click to expand...
Click to collapse
yeah... you need to go to the Device menu to install the developer certificates.
The only things in the "file" menu are, Save connected Device Configuration,Sign File and Check File Signature.
my mistake; the Device menu.
really... couldn't people have the intelligence to actually bother looking for it.
people on this forum have now successfully exceeded the level of stupidity I've experienced on the Hermes section.
I am running WM6, but my company implemented push email, and the device is now app unlocked after installing some certificates etc. I cannot run half of my programs - I tried the SDA-Application.exe program, which seemed to be succesful, but did not work. I cannot open a registry editor either.
I search all over this forum but cannot find the answer - how can I app unlock my wizard again?
We are also about to be issued HTC Touches which are similarly app locked, so it would be useful to have a method that worked for both!
Thanks
have you tried the lokiwiz and awizard apps?
rgs
No - these don't do certificate/application unlocking do they - I thought just CID/SIM locking?
PS I tried installing lokiwiz but I can't due to the app lock!
Both awizard and lokiwiz don't simply remove the Unsigned App Policies nor RAPI communication restrictions. What they need to work is for the phone to be in that state (app+rapi unlocked) and that's why there are some CAB that go along that are supposed to be run prior.
You can use my tool (WST - check signature) that does it with a click of a button
cheers
Great tool - didn't connect on Vista, connected on XP but says:
Not needed!
Regsitry settings are already set to use RAPI tools.
But I still cannot run unsigned apps! I have rebooted. I know they added a root and user certificate to the device - all apps have to be signed now.
Do you have any ideas?
Thanks
Sure, get yourself a registry editor and browse to HKEY_LOCAL_MACHINE\Security\Policies\Policies and edit two values:
:00001006=dword:1
:0000101a=dword:1
hope it does the trick
I tried mobile reg editor, which lets you edit the registry from a PC, and one of the reg keys was set to 0. But I changed it, rebooted, and same probem
hsclater said:
I tried mobile reg editor, which lets you edit the registry from a PC, and one of the reg keys was set to 0. But I changed it, rebooted, and same probem
Click to expand...
Click to collapse
Ok, looks like they changed some other settings that interfere with the permissions.
Check if HKEY_LOCAL_MACHINE\Security\CertMod\AllowUntrustedApps is set to DWORD: 1
Hang on I figured it out....the 00001006 key was for some reason not applied once I rebooted. Thanks for all the help!
For anyone needing to do the same - I had to download mobile registry editor from http://mobile-registry-editor.en.softonic.com/pocket as that allows you to edit keys from the PC without installing anything.
My new problem, is that on our touch/elf I cannot change this key with this program as it says access denied - so there must be some registry permissions on there.
hsclater said:
Yes that is set to 1. It should be right?
Click to expand...
Click to collapse
I pointed that because when i set it to 0 the phone refused to install apps so i thought it was the responsible registry value.
Must be another one then...
Thanks for all your help - my wizard is now sorted.
Any idea how they restricted the registry on a touch so I can't change that value?
hsclater said:
Thanks for all your help - my wizard is now sorted.
Any idea how they restricted the registry on a touch so I can't change that value?
Click to expand...
Click to collapse
I believe those settings are more related to WM6 than to the specific device so they should be the same.
btw, how did you sort it out? I'd like to know for future use
tx
Mine was just fixed by changing the 1006 value. The first time, the phone didn't take the change, but the second time it did and now works.
But the touch, it won't let me edit the registry remotely - access denied.
Cheers.
upload Cert_SPCS.cab to your phone and run it
PS:
sorry for asking but i didn't read your edit before
I am new here and am trying to install a cooked rom to my tilt. I have followed the instructions to the Tee. I know I have to install jumpspl, then hard spl first. However, I am not able to get passed the first step. When I attemp to install the jumpspl I get an error message: "the file cannot be opened because either it is not signed with a trusted certificate, or one of its components cannot be found." It also said to restore the file or reinstall. I've been searching around for answers and all I get is to do a hard reset. Is this true? Can some please provide me with specific instructions on installing a cooked rom. I have NO experience with this. I really want to do this, but have been having a very hard time. I been working on this thing for hours. Please help. And please no smart comments. I really need help.
poohbabes said:
I am new here and am trying to install a cooked rom to my tilt. I have followed the instructions to the Tee. I know I have to install jumpspl, then hard spl first. However, I am not able to get passed the first step. When I attemp to install the jumpspl I get an error message: "the file cannot be opened because either it is not signed with a trusted certificate, or one of its components cannot be found." It also said to restore the file or reinstall. I've been searching around for answers and all I get is to do a hard reset. Is this true? Can some please provide me with specific instructions on installing a cooked rom. I have NO experience with this. I really want to do this, but have been having a very hard time. I been working on this thing for hours. Please help. And please no smart comments. I really need help.
Click to expand...
Click to collapse
Try this eidt HKEY_LOCAL_MACHINE\Security\Policies\Policies] Change value 0000101a from 0 to 1 you will need a registry editor for this..search around and you'll get some options to choose from.
OK I am sorry but this sounds like a foreign language to me. Can you use layman's terms please.
poohbabes said:
OK I am sorry but this sounds like a foreign language to me. Can you use layman's terms please.
Click to expand...
Click to collapse
ok follow the below steps:-
1) Search for a program called PHM registry Editor
2) Download the file and store it in your phone
3) Run the file and install program
4) Once installed open the program you will see a screen with folders like HKEY_CLASSES_ROOT, HKEY_CURRENT_USER etc etc.
5) Navigate to the HKEY_LOCAL_MACHINE\Security\Policies\Policies
6) Change value of 0000101a from 0 to 1
cant make it clearer than this.. best of luck
thank you very much