Related
I have been using Appbrain to find and install new apps. However since putting in Froyo (which I LOVE otherwise) I am finding a lot of apps that are listed in appbrain but that aren't found in the market.
Is this just a version issue (ie the developer said it only works on specific versions) or is something else going on?
http://forum.xda-developers.com/showthread.php?t=687371
Just wondering how much searching you did before posting.
Quite a lot, actually, but since I'm not sure what it means for an app to be protected or whether the ones I'm not finding are protected, that thread didn't stand out to me. Frankly I still don't know if that will fix my problem, but I am certainly willing to try it.
Please keep in mind that there are those of us who are just learning, and sometimes we don't know all the ins and outs.
Oh, one other thing - if "protected" means "paid", those are not the ones I'm having trouble with. I am unable to see apps in the market that are free. Examples include:
NYTimes
Epicurious
Call Track
PAC-MAN
What kind of device do you have? And in which country are you?
A number of apps are not available for small-screen devices, or outside the USA. AppBrain shows all apps that are available for big screens in the US, so browsing it from a different device may sometimes let you find apps that the market won't allow you to download.
Is there an application that can password protect certain apps that I choose?
And please do not say Kids Corner as it does not do what I am asking.
It's probably possible (though far from easy), but I'd actually be more inclined to help if you hadn't opened a duplicate thread about this.
Only made second thread about this to attract some attention, 7 months passed since that guy opened his thread and nobody could give a good answer.
To me it's weird that nobody tried to make an app like this still, it would be very popular and help users very much.
Anyways, thank you for replying.
Really, just bumping the other thread was enough, but since we're here anyhow... my idea for how to approach it (and this would take a *lot* of hacking) goes something like this:
1. Create an app (call it X) that has the capability to launch other apps, and filesystem write access.
2. Have X take another app (call it Y) and encrypt its binaries. This prevents anybody from launching it by any means.
3. Tweak the app database to make it so that when you try to launch Y, it instead launches X and passes the id of Y as a parameter to the launcher.
4. X prompts the user for a password to Y. On getting the right one, it decrypts Y's binaries and writes them back to the correct location, then launches Y.
5. When the user (or OS) closes Y, a background process of X notes that Y is closed and re-encrypts it.
Currently we know how to do... well, some of #1, and we think the rest is possible. Given that, #2 isn't too hard. #3 is something I don't have the least notion how to do *right now* but I'm sure it's possible. #4 shouldn't be too hard given #1 and #2. #5 will be a trick - currently, apps have no way to know what other apps are running - but I'm sure it can be done.
It's a large engineering problem blocked by an even bigger research and hacking problem, though. Nothing we'll have soon. You'd never be able to publish it in the store, either, and it would only work for people with hacked phones. It's exactly the kind of *useful* thing that would be possible if Microsoft were willing to let up the restrictions on third-party developers a bit, of course, But for the time being, there are *reasons* nobody has done it yet.
Well the word that I actually was thinking after reading your post was "crap".
It seems only with time (and a whole [email protected]#$ing lot of it) will wp become a true competitor to android, but to be honest I don't think it will come to that.
Thanks for replying GoodDayToDie, I'm freakin' sad that there is no app that can suit my needs, I even tried with kids corner but the screen still needs the password entered like the normal one. Nothing really can make up for what I have in mind.
Cheers mate.
as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...
tfBullet said:
as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...
Click to expand...
Click to collapse
You're right tfBullet! I need it for whatsapp, photos, message and games app, mostly to prevent from friends but gf too.
I was thinking it might be possible to mod an app and add password before it can be accessed, although I have no experience in this domain. Many apps in store have this function, like wallet or prive photo apps.
My phone is dev-unlocked as I started a few days ago to study and try to create a simple app for me and my friends.
Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running. The encryption thing really isn't too hard, although you could skip it anyhow too.
If there was a way to run a program in the background that monitors when certain apps are selected and then prompts when its activated would work, but it would need an unlocked phone. And even under home brew I don't know if its possible to run apps in the background. Yet.
Sent from my Nokia 521 using XDA Windows Phone 8 App
The encryption thing really isn't too hard
Yea, but that's a little extreme. If you can create that password program that runs in the background you could probably have it watch files, apps or pretty much anything. You'd have to password protect the cofig file. And maybe if you can't remember the password after so many attempts you can have the program email the passwords to your email. Just some ideas.
Sent from my Nokia 521 using XDA Windows Phone 8 App
Running software in the background is actually shockingly easy. The trick is getting it to run with better-than-app-sandbox privileges. We're still working on that one. In the meantime, apps can't even read, much less write, to the install location of other apps.
GoodDayToDie said:
Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running.
Click to expand...
Click to collapse
@GoodDayToDie: actually these .NET apps are pretty easy to decompile, if you're willing to fix the bugs that the decompiler leaves you with...
so there is not really a need for a valid signature, if you're able to compile & sideload the app yourself
the only thing is: you need the decrypted XAP, as far as i know these get decrypted while installation and can be pulled from a interop unlocked device?!
It would be nice to get my fingers on some OEM (Nokia etc..) XAPs, to see if we can find any exploit in them
I know better than probably 95% of this forum what it takes to decompile managed code; I have reverse engineered huge numbers of apps. However, you are missing several important points.
1) Modifications like you suggest are very complicated to automate. It's certainly possible, but it's not simple.
2) Re-installing the app would be a pain. You would really want to do this as an in-place modification, and that means (for store apps) that it would still be signature-checked.
3) Not all apps are managed code; WP8 supports purely native code.
4) Even with managed code, obfuscation can make tinkering with the binary nigh-impossible.
It's just so incredibly stupid that WP is so limited. I know it's under Android big time, but I think even iOS more customizable, right?
Also, is there a message app in the store that has pass option? I searched but found nothing...
I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.
GoodDayToDie said:
I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.
Click to expand...
Click to collapse
But with the jailbreak and MobileSubstrate, iOS is extremely customizable, and there are tons of tweaks, that's where Apple gets its new features from
Back to topic, I think the OP would be happy with a solution that locks the "normal" user of his phone out of some apps, so it wouldn't be necessary to modify anything of it, just making the standard launcher (I don't know how it's called, but I mean when you launch the app via home screen or with a toast) ask for a password should be enough.
Hi all.
I'm an android user switching to windows phone..
I'm getting the Lumia 520 soon ..
I just wanted to get a general idea of how jailbreaking works with windows phone..
is it like android just download the apk (or whatever extension windows phone uses) to the sd card .. install it and voila ?
or is it complicated ?
any guides/tutorials for this ?
Thanks.
Please use search before posting...
You can enable sideloading on WP8, but it's more complex than on Android; you need to use a PC to enable it and to install the sideloaded apps.
More importantly, though, sideloaded apps are very limited. For one thing, you can't install more than a few of them - the typical range is 2-10, depending on what unlock method you use - unless you uninstall some first. They are also restricted to very low permissions. There is no widely-usable "root" hack for any WP8 phone right now, either. I'm working on it... but the Samsung phones will probably be the first ones.
Despite Windows' long reputation for poor security, Microsoft has put serious effort into WP8 security and lockdown (not the same thing... security keeps others from controlling your device, lockdown keeps you from controlling it) and the result is pretty solid. There's a few holes we've been able to attack thus far, but most of them have had such minimal privileges we couldn't use them to *do* anything meaningful.
Hello - I am doing a pen test for a customer. They are not giving me the xap files like they did last time. Is there a way to pull the xap file off the phone and on to your PC? I have a dev unlocked phone which I can sideload apps using power tools. I have done some research and it doesn't sound like this option is available, but I wanted to ask.
Thanks in advance.
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
GoodDayToDie said:
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
Click to expand...
Click to collapse
Thanks again for all your help. So my situation is this: I am doing pen testing for a client (and I'm sure we are competitors some what). The have provided me a Nokia Lumia phone running 8.0 and another Lumia running 8.1. The app is installed by their dev team (app is not avail from the store). They are reluctant to provide my the XAP file as they consider it proprietary info. I have done a dev unlock on the phone, but my primary goal is to view the isolated storage/dlls for the app to make sure they are not storing sensitive data. I am using the standard tools for viewing the isolated storage, but for these to work (best of my knowledge) they require you to sideload the application which I cannot due (not XAP file). I am proxying the traffic, but without looking at the file system there is not much I can do. As an aside, they are using MDM with jailbreak detection.
Whoa, somebody actually got around to writing jailbreak detection for WP8? Crazy. I wish I could see that; I'm sure it's trivial to bypass (at least for interop-unlock, the difference between locked and unlocked is changing a registry value and it would be easily possible to re-lock it, launch the app while keeping the editor app open in the background, switch back to the editor, and unlock/jailbreak again) but I'm amused that anybody even bothered trying. Also, the APIs you would need to do the detection aren't even available on 8.0, officially; you're in violation of the store rules if you use them. Then again, maybe this is an internal, "Enterprise" app; those have permissions to do stuff that typical third-party apps do not. Are you sure they don't just mean they have jailbreak detection for iOS? I see something about Office365 MDM offering JB detection, but while I suppose they could have written something for WP8.x as well I feel like I probably would have heard of it?
If the app was sideloaded by the dev team, then you can see its isostore using the official tools or using Windows Phone Power Tools. If it's an enterprise app and the app was installed that way, then things get more difficult (especially if the phone they gave you doesn't have an SD slot). Not giving a pentester access to the binary they're testing is silly on a number of levels; if you succeed in breaking in then you'll get it anyhow, and an attacker will have a lot more than a week or two to poke at it so they're wasting your presumably-paid-by-the-hour time if they want you to see how good their security is without actually examining the app. I bet they used obfuscation, too... Some people just don't get it. "Security" by obscurity... isn't. Sorry, end of mini-rant. Anyhow, there's a guy on the forum who claims to have a non-JTAG unlock for Lumias, but no idea when or if it'll see the light of day.
treat me like an idiot if these are obvious..
I want to put Samsung stock nougat on my rooted SM-T810, and I have some general questions. if all this info is gathered somewhere else, please point me there. maybe I used bad search terms?
1) for US, I use the XNZ country code, correct?
if there's an update thread already, consider this an apology for wasting your time. please stop reading now and point me to it. otherwise:
2) Use Odin 3.12, correct?
3) Can I just use twrp to update?
4) will I lose root?
5) if yes to above, could you please point me to a rooting guide (SM T810)
6) other than the ROM itself, what do I need?
yeah - so i'm an idiot. I see the 'no questions' posting now. guess I jumped the gun
Is your current s2 Tab working smoothly? If so, why risking an update?
why not? I like to play around and keep current. Besides, IMHO, Android s**** as an OS, still unable to do things Windows was doing in the early 90s. I keep hoping someday it will grow up... I know Android and Windows have different purposes, but until I can network at the OS rather than app level (built in), and until it is fully 'self-contained' and doesn't require a PC for changing OS versions (w/o 3rd party apps), etc., I'm going to consider it 'not ready for prime time'. Just my opinion.
"Keep it current" what does this mean?
You do realize that the lastest software versions often come with the most current bugs and issues at hand.
If you need to network, install Kali Linux, I'd suggest.
'keep it current' = keep all apps and the os to the most recent version possible
bugs: yeah, but it also comes with the latest features
Linux: on the tablet? there's a version? but that's sort of beside the point - Android lacks a functionality that's been in every other OS on the planet since at least the early 90s. it may be by intent, but it still ain't there, and it would sure make my life easier if I could map a drive from my nas and have it's contents available to all apps: music player, movie player, ebook reader. for work, I've used it to process data in the field using Octave. Getting the data on and off is always a pain - better if I could map a share and go from there.
not trying to argue - you asked, i'm elaborating. too much, maybe.
Keep all apps and the os to the most recent version possible. But what for?
Why trying desperately to fix a working car?
Updates eat storage and in most cases performance. Worse, introduce new bugs and so on.
I do not get this: update mania. Sure, it certainly assures that the Superclass can easily spy on every single user but besides that.. it makes no sense IMO.
Certainly, Android is Linux based after all. So yes, you could root your Tab and install Linux.
Drive access. That's already possible. You can connect an external SSD drive or HD drive via USB. Or NAS,
http://www.techrepublic.com/google-...o-help-you-connect-to-network-storage/?espv=1
I feel you. No arguing here either, just trying to understand your viewpoint.
just want a fully functional 'computer' where I can access files without having to use one app to copy the files over from the nas and another to use them. step one is the OS's responsibility, IMO. want access to network drives and otg drives to be identical to access I get on the internal memory.
and if you really want to get me going, start up on selinux, the "god i'm so afraid to go outside" solution. yeah - let's punish everyone because that guy over there is being bad. and lack of automatic root access? these are children's toys? unfortunately, my favorite ebook reader is only on android. as is the best music player I've found.
fun discussion, but I gotta get some work done
Msamp said:
just want a fully functional 'computer' where I can access files without having to use one app to copy the files over from the nas and another to use them. step one is the OS's responsibility, IMO. want access to network drives and otg drives to be identical to access I get on the internal memory.
and if you really want to get me going, start up on selinux, the "god i'm so afraid to go outside" solution. yeah - let's punish everyone because that guy over there is being bad. and lack of automatic root access? these are children's toys? unfortunately, my favorite ebook reader is only on android. as is the best music player I've found.
fun discussion, but I gotta get some work done
Click to expand...
Click to collapse
I guess you are not really understanding the role smartphones and tablets play in the computing world. They are more communications terminals designed to be usable without mice and keyboards rather than stand alone computers. Your recurring references to what computers could do in 1990 is a little off. All you had (at most) was windows 3.0. That did not include networking out of the box, but relied on device-specific drivers and utilities (i.e. Novell) to access a thin-net ethernet coax cable or IBM token ring network. If you want to get online, be prepared to use a serial terminal and a But I digress...
Android is not Windows. It is a cut down and specialized version Linux. Linux/Android is not a single monolithic OS like Windows. It does not do SMB out of the box, but needs a Samba client to do SMB to your windows-ish NAS. It does not try to be all things to all people, but rather gives you the basics and lets you, Joe User, add on the things to make it do what you want. In short they don't bloat it down with stuff only 10% of users will want to use.
To access your NAS, there are Samba (SMB) and ftp clients that let you do it. In fact I have a couple Android streamer boxes on my TVs around the house. They connect directly to my NAS video libraries and pull movies and other videos directly from there using a variety of protocols. Do I need to do that on my phone? No, but hey, I can install KODI on that phone and do just that. I can also put KODI on my windows box and do the same thing. But if I want to disconnect, I can copy these movies to my Tablet/Phone and play them any time I want off line. This is all things I would challenge you to do using Windows 3.0 in 1990 (don't even think of doing full touch screen support with Windows 3.x).
But well, if you really want your phone or tablet to work like Windows, you should run Windows on it
not '1990' - 'early nineties'. big difference. Win 3.1 (or WFW?) had an add-on, but still OS level tcp/ip stack
paragraph 2: I don't count real networking as an option. I should be able to access my ebooks on my nas usung ebookdroid, not have to move trhem to the tab using ESfilemanager THEN read them. I have a HUGE library of pdfs, movies, music, more than will fit on my 128 gig sd card (or a 256 g card for that matter), and i'd like access to the WHOLE THING from any appropriate app I choose. all the smb apps suck green worms, by the way.
I don't want to have to install a freakin client - it should be part of the os. imho, of course
btw: this discussion has become pointless. I have my preferences, you have yours. that's the way it should be. and as far as their 'role' goes: give them a bigger one - they're capable.
'bye
I totally understand your gripe. And I do wholeheartedly agree there should be a *root* toggle in the **Developer Option**.
But here is the thing, how are greedy conglomerates, and the gov puppets, supposed to spy on each and every single citizen if they just uninstall all spyware?
Moreover, most consumers are just too *untechy* and they would probably lose all their bank account, credit card and online shopping data to third parties and eventually blame the OEM. I smell lawsuits of the retard.
Auto updates are there for a reason. Control.
For instance, Samsung's new high-tech TVs record audio 24/7. Same for all these assistant devices.. Amazon Echo, Google Home etc. Seriously, 1984 isn't that far away anymore.
Msamp said:
treat me like an idiot if these are obvious..
I want to put Samsung stock nougat on my rooted SM-T810, and I have some general questions. if all this info is gathered somewhere else, please point me there. maybe I used bad search terms?
1) for US, I use the XNZ country code, correct?
if there's an update thread already, consider this an apology for wasting your time. please stop reading now and point me to it. otherwise:
2) Use Odin 3.12, correct?
3) Can I just use twrp to update?
4) will I lose root?
5) if yes to above, could you please point me to a rooting guide (SM T810)
6) other than the ROM itself, what do I need?
Click to expand...
Click to collapse
Use Odin AND the rom... i think you will lose root but you can always go back in twrp to install supersu.
I did something similar, i used Samsung Smart Switch to do an emergency reset on mine and it installed the latest firmware (nougat).
That will unroot and remove twrp.
I wouldn't (and didn't) reflash TWRP and root because you lose OTA updates, and right now there's some bugs in Nougat that , for me, were fixed in an OTA update. But once you flash with Smart Switch, you could always re-install TWRP and root again if you want.
Don't mind Niii4, he ranted about the same things in my thread and to others too...