Related
Are you curious why space on your phone is using up so quickly? Do you want to know what this "Reserved space and other content" actually mean?
Just want to share an application I developed using Heathcliff74's WP7 Root SDK. It can help to show some light on the mystery "Reserved and Other" space shown in Zune desktop.
What it does:
This application will scan your phone and tell you how many space it takes for each category of files and each folder.
Categories including:
1. Music, Video and Picture.
The real space it takes. Including downloaded content and content not managed by Zune.
2. Applications
Know how much space each application you installed has taken, including their install file and their data file.
Space used by each folder on the phone is also listed.
Known issues:
1. Files and some Folders in root folder are not enumulated. I did not find a way to enum the root folder using Root SDK yet. So I have do perform a manul list of folders I think should be located at the root folder.
It is still in early stage. I even did not add the about page yet. It is pretty useful even at this stage. We can also start many interesting discussions from the data revealed. I want to share it anyway.
System Requirement: Any system that supports WP7 Root Tools!
Help needed: Anyone can suggest an icon and spash screen image for this tool?
A big thank to Heathcliff74 for the Root SDK!
How to obtain root access using WP7 Root Tools
1. Download WP7 Root Tools. Download from http://www.wp7roottools.com.
2. Install WP7 Root Tools. You may need to reboot your phone a few times during the install.
3. In WP7 Root Tools, go to Policies page, assign "Trusted" permission for Storage Analyzer.
Discussions:
1. Why music, pictures and video folders take more space that they show in Zune?
2. Each application will has their own "Content.IE5" folder. It will be a good idea to clean them up.
3. What are thees folders called Volatile*? Are they safe to delete?
Can you add the GUID of the applications in the listing... same as appSiege
Has anyone managed to install the official XAP files from windowsphone.com for example:
http://www.windowsphone.com/en-us/store/app/butterfly/48b95706-b0e7-df11-9264-00237de2db9e/xap?apptype=regular
Here are the instructions for phone with an SD slot:
How do I install apps from an SD card?
It's easy to download apps and games from the Windows Phone Store and install them on your phone, but you can also transfer, or sideload, them from an SD card to your phone (if your phone supports an SD card).
To sideload an app or game, you'll need to have an SD card that contains one or more Windows Phone app files, also known as .XAP files. You can download .XAP files to your PC, and then move the files to the phone's SD card.
To download .XAP files from the Windows Phone Store on the web
Open a web browser and go to www.windowsphone.com.
Click Apps + Games, and then click the app you want to download.
Scroll down on the webpage, and then click Download and install manually (below the app requirements and supported languages).
When prompted, save the .XAP file to a location on your computer, SD card, or storage device.
Note
If you download the .XAP file to a location other than an SD card supported by your phone, you'll need to move or copy the file to an SD card to install it on your phone.
For information about moving or copying files using Windows Explorer (called File Explorer in some versions of Windows), go to the Windows website and search in the How-to section.
To install apps and games from your phone's SD card
Insert an SD card that contains one or more .XAP files into your phone.
On Start , tap Store , and then tap SD card.
Note
If you've just inserted the SD card or added the .XAP files, you might need to wait a few minutes before you can access your SD card from the Store.
Select the apps you want, and then tap Install.
Notes
Apps that can be installed are listed under Compatible apps.
You'll need to have the latest version of the .XAP file from the Store on your SD card before you can install it. If it isn't the latest version, it'll be listed under Incompatible apps.
Installed apps appear in the App list and games appear in the Games Hub. Depending on the specific app or game, you'll be able to use them as follows:
Free apps and games can be used immediately.
Paid apps and games that have a trial will be available as a trial version that you can purchase later.
Paid apps and games without a trial must be purchased before you can use them.
Click to expand...
Click to collapse
I have tried WPAppSender, Xap Deployer, XAPHandler and Windows Phone Device Manager to install, all fail.
Running HTC HD7 with Deepshining v8 ROM.
I must add this is to play delisted legitimately purchased games and nothing to do with piracy!
Respectfully I will answer this...
But first: IDIOT!
those instructions are for windows phone 8, It can't be applied to wp7 even with the unlocked ones.
About your intentions: Humm... I'm the idiot, because I haven't thought of that...
The solution is to get the app decrypted from Chinese sites, and then you install then with whatever way you want, I already do that to crash test some really good or bad games and apps, I like them I buy the app, if it sucks, I remove the crap and forget about it.
If you payed for it and they won't give it to you anymore, you have the right to get it in any way you like, even if they call it "illegal".
Good day, if you need more info PM me.
why does Microsodt not mention wp8 anywhere in that description?
I am even logged in to their site and it still shows my HD7 as my device in the top right corner.
And which model wp8 has an SD slot? (I have a HTC 8X)
Upper left windows phone 8, is highlighted also the link says
en-us/how-to/ wp8 /apps/how-do-i-install-apps-from-an-sd-card
about the phones:
Lumia 620, 810, 820, 822
HTC 8S
Huawei Ascend W1 and W3
Samsung I8750 and I930
ok well that sucks, heres hoping wp8 gets hacked to sh*t soon
I have LUMIA 620 dev unlocked via dream spark.
I downloaded XAP file from marketplace and it seams to be encrypted so they are not installing via DEV tools to my device.
But i searched around some apps which can be installed via DEV tool because the are modified and i want to know what are the changes that are need to be made in XAP files:good:
One thing i have noticed that those XAP files which can be installed on device via DEV can be opend via any archive software like winrar etc...
but those XAP that are not able to install on device via DEV cannot be open with any archive software.
prashantvrm said:
One thing i have noticed that those XAP files which can be installed on device via DEV can be opend via any archive software like winrar etc...
but those XAP that are not able to install on device via DEV cannot be open with any archive software.
Click to expand...
Click to collapse
The XAP files from the store are encrypted. Unless someone figures out a way to break the encryption, it cannot be done.
The XAP files you found are probably home-made apps, which can be sideloaded, because they're deployed by developer tools in an unencrypted format, or WP7 apps. The encryption is applied after you submit the XAP to the store.
There is no known workaround to sideload store XAPs without an SD card, at the moment.
TheGoldrocker said:
The XAP files from the store are encrypted. Unless someone figures out a way to break the encryption, it cannot be done.
The XAP files you found are probably home-made apps, which can be sideloaded, because they're deployed by developer tools in an unencrypted format, or WP7 apps. The encryption is applied after you submit the XAP to the store.
There is no known workaround to sideload store XAPs without an SD card, at the moment.
Click to expand...
Click to collapse
You are correct sir. It sucks that you can't even sideload Xaps that were downloaded manually due to the app being removed from the WP store on a non-SD device. I'm trying to see if I can make a workaround for this though. It would be nice if it worked. In terms of modifying the encrypted XAP, it'll be a while before one of us figures out how to decrypt, but at the same time that opens a whole new can of worms regarding to piracy.
I've looked at the encrypted XAPs a bit myself; they're basically a PlayReady wrapper around the ZIP archive (XAPs are just renamed ZIP files; I usually use 7-Zip to open them). Unfortunately, I don't think anybody has broken PlayReady yet. The various programs which claim to strip PlayReady (usually from music or video) all appear to work by running the file through the decoder built into various programs like Zune and Windows Media Player, and re-capturing the content that comes out of the decoder. That won't work for these files.
We might be able to do something similar if we can get the XAP decoder out of the phone ROM and use that, though it will be ARM code (I don't know if the x86 "emulator" image includes the DRM decoder) and therefore somewhat tricky to work with. It will also probably be obfuscated to deter reverse engineering, and may be difficult to make work independently. A kernel debugger on the phone may be needed to figure it out.
GoodDayToDie said:
I've looked at the encrypted XAPs a bit myself; they're basically a PlayReady wrapper around the ZIP archive (XAPs are just renamed ZIP files; I usually use 7-Zip to open them). Unfortunately, I don't think anybody has broken PlayReady yet. The various programs which claim to strip PlayReady (usually from music or video) all appear to work by running the file through the decoder built into various programs like Zune and Windows Media Player, and re-capturing the content that comes out of the decoder. That won't work for these files.
We might be able to do something similar if we can get the XAP decoder out of the phone ROM and use that, though it will be ARM code (I don't know if the x86 "emulator" image includes the DRM decoder) and therefore somewhat tricky to work with. It will also probably be obfuscated to deter reverse engineering, and may be difficult to make work independently. A kernel debugger on the phone may be needed to figure it out.
Click to expand...
Click to collapse
It would be nice to be able to put one on the emulator itself and see what was going on..
I offer up my Programs folder dumped from my Lumia 928 if it is any help. Devs do with it as you will At the very least under common files you will find the xaps installed on my device which do open with 7zip and include the license xml. As far as installing or side loading I did throw a few xaps at the various emulators with mixed results. Have at it guys!!!
http://sdrv.ms/13tlc0F
tonbonz said:
I offer up my Programs folder dumped from my Lumia 928 if it is any help. Devs do with it as you will At the very least under common files you will find the xaps installed on my device which do open with 7zip and include the license xml. As far as installing or side loading I did throw a few xaps at the various emulators with mixed results. Have at it guys!!!
http://sdrv.ms/13tlc0F
Click to expand...
Click to collapse
Xaps within the Programs directory from a ROM are unencrypted. These will help out a lot though!
Edit: Ohhh... Something interesting. CommonFiles\Xaps\SyncUi.xap is the Verizon Backup Assistant. This has some code to intercept SMS..
<Extensions>
<!-- Email & Accounts UX Integration -->
<Extension ExtensionName="Accounts_Extension_Standard" ConsumerID="{47998C28-3D90-11E1-8E07-8B2B4924019B}" TaskID="_default" ExtraFile="Extensions\Extras.xml" />
<Extension ExtensionName="SMS_INTERCEPT_STANDARD" ConsumerID="{55DB4873-5CDF-43B0-82B4-87EB13E9BF6B}" TaskID="SmsInterceptAppExtension" ExtraFile="Extensions\Extras.xml" />
<Extension ExtensionName="Service_Agent_Application" ConsumerID="{208558CC-4407-40F8-83AE-AE3D567126B3}" TaskID="BackgroundTask" />
</Extensions>
snickler said:
Xaps within the Programs directory from a ROM are unencrypted. These will help out a lot though!
Edit: Ohhh... Something interesting. CommonFiles\Xaps\SyncUi.xap is the Verizon Backup Assistant. This has some code to intercept SMS..
<Extensions>
<!-- Email & Accounts UX Integration -->
<Extension ExtensionName="Accounts_Extension_Standard" ConsumerID="{47998C28-3D90-11E1-8E07-8B2B4924019B}" TaskID="_default" ExtraFile="Extensions\Extras.xml" />
<Extension ExtensionName="SMS_INTERCEPT_STANDARD" ConsumerID="{55DB4873-5CDF-43B0-82B4-87EB13E9BF6B}" TaskID="SmsInterceptAppExtension" ExtraFile="Extensions\Extras.xml" />
<Extension ExtensionName="Service_Agent_Application" ConsumerID="{208558CC-4407-40F8-83AE-AE3D567126B3}" TaskID="BackgroundTask" />
</Extensions>
Click to expand...
Click to collapse
I don't like the sound of that The app is part of the settings on my device but when opened says there is a problem with my account and contact Verizon.
@tonbonz: Thanks for the dump! That could be really handy. I'll explore and see if I can find anything useful. Any direct applications will likely be Nokia-specific (which among other things means I can't test them) but lots of people have Nokia phones, and I may find something more generally useful too.
GoodDayToDie said:
@tonbonz: Thanks for the dump! That could be really handy. I'll explore and see if I can find anything useful. Any direct applications will likely be Nokia-specific (which among other things means I can't test them) but lots of people have Nokia phones, and I may find something more generally useful too.
Click to expand...
Click to collapse
I've enjoyed the benefits of all the devs and their hard work here at XDA since my HTC Trophy. Glad to give back in any way I can. If any other files or folders are needed I would be happy to oblige...and... I thank you sir!!!
Oh what the h*** Rest of the dump files currently uploading. Dump 1, three 7z files altogether, is the Programs folder from earlier post. Left out maps data from Data/shared data folder as it was huge and of no consequence as to what we are trying to accomplish. Also, to be clear, this is a dump from the Lumia 928 variant package not my actual device. Have fun!!!
http://sdrv.ms/13tlc0F
@djtonka Thank you for your tutorial on Nokia Care Suite on wimdowsmania.pl.
@AnDim Extra thanks for ImgMount Tool which was used to dump these files!!!
I'll let you know. Just for curiosity's sake, how are you extracting those files? Is it from a working device, or a ROM image?
EDIT: Just saw your message, thanks for the info!
Initial results are a mix of cautious hope, disappointment, and speculation.
1) The OEM apps use a ton of restricted capabilities (among the most tame, for example, is "ID_CAP_MEDIALIB_PHOTO_FULL", which gives direct access to the image folders and has visibility "public" according to the policy XML files from the Windows directory).
2) The OEM apps can be sideloaded, but you have to remove the PlayReady header and all the restricted capabilities. They aren't very exciting at that point; they may not even start up.
3) Speculation: The so-called "public" restricted capabilities require a (Store-?)signed app when used on a standard phone. It *may* be possible to sign the apps ourselves, install that cert on the phone, and then sideload them, but I doubt it.
4) More speculation: These new, high-privilege capabilities seem to have largely replaced ID_CAP_INTEROPSERVICES. Although the error when trying to sideload them on an interop-locked phone is different than it is for INTEROPSERVICES, it may be that an interop-unlock would allow sideloading apps that use those capabilities anyhow.
5) The OEM apps include WPInteropManifest.xml. It's exactly the same near-empty file as on WP7. However, they don't use COM but instead use the same native-CLR interop as the official SDK advocates (.winmd files that bridge managed code to C++ DLLs). Its presence does not impede sideloading.
6) Speculation: The WPInteropManifest may be needed for apps which intend to use the "raw" win32 API (as opposed to WinRT) in C++. This theory is supported by the presence of things like DLLs that read and write to the registry directly (not through a driver, which would need INTEROPSERVICES), using APIs such as RegCreateKeyW.
7) More speculation: Since we can extract the system libraries from our phones, it should be possible to use the DLL-to-LIB tools to create .LIB files (the official WP8 SDK is extremely short on these) that we can then use to link to the native Win32 API. Although we would still be (cripplingly) limited by the sandbox's low permissions, we could probably do things like write a basic registry browser.
8) The provxml commands to install apps are very simple, but I don't understand all the parameters. Nonetheless, whenever we have an app, its license, and a tool which can process AppInstall provxmls, we should be able to install those apps on any reasonably compatible phone.
9) Speculation: Due to the use of OS-based capabilities rather than OEM drivers, an app that is installed on any given phone *should* work on other OEMs' phones even if it accesses the registry or does similarly privileged operations.
10) There may yet be a vulnerable app which we could exploit (possibly by using a provxml-injection attack?) to write to the registry / move files / do similar stuff. However, it would probably have very limited permissions even so; unlike on WP7, most things which can write to *some* of the registry can't write to *most* of it.
[WIP][HTC 8x][8.1]Fiddler2 Update Utility UEFI, BOOT Dumps & Templates[ExploitsFound]
heres the story. i hex edit, spyder, leech, rip, hack all day everyday from my inseure server. always trying to break security on multiple platforms and remote locations. anyways my pc is just filthy. my devices probably have more imfections than a skid row street hooker. the is no exact explination on how this happened but all i know is a combination of a app\xap called webserver native access 0.4.3 , xenu url checker for pc and fiddler2 all running on the same ip and port [9999] started doing strange things. i fiddles when i typed in the address that webserver xap gave me while spyder crawling my phone with xenu,fiddler picked up lots of certificates while decoding system files.then o e after another probably 5 or 6 updates poped up on my phone. ive already had 3 windows 8.1 updates in the past. and wasnt aware of anything new. . also fiddler never picked up any remote link only local. strabge thing is i think rom updates for other devices got flashed to my phone. anyways the phone still works. im not sure the exact situation but the other day microsoft gave me a security signed symantic enterprise mobile code signig certificate when i made my store on the app studio website. i could of swore it was something of 250 dollar fee to get symantic to sign the cert for you. cant rember the process i went through a year or 2 ago when i need a cert signed. nice of mixrosoft the hook it upi guess. thats not enen the start with certs . i ripped hundreds of crt and crl from ruu's including qualcomm protected root ca's htc-cert , uefi keys, pulled from my device. anyways i had a dumb idea to install all of these onto my pc. what a dumb/smart mistake good happening. now i cam download all ota cabs with out going through proxy loops, and now have deeper access to htc and qualcomm based devices, it seems as the mpment i plug and windows phone with secure boot locked within minutes the device registery hive syncs with my servers hive and forcesthephone to disable uefi secure boot since my server isnt uefi compatible. i not if any sense is made here. ........soonyou will be seeing custom roms for htc8x fully flashable with out the use of a ycable. 2 jumps away from fullly rebuilding partitions from a 3.41 ruu . new roms will be a completely different platform. choice is in the air. right now my htc 8x is compiled from a mixture of windows phone 7 & 8, embedded compact 2013 and windows RT. strange thing is my device is based on gdr2..
my thumbs hurt from thping this on my nexus. sorry for the bad grammer and broken up sentences.
one last note anybody know wherr to get the OAK (OEM Adaptation Kit) layers and the 9600_POWERTOOLS with out having to sign up as an oem for microsoft.? I Have part of oak but only the portion for embedded compact 8
if anybody woild lit to join in be my guest. the more heads in this project the faster we break one of the most secure phones in the world. i will get everyone caught up wothin the soon on info. got to sort my files.
as of right now i think the ruu_signed.nbh is actually a .egisenx file extension which can be decrypted with edatasecurity by acer. once i find the framework software to install edatasecurity. i will give it a shot. in the mean time in anybody has an acer or gateway computer with that software installled on it already you could take a crack at. pick up any ruu_accord and 7z the exe file directly open the ruu_signed.nbh with a hex editoe without extracting the file and save the the nbh as a .egisenx file extension then proceed to attempt to decrypt. if it requires a password. i will provid some strings i pulled from the hexeditor. even beter if anybody has decrypting software that might work too.
also some of the htc 8x partitions arr encrypted SHK (SENTENIAL SKYNET) this is interensting i think this might be easier to crack.
softqare used so far in project accord
Revskills final release
Revskills 1.xx
qmi by revskillz
winrar good for converting damaged files
7zip good old extract to temp location
telerik justdecompile standalone version or visual studio extenson
webserver 0.4.3 or 0.5.0 .xap for wp8 winpone8 works on windows phone 8.1 also!
xenu url checker
fiddler2
winhttrack rip my phone like a website
010 editor with lots of custom scripts templates and syntex.
hhd hex editor is optional
hiew hex editor for the pros. still experimentig with this one.
lots of time.
cmd.exe and ecery damn xommand executible you can find that rips, strios, converts, merges, splits de/compress makes thing go backwards forward up down and flip around.
lots more fime
brew mp
win phone 7 tools.
OAK
osbuilder for wp7
basicly any file you can find that de/compiles that was made my microsoft mobile, embedded or ce department.
wak, wdk, hck 8.1 microsoft hardware tools
visual studio 2012 2013.
visual studio .net compiler 'rosylin'
lots of samples.
2014-05-24
RUU PARTITION RIPPING THE EASY WAY.
7zFM build 932 can directly open any file when using the options in the contex menu. just right click on the .ruu_signed.nbh highlight 7z open with arguement submenu and eithe choose # option or the #e option. both arguements work but with different outcomes. when 7z is done loading you will end of with a numbered liat of files some witj or without extensions. extensions as folowing .efi, .elf, .fat, .ntfs, .exe. all extenses with extensions open. the fat files are complete partitions. thw ntfs partition is metadata that is also embedded with in a file called boot.sdi located in one of the fat partitions. the exe files are normal MZ PE executable system32 applications. efi executable files are also located within the fat partitions. the elf files which strangely exist within the phones operating system can be extracted and read with a hex editor. strange that windows phone contains elf. considering Microsoft binary format is COFF/PE. DOWNLOADS WILL BE UP SOON FOR DEVELOPMENT. it is a possibility that the boot partition ripped form a accord_u_wwe was part of the updateos.wim. therr is refrence on how to add packages to the wim on the windows phone developer oem site.
an interesting experement done which worked on nokia ffu files. convert the nokia ffu to a vhd using winimage with fixed size settings. once completed. mount it with osfmount tool. none of the partitions show up nor are they mountable. so i proceded to generate a raw img from the vhd in osfmount which put out a raw img just over 7gb. jezuz the vhd was only just over 1gb. decided to mount the raw img using diskinternals linux reader and what do you know every partition showed up. even the secret one. most were still unable to open but boot uefi data and mainos. it did give me good insite on what to look for and discover within the windows phone lock filesystem.
There is a metadata file hidden deeply with MFT (MasterFileTable) called $Boot. this $Boot file header is R.NTFS.
i will get more in depth on thia later.
File system encryption used for the MAINOS is called RSDS mi. very hard maybe impossible to reverse engineer. I did find an explination in a .text file located inside of the file Liveupdate.exe located in The windows/system32 folder of my phone. the file gave vague instructions on how to compile an Fupdate.xml template which and be used to push update packages over wifi. more details layer.
Possibility to mount several partitions including mainos directly on my pc by minipulating binary regestery keys on windows 7. more soon.
Found these in my pc. Going to play around with them see what happens
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\WP8]
[HKEY_CURRENT_USER\Software\WP8\DL]
"MODE"=dword:d10ad121
"CSC"=hex:00,00,00,00
"SBL"=hex:00,00,00,00
"RPM"=hex:00,00,00,00
"UEFI"=hex:00,00,00,00
"ACPI"=hex:00,00,00,00
"MainOS"=hex:00,00,00,00
Click to expand...
Click to collapse
Diffrences in files located in the fat16 partitions cross refrenced branded and unbranded ruu's csv.cfg on the branded ruu has the radio build number defined while the unbranded ruu is blank 00 hex bytes through the entire csv.cfg file. RADIOVER.CFG unbranded ruu has anextra line IMEI line configured to 1 while the branded ruu is missing the imei line. my guess is with the imei 1 assignment with the unbranded ruu is once the device gets flashed with the original firmware it also gets assigned a new imei as well. just my guess. some insite would help on this.
Well, as the dev of NativeAccess I'm certainly very interested in what you found. My first guess is that you wandered into the section of the registry where the phone's certs are stored (yes, it's readable), although the format that the app returns them in isn't something that would normally be recognized as a certificate. Which means my *best* guess is that you wandered onto some certificate files stored on the phone in a readable directory, because the server app will let you download files
Everything from there is Really Weird though, and we'll need to investigate it more. I should spin up some VMs to try this... anyhow, getting additional updates to your phone is pretty weird, so let's start with that. Did you install those updates? What were their descriptions (i.e. what did they say was getting updated)? What are your current phone version strings (OS, Firmware, etc.) from Settings -> About -> More info (and do any of those look notably different than you expect)?
Installing certs ripped from RUUs onto your PC is... well, I would never have tried it on my main box, but now I really want to try it on a VM. Do you have the list of certs you installed anywhere handy? What ROMs did you rip them from, and where in those ROMs?
Deeper access into WP8 devices sounds *seriously* interesting! I don't have a modern HTC (only my old HD7, a WP7 device) but I could probably obtain one, at least temporarily, for research purposes. What registry hives do you think are synching (and why do you think it's a synch)? Is it actually turning off Secure Boot for real, or just causing the registry to report that it's off? (We can override the report value on Samsung WP8 phones, but that does no good.) If you've managed to turn off Secure Boot on HTC WP8 devices, you've probably just found the door to custom ROMs and possibly other fun hacks. Do you have any non-HTC WP8 devices you could test with too, to see if anything else interesting is happening?
Good luck cooking up those custom ROMs! That is unfortunately not my field at all, so I can't really help... but it would be pretty cool to have the ability to run RT instead of / in addition to WP! There's also a ton of tweaks and unlocks we can do if we have totally arbitrary access to the device and no pesky code signing enforcement getting in the way.
GoodDayToDie said:
Well, as the dev of NativeAccess I'm certainly very interested in what you found. My first guess is that you wandered into the section of the registry where the phone's certs are stored (yes, it's readable), although the format that the app returns them in isn't something that would normally be recognized as a certificate. Which means my *best* guess is that you wandered onto some certificate files stored on the phone in a readable directory, because the server app will let you download files
Everything from there is Really Weird though, and we'll need to investigate it more. I should spin up some VMs to try this... anyhow, getting additional updates to your phone is pretty weird, so let's start with that. Did you install those updates? What were their descriptions (i.e. what did they say was getting updated)? What are your current phone version strings (OS, Firmware, etc.) from Settings -> About -> More info (and do any of those look notably different than you expect)?
Installing certs ripped from RUUs onto your PC is... well, I would never have tried it on my main box, but now I really want to try it on a VM. Do you have the list of certs you installed anywhere handy? What ROMs did you rip them from, and where in those ROMs?
Deeper access into WP8 devices sounds *seriously* interesting! I don't have a modern HTC (only my old HD7, a WP7 device) but I could probably obtain one, at least temporarily, for research purposes. What registry hives do you think are synching (and why do you think it's a synch)? Is it actually turning off Secure Boot for real, or just causing the registry to report that it's off? (We can override the report value on Samsung WP8 phones, but that does no good.) If you've managed to turn off Secure Boot on HTC WP8 devices, you've probably just found the door to custom ROMs and possibly other fun hacks. Do you have any non-HTC WP8 devices you could test with too, to see if anything else interesting is happening?
Good luck cooking up those custom ROMs! That is unfortunately not my field at all, so I can't really help... but it would be pretty cool to have the ability to run RT instead of / in addition to WP! There's also a ton of tweaks and unlocks we can do if we have totally arbitrary access to the device and no pesky code signing enforcement getting in the way.
Click to expand...
Click to collapse
right now im hexediting ruus and they seem almost completely decrypted. its strange becUse a few weeks ago they were all scrambled.
i will postnmy findings on my website for every one to view
i rememersomeones post on possible certificates could bethekey to jailbreaking qindows phone 8. i think theymight beright
it said the updates i got stated they would further enchance my device. windows phone 8.1. funny.
i ripped certs from several ruu_accord_u and img_accord_u packages. i have 9 or 10 htc 8x ruu's stashed.
i installed the certs that had embedded htc_cert, qcom, qualcomm, symantic, uefi, and a few others i cant remember them all.
i have a lot to catch everybody up on. about 50gb of findings from accord ruu's and from files ripped from my phone. its a cluster **** of work.
uefi flashing
uefi disabling
source code
software lots of software refrences found.
wince800
winrt
qcomedk2 = edk2 part of the original dev kit ised to build flash dump reflash enable and disable uefi bios
certificates thousands of crl cer in every device. even the smallest file has a certificate. and i found their passwords
rsa-keys in the tesst faze
uefi keys
esn keeys
every partition size, format, offset and sector size.
port numbers and usages
every single registery key
.....
.....
keeps going on.
reserved
grilledcheesesandwich said:
reserved
Click to expand...
Click to collapse
reserved
Hey Guys,
I have a question..
I have an unlocked Ativ S with full file access.
Now iam searching for an installed XAP on my Device.
For my knowledge the xaps are encrypted and after installing them from the marketplace they are decrypted.
And what i want to know where can i find them on my phone?
especially iam searching for the gopro app which is a free app but doesn't work with the new gopro 4 version.
So i hope i can find a way to fix that with the xap.
But thats only possible if i can open the xap with a zip tool.
Hope you guys can help me and understand what i mean.
thx
The decompressed xaps are stored under D:\Data\Programs\ You'll see many GUIDS which coincide with the APP GUID. If you search for the app on windowsphone.com, you'll be able to see the app guid in the url segment.
You can't get the decrypted xap.
But you can repack the unencrypted .xap by zipping the collection of installed content as a same.
"C:\Data\Programs" (for WP8.0 Apps)
"C:\Data\Programs\WindowsApps (for WP8.1 Apps)
snickler said:
The decompressed xaps are stored under D:\Data\Programs\ You'll see many GUIDS which coincide with the APP GUID. If you search for the app on windowsphone.com, you'll be able to see the app guid in the url segment.
Click to expand...
Click to collapse
Under that string, there are only a few Cached pics:
Computer\Samsung ATIV S\Phone\Data\programs\{BCA90C60-10C7-4009-B8B0-13DF4EBCF9DA}
You may not be using full filesystem access, just the low-privilege version that you get if MtpSvc runs from C:\ but not as LOCALSYSTEM. Assuming you're capability-unlocked, you can use the AllCapabilities version of my webserver to access the install folders of each app.
Note that the actual "\Data\Programs\" folder is not readable by the webserver, but if you know the subfolder you want (such as an app's GUID) you can use that to browse and it works fine.
Note also that the apps are installed in a subfolder (called Install) of the GUID folder. So for example, the install directory for the GoPro app is
Code:
\Data\programs\{BCA90C60-10C7-4009-B8B0-13DF4EBCF9DA}\Install