Related
Basically when i sync to exchange, they expect both the exchange server + client to have a valid ssl cert. We dont have, so during the WM2003, there is a file call disablecertcheck, that would disable the cert checking
so it will be able to sync without the cert but in WM5, i cant find the files yet, so i need to know is the file disablecertcheck out for WM5, + if it isnt, any patches / cabs / registrys i can change
i downloaded it http://www.microsoft.com/downloads/...B8-8B3A-4F1D-8E94-530A67614DF1&displaylang=en
any updates on this issue ?
I never had luck with DisableCertChk. I found this posting awhile back and it was the most informative I've seen. http://jayseae.cxliv.org/2004/11/04/smartphone_activesync.html
What I did is search Google with "usercerts.msc site:microsoft.com". You'll see a TID referring to Pocket PC 2002, don't worry. Download the addroot cert which is actually ... http://download.microsoft.com/download/pocketpc/addroot/1.0/wce/en-us/addrootcert.exe. Export the certificate per Ethan's instructions from the first link, copy and install it to your device. I hope that this helps.
Steven
hi guys,
i tried the way as mentionned but, i get the following error
The security cert on the server is invalid. Contact your exchange server administrator or ISP to install a valid cert on the server
I assume you're running Exchange 2003? A perhaps even easier way is to open your OWA page with Internet Explorer and install the certificate on your PC when prompted. Then open Internet Options, Content, Certificates, Trusted Root Certification Authorites. Find your server's certificate and export to a DER encoded binary which you can install on your device. I always put my certificates on my SD card so's I can install easily whenever I upgrade my Pocket PC.... which is quite often ;-)
Luckily with WM5 I don't have to do that anymore!
If you need anymore help, just ask.
Steven
I tried this, but no luck. It still says that the certificate on the exchange server is invalid.
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Quick question?
Are the CAB's signed, if not are you installing the 'signed' unsign CAB 1st .
Edit: Thinking more about this (and realising that the 1st thing you do is disable signing in your ROM's ) can you provide a little more info about the CAB's (maybe an offending CAB if the content is not private?).
I managed to replicate this issue with a CAB that had a warm reset as part of it's install process (seems to bork the autoexec batch process) and I have had a similar issue with a CAB that just contained some simple OMA in the _setup.xml.
John
yes, that's the point. But how to make any Unsigned CABs become Signed?
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
djwillis said:
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
Click to expand...
Click to collapse
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
gamescan said:
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Click to expand...
Click to collapse
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
huangyz said:
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
Click to expand...
Click to collapse
So, where did you found the signed Disable_Cert.cab?
faria said:
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
Click to expand...
Click to collapse
Sorry to ping an old thread - flogging to proceed immedietly after...
Being that this is a windows device, isn't there a flag that can be passed when executing the cab - like you can on a windows installer application? Similar to setup.exe -q or whatever you're trying to do. Some flags set the answers to yes, admin mode... you get the picture. Does the cab installer engine allow similar flags to get passed with the cab execution command?
In PPC, it calls wceload.exe to install and uninstall a cab.
As shown in http://msdn2.microsoft.com/en-us/library/ms926281.aspx , the only possible argument is to ask or not ask for destination, but no quiet mode.
How can you call wceload.exe manually at ExtROM installation may be a question.
I know it is maybe very stupid question but really how can I add a certificate so I can use my on-line banking.
thanks in advance.
I know you can double-click .CER files and they will be imported to the Certificate settings. I added my Equifax SSL certificate that way, it shows up under "Intermediate" certificates.
thanks - it worked !!!
This was cross-posted in the US GS3 forum, but I figured you international guys might want this as well.
Below are the Mail and Exchange apks for the S3 with exchange security disabled. This is for those who use exchange support at work, but who hate entering a pin or password every time they want to unlock their phone. Many of us use low-level security corporate exchanges that don't require a pin, so the apk files below remove that security.
DISCLAIMER: If your place of employment's exchange policy requires the use of a pin, please be advised that use of these apks may be punishable up to termination of employment, as well as other possible legal action. Some companies take their exchange security VERY seriously and this mod is only for those whose policy does not require a pin but are unnecessarily prompted to enter one anyway. Please speak with your IT department before using these files as I will not be held responsible for any mis-use of this app or any collateral damage that may ensue. YOU HAVE BEEN WARNED. In the event you need to get back to stock, I have also posted stock apks below which will get you back to stock. Download the 'Return to Stock' link, unzip the downloaded file, and then just push them to /system/app/
1) Delete any exchange email accounts from your phone and remove any shortcuts to the mail app from your device
2) If applicable, remove any exchange administrators from Settings -> Security -> Device administrators
3) Download the 'Hacked Mail apks' file linked below. THIS IS NOT A FLASHBLE ZIP. The apk files were just too big for XDA's upload limit and so I had to zip them up and host them online. Once downloaded, unzip and grab out the 2 apk files inside (SecEmail.apk and Exchange.apk)
4) Mount your phone's system as R/W (either using Root Explorer or 'adb remount')
5) Copy the newly downloaded SecEmail.apk and Exchange.apk files to system/app/ via root explorer and overwrite the older file if/when it asks, or you can just push the files to system/app via adb
6) Set permissions on both apks as rw-r--r--
7) Reboot
8) After reboot, create a shortcut if you want and then open up the Email app and set up your corporate account.
7) You will be prompted to enable security policy midway through... this is normal so hit 'OK' and it will not ask you to enable security any further.
As previously mentioned in the disclaimer, you can use the Stock apks to get back to stock if you run into any issues. Just download the 'Return to Stock' link below, extract the 2 apks out, and follow the same process as above.
Donations always appreciated. Enjoy
LINKS:
Hacked Mail apks: http://d-h.st/8xa
Return to Stock apks: http://d-h.st/aAk
I'd prefer you to use the links directly above, but in the event they aren't working or are blocked in your country, try using these instead:
http://forum.xda-developers.com/showpost.php?p=29011281&postcount=9
Thanks friend
excellent work!
You are the man! I've been waiting for this.
Thank you!
Sent from my GT-I9300 using xda premium
Is there an hacked version of the stock google email floating around?
gkaipale said:
You are the man! I've been waiting for this.
Thank you!
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
You didn't ask for it, it's included on my custom since my first release .
jhericurls said:
Is there an hacked version of the stock google email floating around?
Click to expand...
Click to collapse
Edit: found it
http://forum.xda-developers.com/showthread.php?t=1117452
just what I was looking for only problem is the link dont work :crying:
Same here any chance of posting a link that works :fingers-crossed:
Just tested the links and they are working fine for me. Perhaps they are blocked in your county.
That being said, here are some links secondary links via dropbox. I'd prefer everyone to use the links in the OP as flooding the links below can end up blocking my db account, but they're here for others experiencing download issues
Hacked mail apks: http://db.tt/SXwjYCeK
Return to stock: http://db.tt/cGMIbkVJ
Not working for me
I followed the steps but when I open Email app to add account it gives me a FC error...
I m on stock ROM XXBLFB..pls help
wanam said:
You didn't ask for it, it's included on my custom since my first release .
Click to expand...
Click to collapse
Exactly dear Wanam...
I downloaded your ROM, extracted those 2 apks, all working fine, really very appreciate!
Thanks a lot, this seems to actually work. The strange thing is, i've replaced those 2 apk files on a stock ODEXED rom (!!!), yet it works anyway. I guess none of the other apk/odexes depend on those 2.
Thanks again
InfX said:
Thanks a lot, this seems to actually work. The strange thing is, i've replaced those 2 apk files on a stock ODEXED rom (!!!), yet it works anyway. I guess none of the other apk/odexes depend on those 2.
Thanks again
Click to expand...
Click to collapse
do I need to delete the odex files also after copying these apks? it's not working for me
Sent from my GT-I9300
doesn't quite work like the ones from the HTC forums.
where in you can still choose to do patter lock. after adding an exchange account.
the mod for SIII disables all types of lock aside from Pin and Password after adding an account. although you can add a pattern lock before adding an exchange account and it still works.
kuberchib said:
do I need to delete the odex files also after copying these apks? it's not working for me
Sent from my GT-I9300
Click to expand...
Click to collapse
You do. Ive renamed the 2 original apk files along with the corresponding odex files, placing the new ones in there instead. Works perfectly ok for me. I am on 4.0.4 XXALF5, stock, odexed. Ill probably switch to deodexed soon, though, but it does work for me right now anyway.
baste07 said:
doesn't quite work like the ones from the HTC forums.
where in you can still choose to do patter lock. after adding an exchange account.
the mod for SIII disables all types of lock aside from Pin and Password after adding an account. although you can add a pattern lock before adding an exchange account and it still works.
Click to expand...
Click to collapse
This mod disables thr EXCHANGE administrating those locks for you, it doed NOT affect your ability to setup a lock on a device on your own, in any possible way. In fact, replacing just the apks mentioned, it technically cannot do anything to affect it.
Thanks a lot for that man. What about jellybean I be seen the exchange.apk became exchange2.apk
Is there a difference?
Working great, just needed to delet odex files
I am running the ATT version, with a CM10 preview.. will these work on my version?
there's a bug or my company admin is just good detecting this. it is able to block it
Sent from my GT-P7510 using Tapatalk 2
I am not an expert in modifying code or developing apps, but I followed some steps and edited the MotoEmail.apk file to bypass the security requirements for an email account. I am using it now on a rooted Bionic running the official ICS OTA 6.7.246 with no problems.
Modifying the code is not too difficult, but I could not find a premodified .apk file for the Bionic that was up to date. If this post is worthless because there is already an .apk out there that I could not find then no worries, just thought I would put this file out there since I could not find it.
Again, use at your own risk because I am not an expert by any means. It works for me with no issues.
Using ADB, I pushed the .apk to my sd card, then moved it to my system/app directory, then changed the security permissions after it was in my system/app directory. For instructions on how to do the above, I used http://forum.xda-developers.com/showthread.php?t=872128
The MotoEmail.apk file can be downloaded from: http://www36.zippyshare.com/v/70902260/file.html
jayboyyyy said:
I am not an expert in modifying code or developing apps, but I followed some steps and edited the MotoEmail.apk file to bypass the security requirements for an email account. I am using it now on a rooted Bionic running the official ICS OTA 6.7.246 with no problems.
Modifying the code is not too difficult, but when I could not find a premodified .apk file for the Bionic that was up to date. If this post is worthless because there is already an .apk out there that I could not find then no worries, just thought I would put this file out there since I could not find it.
Again, use at your own risk because I am not an expert by any means. It works for me with no issues.
Using ADB, I pushed the .apk to my sd card, then moved it to my system/app directory, then changed the security permissions after it was in my system/app directory. For instructions on how to do the above, I used http://forum.xda-developers.com/showthread.php?t=872128
The MotoEmail.apk file can be downloaded from: http://www36.zippyshare.com/v/70902260/file.html
Click to expand...
Click to collapse
CHEERING!
Just successfully applied this to my Motorola Razr M, running stock 4.0.4.
1) Rooted using this link http://www.droid-life.com/2012/10/16/droid-razr-hd-razr-m-and-atrix-hd-all-rooted/
2) Using ES File Explorer (https://play.google.com/store/apps/details?id=com.estrongs.android.pop&hl=en) I backed up the old /system/app/MotoEmail.apk, copied in your new one, and set the permissions to RWX RX RX
Thanks so much! :good:
Ben.
Doesn't seem to be working for me. Can't click on email to open.
Copied over and running fine with no forced disk encryption - seemed perfect Brought up exchange email. Can see email fine, but can open it to read beyond preview. Stock ICS 6.7.246.XT875.Verizon.en-US.
lundjohnson said:
Doesn't seem to be working for me. Can't click on email to open.
Copied over and running fine with no forced disk encryption - seemed perfect Brought up exchange email. Can see email fine, but can open it to read beyond preview. Stock ICS 6.7.246.XT875.Verizon.en-US.
Click to expand...
Click to collapse
Only thing I can suggest would be removing your accounts and try going through all the steps again. Someone else might be able to help further than I can because I do not know much, but I have been running this with no problems since i posted the link. If reloading it does not work then it could be some enhanced security coming from the exchange you are using. I am bypassing my school email security. I don't think this should affect anything at all, but its the only thing off the top of my head I can think of. If clearing everything and reloading the apk works please give a reply post.
does this support S/MIME? I downloaded a third party app to get my work email but the stock email app is so much better looking! I haven't rooted my bionic or really played with it since i switched from my X2 (which i messed with a little too much). If your apk does what i need it to do, this would push me to start playing with this phone more.
Radnarok said:
does this support S/MIME? I downloaded a third party app to get my work email but the stock email app is so much better looking! I haven't rooted my bionic or really played with it since i switched from my X2 (which i messed with a little too much). If your apk does what i need it to do, this would push me to start playing with this phone more.
Click to expand...
Click to collapse
I am not sure if it covers that because I am not sure what exact security my school uses. You can try it and see if it works and if it doesn't just replace the apk file with the old one. It shouldn't take you that long if you are familiar with the basics of screwing with your phone.
jayboyyyy said:
I am not sure if it covers that because I am not sure what exact security my school uses. You can try it and see if it works and if it doesn't just replace the apk file with the old one. It shouldn't take you that long if you are familiar with the basics of screwing with your phone.
Click to expand...
Click to collapse
FYI and for those like me working in the corporate world... your email app works flawlessly decrypting S/MIME! Thank you... I can now delete that ugly email app i had to download and be happy with my phone!
Any chance you could post the steps you followed to modify the APK? I am trying to find a modified version for a Moto Razr Maxx running JellyBean and not having any luck so I thought I could try moding it myself.
Thanks,