ok so I dev unlocked my ativ s and was able to side load some apps that needed full unlock to work I guess but surprisingly Tube 8 worked! are there any wp8 xaps out there I can sideload or what wp 7.x xaps are out there that I can sideload at the moment?
noelito said:
ok so I dev unlocked my ativ s and was able to side load some apps that needed full unlock to work I guess but surprisingly Tube 8 worked! are there any wp8 xaps out there I can sideload or what wp 7.x xaps are out there that I can sideload at the moment?
Click to expand...
Click to collapse
Normaly you can sideload any app you build using your own wp8 sdk tools as long as the app doesn't require interop services or other higher capabilities. Sideloading store apps won'tbe possible as they are encrypted.
Which capabilities does Tube 8 uses? I don't think that you were able to install an app using the cap interopservices.
I also have waze for wp7 installed, tube 8 is an adult video service viewer if you get my drift....
Sent from my SGH-T899M using XDA Windows Phone 7 App
Waze
ID_CAP_GAMERSERVICES
ID_CAP_IDENTITY_DEVICE
ID_CAP_IDENTITY_USER
ID_CAP_LOCATION
ID_CAP_MEDIALIB
ID_CAP_NETWORKING
ID_CAP_SENSORS
ID_CAP_WEBBROWSERCOMPONENT
Tube 8
ID_CAP_GAMERSERVICES
ID_CAP_IDENTITY_DEVICE
ID_CAP_IDENTITY_USER
ID_CAP_LOCATION
ID_CAP_MEDIALIB
ID_CAP_MICROPHONE
ID_CAP_NETWORKING
ID_CAP_PHONEDIALER
ID_CAP_PUSH_NOTIFICATION
ID_CAP_SENSORS
ID_CAP_WEBBROWSERCOMPONENT
noelito said:
I also have waze for wp7 installed, tube 8 is an adult video service viewer if you get my drift....
Sent from my SGH-T899M using XDA Windows Phone 7 App
Click to expand...
Click to collapse
titi66200 said:
Waze
ID_CAP_GAMERSERVICES
ID_CAP_IDENTITY_DEVICE
ID_CAP_IDENTITY_USER
ID_CAP_LOCATION
ID_CAP_MEDIALIB
ID_CAP_NETWORKING
ID_CAP_SENSORS
ID_CAP_WEBBROWSERCOMPONENT
Tube 8
ID_CAP_GAMERSERVICES
ID_CAP_IDENTITY_DEVICE
ID_CAP_IDENTITY_USER
ID_CAP_LOCATION
ID_CAP_MEDIALIB
ID_CAP_MICROPHONE
ID_CAP_NETWORKING
ID_CAP_PHONEDIALER
ID_CAP_PUSH_NOTIFICATION
ID_CAP_SENSORS
ID_CAP_WEBBROWSERCOMPONENT
Click to expand...
Click to collapse
@noelito I got your drift. But these two apps don't need any special capabilities to run. They can be run on each dev unlocked device. No full unlock required!
Ok so regarding marketplace apps, how can we de encrypt them so we can sideload? I have the I'll fated Microsoft YouTube xap and read somewhere to remove the wmappheadr XML something and tried that with another app and could not sideload any tips? I would like to be able to factory reset my phone and side load the app
Sent from my SGH-T899M using XDA Windows Phone 7 App
noelito said:
Ok so regarding marketplace apps, how can we de encrypt them so we can sideload? I have the I'll fated Microsoft YouTube xap and read somewhere to remove the wmappheadr XML something and tried that with another app and could not sideload any tips? I would like to be able to factory reset my phone and side load the app
Sent from my SGH-T899M using XDA Windows Phone 7 App
Click to expand...
Click to collapse
As of now, there isn't any way to decrypt XAPs. Since we are on the subject of XAP decryption, this gives way to the subject of piracy which isn't accepted .
Oh my that's not something I want to do
Sent from my SGH-T899M using XDA Windows Phone 7 App
XAP decryption *Is* also useful for reverse engineering the OEM app updates... if one of them introduces a vuln, we want to take advantage of it.
GoodDayToDie said:
XAP decryption *Is* also useful for reverse engineering the OEM app updates... if one of them introduces a vuln, we want to take advantage of it.
Click to expand...
Click to collapse
Oh I agree. I just wanted to make sure the conversation didn't float towards the way of piracy before the mod decided to shut it down.
As for deencrpyting XAP files - currently we don't know of a way to do it. Sideloading of WP7 XAPs for a long time worked after removing those headers but several months after WP7.5 (which introduced support for it) they switched over to truly encrypted XAPs and so far no one has been able to deencrypt those.
As for Interop-Services - this likely won't cause issues any more in WP8 because Native Code is now officially supported. They won't work though as other means are employed to not allow them to access functionality that is not supposed to be accessed. Most of those Apps worked through accessing certain vendor drivers/services which are likely to have changed in WP8.
@StevieBallz: ID_CAP_INTEROPSERVICES and native code have nothing particular to do with one another. Native code is a way to get out of the "API sandbox" that restricts what operations an app can request that the system do (for example, there's no official API for registry access). ID_CAP_INTEROPSERVICES is a way out of the permissions sandbox that restricts what the OS will actually allow the app to do. On WP7, there were low-privilege native-code apps that didn't use interop (DllImport project, for example) and there were high-privilege interop apps that didn't require the author to write any native code (just re-using what was already on the phone, my MultiTask Toggle app for example).
Frequently, the two were combined (WP7 Root Tools is the primary example, but every pre-Root-Tools registry editor app also qualifies). High permissions isn't very useful without native code, because the official APIs don't let you request many things which you would need high permissions to do. Native code isn't very useful without high permissions, because most of the things that you can do with low permissions can be done without native code at all. However, the two really have nothing to do with one another.
Now, on WP8, we have all the native code we could want (well, actually it takes some hacking to get out of the API sandbox again; the official third-party native code API is much more limited than the full Win32 API) but we run in an even more restrictive app sandbox. On WP7, low-privilege apps could at least read most of the registry; I doubt that's true anymore. On the other hand, ID_CAP_INTEROPSERVICES is alive and well; all the fancy, high-privilege OEM apps (like the network configuration ones, or the system diagnostic ones, or Samsung's call blocker, etc.) still use ID_CAP_INTEROPSERVICES. Looking around the Diagnosis app on the Samsung ATIV S, I've already found high-privilege provxml and file system access. Unfortunately, interop-lock is (of course) also alive and well; attempting to sideload an app that uses ID_CAP_INTEROPSERVICES still results in error 0x81030120, same as it did after Mango.
I just sideloaded the old teter hd game that was on the HTC touch hd from back in the day
Sent from my SGH-T899M using XDA Windows Phone 7 App
Related
Hi
I am thinking about paying the 99$ fee and was wondering if I can developer unlock my Samsung ativ s or a lumia 928?
and if I do can I sideload the recently pulled youtube xap onto my phone and for that matter maybe 7.x homebrew apps onto wp8?
noelito said:
Hi
I am thinking about paying the 99$ fee and was wondering if I can developer unlock my Samsung ativ s or a lumia 928?
and if I do can I sideload the recently pulled youtube xap onto my phone and for that matter maybe 7.x homebrew apps onto wp8?
Click to expand...
Click to collapse
I haven't looked into it much, but I believe that you can only sideload 3 individual applications onto it. All modern Xaps are encrypted, too, and we don't have any way to decrypt them, so even if you could get it you likely couldn't sideload it.
i see
netham45 said:
I haven't looked into it much, but I believe that you can only sideload 3 individual applications onto it. All modern Xaps are encrypted, too, and we don't have any way to decrypt them, so even if you could get it you likely couldn't sideload it.
Click to expand...
Click to collapse
well i was wanting to factory reset my ativ and unlock it and sideload the youtube xap because i inadvertently put too any apn apps on my ativ s to try and get internet sharing to work.
because of this every time i soft reset the phone it takes a solid 5 minutes or more to get the internet connection back cause off all the apns floating around in settings that i can't uninstall
i love version 1 of the Microsoft youtube app overhaul and don't want to give it up with a factory reset, i am also thinking about selling my ativ for the lack fo decent oem camera software and go with the lumia 928 but once again i want to get that youtube app back onto whatever phone im using
but like you said they are encrypted anyway which is bad to hear, sigh are they ever going to jail break wp8, i am languishing here without a custom rom, if they could somehow crack wp8 and my ativ s , then my ativ s could be a super phone with all of nokia and htc software installed too
sigh!
You could simply use another YouTube App like MetroTube. I still prefer it over Microsoft's now pulled App and you don't have to play around with Unlocks and what not...
I developer unlocked my HTC 8x a while ago, and I can tell you the following:
1. If you developer unlock you device for $99/yr, you can sideload as many apps as you want. The limitation of 3 only applies to student accounts.
2. Any xap from the Windows Phone store can be sideloaded, as long as it doesn't require Interop Unlock.
3. The Xap files are just specially packaged zip files, so you can edit them with a tool such as 7zip.
4. If you downloaded an xap from the Microsoft store, and then try to sideload it, it will fail, until you delete "WMAppPRHeader.xml" from the xap. This also will "break"
updates for the app as new ones come out in the store.
Hope that helps!
Can I:
1. Sideload 7.x homebrew caps?
2. Sideload the Microsoft YouTube app that was pulled? I have the xap, so I should delete that file you mentioned?
3. Do I use the side load program that you use on your desk top (I forgot the name) in the chevron wp7 days
Someone had told me offhand regarding the YouTube xap that it is encrypted and useless to try and side load anyway, is this true?
Thank you very much for your help!
Sent from my SGH-T899M using XDA Windows Phone 7 App
Sideloading WP7 apps will "work" except that most WP7 homebrew either requires Interop Unlock (which we don't have yet) or requires "root" privileges (which we don't have yet). So... not a lot of use.
GoodDayToDie said:
Sideloading WP7 apps will "work" except that most WP7 homebrew either requires Interop Unlock (which we don't have yet) or requires "root" privileges (which we don't have yet). So... not a lot of use.
Click to expand...
Click to collapse
Do you think it will be easier to gain interop-unlock if the phone would already be dev-unlocked?
If this would be, i guess i would pay the 99$ to dev-unlock my Lumia 920, if it helps the community
I can't open Xap to remove "WMAppPRHeader.xml" (DRM protect)?
You have to change the xap with 7zip and it will turn into a zip file with additional files inside, I would like to know if I deleted "wmappprheaderxml" in Microsoft's ill fated YouTube app could I then sideload it?
Sent from my SGH-T899M using XDA Windows Phone 7 App
MOD EDIT: Thread closed by OP's request.
If you have used reker's proxy, you will notice the "by @reker" entry on top of the list with search results. If we could do the same with the SamWP8 tool (and link his app to a similar app page), maybe we could bypass the interop unlock requirement (the error you receive if you try to sideload a app with interop capabilities on a non-interop unlocked phone) because apps installed in the store don't get this check (as compu829 demonstrated by saying the original Microsoft youtube app contained the ID_CAP_MEDIALIB_PHOTO_FULL entry in the WMAppManifest.xml, and how could you install this app on phones without having an interop-unlock, exactly : the app was installed through the store).
Correct me if I'm wrong, I'm still learning how the WP OS is build and how it functions.
To admins, I can't post this in the Windows Phone 8 Development and Hacking thread because I don't have the required 10 posts yet.
Seems like a feasible idea, I'll take a look on how the store works but I think the XAP's still need to be signed by a trusted root to this works.
I'll post any updates here as I can't post on dev section x.x
This idea is older than WP8, and it doesn't work. First of all, the apps themselves (as opposed to the data about them) are delivered over an encrypted channel that uses certificate pinning; we can't intercept or modify it. Second, the Store will only install Microsoft-signed (and probably only DRMed) apps. Unsigned apps failed to install through this channel back on WP7. Third, even if we could install the apps this way, hey would still be unsigned. The OS would thus treat them as developer apps. Developer apps on phones where the MaxUnsignedApp registry value is less than 300 are limited to the standard third-party app capabilities, meaning no INTEROPSERVICES or similar.
By all means, go ahead and poke at it - WP8 has surprised me before with weaknesses it has relative to WP7 - but don't expect this to work even if you get past the first issue (which *does* exist on WP8).
Did someone contact reker? We need to figure out how he did this. I can't tell if he succeeded into linking an app to the custom app page because when I click install, I get an error message : "This app is not available for your region", maybe I need to change my region to China and try again.
@GoodDayToDie : Won't the phone be tricked by the store installation, thinking it's an encrypted app? Does it matter whether the app is encrypted or not if someone manages to link an app to a custom app page, because Windows Phone app weren't always encrypted to my recollection (this may predate the WP8 era, if so we're screwed ). And if it matters, can we encrypt the app ourselves by using a encryption method like AES, SHA, MD5, ... ? Unlikely hypothesis, but if someone would succeed in doing all this, could the SamWP8 tool be used to increase the HKEY_Local_Machine\Software\Microsoft\DeviceReg\Install MaxUnsignedApp value beyond 300 to unlock interop capabilities? Are the EnableAllSideloading.xap and Bootstapper.xap also usable on other WP than Samsung or do they need to be recoded to work on WP of other manufacturers?
EnableAllSideloading.xap and Bootstapper.xap depends on Samsung diagnosis tool and it's RPC server that runs on LocalSystem account that has "unlimited" registry access, it's not available on other manufacturers.
Tonight I will start my experiments on it.
greenboxal said:
EnableAllSideloading.xap and Bootstapper.xap depends on Samsung diagnosis tool and it's RPC server that runs on LocalSystem account that has "unlimited" registry access, it's not available on other manufacturers.
Tonight I will start my experiments on it.
Click to expand...
Click to collapse
I was wondering how you could flash the bootloader of Android on the Ativ S as the Secure Boot made by Qualcomm is locked by a blown fuse (it's a hardware issue, not only a software issue you must deal with).
bruce142 said:
I was wondering how you could flash the bootloader of Android on the Ativ S as the Secure Boot made by Qualcomm is locked by a blown fuse (it's a hardware issue, not only a software issue you must deal with).
Click to expand...
Click to collapse
SecureBoot checks signature of the bootloader by a known public key, the case is that Samsumg uses the *same* key for android and wp8 bootloaders.
greenboxal said:
SecureBoot checks signature of the bootloader by a known public key, the case is that Samsumg uses the *same* key for android and wp8 bootloaders.
Click to expand...
Click to collapse
If this checks out, what does it mean, could we flash android on the Ativ S? Or could you even make a dual-boot scenario possible? Great find by the way, :good:.
bruce142 said:
If this checks out, what does it mean, could we flash android on the Ativ S? Or could you even make a dual-boot scenario possible? Great find by the way, :good:.
Click to expand...
Click to collapse
Yes, it's the same hardware as SGS3 Snapdragon 4 version. But let go back to the topic, if you have some question about it send me a PM or post on my R&D thread
greenboxal said:
Yes, it's the same hardware as SGS3 Snapdragon 4 version. But let go back to the topic, if you have some question about it send me a PM or post on my R&D thread
Click to expand...
Click to collapse
I can't post yet in your R&D thread because I don't have the met the 10 post requirement yet.
Edit : I can install reker's "by @ reker" app when changing the region to China, and this is interesting (pasted directly from his WMAppManifest.xml) :
<?xml version="1.0" encoding="UTF-8"?>
-<Deployment AppPlatformVersion="8.0" xmlns="http://schemas.microsoft.com/windowsphone/2012/deployment">
<DefaultLanguage xmlns="" code="zh-CN"/>
-<Languages xmlns="">
<Language code="zh-Hans"/>
</Languages>
-<App xmlns="" PublisherId="{9b1d1b5b-f206-4b27-a139-89659591061b}" IsBeta="false" PublisherID="{b259af64-2f7d-4a89-983f-836325480629}" Publisher="智机网_WPXAP" Description="智机市场官方版" Author="智机网_WPXAP" Genre="apps.normal" Version="2.0.0.0" RuntimeType="Silverlight" Title="智机市场" ProductID="{59bd999b-496e-4e05-afce-94b67ba6e862}">
<IconPath IsResource="false" IsRelative="true">Assets\ApplicationIcon.png</IconPath>
-<Capabilities>
<Capability Name="ID_CAP_IDENTITY_DEVICE"/>
<Capability Name="ID_CAP_IDENTITY_USER"/>
<Capability Name="ID_CAP_NETWORKING"/>
<Capability Name="ID_CAP_PUSH_NOTIFICATION"/>
<Capability Name="ID_CAP_SENSORS"/>
<Capability Name="ID_CAP_WEBBROWSERCOMPONENT"/>
<Capability Name="ID_CAP_APPOINTMENTS"/>
</Capabilities>
-<Tasks>
<DefaultTask Name="_default" ActivationPolicy="Resume" NavigationPage="MainPage.xaml"/>
</Tasks>
-<Tokens>
-<PrimaryToken TaskName="_default" TokenID="WpXapToken">
-<TemplateFlip>
<SmallImageURI IsResource="false" IsRelative="true">Assets\Tiles\FlipCycleTileSmall.png</SmallImageURI>
<Count>0</Count>
<BackgroundImageURI IsResource="false" IsRelative="true">Assets\Tiles\FlipCycleTileMedium.png</BackgroundImageURI>
<Title/>
<BackContent/>
<BackBackgroundImageURI/>
<BackTitle/>
<DeviceLockImageURI/>
<HasLarge/>
</TemplateFlip>
</PrimaryToken>
</Tokens>
-<Extensions>
<Protocol Name="wpxap" TaskID="_default" NavUriFragment="encodedLaunchUri=%s"/>
</Extensions>
-<ScreenResolutions>
<ScreenResolution Name="ID_RESOLUTION_WVGA"/>
<ScreenResolution Name="ID_RESOLUTION_WXGA"/>
<ScreenResolution Name="ID_RESOLUTION_HD720P"/>
</ScreenResolutions>
</App>
</Deployment>
@bruce142: The store may or may not care about the DRM - that was in place by the time WP8 came out, but WP7 didn't have it for a long time - but it absolutely cares about the signatures. More accurately, actually, the XAP install code (which the store invokes) cares about the signatures. There's no "tricking" it; the signature is quite plainly there, or it's not. You don't exactly have to look hard to find it. The app launch code *also* cares about signatures. Non-sideloaded apps won't have ID_CAP_DEVELOPERUNLOCK, which is a special capability automatically added to sideloaded apps to allow them to launch even though they don't have signatures. Without that capability (or rather, without the SID which the token of an app with that capability gets at chamber creation), the kernel will refuse to load the unsigned executable binaries.
GoodDayToDie said:
@bruce142: The store may or may not care about the DRM - that was in place by the time WP8 came out, but WP7 didn't have it for a long time - but it absolutely cares about the signatures. More accurately, actually, the XAP install code (which the store invokes) cares about the signatures. There's no "tricking" it; the signature is quite plainly there, or it's not. You don't exactly have to look hard to find it. The app launch code *also* cares about signatures. Non-sideloaded apps won't have ID_CAP_DEVELOPERUNLOCK, which is a special capability automatically added to sideloaded apps to allow them to launch even though they don't have signatures. Without that capability (or rather, without the SID which the token of an app with that capability gets at chamber creation), the kernel will refuse to load the unsigned executable binaries.
Click to expand...
Click to collapse
I understand, the app has to be signed before it can be uploaded to the store, but does the developer of an app not sign its app when he assembles it or does the store sign the app itself? I see no threshold here, as signing an app is not a problem, or is it? I still admire that reker managed to make an app page by using a proxy which isn't normally there and successfully linked an app to it, which I was able to download and it contained elevated capabilities, I thought the ID_CAP capabilities were all interop capabilities (correct me if I'm wrong). Could someone make the old version of the Samsung Diagnostic tool available this way which users with other WP than the Ativ S/Ativ S Neo might able to use to modify the MaxAppUnsigned value and unlock more capabilities, or is this impossible? If only we knew how reker did this, ...
bruce142 said:
I understand, the app has to be signed before it can be uploaded to the store, but does the developer of an app not sign its app when he assembles it or does the store sign the app itself? I see no threshold here, as signing an app is not a problem, or is it? I still admire that reker managed to make an app page by using a proxy which isn't normally there and successfully linked an app to it, which I was able to download and it contained elevated capabilities, I thought the ID_CAP capabilities were all interop capabilities (correct me if I'm wrong). Could someone make the old version of the Samsung Diagnostic tool available this way which users with other WP than the Ativ S/Ativ S Neo might able to use to modify the MaxAppUnsigned value and unlock more capabilities, or is this impossible? If only we knew how reker did this, ...
Click to expand...
Click to collapse
ID_CAP's aren't all Interop capabilities, most of them are available for every app, and the ones you posted are, afaik, normal ones that don't need and Interop Unlock.
GoodDayToDie is right. His answer is very detail.
You may replace a xap with homebrew one in theory, but phone will never launch a store app without MS signature. Every single dll is signed by MS, and phone will check it.
Few questions and opinions:
The signature is used only for allowing the app to be installed on the device right?
Is the signature after added to the app a constant for the whole time or is it changing from time to time?
If the signature is used only for allowing an app to be installed, can we somehow make an virtual MS Server (Using FIddler for example), who can clone the real one and give us an offline signing of the app`s when installing them?
Can a signature be pulled off from an original installed app and the be put in to an another one?
cevi said:
Few questions and opinions:
The signature is used only for allowing the app to be installed on the device right?
Is the signature after added to the app a constant for the whole time or is it changing from time to time?
If the signature is used only for allowing an app to be installed, can we somehow make an virtual MS Server (Using FIddler for example), who can clone the real one and give us an offline signing of the app`s when installing them?
Can a signature be pulled off from an original installed app and the be put in to an another one?
Click to expand...
Click to collapse
The signature is checked when running the application, every PE image on the device should have a valid digital signature.
You don't seem to understand how it works, the signature is any kind of hash, let's say, SHA256, of the entire file. This signature is encrypted with the signee private key. If you change one single bit of the file, the hash will change, and so the signature will be invalid.
There are few ways to exploit this kind of security, like generating a hash collision or breaking the private key, both would take million of years.
I do really don't understand the whole process I was just giving some noob suggestions.
It's strange for me that after the app is installed it doesn't require an active network to start.So I am wondering if it could be possible to trick the app to start somehow?
Sent from my Windows Phone 8S by HTC using Tapatalk
While suggestions are always welcome, you really should read up on digital signatures and how they work. @greenboxal's explanation seems like it might have gone over your head a bit... The fact that you didn't understand about ID_CAP_* also means you've probably never looked at WP development, or even looked at the manifest of a WP app, either; you may want to do some of that. Until you do so, it would be only by the sheerest crazy luck that you managed to hit on a solution, because you don't even know what you're actually trying to accomplish!
For example, it's pretty obvious why there's no need for a network connection to start an app, once it's installed. There's a license on WP apps, which is checked when the app is installed (requires Internet access) and is then valid for some time (never checked how long exactly, probably years though). The signatures are different. When the app is installed, the signing certificate (which contains the public key, but not the private key, of the keypair used to sign the app) is extracted from the app and checked to see whether it is trusted by Microsoft (the phone has Microsoft's certificates embedded in the OS; it doesn't need a network connection for this). When you try to launch the app, it checks to see whether the signatures on each binary (which are, as greenboxal mentioned, created by taking the cryptographically secure hash of the binary and then applying something like encryption to it using the private key) are valid (it applies the public key to the signature to get the signing hash back, and checks whether that hash still matches). We (developers) can't fake store signatures ourselves, because we don't have Microsoft's private keys. Therefore the phone wouldn't trust our signatures (make sure you read up on the concept of a "chain of trust" and the concepts of public key cryptography and public key infrastructure in general too) and would refuse to load the binaries. The process of verifying signatures is just a bunch of math once you've already got the public keys, and those are, as I said, extracted from the app at install (for individual apps) and stored in WP8 itself (for the Store-wide signing key); no need to access the network.
Thanks guys for clearing this up for me.I know that it`s not that simple as i say.Anyway, just keep up the good work.We the Noobs depend from you.
If you are not those who you really are i personally know that i will never buy a Windows Phone again.You are the reason for the MS`s profit.
Sorry again for jumping in into this "battle".
This thread is becoming way out of hand, question is asked and answered : adding a app via proxy which may interop-unlock other WP is not possible. Locking thread now.
PS : yay, ten posts.
Hello,
I'm just starting my dev journey with WP8 with my new T-Mobile Lumia 520.
First what I need to do is to debrand my lumia - for faster updates. T-Mobile is not offering yet the next release of fw which allows to disable images in IE, and as dev I need to be up-to-date as fast as possible. I need to download the FW, but I don't know which one - localized for sure, but what GDR is? What Amber means? I can't decide which one do I need to download and flash. (http://forum.xda-developers.com/showthread.php?t=2515453 This instruction doesn't show the moment of decision).
Next question is about unlocking. I'm downloading music from Soundcloud via Cloudoh and I want to access them from my PC, same as files located inside of other apps - do I need to unlock the device to do that? For example - how to upload a pdf from PC to winpho pdf reader?
Windows Store allows me to download installable files at PC and install them via SD Card. Some apps aren't supposed to work with my device. Is there any solution how to install them at my risk?
And the last question, but not least - I have my dev account but its time limited and app-count-limited. Is there any way how to check if my Lumia is dev-unlocked, how long this unlock lasts and what is my current app-limit? Just for my information - I like to have the ways to check everything.
Please, help me
GDR = General Distribution Release (a brief web search would have told you this). Microsoft-ese for a post-initial-release update (think of service packs for other MS software). The current version is GDR3, also called Update 3. "Amber" is Nokia's codename for the firmware version that they ship along with GDR2. "Black" is Nokia's firmware name for GDR3. Note that OEM firmware (such as Amber or Black) are different from Microsoft OS updates (such as GDR2 or Update 3), although they are typically delivered together. If you're already on at least GDR2, you can get Update 3 directly from Microsoft without waiting for T-Mobile or Nokia; search the Store for "Preview for Developers".
You cannot access files stored inside an app from anywhere else, either a PC or another app, unless the app explicitly makes them available by including a method to export them. Most apps don't implement this. The only exceptions to this rule are for images (which can be stored in the Pictures Library of the phone, much like the built-in camera app or screenshot functions) and OEM apps, which can have extra permissions (Capabilities, such as ID_CAP_PUBLIC_FOLDER_FULL) that aren't allowed for third-party developers. However, for development apps (that is, ones which were sideloaded to your phone from an unsigned XAP file), you can access their Isolated Storage from your PC using the aptly-named Isolated Storage Explorer Tool (or any other program that implements the required APIs, such as Windows Phone Power Tools).
To upload a PDF to the phone, you can do any number of things. Over USB, copy it to the Documents folder on the phone using any MTP software (Windows Explorer works). Over Bluetooth, just send the file directly. Over email, just attach the PDF. Over the Internet, you can use SkyDrive, or any other "cloud" app, or if it's on a web server you can get it from the phone's browser...
I'm not aware of any work-around for the minimum-memory restriction on some apps. I believe it mostly only applies to large games? In any case, you have one of the lowest-end WP8 devices on the market; there are limits which come with that.
The official way to tell if your phone is dev-unlocked is to use the Windows Phone Developer Registration tool, the same one you use to do the dev-unlock in the first place. A paid developer account always gives a limit of 10 apps (the free one is 2 apps). There's no official way to tell how many apps you have remaining, but it's simple enough to tell if you have any space left; just try sideloading any app that isn't already installed!
GoodDayToDie said:
GDR = General Distribution Release (a brief web search would have told you this).
Click to expand...
Click to collapse
Yeah, I did some sort of search on forums and Google and I haven't found anything.
GoodDayToDie said:
You cannot access files stored inside an app from anywhere else, either a PC or another app
Click to expand...
Click to collapse
After unlock it is still unaccessible? I had to jailbreak my iPad because without jb it is not easy to operate. I thought about something like this for Lumia. I think it is only the need of time for others to omit this problem
Disney offered lastly a promotion for its games. I was interested with some of them, but only one was accessible for my device. xap file needed only 70 mb of space. I think there was a problem with performance, but if I want see a laggy game I should have the ability to install it despite everything.
There's no jailbreak available for Lumia phones yet. Something like that should, indeed, allow accessing the storage of the apps (and everything else) but we don't have one...
The size of the XAP has very little to do with the runtime requirements of the app (RAM and CPU). I have written apps of only a few kilobytes that required over 10 gigs of RAM to run (not a phone app, obviously). To avoid people with low-end phones getting annoying with the platform and thinking it's the fault of either Microsoft or the app developer when an app crashes from running out of RAM, they've prohibited installing high-RAM apps on low-RAM devices.
You mean T-Mobile's Lumia 521 right? There's no other ROM you can flash to it that might have the update.
Hello, I need to encrypt a string with a public key (or certificate) obtained from a REST service. I have these in base64 format. The question is: how can I do on Windows Phone 8.1? There's no X509Certificate, X509Certificate2 or RsaCryptoServiceProvider available..
I'm using Visual Studio 2013 Update 2..
diego.stamigni said:
Hello, I need to encrypt a string with a public key (or certificate) obtained from a REST service. I have these in base64 format. The question is: how can I do on Windows Phone 8.1? There's no X509Certificate, X509Certificate2 or RsaCryptoServiceProvider available..
I'm using Visual Studio 2013 Update 2..
Click to expand...
Click to collapse
I think you are now using non-Silverlight apps in visual studio.
Try Silverlight application
ngame said:
I think you are now using non-Silverlight apps in visual studio.
Try Silverlight application
Click to expand...
Click to collapse
Yep but I'm developing a universal library. I'll probably try Bouncy Castle (PCL) in order to do what I need.
Universal libraries are extremely crippled. Many features are unavailable for universal libs, even things that can be done (in different ways) across all the different platforms you are targeting.
BouncyCastle is a decent option though, as long as you don't need native performance.
Hello - I am doing a pen test for a customer. They are not giving me the xap files like they did last time. Is there a way to pull the xap file off the phone and on to your PC? I have a dev unlocked phone which I can sideload apps using power tools. I have done some research and it doesn't sound like this option is available, but I wanted to ask.
Thanks in advance.
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
GoodDayToDie said:
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
Click to expand...
Click to collapse
Thanks again for all your help. So my situation is this: I am doing pen testing for a client (and I'm sure we are competitors some what). The have provided me a Nokia Lumia phone running 8.0 and another Lumia running 8.1. The app is installed by their dev team (app is not avail from the store). They are reluctant to provide my the XAP file as they consider it proprietary info. I have done a dev unlock on the phone, but my primary goal is to view the isolated storage/dlls for the app to make sure they are not storing sensitive data. I am using the standard tools for viewing the isolated storage, but for these to work (best of my knowledge) they require you to sideload the application which I cannot due (not XAP file). I am proxying the traffic, but without looking at the file system there is not much I can do. As an aside, they are using MDM with jailbreak detection.
Whoa, somebody actually got around to writing jailbreak detection for WP8? Crazy. I wish I could see that; I'm sure it's trivial to bypass (at least for interop-unlock, the difference between locked and unlocked is changing a registry value and it would be easily possible to re-lock it, launch the app while keeping the editor app open in the background, switch back to the editor, and unlock/jailbreak again) but I'm amused that anybody even bothered trying. Also, the APIs you would need to do the detection aren't even available on 8.0, officially; you're in violation of the store rules if you use them. Then again, maybe this is an internal, "Enterprise" app; those have permissions to do stuff that typical third-party apps do not. Are you sure they don't just mean they have jailbreak detection for iOS? I see something about Office365 MDM offering JB detection, but while I suppose they could have written something for WP8.x as well I feel like I probably would have heard of it?
If the app was sideloaded by the dev team, then you can see its isostore using the official tools or using Windows Phone Power Tools. If it's an enterprise app and the app was installed that way, then things get more difficult (especially if the phone they gave you doesn't have an SD slot). Not giving a pentester access to the binary they're testing is silly on a number of levels; if you succeed in breaking in then you'll get it anyhow, and an attacker will have a lot more than a week or two to poke at it so they're wasting your presumably-paid-by-the-hour time if they want you to see how good their security is without actually examining the app. I bet they used obfuscation, too... Some people just don't get it. "Security" by obscurity... isn't. Sorry, end of mini-rant. Anyhow, there's a guy on the forum who claims to have a non-JTAG unlock for Lumias, but no idea when or if it'll see the light of day.