Related
Hello Everyone,
I recently bought an EEE PC as a second computer and seeing as it's about the most easily lost or stolen laptop ever made, I thought it might be an idea to run some software on it that might help me recover it should it ever go missing.
After trying a few existing bits of software and not finding any satisfactory, I resorted to writing my own.
Since it seemed useful to me, I thought I'd make it available to anyone interested. It's a very early version at the moment and very basic, but I don't think there are too many bugs (famous last words!! ).
I thought I would post a message here as I use this forum quite a lot, and I know a lot of people here won't have a problem with editing the config file to set it up, I've tried to make things as simple as possible. However, if you don't know the difference between POP3 and SMTP mail servers, this app is probably not for you!!
If people are interested, I'll continue to develop it further. A few ideas are listed on my website.
Visit www.ajhonline.co.uk for download links and help.
Alex
this isn't hard to circumvent.
Nice app, but wouldn't they probably wipe the HDD?
How would it compare to Lojack's (utilizes Computrace) service? Some laptops have the Computrace service embedded in the bios. I currently use a Dell D410 and Panasonic CF-19, and they both have Computrace built into the bios. If someone formats my hard drive, or installs another harddrive, the bios will rebuild the neccessary files, run in the the background and start reporting the IP address back to Lojack.
Yes, of course the hard drive could be wiped, or it could never be connected to the internet. It is also easy to circumvent, although if I do develop it further, it would be fairly straight forward to make it less obvious and better hidden. This is only a very first version, to gauge interest more than anything,
It's not meant to be 100% foolproof, that probably isn't possible anyway. The advantage is it's free. I really developed it because I couldn't get Adeona to work (it just kept failing to connect to its server), not to compete with commercial solutions.
Hmmm, you know how I said I didn't think there were any bugs....
I just found that the Windows version was not saving the detected IP addresses correctly, so it would email you a "new" IP address message every time the computer was rebooted.
However the problem is now fixed, and a new version 0.1a available for download. The cross platform version wouldn't have been affected, but there's a new version of that too, just for completeness.
Sorry
Alex
I've now made some additions and released a new version which includes the changes below:
Added a separate configuration application to simplify initial setup
Added the ability to encrypt the mail server password for better security
Added a link to DNSTools to the IP Detected email for easy lookup of the WHOIS records for the IP Address
As before, visit www.ajhonline.co.uk and download version 0.2 from there.
Alex
PS - If you are using the Windows version and doing an upgrade from a previous version, make sure you keep a copy of your existing fyl.properties file, otherwise it will be overwritten during the install and any existing known IP addresses will be lost.
huff,.
i wish i have seen this before i lost my friend laptop,.
great help sir,. keep up,.
Version 0.22 is now available for download from www.ajhonline.co.uk.
It's only a small update; you are now able to specify a range of IP addresses as already known so that you don't get an email when one of those is detected.
Alex
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me. Now understanding that Microsoft and Android are two completely different beasts, what I really am looking for is the ability to take the tables (I use all Back-end database so all my tables are in a completely separate file then all my forms, queries, and reports) and the data with me and be able to run them in a program on Android that keeps the relationships and fields and all of that sort of stuff.
Now what would be great is the ability to use forms (even if special forms for android need to be made), run queries, and even be able to run reports and print as PDFs.
now I know how to code in VBA, hence the extensive coding I have done in Access, so anybody willing to WORK WITH in creating an Android Program to basically be an extension of Microsoft Access please contact me. Please not I use the words WORK WITH loosely, while I am trying to learn how to Program for Android, I currently do not have a computer that I can use to develop programs for android on, and well I would be only able to create the "Hello World" starter program and this project seems a slight bit more complicated. But what I can bring to the table is real world experience in testing and using the program day in and day out, a number of already existing Microsoft Access Databases ranging from Complex to Simple that I use every day. Really a program that can run Microsoft Access Tables on Android would be really useful to me and I am willing to do anything to help make this happen.
kronos82 said:
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me. Now understanding that Microsoft and Android are two completely different beasts, what I really am looking for is the ability to take the tables (I use all Back-end database so all my tables are in a completely separate file then all my forms, queries, and reports) and the data with me and be able to run them in a program on Android that keeps the relationships and fields and all of that sort of stuff.
Now what would be great is the ability to use forms (even if special forms for android need to be made), run queries, and even be able to run reports and print as PDFs.
now I know how to code in VBA, hence the extensive coding I have done in Access, so anybody willing to WORK WITH in creating an Android Program to basically be an extension of Microsoft Access please contact me. Please not I use the words WORK WITH loosely, while I am trying to learn how to Program for Android, I currently do not have a computer that I can use to develop programs for android on, and well I would be only able to create the "Hello World" starter program and this project seems a slight bit more complicated. But what I can bring to the table is real world experience in testing and using the program day in and day out, a number of already existing Microsoft Access Databases ranging from Complex to Simple that I use every day. Really a program that can run Microsoft Access Tables on Android would be really useful to me and I am willing to do anything to help make this happen.
Click to expand...
Click to collapse
I think we must have the same job
Android utilizes an sqlite database engine and it looks like sqlite already offers a conversion utility HERE. The real question would be how to get the data in and out of the phone. Regarding forms, they definitely would need to be custom built.
Thanks this is deffenetly a start, From what I can tell this This Looks to be the most promising, It looks like all you would have to do is put a MS Access Database file on your SD CARD and have a program access it. That way you copy it back and forth. Unfortunately it doesn't support Access 2003, but I can save down. I also got a lot of learning to do in programing Java programs.
Forms would be as simply as making a program, this is great thanks much
kronos82 said:
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me....
Click to expand...
Click to collapse
I would like to say, "yes, please!" to this idea. I currently use Smart List to Go (the descendant of ThinkDB) on my Palm TX. The TX is dying, and I've been shopping for a replacement. HanDBase exists for the iPhone, but I don't want an iPhone. So I've been focused on WinMo - not by choice as much as by necessity.
And android option would be very welcome around my computers.
benmyers2941 said:
I think we must have the same job
Android utilizes an sqlite database engine and it looks like sqlite already offers a conversion utility HERE. The real question would be how to get the data in and out of the phone. Regarding forms, they definitely would need to be custom built.
Click to expand...
Click to collapse
androids sqlite its for applications to access and store data using java code.
try the pocket office app
Freedomcaller said:
androids sqlite its for applications to access and store data using java code.
try the pocket office app
Click to expand...
Click to collapse
Exactly and we're talking about creating an app that would enable manipulation of an sqlite database. Essentially all that would be needed would be to create a ui framework wrapper for the existing api in android. Not the least monumental task I've heard of an individual taking on but not the most either.
The versions of pocket office that I've seen for android do not currently support Access databases as far as I'm aware. If I'm wrong could you post a link and save everyone some trouble?
aaaaaaaaaaaaaaaaaaa
kronos82 said:
Thanks this is deffenetly a start, From what I can tell this looks to be the most promising, It looks like all you would have to do is put a MS Access Database file on your SD CARD and have a program access it. That way you copy it back and forth. Unfortunately it doesn't support Access 2003, but I can save down. I also got a lot of learning to do in programing Java programs.
Click to expand...
Click to collapse
Jackcess library is now patched to support android (will be in 1.2.2 release). Also seems to support 2000, 2003 and 2007 formats now.
Works great for me.
View jackcess site. Couldn't find anything on support for android. I'm using htc desire and would really like to find program to view ms access file. Can you tell me how you do it?
As I remember reading worked as on PC, while writing had some problems.
This forum prevents me from linking directly, but if you click tracker/patches on Jackcess project, check Android Compatibility Fix - ID: 3101578
The changes are in trunk and will be in the 1.2.2 release. I've added some
notes which will eventually make it to the FAQ page on the website
detailing the compatibility steps:
- Set the system property "com.healthmarketscience.jackcess.broken
Nio=true"
- Set the system property "com.healthmarketscience.jackcess.resour
cePath=res/raw/"
- Copy the *.txt, *.mdb, and *.accdb files from the
"com/healthmarketscience/jackcess/" directory in the Jackcess jar to the
"/res/raw" Android application directory.
- Before executing any Jackcess code, set the current Thread's context
classloader, e.g.
"Thread.currentThread().setContextClassLoader(Database.class.getClassLoader())".
Click to expand...
Click to collapse
Until this version (1.2.2) is released you need to build lib yourself.
You also need commons-lang and commons-logging from apache commons.
Before you use Jackcess in Android code, you set
Thread.currentThread().setContextClassLoader(
getClass().getClassLoader());
System.setProperty(
"com.healthmarketscience.jackcess.brokenNio",
"true");
System.setProperty(
"com.healthmarketscience.jackcess.resourcePath",
"res/raw/");
Click to expand...
Click to collapse
and copy those resource files to res/raw
Then you can work as on PC, for example open /sdcard/yourprogram/file.mdb
Jackcess has no GUI, it's a library to read/write access files.
Getting an Access file into Android
I keep a lot of information on a Psion Revo, which has just turned its face to the wall and is giving up the ghost, and have always backed the information up on to my pc as an Access file. It looks easier to get this into a format acceptable to Android by converting the Access .mbx file into an Excel .xls file. This can be searched readily by Column and Values. Maybe this deals with too simple a need for most enquirers to the forum, but if it helps somebody then so much the better.
hi all i have beenlooking for something the same for some time now and just the other day i came accross this site cellica.com
the android app is free and the desktop application has a 5 day trial period or its $50 to buy it works great the only thing you can not do is create a report from the phone
i have emailed support team and they said they will be adding it on in the future.
Any Updates???
I currently build and use databases in MS Access and was wondering if there are any updates on this topic now that Tablets are in use now. Looking to get the Motorola Xoom (2nd version) in the future, but would love to be able to use a program that I would be able to access my MS Access databases while "on-the-go".
Anyone? This would be huge (I believe), since we now have tablets.
Thanks a bunch,
~Kilch~
Access to MS Access by Android
Hi,
I'm also looking to get on-the-go access to my Access databases on my Android HTC Tattoo.
The file is on it, I just need a tool to access it in read-only / search mode, but judging from the previous comments, there doesn't seem to be an oversupply in applications.
The "convert to Excel format" may be OK for me. I want to use a 3 language Access DB (dictionary) on my phone, so I'll try the Excel solution.
It would be nice if we had an ACCESS reader though...
John
Panacea Database
I know XDA frowns upon excessively hawking your own products here, but I do seem to be directly answering more than one of the reply questions, it just happens that the answer is an application my company released.
The Panacea Database application can handle Access from Access 2000 to Access 2007. It has also worked so far on every Access 2010 database we've tested, and we've received no complaints in that department yet. We release updates from time to time as we improve its functionality and features, often guided in our priorities by user e-mail and market comments. Our next update will be focused on improving screen layout for a variety of Android devices - from small QVGA smartphones, to large WXGA tablets. After that we may move onto other functionality.
In the interest of fairness, I'll point out arafa1209's post. He mentions Celicca Database, which is the only other application that I know of that deals with Access databases on Android. It has features Panacea does not have (yet) - ability to work with forms, ability to create and modify databases, ability to connect to your PC etc. Like us, they also send out updates improving their app regularly. So you can compare the apps, and use which one fits your needs better (or use both). If anyone knows of any others they can post here as well, but these are the only two I know of currently.
Just tried Panacea. Although it is more basic and annoyingly doesn't remember the last files you'be opened necessitating finding the file each time you open the app I prefer it for the simple reason you don't have to convert the Access database to another format.
amwebby said:
doesn't remember the last files you'be opened necessitating finding the file each time you open the app
Click to expand...
Click to collapse
If you update the app, this should be fixed, the last version should have this feature.
Got the update last week. Certainly goes a long way to making it more user-friendly. Keep up the great work!
Since the last update it seems to be broken. Although it remembers the last database I cannot open a table within any database.
Edit: It appears the file was corrupted. Loaded a new file and all working again.
Any news in this topic.
I tried panacea Database, works fine. But not very effective. Searching data is a must for me however I didnt manage to find a search option. When I search for tables, it cant even locate the tables by names.
Like so many of those great little apps and neat little softwares we find out there, Microsoft Live Mesh seems to be one of those personal favorites of mine that has been thrown to the wayside by what most likely is "Progress".
BACKGROUND
For those that find this application new to their world, Microsoft Live Mesh (http://www.mesh.com) is a Multi-Device Synchronization tool, also called a "cloud service", that creates and / or modifies a folder on either your Microsoft Windows PC, Apple PC, or Windows Mobile Device to allow synchronization of the content in that folder with other designated devices within the "cloud". Each folder can be set with specific permissions and can be allowed or denied access to other designated users. I've always felt as though this was a wonderful and amazing tool and had been using the service for a few years. As with many other members of this forum, I to find myself flashing many different ROM's on what can be a daily basis if the amazing chef's out there are hot in the kitchen!, and MS Live Mesh really made that process easier by allowing me to sync desired content that would have otherwise been tedious and allowed me to take my files I have on my PC with my on my WM PPC where ever I had an internet connection.
CURRENT STATUS
Sadly, as of the past year or so this wonderful software has become seriously underdeveloped, and I wanted to try and take a step toward a revival of this great application. One might argue that the reason for lack of development might be because of newer development in different and update phone software, or that there was not enough of a community outcry for this type of application. Whatever the case may be, one last cry for help on what has turned out to be a world renowned mobile device forum wouldn't hurt, right?
There is an already running MS Forum on the subject of development where if this sort of thing does perk your interest, you can find more information about what fixes have already been found. There is also already a forum on XDA Developers that has already been started... but the last thing mentioned in that forum was about getting access to the tech preview of the application.
MY RESULTS
So far, I have run into consistant failure in using the software using any of the new ROM's for my Fuze and am usually met with the same result... when I try to lauch the application on my Fuze, it crashes before finishing loading, or after I finish the login process, I am met with a setup error when trying to add my device to the cloud.
There you have it, that's my story and I'm sticking to it. If you have any idea's on how we might be able to get this up and running again, please feel free to post and let's really get some community development action going on! Hopefully it's not the case that MS has just pulled the plug on the whole thing and didn't tell anyone, right? :?
My understanding is that Mesh is being merged with Windows Live Sync (as part of Windows Live Wave 4). Hence data will be synced into Skydrive rather than the separate Mesh storage area. Hopefully this will mean a new winmo 6.5 client, although there is talk that this might be phone7 only
No release date for wave 4 yet either
I've been searching for .XAP decompiler/disAssembler (to do reverse engineer) for phone 8 xap files. I've seen that the new .xap files are not longer simple .zip/.rar files. They have something more.
In short I'm asking something similar to http://forum.xda-developers.com/showthread.php?t=1443692 for phone 8 . Does anyone know any (free) tool which can help me out ?
Could you please attache XAP? I'll investigate it.
Sure
Please see the attachment.
It appears MS have encrypted XAPs now - this has a PlayReady DRM header:
Code:
<WRMHEADER xmlns="http://schemas.microsoft.com/DRM/2007/03/PlayReadyHeader" version="4.0.0.0"><DATA><PROTECTINFO><KEYLEN>16</KEYLEN><ALGID>AESCTR</ALGID></PROTECTINFO><KID>w3i0edJP7EOqQ6aQzdAoSQ==</KID><LA_URL>http://microsoft.com/</LA_URL><CUSTOMATTRIBUTES xmlns=""><S>9FcV5qmfIsMc+X2MVmX3Hw==</S><KGV>0</KGV></CUSTOMATTRIBUTES><CHECKSUM>Hu3+fizBvKU=</CHECKSUM></DATA></WRMHEADER>
So, does it mean I'll never be able to decompile any .xap ?
XAPs downloaded from the Marketplace are encrypted starting sometime in summer last year. That was also the time when devices that had not installed the WP7.5 update lost access to the Marketplace.
So unless you know the decryption key no: you won't be able to decompile XAP files downloaded from the Marketplace. As for XAPs you get from a Dev directly or created yourself - those should still be in the same ZIP-Format as before.
if we get admin access on the phone we can make the phone to decompile it for us and then make an unencrypted version of the .xap
StevieBallz said:
XAPs downloaded from the Marketplace are encrypted starting sometime in summer last year. That was also the time when devices that had not installed the WP7.5 update lost access to the Marketplace.
So unless you know the decryption key no: you won't be able to decompile XAP files downloaded from the Marketplace. As for XAPs you get from a Dev directly or created yourself - those should still be in the same ZIP-Format as before.
Click to expand...
Click to collapse
Does anybody developed some hack to see content of .xap files which are from market place ? if yes, where can I get it ?
ellokomen said:
if we get admin access on the phone we can make the phone to decompile it for us and then make an unencrypted version of the .xap
Click to expand...
Click to collapse
And how can I get admin permission on my phone win 8 phone ? In other words, is it possible to get admin permission on win 8 mobile ?
@shek007
WP8 is much more secure than WP7. So it will take much time or never to hack the OS.
Regarding the xap decompile, it seems you are insisting on 'hacking'. That is a bad behaviour, trying to steal other's logic/data If it's your's or friend's .xap, then you'll get access to the code. Otherwise you have no right to decompile the code if it's not yours or the others didn't provide you access.
Anyway, you got the answer back then: no, it won't work.
shek007 said:
And how can I get admin permission on my phone win 8 phone ? In other words, is it possible to get admin permission on win 8 mobile ?
Click to expand...
Click to collapse
1. No one knows what "win 8 phone" and "win 8 mobile" are. Never heard of those.
2. Go somewhere else to discuss theft.
narrowing the subject to "theft" is not appropriate as when one wants to make out the most of some applications.
Examples are: Decompile the Field Test app from nokia to see the internal API calls to the radio module in order to obtain RF related data, such as cell ID, MCC+MNC, Ec/Lo etc..
using this API calls we can make Apps for RF field engineers to test the network performance and signal levels using the Lumia phone.
This functionality is well known on others smartphones but lacking in Windows Phone platform so far.
Another example will be using multiple whatsapp accounts in the same phone ( another functionality from other mobile platform missing in WP)
As far as I understood the security architecture not just any App would be able to access those APIs even if it knew about them. It requires special permissions and I would guess that at the moment those are not available with a regular Developer Unlock.
As for decrypting the file or gaining access to the phone and extracting the data from there: WP8 security has not yet been broken. There might be people working on it but for now we know of no way to do it.
StevieBallz said:
As far as I understood the security architecture not just any App would be able to access those APIs even if it knew about them. It requires special permissions and I would guess that at the moment those are not available with a regular Developer Unlock.
As for decrypting the file or gaining access to the phone and extracting the data from there: WP8 security has not yet been broken. There might be people working on it but for now we know of no way to do it.
Click to expand...
Click to collapse
Idk if you guys know about this website... [http]://xapapp[dot]blogspot.com/
this guys does exactly what the OP asked. If m wrong then please correct me
I guess I'll have to wait until I can learn about this
Btw, I never had intention to hack/theft others app..
tai4de2 said:
1. No one knows what "win 8 phone" and "win 8 mobile" are. Never heard of those.
2. Go somewhere else to discuss theft.
Click to expand...
Click to collapse
1. Yes. No one knows what win 8 phone is.
That is why YOU are on this forum thread., because is called just like that. "Windows Phone 8" looks similar to windows 8 phone. Or not.
2. " Windows Phone 8 Development and Hacking>> Windows Phone 8 Q&A, Help & Troubleshooting" is the name of this thread. So, where else could discuss hacking windows 8 apps.
You just needed to post something.
I just needed to reply (two years later), so I joined to forum. :laugh:
BTW are there any new tools for decompile xap files?
Please don't necropost!
Posting here rather in a PM in the hopes that others will see and remember...
You just posted in a 22-month-inactive thread. This violates a near-universal guideline (sometimes rule) of online forums: do not post in dead threads (common called "necroposting"). Your post added nothing of value and effectively constitutes spam, as it brings a thoroughly outdated thread to the top of the forum list. It's much better to create a new thread (linking the old one, if you feel that will help) as then people who read earlier posts in the thread but don't notice the datestamps won't be seeing stuff that is years out of date.
While I agree that the person you responded to was being needlessly pedantic, it does seriously annoy some members of the community to have people screw up the name of the OS. Win8 and WP8 have about as much in common as Mac OS X and iOS; that doesn't mean it's reasonable to say an iPhone runs "Phone OS X". The fact that there existed a legacy (and *very* different) OS called Windows Mobile (or WinMo), and that people routinely seem to think that WP is just the continuation of WinMo (it's really, really not), is a large part of why some folks stomp on people who use the wrong name for the OS.
Decompiling apps is easy. Breaking PlayReady DRM is really, really hard. There's no decompiler anywhere I know of that can take a DRMed XAP and decompile it. You'll have to get the app without DRM encryption if you want to decompile it.
PLEASE DO NOT POST ANY MORE IN THIS THREAD!
Hey Guys,
Below is a list of the things that my HTC 8x does when it checks for Windows Updates. I am waiting for Microsoft's server to decide to give me a new firmware, so I decided to sniff out the TCP stream. Of note, I found the following:
1. Phone contacts http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
The Phone goes out and fetches this dll onto the system. It references the following certificates (which you can download):
root cert http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
production cert http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
time stamp PCA? http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
2. After that, it goes and fetches the following cab file: http://sds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab. This cab file contains a single xml file called wuredir.xml. It has two values: the clientServerURL and the ReportingServer URL.
3. After this, some https traffic occurs to the clientserver URL. I am guessing this is it checking for updates.
4. Then it posts to http://statsfe1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx with a SOAP action of http://www.microsoft.com/SoftwareDistribution/ReportEventBatch with a whole bunch of info on the phone.
The User Agent being used for all of these communications is as follows: Windows-Mobile-Device-Update-Agent
If this dll it is fetching is unsigned, I wonder if we could have some fun....I am also wondering what happens if we develop and sign an xap with Microsoft's certificate if it will allow us to do more things within the OS.
Sign with Microsoft's private key? If you have access this then your about to become very popular
Sent from my Arc using xda app-developers app
Hmm, the 5_UssDetection seems to be a normal PE32 .dll. Not .NET compiled. I don't see any COM Imports/Exports for it so finding this out may be a little difficult. I haven't used any tools like IDA though, just a normal PE explorer program.
This is good information though. I wonder if GoodDayToDie may have some further input?
Nice find. I've been monitoring phone traffic myself but hadn't caught this exchange yet.
The fact that it checks external cert files is very interesting. Typically, I would expect this to be using "certificate pinning" where the public key of the signing cert is stored internally in the software, and no other signature is trusted (even if it chains to a CA that is installed on the phone and would normally be trusted). MS does use pinning in a number of places; for example, this is how the original ChevronWP7 Unlocker was broken, and is used when adding a Microsoft account to the phone or when that account is updating. However, I figure there's an excellent chance that pinning is *not* being used in at least one place where it really should be (this can be tested using tools like Fiddler or Burp, which have the ability to intercept SSL traffic using a cert that chains to a cert installed in the phone's trusted authorities store).
If pinning isn't being used, it may be possible to modify/create our own detection DLL, then create our own CA cert, install the public key on the phone, use the private key to sign an intermediate cert (that we also create, and have the private key for), and use the intermediate cert to sign our customized DLL. If necessary, we could even intercept the lookups that the phone performs and control what is returned (assuming the lookups are actually over HTTP, or at least unpinned HTTPS).
The probability that the file is unsigned isn't even worth considering; it's quite likely that Microsoft is using a mandatory signing level on WP8 for all executable code. Unfortunately, if they are doing that, it's also likely that it's set to require a cert which chains to the MS root cert (this is how Windows RT is by default), which is effectively a form of system-wide cert pinning. However, if you want to check, signtool in the Visual Studio Command Prompt can dump authenticode certs on a file.
Reverse engineering the detection DLL is quite possibly worthwhile even if we can't modify it, too; it'll provide insight into the update process, which is one of the best places to mess with a system. It runs with high privileges and explicitly is capable of modifying system code.
That sounds quite enticing! I wish I knew x86/ARM assembly :/. I'll see what the sign tool outputs in VS
It feels great to see that you're here GoodDayToDie You helped out a lot on WinPho 7 for HD2 (a device I'll soon repurchase).
Hopefully there'll be some advancements on the "jailbreaking" of Windows Phone 8
I would be surprised if WP8 wasn't using the same code signing requirements as Windows RT.
As far as hijacking that dll goes, unless we can find an immediate privileged code execution exploit in it all it's most likely to do would be to give us write abilities to the FS, and there's a huge 'if' attached to that. That would be a big step if possible, though.
Something that would be interesting to check is if an EXE compiled for Windows RT (cdb, for example) would be capable of running on WP8. If MS used the same signing certificates it may be possible to put enough of Windows RT's dependencies on WP8 to allow it to run a simple console application. Obviously we wouldn't have any console windows or the sort, but it should be possible to capture output if it worked.
We have a decrypted OS dump around somewhere, right? It should be simple to check if they use the same signatures.
Good call on checking the signatures. I'd also like to take a look at reverse engineering the OEM apps again; even if they don't give us a device-agnostic hack directly, they may reveal interesting things about the WP8 app model internals and also may give device-specific breaks which can be used to gain the knowledge we need for crafting device-agnostic ones.
Slightly off-topic:
The zipview exploit still (sort of) works. Hard to believe, but I bet MS just recompiled the program for NT's Win32 and didn't bother with it beyond that. Decent chance that the same holds for the XAP installer, though I haven't tried yet. However, A) the filesystem layout has changed, so write-only access is even more poking blind than it used to be, and B) zipview may be running with lower privileges than it used to. On a simple test ZIP (attached for your testing pleasure), I can open files and create directories up to three levels above the zip root, but no further. Trying to open a file in a folder directly higher than that gives a "cannot extract to a read-only location" error, and trying to open a file inside a subfolder above the third level up gives a generic error message (probably due to failing to create the folder).
Also, I got wired tethering working on my Ativ S today. I'll create a post about doing that if nobody else has done so yet (it was almost identical to the WP7 Samsung devices, the only hard part being finding the right 64-bit drivers). WindowBreak didn't work, though (the folder that it extracts at is above the permissions cutoff, which makes me suspect zipview can't write to the drive root) and I don't think the subcomponent of the Diagnostics app works the same, either (a lot of the diagnostics codes have changed; we should learn the new ones).I don't even know if WP8 understands provxml (it's historically a CE feature, not an NT one), although I found references in the Diag app to provxml being "ready".
Here's what I came up with for a file list from some rudimentary (and possibly inaccurate) parsing of a .ffu: http://pastebin.com/hX6qJQeA
Got that from RM820_1232.2109.1242.1001_RETAIL_nam_usa_100_01_95122.ffu.
Great, thanks for that! Looks like provxml is definitely still here, and that's probably good. I'll bet they changed some things though, to make it more NT-ish (support for proper ACLs, for example). I should review those included provxml files for a look at how the phone is currently configured. Lots of potentially interesting .REG files too. I'll have to try some more things here!
No problem. All I did was pull out all text inside '<DevicePath>' tags inside one of the FFUs for the AT&T Lumia 920.
From looking at the FFU it appears to be a collection of CAB archives (or packages) encapsulated in some proprietary format. WP7.x tools don't work on them, sadly.
Edit: I'm blind sometimes, there is a tool to mount them and it does work.
More edit: Different signatures.
More more edit: Windows RT refuses to run the WP8 binaries without a jailbreak.
Hmm... but with jailbreak, do the binaries run? I mean, they're NT Win32-based PE binaries compiled for THUMB2 architecture, so I'm sure they can at least be executed, but do they actually run or do this simply error out or crash immediately?
It would be interesting to compare the certificate chains of RT and WP8 binaries. As far as I know, the default restriction level on RT should allow anything that chains to the Microsoft root Authenticode cert to run, which means either that we misunderstand that restriction or that the WP8 signatures chain to a completely different cert. I'm guessing it's the latter, but that does surprise me. I could understand if RT used the "Windows" signing level and WP8 binaries wouldn't work; despite having Windows in the name, using the Win32 API, and running on the NT kernel, the Windows Phone team is separate from the Windows team and quite likely has its own signing keys. I would think that an OS which accepts Office and DevDiv/Tools signatures (unless Office and the debuggers were re-signed by the Windows team? I haven't checked) would accept Windows Phone signatures too.
GoodDayToDie said:
Hmm... but with jailbreak, do the binaries run? I mean, they're NT Win32-based PE binaries compiled for THUMB2 architecture, so I'm sure they can at least be executed, but do they actually run or do this simply error out or crash immediately?
It would be interesting to compare the certificate chains of RT and WP8 binaries. As far as I know, the default restriction level on RT should allow anything that chains to the Microsoft root Authenticode cert to run, which means either that we misunderstand that restriction or that the WP8 signatures chain to a completely different cert. I'm guessing it's the latter, but that does surprise me. I could understand if RT used the "Windows" signing level and WP8 binaries wouldn't work; despite having Windows in the name, using the Win32 API, and running on the NT kernel, the Windows Phone team is separate from the Windows team and quite likely has its own signing keys. I would think that an OS which accepts Office and DevDiv/Tools signatures (unless Office and the debuggers were re-signed by the Windows team? I haven't checked) would accept Windows Phone signatures too.
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As far as running, some have given me console output, but I haven't gotten a single GUI one to start. I've been considering on looking to see how complex the UI is to see if I can write some sort of WP8->Win32 translation layer. There are just so few WP8 xaps floating around that it's not really worth looking into, though.
I don't expect the GUI to work; the whole model (with the Back history and all that) is going to rely on stuff not found on Windows Client. Cool that you're able to get some CLI apps to work (which is funny in and of itself; WP8 doesn't support a terminal interface). This is only post-jailbreak though? That still seems weird, since the signatures chain to the MS root CA. Very weird. I'll poke around myself once I download a ROM to explore (busy with work at present).
I haven't really found any to work, per se, I've just gotten console output, generally in the form of an error message or a help prompt. I can't recall which files exactly I had tried with, though. I mostly just poked through system32.
GoodDayToDie said:
I don't expect the GUI to work; the whole model (with the Back history and all that) is going to rely on stuff not found on Windows Client. Cool that you're able to get some CLI apps to work (which is funny in and of itself; WP8 doesn't support a terminal interface). This is only post-jailbreak though? That still seems weird, since the signatures chain to the MS root CA. Very weird. I'll poke around myself once I download a ROM to explore (busy with work at present).
Click to expand...
Click to collapse
the GUI classes of windows phone are not compatible with the standard .Net library or windows RT. The only way to get them running is through some sort of virtual machine. Some MSFT guys confirmed this a few months back at a training course about W8 RT.
Basically, it is kinda difficult to have WP8 apps show any GUI at all outside of their WP8 runtime.
netham45 said:
Here's what I came up with for a file list from some rudimentary (and possibly inaccurate) parsing of a .ffu: http://pastebin.com/hX6qJQeA
Got that from RM820_1232.2109.1242.1001_RETAIL_nam_usa_100_01_95122.ffu.
Click to expand...
Click to collapse
In regards to the file "MMOS.wim", has anyone managed to extract it/analyze it?
I couldn't find anything about it online. I am able to mount the file to a virtual disk and view its contents, but I am not able to view/read/extract any of these files from the drive. Trying to copy any file from the drive gives a system error/exception message that I have never seen before.
Are the files inside of "MMOS.wim" even useful?
---------- Post added at 12:13 PM ---------- Previous post was at 11:22 AM ----------
mcosmin222 said:
the GUI classes of windows phone are not compatible with the standard .Net library or windows RT. The only way to get them running is through some sort of virtual machine. Some MSFT guys confirmed this a few months back at a training course about W8 RT.
Basically, it is kinda difficult to have WP8 apps show any GUI at all outside of their WP8 runtime.
Click to expand...
Click to collapse
Not difficult, more like impossible lol.
The entire native UI is very independent. It is best described as one single app that has multiple pages. The start menu is a page, settings app is a page, office 365 is a page, etc.
These different pages all cross-reference resources from each other and can modify each other. However, they are all compiled separately. Each "page" contains it's own resources and GUI markup in a dll, along with native code to interact with the markup. This native code can also call functions and access resources from other "page" dll's. There are no compiler dependencies between the "pages" when being created, only during actual runtime.
Things are very "coupled" by this model on purpose. Changing code/functionality in the startmenu.dll could potentially break everything. It is designed so that you cannot target and modify a specific element or feature without updating code in other areas of the system.
Basically, you need full access and understanding of the gui layouts/code to modify it.
The only reasonable possibility is the ability to modify the markup code (think XAML) to change layouts and visuals. But even that possibility is made difficult since the markup is compiled. However, no information is lost during the compilation, meaning that the markup can be decompiled back to its original form.
Windows 8/RT uses DUI (DirectUI), a similar framework, for all of it's native GUI elements.
Windows Phone 7/8 uses UIX/Splash.
Asking a former Microsoft employee about UIX/Splash is like asking a former U.S. government agent about Area 51. They seriously fear for their lives.
I would avoid using the word impossible as of yet. With a layer of emulation above RT the thing should "run".
It might be possible to have an app compliant with the app store requirements (as in not require jailbreak) on RT to emulate the WP8 GUI model, but that would imply interpreting the XAML code and emulate it JVM style, but it would be a lot of work.
I wonder if the WP8 emulators would prove to be of any use...
mcosmin222 said:
I would avoid using the word impossible as of yet. With a layer of emulation above RT the thing should "run".
It might be possible to have an app compliant with the app store requirements (as in not require jailbreak) on RT to emulate the WP8 GUI model, but that would imply interpreting the XAML code and emulate it JVM style, but it would be a lot of work.
I wonder if the WP8 emulators would prove to be of any use...
Click to expand...
Click to collapse
My GUI post was in regards to the native GUI. I didn't realize that you were talking about WP8 apps running on Windows RT. I thought you meant the other way around lol.
Couldn't this potentially be pointless? Microsoft Job posting was looking for developers interested on deploying .appx on Windows Phone I believe. So that means they are going to make .appx the universal model for all platforms and not .xap in the future. With that said, they might be stopping .xap development completely in the future.
Who would develop an .xap for Windows Phone when you can develop .appx and have it work on Windows Phone + Windows RT + Windows 8 + Xbox?
Just some thoughts. I think trying to get .XAP running on Windows RT is pointless to pursue right now, since the time researching would be better spent in other areas of development.
Im not sure how they are going to make appx run on WP8. The WinRT model is obviously tuned towards bigger screens. How would you use a charms bar on WP8? In fact, how would you use any of the W8 stuff on WP8?
I think a lot of people would like to run emulated WP8 apps on their tablets, since some apps have not been ported yet.
While I do agree this is kinda pointless, it's a nice way of learning new stuff.