[Q] How to mod XAP files. - Windows Phone 8 Q&A, Help & Troubleshooting

I have LUMIA 620 dev unlocked via dream spark.
I downloaded XAP file from marketplace and it seams to be encrypted so they are not installing via DEV tools to my device.
But i searched around some apps which can be installed via DEV tool because the are modified and i want to know what are the changes that are need to be made in XAP files:good:
One thing i have noticed that those XAP files which can be installed on device via DEV can be opend via any archive software like winrar etc...
but those XAP that are not able to install on device via DEV cannot be open with any archive software.

prashantvrm said:
One thing i have noticed that those XAP files which can be installed on device via DEV can be opend via any archive software like winrar etc...
but those XAP that are not able to install on device via DEV cannot be open with any archive software.
Click to expand...
Click to collapse
The XAP files from the store are encrypted. Unless someone figures out a way to break the encryption, it cannot be done.
The XAP files you found are probably home-made apps, which can be sideloaded, because they're deployed by developer tools in an unencrypted format, or WP7 apps. The encryption is applied after you submit the XAP to the store.
There is no known workaround to sideload store XAPs without an SD card, at the moment.

TheGoldrocker said:
The XAP files from the store are encrypted. Unless someone figures out a way to break the encryption, it cannot be done.
The XAP files you found are probably home-made apps, which can be sideloaded, because they're deployed by developer tools in an unencrypted format, or WP7 apps. The encryption is applied after you submit the XAP to the store.
There is no known workaround to sideload store XAPs without an SD card, at the moment.
Click to expand...
Click to collapse
You are correct sir. It sucks that you can't even sideload Xaps that were downloaded manually due to the app being removed from the WP store on a non-SD device. I'm trying to see if I can make a workaround for this though. It would be nice if it worked. In terms of modifying the encrypted XAP, it'll be a while before one of us figures out how to decrypt, but at the same time that opens a whole new can of worms regarding to piracy.

I've looked at the encrypted XAPs a bit myself; they're basically a PlayReady wrapper around the ZIP archive (XAPs are just renamed ZIP files; I usually use 7-Zip to open them). Unfortunately, I don't think anybody has broken PlayReady yet. The various programs which claim to strip PlayReady (usually from music or video) all appear to work by running the file through the decoder built into various programs like Zune and Windows Media Player, and re-capturing the content that comes out of the decoder. That won't work for these files.
We might be able to do something similar if we can get the XAP decoder out of the phone ROM and use that, though it will be ARM code (I don't know if the x86 "emulator" image includes the DRM decoder) and therefore somewhat tricky to work with. It will also probably be obfuscated to deter reverse engineering, and may be difficult to make work independently. A kernel debugger on the phone may be needed to figure it out.

GoodDayToDie said:
I've looked at the encrypted XAPs a bit myself; they're basically a PlayReady wrapper around the ZIP archive (XAPs are just renamed ZIP files; I usually use 7-Zip to open them). Unfortunately, I don't think anybody has broken PlayReady yet. The various programs which claim to strip PlayReady (usually from music or video) all appear to work by running the file through the decoder built into various programs like Zune and Windows Media Player, and re-capturing the content that comes out of the decoder. That won't work for these files.
We might be able to do something similar if we can get the XAP decoder out of the phone ROM and use that, though it will be ARM code (I don't know if the x86 "emulator" image includes the DRM decoder) and therefore somewhat tricky to work with. It will also probably be obfuscated to deter reverse engineering, and may be difficult to make work independently. A kernel debugger on the phone may be needed to figure it out.
Click to expand...
Click to collapse
It would be nice to be able to put one on the emulator itself and see what was going on..

I offer up my Programs folder dumped from my Lumia 928 if it is any help. Devs do with it as you will At the very least under common files you will find the xaps installed on my device which do open with 7zip and include the license xml. As far as installing or side loading I did throw a few xaps at the various emulators with mixed results. Have at it guys!!!
http://sdrv.ms/13tlc0F

tonbonz said:
I offer up my Programs folder dumped from my Lumia 928 if it is any help. Devs do with it as you will At the very least under common files you will find the xaps installed on my device which do open with 7zip and include the license xml. As far as installing or side loading I did throw a few xaps at the various emulators with mixed results. Have at it guys!!!
http://sdrv.ms/13tlc0F
Click to expand...
Click to collapse
Xaps within the Programs directory from a ROM are unencrypted. These will help out a lot though!
Edit: Ohhh... Something interesting. CommonFiles\Xaps\SyncUi.xap is the Verizon Backup Assistant. This has some code to intercept SMS..
<Extensions>
<!-- Email & Accounts UX Integration -->
<Extension ExtensionName="Accounts_Extension_Standard" ConsumerID="{47998C28-3D90-11E1-8E07-8B2B4924019B}" TaskID="_default" ExtraFile="Extensions\Extras.xml" />
<Extension ExtensionName="SMS_INTERCEPT_STANDARD" ConsumerID="{55DB4873-5CDF-43B0-82B4-87EB13E9BF6B}" TaskID="SmsInterceptAppExtension" ExtraFile="Extensions\Extras.xml" />
<Extension ExtensionName="Service_Agent_Application" ConsumerID="{208558CC-4407-40F8-83AE-AE3D567126B3}" TaskID="BackgroundTask" />
</Extensions>

snickler said:
Xaps within the Programs directory from a ROM are unencrypted. These will help out a lot though!
Edit: Ohhh... Something interesting. CommonFiles\Xaps\SyncUi.xap is the Verizon Backup Assistant. This has some code to intercept SMS..
<Extensions>
<!-- Email & Accounts UX Integration -->
<Extension ExtensionName="Accounts_Extension_Standard" ConsumerID="{47998C28-3D90-11E1-8E07-8B2B4924019B}" TaskID="_default" ExtraFile="Extensions\Extras.xml" />
<Extension ExtensionName="SMS_INTERCEPT_STANDARD" ConsumerID="{55DB4873-5CDF-43B0-82B4-87EB13E9BF6B}" TaskID="SmsInterceptAppExtension" ExtraFile="Extensions\Extras.xml" />
<Extension ExtensionName="Service_Agent_Application" ConsumerID="{208558CC-4407-40F8-83AE-AE3D567126B3}" TaskID="BackgroundTask" />
</Extensions>
Click to expand...
Click to collapse
I don't like the sound of that The app is part of the settings on my device but when opened says there is a problem with my account and contact Verizon.

@tonbonz: Thanks for the dump! That could be really handy. I'll explore and see if I can find anything useful. Any direct applications will likely be Nokia-specific (which among other things means I can't test them) but lots of people have Nokia phones, and I may find something more generally useful too.

GoodDayToDie said:
@tonbonz: Thanks for the dump! That could be really handy. I'll explore and see if I can find anything useful. Any direct applications will likely be Nokia-specific (which among other things means I can't test them) but lots of people have Nokia phones, and I may find something more generally useful too.
Click to expand...
Click to collapse
I've enjoyed the benefits of all the devs and their hard work here at XDA since my HTC Trophy. Glad to give back in any way I can. If any other files or folders are needed I would be happy to oblige...and... I thank you sir!!!

Oh what the h*** Rest of the dump files currently uploading. Dump 1, three 7z files altogether, is the Programs folder from earlier post. Left out maps data from Data/shared data folder as it was huge and of no consequence as to what we are trying to accomplish. Also, to be clear, this is a dump from the Lumia 928 variant package not my actual device. Have fun!!!
http://sdrv.ms/13tlc0F
@djtonka Thank you for your tutorial on Nokia Care Suite on wimdowsmania.pl. 
 @AnDim Extra thanks for ImgMount Tool which was used to dump these files!!!

I'll let you know. Just for curiosity's sake, how are you extracting those files? Is it from a working device, or a ROM image?
EDIT: Just saw your message, thanks for the info!
Initial results are a mix of cautious hope, disappointment, and speculation.
1) The OEM apps use a ton of restricted capabilities (among the most tame, for example, is "ID_CAP_MEDIALIB_PHOTO_FULL", which gives direct access to the image folders and has visibility "public" according to the policy XML files from the Windows directory).
2) The OEM apps can be sideloaded, but you have to remove the PlayReady header and all the restricted capabilities. They aren't very exciting at that point; they may not even start up.
3) Speculation: The so-called "public" restricted capabilities require a (Store-?)signed app when used on a standard phone. It *may* be possible to sign the apps ourselves, install that cert on the phone, and then sideload them, but I doubt it.
4) More speculation: These new, high-privilege capabilities seem to have largely replaced ID_CAP_INTEROPSERVICES. Although the error when trying to sideload them on an interop-locked phone is different than it is for INTEROPSERVICES, it may be that an interop-unlock would allow sideloading apps that use those capabilities anyhow.
5) The OEM apps include WPInteropManifest.xml. It's exactly the same near-empty file as on WP7. However, they don't use COM but instead use the same native-CLR interop as the official SDK advocates (.winmd files that bridge managed code to C++ DLLs). Its presence does not impede sideloading.
6) Speculation: The WPInteropManifest may be needed for apps which intend to use the "raw" win32 API (as opposed to WinRT) in C++. This theory is supported by the presence of things like DLLs that read and write to the registry directly (not through a driver, which would need INTEROPSERVICES), using APIs such as RegCreateKeyW.
7) More speculation: Since we can extract the system libraries from our phones, it should be possible to use the DLL-to-LIB tools to create .LIB files (the official WP8 SDK is extremely short on these) that we can then use to link to the native Win32 API. Although we would still be (cripplingly) limited by the sandbox's low permissions, we could probably do things like write a basic registry browser.
8) The provxml commands to install apps are very simple, but I don't understand all the parameters. Nonetheless, whenever we have an app, its license, and a tool which can process AppInstall provxmls, we should be able to install those apps on any reasonably compatible phone.
9) Speculation: Due to the use of OS-based capabilities rather than OEM drivers, an app that is installed on any given phone *should* work on other OEMs' phones even if it accesses the registry or does similarly privileged operations.
10) There may yet be a vulnerable app which we could exploit (possibly by using a provxml-injection attack?) to write to the registry / move files / do similar stuff. However, it would probably have very limited permissions even so; unlike on WP7, most things which can write to *some* of the registry can't write to *most* of it.

Related

Extended ROM - Some CABs don't Execute

I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Quick question?
Are the CAB's signed, if not are you installing the 'signed' unsign CAB 1st .
Edit: Thinking more about this (and realising that the 1st thing you do is disable signing in your ROM's ) can you provide a little more info about the CAB's (maybe an offending CAB if the content is not private?).
I managed to replicate this issue with a CAB that had a warm reset as part of it's install process (seems to bork the autoexec batch process) and I have had a similar issue with a CAB that just contained some simple OMA in the _setup.xml.
John
yes, that's the point. But how to make any Unsigned CABs become Signed?
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
djwillis said:
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
Click to expand...
Click to collapse
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
gamescan said:
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Click to expand...
Click to collapse
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
huangyz said:
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
Click to expand...
Click to collapse
So, where did you found the signed Disable_Cert.cab?
faria said:
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
Click to expand...
Click to collapse
Sorry to ping an old thread - flogging to proceed immedietly after...
Being that this is a windows device, isn't there a flag that can be passed when executing the cab - like you can on a windows installer application? Similar to setup.exe -q or whatever you're trying to do. Some flags set the answers to yes, admin mode... you get the picture. Does the cab installer engine allow similar flags to get passed with the cab execution command?
In PPC, it calls wceload.exe to install and uninstall a cab.
As shown in http://msdn2.microsoft.com/en-us/library/ms926281.aspx , the only possible argument is to ask or not ask for destination, but no quiet mode.
How can you call wceload.exe manually at ExtROM installation may be a question.

INTERNAL xap installer

Could someone to develop INTERNAL xap installer program [ homebrew] that
will be able to install xap inside phone ?
Thanks.
the os already has its own framework for that so no point, the installation of non signed apps is discussed loads on the forum. An app is avail called chevron to achieve it, unless you have updated your phone it should still work
I have investigated this. No luck so far. But I have a couple of leads that may let me make it. But it needs more research. I will have a look at it soon. But I can't give an ETA. So far I know there are no others that have succeeded so far.
Ciao,
Heathcliff74
This will be key for cydia/installius kind apps for WP7
anarchyuk said:
the os already has its own framework for that so no point, the installation of non signed apps is discussed loads on the forum. An app is avail called chevron to achieve it, unless you have updated your phone it should still work
Click to expand...
Click to collapse
is it possible ? I like to install apps inside the phone as in WINMO.
I can have XAP on skydrive a if i click it on browser it will automatically download and install, this will be awsome.
marek1 said:
is it possible ? I like to install apps inside the phone as in WINMO.
I can have XAP on skydrive a if i click it on browser it will automatically download and install, this will be awsome.
Click to expand...
Click to collapse
Nope. Not possible. Read my previous answer. Anarchyuk did not understand your question correctly.
Sent from my OMNIA7 using XDA Windows Phone 7 App
Heathcliff74 said:
Nope. Not possible. Read my previous answer. Anarchyuk did not understand your question correctly.
Sent from my OMNIA7 using XDA Windows Phone 7 App
Click to expand...
Click to collapse
Why is not possible, reason ? Will Mango make it possible ?
marek1 said:
Why is not possible, reason ? Will Mango make it possible ?
Click to expand...
Click to collapse
No. Microsoft doesn't want you to sideload apps. They want you to use the Marketplace. If you would be able to use an internal xap installer, you would be using it for sideloading.
It is not possible to use the API's for installing XAP's because you need TCB access for that. Normal apps have only LPC access, so normally you can't create an app for that. Needs hacking.
Ciao,
Heathcliff74
Would this type of access be possible with the 'DLLImport Project'?
So today i installed a random app from marketplace to see what was going on i the process-list. Here i saw "PacmanInstaller.exe" (after "Downloading..." > "Installing..."); later i tried to remote execute that one without any important args, and it said "This application can not run in Win32 mode.", eh? Didn't that exe just ran in the process list. Seems weird not to be able to launch that one. (it did not say the exe did not exist).
Tested another thing to, what happens when i deploy an app from Visual Studio??
>PacmanInstaller.exe shows up there too.?!?!?
THEN WTF, WHERE IS THE DRM?
Found this in "PacmanInstaller.c":
if ( v19 != v2 )
*(_DWORD *)(v17 + 4 * v18 - 4) = L"ID_CAP_DEBUG";
XAP > Phone side:
- IO Explorer, all files have the exact same byte size, no magic changes added "ID_CAP_DEBUG""
- No "WMAppPRHeader.xml" added (generated/downloaded)
__
This means its just copying it to phone (XAP).
Runs pacman to register app > \Applications\Install\GUID\Install
"PacmanInstaller.exe GUID" ??
>Cant execute remote PacmanInstaller? From within?
Just having fun, thanks
SimzzDev said:
Would this type of access be possible with the 'DLLImport Project'?
Click to expand...
Click to collapse
Nope. DllImport project is about accessing native API's. Not really about elevating privileges (so far). The package manager API's are native API's, but they require elevated privileges too. For having higher privileges you need to hack the system...
fiinix said:
So today i installed a random app from marketplace to see what was going on i the process-list. Here i saw "PacmanInstaller.exe" (after "Downloading..." > "Installing..."); later i tried to remote execute that one without any important args, and it said "This application can not run in Win32 mode.", eh? Didn't that exe just ran in the process list. Seems weird not to be able to launch that one. (it did not say the exe did not exist).
Click to expand...
Click to collapse
"This application can not run in Win32 mode" is error 0xbf:
Error 0xbf: error_invalid_exe_signature
Description: Cannot run <application> in Windows NT mode
Or: Cannot run <application> in Win32 mode
This means that your executable is not properly signed / elevated to launch into the required account.
fiinix said:
This means its just copying it to phone (XAP).
Runs pacman to register app > \Applications\Install\GUID\Install
"PacmanInstaller.exe GUID" ??
>Cant execute remote PacmanInstaller? From within?
Just having fun, thanks
Click to expand...
Click to collapse
C'mon fiinix! You of all people should know!!
Code:
<!-- Rule loaded from: \IMGFS\969eb155-55ff-4884-9ecb-241c8a4b6e09.policy.xml(405,6) -->
<Rule PriorityCategoryId="PRIORITY_STANDARD" ResourceIri="/LOADERVERIFIER/ACCOUNT/(+)/ACCOUNT_CAN_LAUNCH/NONE/NONE/PRIMARY/WINDOWS/PACMANINSTALLER.EXE" SpeakerAccountId="S-1-5-112-0-0-1" Description="Only TCB can launch into this chamber">
<!-- Authorize loaded from: \IMGFS\969eb155-55ff-4884-9ecb-241c8a4b6e09.policy.xml(406,10) -->
<Authorize>
<!-- Match loaded from: \IMGFS\969eb155-55ff-4884-9ecb-241c8a4b6e09.policy.xml(407,14) -->
<Match AccountId="S-1-5-112-0-0-1" AuthorizationIds="LV_ACCESS_EXECUTE" />
</Authorize>
<!-- Stop loaded from: \IMGFS\969eb155-55ff-4884-9ecb-241c8a4b6e09.policy.xml(409,10) -->
<Stop>
<!-- Match loaded from: \IMGFS\969eb155-55ff-4884-9ecb-241c8a4b6e09.policy.xml(410,14) -->
<Match AccountId="S-1-5-112-0-0XFF" />
</Stop>
</Rule>
That's why you can't run it! So, not the right account to launch. Not even when you use the Samsung exploit. Because that uses "Elevated". Not "TCB".
The proper way to call PacmanInstaller.exe is:
Code:
pacmaninstaller.exe <int> <guid>
I'm not really sure, but the <int> is the type of operation. Possible values are between 1 and 7 if I recall correctly. The guid is the applicationid. So far I know, the PacmanInstaller looks in \Application Data\Phone Tools\10.0\Install. That is where the xap's are initially uploaded to the phone and extracted by the packagemanger.
Ciao,
Heathcliff74
PS. New version of WP7 Root Tools coming up....
"Not even when you use the Samsung exploit. Because that uses "Elevated". Not "TCB"."
> What about "\Windows\Startup\"
That one launch what ever lnk (exe pointer) listed under startup directory. Would be an opportunity to restart after installed all "cydia" apps on the phone.
Another small but interesting find:
>Checking the mail launches another "servicesd.exe".
All those exe's of multiple sessions like "udevice.exe" and "servicesd.exe" go with an arg, right? then what is put in? Maybe an dll as arg?
>Then again, the custom dll (VS2008 made) will not run due it does not have "LV_ACCESS_EXECUTE", so that locks TCB out for dll arg inject.
udevice.exe (Driver host, runs under "SYSTEM" level)
servicesd.exe (Ordinary exe for dll host)
So making custom drivers wont work... (probably),
to be middle hand for executing under SYSTEM.
edit:
haha post "404" (current post count)
>HTTP Not Found.
Heathcliff74 said:
No. Microsoft doesn't want you to sideload apps. They want you to use the Marketplace. If you would be able to use an internal xap installer, you would be using it for sideloading.
It is not possible to use the API's for installing XAP's because you need TCB access for that. Normal apps have only LPC access, so normally you can't create an app for that. Needs hacking.
Ciao,
Heathcliff74
Click to expand...
Click to collapse
OK,I know that MS don't want to allow but I want to to know if is possible to hack it and do the internal XAP installer ? That's why I am asking.
I think that everybody who have unlocked phone will appreciate it !!
As everyone already said.. CANNOT be done. There's no, "I want to know if someone can hack this". The people working to bring full file/registry access and a better experience to all phones are too busy to worry about trying to make an internal xap installer. Just hook the damn thing up to a computer and use the applications to push a xap to your phone and be happy. I'm no admin or anything, but please don't pester over something like this.

[WIP][HTC 8x][8.1]Fiddler2 Update Utility UEFI, BOOT Dumps & Templates[ExploitsFound]

[WIP][HTC 8x][8.1]Fiddler2 Update Utility UEFI, BOOT Dumps & Templates[ExploitsFound]
heres the story. i hex edit, spyder, leech, rip, hack all day everyday from my inseure server. always trying to break security on multiple platforms and remote locations. anyways my pc is just filthy. my devices probably have more imfections than a skid row street hooker. the is no exact explination on how this happened but all i know is a combination of a app\xap called webserver native access 0.4.3 , xenu url checker for pc and fiddler2 all running on the same ip and port [9999] started doing strange things. i fiddles when i typed in the address that webserver xap gave me while spyder crawling my phone with xenu,fiddler picked up lots of certificates while decoding system files.then o e after another probably 5 or 6 updates poped up on my phone. ive already had 3 windows 8.1 updates in the past. and wasnt aware of anything new. . also fiddler never picked up any remote link only local. strabge thing is i think rom updates for other devices got flashed to my phone. anyways the phone still works. im not sure the exact situation but the other day microsoft gave me a security signed symantic enterprise mobile code signig certificate when i made my store on the app studio website. i could of swore it was something of 250 dollar fee to get symantic to sign the cert for you. cant rember the process i went through a year or 2 ago when i need a cert signed. nice of mixrosoft the hook it upi guess. thats not enen the start with certs . i ripped hundreds of crt and crl from ruu's including qualcomm protected root ca's htc-cert , uefi keys, pulled from my device. anyways i had a dumb idea to install all of these onto my pc. what a dumb/smart mistake good happening. now i cam download all ota cabs with out going through proxy loops, and now have deeper access to htc and qualcomm based devices, it seems as the mpment i plug and windows phone with secure boot locked within minutes the device registery hive syncs with my servers hive and forcesthephone to disable uefi secure boot since my server isnt uefi compatible. i not if any sense is made here. ........soonyou will be seeing custom roms for htc8x fully flashable with out the use of a ycable. 2 jumps away from fullly rebuilding partitions from a 3.41 ruu . new roms will be a completely different platform. choice is in the air. right now my htc 8x is compiled from a mixture of windows phone 7 & 8, embedded compact 2013 and windows RT. strange thing is my device is based on gdr2..
my thumbs hurt from thping this on my nexus. sorry for the bad grammer and broken up sentences.
one last note anybody know wherr to get the OAK (OEM Adaptation Kit) layers and the 9600_POWERTOOLS with out having to sign up as an oem for microsoft.? I Have part of oak but only the portion for embedded compact 8
if anybody woild lit to join in be my guest. the more heads in this project the faster we break one of the most secure phones in the world. i will get everyone caught up wothin the soon on info. got to sort my files.
as of right now i think the ruu_signed.nbh is actually a .egisenx file extension which can be decrypted with edatasecurity by acer. once i find the framework software to install edatasecurity. i will give it a shot. in the mean time in anybody has an acer or gateway computer with that software installled on it already you could take a crack at. pick up any ruu_accord and 7z the exe file directly open the ruu_signed.nbh with a hex editoe without extracting the file and save the the nbh as a .egisenx file extension then proceed to attempt to decrypt. if it requires a password. i will provid some strings i pulled from the hexeditor. even beter if anybody has decrypting software that might work too.
also some of the htc 8x partitions arr encrypted SHK (SENTENIAL SKYNET) this is interensting i think this might be easier to crack.
softqare used so far in project accord
Revskills final release
Revskills 1.xx
qmi by revskillz
winrar good for converting damaged files
7zip good old extract to temp location
telerik justdecompile standalone version or visual studio extenson
webserver 0.4.3 or 0.5.0 .xap for wp8 winpone8 works on windows phone 8.1 also!
xenu url checker
fiddler2
winhttrack rip my phone like a website
010 editor with lots of custom scripts templates and syntex.
hhd hex editor is optional
hiew hex editor for the pros. still experimentig with this one.
lots of time.
cmd.exe and ecery damn xommand executible you can find that rips, strios, converts, merges, splits de/compress makes thing go backwards forward up down and flip around.
lots more fime
brew mp
win phone 7 tools.
OAK
osbuilder for wp7
basicly any file you can find that de/compiles that was made my microsoft mobile, embedded or ce department.
wak, wdk, hck 8.1 microsoft hardware tools
visual studio 2012 2013.
visual studio .net compiler 'rosylin'
lots of samples.
2014-05-24
RUU PARTITION RIPPING THE EASY WAY.
7zFM build 932 can directly open any file when using the options in the contex menu. just right click on the .ruu_signed.nbh highlight 7z open with arguement submenu and eithe choose # option or the #e option. both arguements work but with different outcomes. when 7z is done loading you will end of with a numbered liat of files some witj or without extensions. extensions as folowing .efi, .elf, .fat, .ntfs, .exe. all extenses with extensions open. the fat files are complete partitions. thw ntfs partition is metadata that is also embedded with in a file called boot.sdi located in one of the fat partitions. the exe files are normal MZ PE executable system32 applications. efi executable files are also located within the fat partitions. the elf files which strangely exist within the phones operating system can be extracted and read with a hex editor. strange that windows phone contains elf. considering Microsoft binary format is COFF/PE. DOWNLOADS WILL BE UP SOON FOR DEVELOPMENT. it is a possibility that the boot partition ripped form a accord_u_wwe was part of the updateos.wim. therr is refrence on how to add packages to the wim on the windows phone developer oem site.
an interesting experement done which worked on nokia ffu files. convert the nokia ffu to a vhd using winimage with fixed size settings. once completed. mount it with osfmount tool. none of the partitions show up nor are they mountable. so i proceded to generate a raw img from the vhd in osfmount which put out a raw img just over 7gb. jezuz the vhd was only just over 1gb. decided to mount the raw img using diskinternals linux reader and what do you know every partition showed up. even the secret one. most were still unable to open but boot uefi data and mainos. it did give me good insite on what to look for and discover within the windows phone lock filesystem.
There is a metadata file hidden deeply with MFT (MasterFileTable) called $Boot. this $Boot file header is R.NTFS.
i will get more in depth on thia later.
File system encryption used for the MAINOS is called RSDS mi. very hard maybe impossible to reverse engineer. I did find an explination in a .text file located inside of the file Liveupdate.exe located in The windows/system32 folder of my phone. the file gave vague instructions on how to compile an Fupdate.xml template which and be used to push update packages over wifi. more details layer.
Possibility to mount several partitions including mainos directly on my pc by minipulating binary regestery keys on windows 7. more soon.
Found these in my pc. Going to play around with them see what happens
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\WP8]
[HKEY_CURRENT_USER\Software\WP8\DL]
"MODE"=dword:d10ad121
"CSC"=hex:00,00,00,00
"SBL"=hex:00,00,00,00
"RPM"=hex:00,00,00,00
"UEFI"=hex:00,00,00,00
"ACPI"=hex:00,00,00,00
"MainOS"=hex:00,00,00,00
Click to expand...
Click to collapse
Diffrences in files located in the fat16 partitions cross refrenced branded and unbranded ruu's csv.cfg on the branded ruu has the radio build number defined while the unbranded ruu is blank 00 hex bytes through the entire csv.cfg file. RADIOVER.CFG unbranded ruu has anextra line IMEI line configured to 1 while the branded ruu is missing the imei line. my guess is with the imei 1 assignment with the unbranded ruu is once the device gets flashed with the original firmware it also gets assigned a new imei as well. just my guess. some insite would help on this.
Well, as the dev of NativeAccess I'm certainly very interested in what you found. My first guess is that you wandered into the section of the registry where the phone's certs are stored (yes, it's readable), although the format that the app returns them in isn't something that would normally be recognized as a certificate. Which means my *best* guess is that you wandered onto some certificate files stored on the phone in a readable directory, because the server app will let you download files
Everything from there is Really Weird though, and we'll need to investigate it more. I should spin up some VMs to try this... anyhow, getting additional updates to your phone is pretty weird, so let's start with that. Did you install those updates? What were their descriptions (i.e. what did they say was getting updated)? What are your current phone version strings (OS, Firmware, etc.) from Settings -> About -> More info (and do any of those look notably different than you expect)?
Installing certs ripped from RUUs onto your PC is... well, I would never have tried it on my main box, but now I really want to try it on a VM. Do you have the list of certs you installed anywhere handy? What ROMs did you rip them from, and where in those ROMs?
Deeper access into WP8 devices sounds *seriously* interesting! I don't have a modern HTC (only my old HD7, a WP7 device) but I could probably obtain one, at least temporarily, for research purposes. What registry hives do you think are synching (and why do you think it's a synch)? Is it actually turning off Secure Boot for real, or just causing the registry to report that it's off? (We can override the report value on Samsung WP8 phones, but that does no good.) If you've managed to turn off Secure Boot on HTC WP8 devices, you've probably just found the door to custom ROMs and possibly other fun hacks. Do you have any non-HTC WP8 devices you could test with too, to see if anything else interesting is happening?
Good luck cooking up those custom ROMs! That is unfortunately not my field at all, so I can't really help... but it would be pretty cool to have the ability to run RT instead of / in addition to WP! There's also a ton of tweaks and unlocks we can do if we have totally arbitrary access to the device and no pesky code signing enforcement getting in the way.
GoodDayToDie said:
Well, as the dev of NativeAccess I'm certainly very interested in what you found. My first guess is that you wandered into the section of the registry where the phone's certs are stored (yes, it's readable), although the format that the app returns them in isn't something that would normally be recognized as a certificate. Which means my *best* guess is that you wandered onto some certificate files stored on the phone in a readable directory, because the server app will let you download files
Everything from there is Really Weird though, and we'll need to investigate it more. I should spin up some VMs to try this... anyhow, getting additional updates to your phone is pretty weird, so let's start with that. Did you install those updates? What were their descriptions (i.e. what did they say was getting updated)? What are your current phone version strings (OS, Firmware, etc.) from Settings -> About -> More info (and do any of those look notably different than you expect)?
Installing certs ripped from RUUs onto your PC is... well, I would never have tried it on my main box, but now I really want to try it on a VM. Do you have the list of certs you installed anywhere handy? What ROMs did you rip them from, and where in those ROMs?
Deeper access into WP8 devices sounds *seriously* interesting! I don't have a modern HTC (only my old HD7, a WP7 device) but I could probably obtain one, at least temporarily, for research purposes. What registry hives do you think are synching (and why do you think it's a synch)? Is it actually turning off Secure Boot for real, or just causing the registry to report that it's off? (We can override the report value on Samsung WP8 phones, but that does no good.) If you've managed to turn off Secure Boot on HTC WP8 devices, you've probably just found the door to custom ROMs and possibly other fun hacks. Do you have any non-HTC WP8 devices you could test with too, to see if anything else interesting is happening?
Good luck cooking up those custom ROMs! That is unfortunately not my field at all, so I can't really help... but it would be pretty cool to have the ability to run RT instead of / in addition to WP! There's also a ton of tweaks and unlocks we can do if we have totally arbitrary access to the device and no pesky code signing enforcement getting in the way.
Click to expand...
Click to collapse
right now im hexediting ruus and they seem almost completely decrypted. its strange becUse a few weeks ago they were all scrambled.
i will postnmy findings on my website for every one to view
i rememersomeones post on possible certificates could bethekey to jailbreaking qindows phone 8. i think theymight beright
it said the updates i got stated they would further enchance my device. windows phone 8.1. funny.
i ripped certs from several ruu_accord_u and img_accord_u packages. i have 9 or 10 htc 8x ruu's stashed.
i installed the certs that had embedded htc_cert, qcom, qualcomm, symantic, uefi, and a few others i cant remember them all.
i have a lot to catch everybody up on. about 50gb of findings from accord ruu's and from files ripped from my phone. its a cluster **** of work.
uefi flashing
uefi disabling
source code
software lots of software refrences found.
wince800
winrt
qcomedk2 = edk2 part of the original dev kit ised to build flash dump reflash enable and disable uefi bios
certificates thousands of crl cer in every device. even the smallest file has a certificate. and i found their passwords
rsa-keys in the tesst faze
uefi keys
esn keeys
every partition size, format, offset and sector size.
port numbers and usages
every single registery key
.....
.....
keeps going on.
reserved
grilledcheesesandwich said:
reserved
Click to expand...
Click to collapse
reserved

[Q] Try mbn in Windows Phone Emulator

Hi all!! I was wondering if you can try custom csc in the windows phone emulator ... I already opened the vhd file and if I am not mistaken the files contained in the mbn should go into partition DPP .. at this point, is there a way to close and then rebuild the vhd file with my mbn??
Thanks in advance!!
If you only alter architecture-independent files - things like registry data or similar - it might work (no promises, make backups first, etc.).
If you alter / replace any kind of executable data - EXEs, DLLs, SYS files, etc. - it probably won't work. The emulator uses your computer's (x86) processor, which is not binary-compatible with the ARM processor found in phones.
hi and thank you for having responded GoodDaytoDie!! My aim was to try various mbn with interop unlock and some changes to registry keys and nothing else so you don't have no risk on my Ativ S .. What I can't understand, is how to make this change to the vhd file
GoodDayToDie said:
If you only alter architecture-independent files - things like registry data or similar - it might work (no promises, make backups first, etc.).
If you alter / replace any kind of executable data - EXEs, DLLs, SYS files, etc. - it probably won't work. The emulator uses your computer's (x86) processor, which is not binary-compatible with the ARM processor found in phones.
Click to expand...
Click to collapse
Do you have any idea how to change the vhd file??
I would generally think it easier to just edit the registry hives directly (using regedit or similar). Then you could test, and put those changes into your registry customizations in your custom CSC.
that's right! good idea.. should I upload the hive to WINDOWS\system32\config? Thanks for your patience
Well, that's where the phone's hives HKLM are, yes (same as on the PC). I recommend making backup copies before editing them, though, as you could easily mess up stuff poking around with regedit.
GoodDayToDie said:
Well, that's where the phone's hives HKLM are, yes (same as on the PC). I recommend making backup copies before editing them, though, as you could easily mess up stuff poking around with regedit.
Click to expand...
Click to collapse
Hi, sorry to bother you again.. I managed to edit the registry of the emulator using "regedit".. everything ok!! Now, however, I wanted to do some experiment with interop.. How do I know if it works correctly?
In general, try to install a .XAP that has ID_CAP_INTEROPSERVICES in its manifest. If you can install it (much less run it), you're good.
Mind you, the emulator may be interop-unlocked to begin with. I haven't checked whether it enforces the interop-lock normally.
GoodDayToDie said:
In general, try to install a .XAP that has ID_CAP_INTEROPSERVICES in its manifest. If you can install it (much less run it), you're good.
Mind you, the emulator may be interop-unlocked to begin with. I haven't checked whether it enforces the interop-lock normally.
Click to expand...
Click to collapse
I can install applications (ex: samwp8tool).. but like you said I can't run. .. but this is not a problem because my purpose was only to verify the correct functioning of the interop
The problem is that when I plug the deployment tool for applications (WP Power Tools) opens an emulator where are reset all changes to the registry.
But the VHD image should not always be the same, even for WP Power Tools??
BlackSilverGT said:
I can install applications (ex: samwp8tool).. but like you said I can't run. .. but this is not a problem because my purpose was only to verify the correct functioning of the interop
The problem is that when I plug the deployment tool for applications (WP Power Tools) opens an emulator where are reset all changes to the registry.
But the VHD image should not always be the same, even for WP Power Tools??
Click to expand...
Click to collapse
SamWP8 can't run cause it's ARM binary. Due to Samsung's RPC lib.
Emulator can be hard reseted on startup. And on HR registry is rebuilt. Interop will remain if you add it to WINDOWS\system32\config\unmodified. But some people say this folder doesn't exist on 8.1.
Ok thank you.. too kind!! I'll do some testing

[Q] Interop-unlock Ativ S with latest software (8.1 Update 1 or later)?

Hi,
with all those Lumia posts I'm wondering if it is also possible to interop-unlock a Samsung Ativ S with the latest software (8.1 Update 1 or later) on it *without* a prior downgrade to 8.0 GDR2/GDR3. If it is possible please tell me how or where to find the answer (my search yielded no result so far).
With interop-unlock I mean accessing the 'full' file system and registry and having additional capabilities just like it was/is possible with 8.0 GDR2.
Thanks.
Unblock RPC (file called "Non-production errors.txt" in the Documents folder of the phone, if I recall correctly). There are now two options:
First option: use chamber hijacking.
* Move an app with ID_CAP_INTEROPSERVICES (I like to use HTC's silly "Converter" app; it should still be available on all devices, but other targets are more popular) to the SD card.
* Either sideload or unzip and copy the contents to the SD card an app that uses Samsung RPC to write to the registry. You may need to remove ID_CAP_INTEROPSERVICES from the app before sideloading.
* Use any of the several tools for app hijacking, or do it manually (remove the Hidden and System flags from D:\WPSystem, then rename D:\WPSystem\apps to something like D:\WPSystem\apps1, then delete the files from the install folder of the app that you're hijacking, then move or copy the files from the install folder of the app that uses RPC into the install folder of the app you're hijacking; don't forget to un-rename the apps folder afterward).
* Run the hijacked app; it should by the registry editor app you replaced it with instead, and you can now interop-unlock the phone.
Second option: Use @djamol's "Root Tool" app from the Store, or another app that can modify its own capabilities via SD card tricks.
* Install "Root Tool" from the store; it should show up in Search.
* Move it to the SD card if it wasn't installed there to start.
* Run the app, hit Help, and follow the instructions (several of them are similar to the manual instructions above, but at the end you have to move the app from SD back to Phone before the trick works).
Note that in either case, the EnableAllSideloading app won't work (technically BootstrapSamsung will, but you shouldn't use it since it assumes EnableAllSideloading will be used afterward). Microsoft basically removed the capability that EnableAllSideloading relies on.
Thanks for your reply! So basically the same way works with Ativ S that works with Lumia and you don't need the Samsung diagnosis tool anymore. You just need SamWP8 or a similar tool that uses Samsung RPC after unblocking RPC.
I'll give this a try on the next weekend(s). :good:
Yeah, basically just that. The diagnosis app no longer has the registry editor, and the steps needed to launch to a specific page in an app (such as the reg editor) are technically still possible but are identical to just installing an interop-based registry editor (via hacks), so do that instead.
GoodDayToDie said:
Yeah, basically just that. The diagnosis app no longer has the registry editor, and the steps needed to launch to a specific page in an app (such as the reg editor) are technically still possible but are identical to just installing an interop-based registry editor (via hacks), so do that instead.
Click to expand...
Click to collapse
But after is it possible to unlock all capabilities?
How to interop-unlock now?
Mattemoller90 said:
But after is it possible to unlock all capabilities?
Click to expand...
Click to collapse
I'm curious about that as well.
I tried the second option from (you) GoodDayToDie: It is not possible to use Samsungs Registry Editor component from Root Tool after following the instructions (moved app to SD, deleted the two files, moved stuff from HACK-subfolder to its parent, moved app to phone memory; file "Non-Production Errors.txt" exists in Phone\Documents -- BTW: Is the file name case-sensitive?). The general registry editor from Root Tool works, but with this one it is not possible to write several important keys (e. g. MaxUnsignedApps).
After this I tried the first option: I can successfully deploy CustomPFD (replacing Preview for Developers by hand or with CustomWPSystem). But what to do then?
I tried replacing Preview for Developers with SamWP8, but the app won't start then (getting "Loading ..." for about ten seconds then it closes); also tried commenting some capabilities of SamWP8 and repeating, but has no effect.
Deploying SamWP8 or IO Explorer using application deployment tool obviously fails because of missing interop capability.
This is a fresh and clean installation of WP 8.1 Update 2 now if it should matter.
Any further hints would be appreciated.
My Samsung died months ago (spontaneous hardware failure; I wasn't even hacking on it at the time) so I can't test Samsung-specific things anymore.
The steps as described (by both you and me* *should* work - I assume you rebooted the phone afterwards - so if it's not then I'm confused. The registry editor in Root Tool is mildly terrible and sometimes gives error messages when stuff actually works, but if it's really not working then I'm not sure what you do about that.
As for unlocking all capabilities, that's going to take a little work. The hack used by BootstrapSamsung unlocks one capability, and technically it could be applied to *all* the capabilities, but it changes the registry value type and loses a couple of NULL bytes at the end of the value every time you do it, which is potentially going to break things if you do it to all the capabilities / leave the capabilities in that state for long.
For what it's worth, if you're willing to hard-reset, the OemSettings.reg method mentioned in a few other threads should work too. It requires writing to a normally-unreachable part of the file system, but the Samsung RPCComponent class allows you to do this. I haven't tested it, though, and it does require a hard-reset.
Im interested in this too
If it does not work then what to do if im on 8.1 update already?
@up
AFAIK path is
Unblock RPC Functions proved easy. You just need to create an empty file:
Phone \ Data \ Users \ Public \ Documents \ Non-Production Errors.txt
Click to expand...
Click to collapse
Maybe that's why it didn't worked if you put it just in documents.
I just want to change black/white background-color and accent color in registry. That's all.
Regards
GoodDayToDie said:
My Samsung died months ago (spontaneous hardware failure; I wasn't even hacking on it at the time) so I can't test Samsung-specific things anymore.
Click to expand...
Click to collapse
Ouch, too bad. Would be really useful to have your helping hands on getting this done.
The steps as described (by both you and me* *should* work - I assume you rebooted the phone afterwards - so if it's not then I'm confused. The registry editor in Root Tool is mildly terrible and sometimes gives error messages when stuff actually works, but if it's really not working then I'm not sure what you do about that.
Click to expand...
Click to collapse
I did reboot.
Is there an app with a basic registry editor out there so I could at least change phone manufacturer like I could with Root Tool (Root Tool doesn't seem to be available in the store anymore)?
As for unlocking all capabilities, that's going to take a little work. The hack used by BootstrapSamsung unlocks one capability, and technically it could be applied to *all* the capabilities, but it changes the registry value type and loses a couple of NULL bytes at the end of the value every time you do it, which is potentially going to break things if you do it to all the capabilities / leave the capabilities in that state for long.
For what it's worth, if you're willing to hard-reset, the OemSettings.reg method mentioned in a few other threads should work too. It requires writing to a normally-unreachable part of the file system, but the Samsung RPCComponent class allows you to do this. I haven't tested it, though, and it does require a hard-reset.
Click to expand...
Click to collapse
I tried to use ROMRebuilder, but it just gave me "Failed " when tapping "Backup". But with full file system access I copied OEMSettings.reg zip-file out of the known C:\Windows subdir, extracted the .reg-file, appended all the unlock stuff, repacked and put it back to its original place overwriting the original file (with Root Tool, because in Windows Explorer I didn't have the right to write - Root Tool told me it was successful. I didn't double check ). But after resetting (About - Reset phone) no unlock or access to C:\ was there. Looks like the stock ROM. What went wrong..?
Edit: Used CustomPFD for registry access. Looking at "This PC\Samsung ATIV S\Phone\Windows\Packages\RegistryFiles\OEMSettings.reg" I can see that it is the original file, not my modified one. Is this file restored from somewhere upon reset or did my copy action fail?
Edit2: Tried using vcREG_1_2_BOOTSTRAP (replaced Extras & Info). It gives me an error about missing ID_CAP_INTEROPSERVICES, so it can't do anything.
And CustomPFD can't write MaxUnsignedApp. :-/
Not sure if ROMRebuilder is smart enough to use Samsung's RPC instead of Nokia's for moving the file into place, but regardless it requires interop itself (at least, I'm not sure how it could work otherwise). Root Tool definitely requires interop in order to overwrite Windows files, although it can do so. For the record, for stuff like just reading files or registry values, you can use the (normal-caps) version of my webserver; might be a bit easier.
vcREG should work, assuming it supports Samsung RPC - I think so, but I haven't checked - and you use the whole app hijacking thing correctly. Did you launch the hijacked app after the installation? Pretty sure Extras+Info has interop, so that *should* work.
EDIT: Assuming that the Samsung RPC service is working at all. I don't know of any easy way to test that short of just trying to do things with it, though. I don't think they "fixed" the RPC unblock, though...
GoodDayToDie said:
Not sure if ROMRebuilder is smart enough to use Samsung's RPC instead of Nokia's for moving the file into place, but regardless it requires interop itself (at least, I'm not sure how it could work otherwise). Root Tool definitely requires interop in order to overwrite Windows files, although it can do so. For the record, for stuff like just reading files or registry values, you can use the (normal-caps) version of my webserver; might be a bit easier.
Click to expand...
Click to collapse
Okay, so it probably didn't replace the file at all but only showed a success message. Grmbl. Which file manager would you recommend for moving the file to its place or in general?
vcREG should work, assuming it supports Samsung RPC - I think so, but I haven't checked - and you use the whole app hijacking thing correctly. Did you launch the hijacked app after the installation? Pretty sure Extras+Info has interop, so that *should* work.
Click to expand...
Click to collapse
Ohhh, you mean if I started the app that's about to be hijacked before actually hijacking it? No, I did not. (Not sure what Extras+Info would do on a Ativ S...)
But I do have to?
Edit: Removed Extras&Info (with dummy.xap), installed it again, started it (it actually works) and replaced it with vcREG_1_2_BOOTSTRAP.xap. Started vcREG, but it still gives me "error initializing. check if you have correct permissions (ID_CAP_INTEROPSERVICES). registry functions disabled".
I've also deployed CustomPFD and original preview for developers to sdcard. I have access to the registry but can't write values
Have you tried to hijack Extra+Info permissions with CustomPFD? It does not work with original PFD but it may work with Nokia one. I can't find Extra+Info xap to test, sorry.
Ok tried to deploy ROMRebuilder and hijack original PFD permissions. ROM Rebuilder just crashes on start (no message) WP 8.1 14157.
Installed ROMRebuilder with deleting Capabilities from xap and deployed it from deployment tool.
Manually removed PfD with SD hack and replaced it with ROMREbuilder.
It starts but when pushing "Backup" it says FAILED
Jesus im so tired with this phone...
ROM flasher does not work at 8.1 x64 even with test mode..
Ezio21 said:
Have you tried to hijack Extra+Info permissions with CustomPFD?
Click to expand...
Click to collapse
Yes I have. CustomPFD doesn't start in this case (it does when I'm replacing Preview for developers).
cerebos said:
Edit: Removed Extras&Info (with dummy.xap), installed it again, started it (it actually works) and replaced it with vcREG_1_2_BOOTSTRAP.xap. Started vcREG, but it still gives me "error initializing. check if you have correct permissions (ID_CAP_INTEROPSERVICES). registry functions disabled".
Click to expand...
Click to collapse
Your phone can't initialize Lumia RPC.
So what can we do?
What apps are there that use Samsung RPC to write to the registry? I know SamWP8 and IO Explorer. Any more?
@cerebos
Huh im sorry but it seems that only one way to get that Interop unlock is to flash GDR3
I flashed GDR3 but there is NO WAY to unlock your phone anymore. WP 8.0 developer registration is down. You can't install developer unlock helper and can't interop unlock your phone.
Also because of Samsung firmware update you can't install custom rom on wp8.0
How to interop unlock WP 8.0 without developer unlock? Any way? Or we're locked forever?
As far as I know you can still use beta apps on windows store. Is there anyone with personal developer account reading and could upload Interop_Unlock_Helper_Debug_ARM.xap as BETA to the store and send me the link? I would be very grateful (
@-W_O_L_F- maybe?
We're in very bad situation now. Thanks for any help or advices
Based on the Posting here (by @-W_O_L_F-) it looks like 8.1 Update 2 can't be interop-unlocked. So I'll need to downgrade first.
Edit: Assuming vcREG could write to Samsung Registry is only true for a small set of values, it is never true for interop-unlock. For this you need a registry editor with Samsung's RPC components.

Categories

Resources