Related
Is there possible software out there in the form of our cab install files that are spyware? Is it possible for people to see what we are doing in our phones and pocketpcpdas? like a logging tracking type of software imbeded in our device which tells people what we are doing? what we are downloading..etc..etc..just like how the government can listen to our phone calls. Are possibley our favorite applications such as microsoft live/live search ot tomTom7 tracking software which is telling companies or the government what we are doing on our devices? like how Skyfire can log what you are doing with their web browser through their servers...
....just wanted to know if its possible and has anybody heard of such things
There have been trojans in the wild for pocket pc - the Brador.A trojan did open a backdoor exploit to allow remote access to a device. And there have been other nasty things for Palm.
But, they've been really rare, and mostly proof of concept kind of things. I'd say the far greater risk is that, if you use *.exe installers from your desktop or laptop to put software on your mobile, that the desktop or laptop could become infected by something seeded in the *.exe file.
So, always scan any installers, ideally as you download (ie. with and AV app integrated with your browser, like Norton) before you execute them. When docked to your PC, you can also scan your mobile - I use Vista on one of my machines at home, and dock my Tilt to it without setting it up, so it's just like any other mass storage device. Norton will scan it like any other drive or storage device.
moegdaog said:
Is there possible software out there in the form of our cab install files that are spyware? Is it possible for people to see what we are doing in our phones and pocketpcpdas? like a logging tracking type of software imbeded in our device which tells people what we are doing? what we are downloading..etc..etc..just like how the government can listen to our phone calls. Are possibley our favorite applications such as microsoft live/live search ot tomTom7 tracking software which is telling companies or the government what we are doing on our devices? like how Skyfire can log what you are doing with their web browser through their servers...
....just wanted to know if its possible and has anybody heard of such things
Click to expand...
Click to collapse
While this is not "spyware" it certainly does what spyware would do - right? report without your knowing it what the phone user was doing?
http://www.pocketpc-live.com/pocketpc-softwares/ultimate-theft-alert-v3-for-pocket-pcs.html
Bill
Yep... but usually it's yourself installing that thing so I wouldn't qualify it as spyware...
Unless someone grabs your phone from you and installs the software against you without you knowing it
Anything is possible when you put your mind to it. I bet if you talked to enough coders you'd find one that would help you write Spyware.
Possible? Yes. Probable? No.
o ok..just wanted to get some general knowledgeon this subject cuz i would hate to have to worry about trojans on my pda maaan.
moegdaog said:
o ok..just wanted to get some general knowledgeon this subject cuz i would hate to have to worry about trojans on my pda maaan.
Click to expand...
Click to collapse
Now - Let's say that you were oh say Chinese - and that you knew that LOTS of foreigners were coming over for say - oh - a lot of games - would you PAY someone to put spyware on their phones?
hmmmm. . . MAYBE...
Just a thought...
Bill
Hello,
I've got HTC HD7 with 02 branding and am running Win XP.
I am desperately trying to access phone's internal memory over USB with no success. I would like to shift data so like used to do it on my old HTC Diamond. And I dont want to use the Zune crap, cause it only allows shifting media files like music and videos...
I mean, WM6, 6.1 and 6.5 had a sperate option (ActiveSync, Memory Access or Internet Sharing) when plugging device to the computer.
Is there any similar app or built-in functionality to do so???
Thanks and regards,
schorschy
schorschy said:
Hello,
I've got HTC HD7 with 02 branding and am running Win XP.
I am desperately trying to access phone's internal memory over USB with no success. I would like to shift data so like used to do it on my old HTC Diamond. And I dont want to use the Zune crap, cause it only allows shifting media files like music and videos...
I mean, WM6, 6.1 and 6.5 had a sperate option (ActiveSync, Memory Access or Internet Sharing) when plugging device to the computer.
Is there any similar app or built-in functionality to do so???
Thanks and regards,
schorschy
Click to expand...
Click to collapse
nope, zunes the only option right now.
i really do not understand microsoft... they announced wm7 as something absolutely groundbreaking and there are many functionalities i am missing even in comparison to wm6!!!
i mean, okay, i somehow can understand they removed activesync... but memory access via usb?! or wm6 to wm7 data migration?! i mean, these are basic functionalities every mobile device MUST have...
it really makes me think over about giving back my device...
schorschy said:
i mean, okay, i somehow can understand they removed activesync... but memory access via usb?! or wm6 to wm7 data migration?! i mean, these are basic functionalities every mobile device MUST have...
Click to expand...
Click to collapse
I totally disagree, memory access by USB is not a must have function to sell a mobile phone by any means.
What data are you trying to put onto the device that won't be covered by Zune or a Windows Live/Google account etc?
i just think using pda as a memory stick is a very useful functionality... for example, shifting pdf's when being offline or similar...
Microsoft have taken the approach that in order to produce a stable platform, the file system needs to be locked down so that people cannot "tinker" with it. Its a sensible approach if you think about it from that perspective.
If this was such a big thing for you, why didn`t you check before purchasing?
schorschy said:
Hello,
I've got HTC HD7 with 02 branding and am running Win XP.
I am desperately trying to access phone's internal memory over USB with no success. I would like to shift data so like used to do it on my old HTC Diamond. And I dont want to use the Zune crap, cause it only allows shifting media files like music and videos...
I mean, WM6, 6.1 and 6.5 had a sperate option (ActiveSync, Memory Access or Internet Sharing) when plugging device to the computer.
Is there any similar app or built-in functionality to do so???
Thanks and regards,
schorschy
Click to expand...
Click to collapse
Well, to each its own, some users TOTALLY DISAGREE with you, while I'm just like you thinking that a new system should be inclusive to all features and capabilities provided by the prior one.
Plus, tinkering with system file? well an 8 GB or 16 GB of storage SHOULD be used the way i Like it, not Locked out as some suggests, at least look ROM files, leaving the rest for the user preferences.
Final word, I TOTALLY AGREE with you about your complaint.
Will
Willy318is said:
Well, to each its own, some users TOTALLY DISAGREE with you, while I'm just like you thinking that a new system should be inclusive to all features and capabilities provided by the prior one.
Plus, tinkering with system file? well an 8 GB or 16 GB of storage SHOULD be used the way i Like it, not Locked out as some suggests, at least look ROM files, leaving the rest for the user preferences.
Final word, I TOTALLY AGREE with you about your complaint.
Will
Click to expand...
Click to collapse
Now now Will,
I just have trouble grasping this type of thread - this was all known before launch and before devices were available to buy. But hey, whatever.
I've just bought a HD7 too, and I have to admit to being absolutely gutted. Admittedly I didn't do too much research into it before getting it but I just assumed that being a windows mobile device it would be reasonably friendly with windows on my desktop computer. I've been tinkering with zunes to get my old pictures and music onto the phone but it's just ghastly.
Chances are I'll ditch it and get an android methinks. Real shame because I used to love my old HD2.
admittedly, i didn't research on this phone before getting it... just because i trusted the plattform - wm6.1 and wm6.5 were stable enough... however, after getting the device, i must say it's nothing for "tweaker", but a pure media consumption system. and thats why i hate it - fancy layers, nice optics, easy-to-use apps, but... zero funtionality. using it makes me feel i'm a little schoolgirl wearing a pink t-shirt.
gonna give it back and get hd2. the lesson i learnt for the second time (after getting fresh-presented htc diamond touch in 2008):
it's better to have an older device with mature os and application landscape than to have the latest device with lots of "fancy" stuff!
never do the same mistake again... thanks to all for replies and warm greetings from germany!
For goodness sake, it was so well trailed that MS would make WP7 a locked down system it would have taken hardly any research to find it out. I wish I had the cash to purchase £500 smartphones with little or no research up front. There is nothing wrong with wanting to tweak etc. but to do so, get an android device, a WM6.5 device, a jail broken iPhone or wait until someone "jailbreaks" WP7. Sheesh it's like saying "OMG I bought a Toyota and am so disappointed to find it isn't a Ford"
adesonic said:
For goodness sake, it was so well trailed that MS would make WP7 a locked down system it would have taken hardly any research to find it out. I wish I had the cash to purchase £500 smartphones with little or no research up front. There is nothing wrong with wanting to tweak etc. but to do so, get an android device, a WM6.5 device, a jail broken iPhone or wait until someone "jailbreaks" WP7. Sheesh it's like saying "OMG I bought a Toyota and am so disappointed to find it isn't a Ford"
Click to expand...
Click to collapse
Exactly.
Also there is a reason the product is called Windows Phone 7 and not Windows Mobile 7. I noticed its referred to as Windows Mobile 7 a lot in this thread.
Am I mistaken or didn't MS say they would still maintain updates to the old wm6.5 os as a side project?
also how can anyone say zune is ghastly? its easily the best media organizer there is 100times better than itunes and as for android i had a desire and the syncing was so basic and naff. Another good thing with zune is the music organization, look at itunes and getting album art it is dire. Zune on the other hand is easy as pie and if you cant find it in the library even a 5yo could use the manual edit tool. With Zune everything has the right name album art etc my itunes (i have a mac mini in my living room connected to my tv) is about 80% the rest is to messy to be bothered with. I found when syncing with my desire hardly any artwork came through and the media folders where dire to navigate (this is a biggie as i use it to play music in my car)
I think the thing here is as stated before, the facts are out there this phone is what it is. It is not a win 6.5 update it is a separate mobile os. The features it has are are far beyond anything else out there but if you want something that does something else then buy something else. You don't buy a toaster to fry chips.
+1 On the Zune is excellent front....awesome software
lumpaywk said:
You don't buy a toaster to fry chips.
Click to expand...
Click to collapse
That's a late night half-drunk/half-stoned experiment just begging to be done... where's my toaster?
I've been searching for .XAP decompiler/disAssembler (to do reverse engineer) for phone 8 xap files. I've seen that the new .xap files are not longer simple .zip/.rar files. They have something more.
In short I'm asking something similar to http://forum.xda-developers.com/showthread.php?t=1443692 for phone 8 . Does anyone know any (free) tool which can help me out ?
Could you please attache XAP? I'll investigate it.
Sure
Please see the attachment.
It appears MS have encrypted XAPs now - this has a PlayReady DRM header:
Code:
<WRMHEADER xmlns="http://schemas.microsoft.com/DRM/2007/03/PlayReadyHeader" version="4.0.0.0"><DATA><PROTECTINFO><KEYLEN>16</KEYLEN><ALGID>AESCTR</ALGID></PROTECTINFO><KID>w3i0edJP7EOqQ6aQzdAoSQ==</KID><LA_URL>http://microsoft.com/</LA_URL><CUSTOMATTRIBUTES xmlns=""><S>9FcV5qmfIsMc+X2MVmX3Hw==</S><KGV>0</KGV></CUSTOMATTRIBUTES><CHECKSUM>Hu3+fizBvKU=</CHECKSUM></DATA></WRMHEADER>
So, does it mean I'll never be able to decompile any .xap ?
XAPs downloaded from the Marketplace are encrypted starting sometime in summer last year. That was also the time when devices that had not installed the WP7.5 update lost access to the Marketplace.
So unless you know the decryption key no: you won't be able to decompile XAP files downloaded from the Marketplace. As for XAPs you get from a Dev directly or created yourself - those should still be in the same ZIP-Format as before.
if we get admin access on the phone we can make the phone to decompile it for us and then make an unencrypted version of the .xap
StevieBallz said:
XAPs downloaded from the Marketplace are encrypted starting sometime in summer last year. That was also the time when devices that had not installed the WP7.5 update lost access to the Marketplace.
So unless you know the decryption key no: you won't be able to decompile XAP files downloaded from the Marketplace. As for XAPs you get from a Dev directly or created yourself - those should still be in the same ZIP-Format as before.
Click to expand...
Click to collapse
Does anybody developed some hack to see content of .xap files which are from market place ? if yes, where can I get it ?
ellokomen said:
if we get admin access on the phone we can make the phone to decompile it for us and then make an unencrypted version of the .xap
Click to expand...
Click to collapse
And how can I get admin permission on my phone win 8 phone ? In other words, is it possible to get admin permission on win 8 mobile ?
@shek007
WP8 is much more secure than WP7. So it will take much time or never to hack the OS.
Regarding the xap decompile, it seems you are insisting on 'hacking'. That is a bad behaviour, trying to steal other's logic/data If it's your's or friend's .xap, then you'll get access to the code. Otherwise you have no right to decompile the code if it's not yours or the others didn't provide you access.
Anyway, you got the answer back then: no, it won't work.
shek007 said:
And how can I get admin permission on my phone win 8 phone ? In other words, is it possible to get admin permission on win 8 mobile ?
Click to expand...
Click to collapse
1. No one knows what "win 8 phone" and "win 8 mobile" are. Never heard of those.
2. Go somewhere else to discuss theft.
narrowing the subject to "theft" is not appropriate as when one wants to make out the most of some applications.
Examples are: Decompile the Field Test app from nokia to see the internal API calls to the radio module in order to obtain RF related data, such as cell ID, MCC+MNC, Ec/Lo etc..
using this API calls we can make Apps for RF field engineers to test the network performance and signal levels using the Lumia phone.
This functionality is well known on others smartphones but lacking in Windows Phone platform so far.
Another example will be using multiple whatsapp accounts in the same phone ( another functionality from other mobile platform missing in WP)
As far as I understood the security architecture not just any App would be able to access those APIs even if it knew about them. It requires special permissions and I would guess that at the moment those are not available with a regular Developer Unlock.
As for decrypting the file or gaining access to the phone and extracting the data from there: WP8 security has not yet been broken. There might be people working on it but for now we know of no way to do it.
StevieBallz said:
As far as I understood the security architecture not just any App would be able to access those APIs even if it knew about them. It requires special permissions and I would guess that at the moment those are not available with a regular Developer Unlock.
As for decrypting the file or gaining access to the phone and extracting the data from there: WP8 security has not yet been broken. There might be people working on it but for now we know of no way to do it.
Click to expand...
Click to collapse
Idk if you guys know about this website... [http]://xapapp[dot]blogspot.com/
this guys does exactly what the OP asked. If m wrong then please correct me
I guess I'll have to wait until I can learn about this
Btw, I never had intention to hack/theft others app..
tai4de2 said:
1. No one knows what "win 8 phone" and "win 8 mobile" are. Never heard of those.
2. Go somewhere else to discuss theft.
Click to expand...
Click to collapse
1. Yes. No one knows what win 8 phone is.
That is why YOU are on this forum thread., because is called just like that. "Windows Phone 8" looks similar to windows 8 phone. Or not.
2. " Windows Phone 8 Development and Hacking>> Windows Phone 8 Q&A, Help & Troubleshooting" is the name of this thread. So, where else could discuss hacking windows 8 apps.
You just needed to post something.
I just needed to reply (two years later), so I joined to forum. :laugh:
BTW are there any new tools for decompile xap files?
Please don't necropost!
Posting here rather in a PM in the hopes that others will see and remember...
You just posted in a 22-month-inactive thread. This violates a near-universal guideline (sometimes rule) of online forums: do not post in dead threads (common called "necroposting"). Your post added nothing of value and effectively constitutes spam, as it brings a thoroughly outdated thread to the top of the forum list. It's much better to create a new thread (linking the old one, if you feel that will help) as then people who read earlier posts in the thread but don't notice the datestamps won't be seeing stuff that is years out of date.
While I agree that the person you responded to was being needlessly pedantic, it does seriously annoy some members of the community to have people screw up the name of the OS. Win8 and WP8 have about as much in common as Mac OS X and iOS; that doesn't mean it's reasonable to say an iPhone runs "Phone OS X". The fact that there existed a legacy (and *very* different) OS called Windows Mobile (or WinMo), and that people routinely seem to think that WP is just the continuation of WinMo (it's really, really not), is a large part of why some folks stomp on people who use the wrong name for the OS.
Decompiling apps is easy. Breaking PlayReady DRM is really, really hard. There's no decompiler anywhere I know of that can take a DRMed XAP and decompile it. You'll have to get the app without DRM encryption if you want to decompile it.
PLEASE DO NOT POST ANY MORE IN THIS THREAD!
you can use java codes with the IE browser (also with Favorites)
maybe window break could get advanced
examples
javscript:history.forward
javascript:alert(document.cookie)
javascript:alert("xda")
IE10 mobile with windows phone 8 (tested on Lumia 920)
IE9 mobile with Windows Phone 7 doesn't work (tested on Mozart)
saywa said:
you can use java codes with the IE browser (also with Favorites)
maybe window break could get advanced
examples
javscript:history.forward
javascript:alert(document.cookie)
javascript:alert("xda")
IE10 mobile with windows phone 8 (tested on Lumia 920)
IE9 mobile with Windows Phone 7 doesn't work (tested on Mozart)
Click to expand...
Click to collapse
I'm not sure how this would ever help us, though. That's pretty much the same as just running javascript within the browser. And either way, the browser runs under low privileges anyway.
Good thought, though!
First of all, Java has nothing to do with JavaScript except for some idiot marketing scheme by Netscape long ago. Don't confuse them.
Second, if it were possible to use JS to jailbreak a phone, then it would also be possible for an attacker to take over your phone just because you visited a website. This would be bad.
Third, WP7/IE9 actually does support "scriptlets" or "bookmarklets" (javascript:<code> favorites); see my signature for a link to a few of them for WP7, including a "Find on page" tool.
Fourth, while Jaxbot is absolutely correct that the browser has low privileges (even if we could cause it to execute anything we want, we *probably* couldn't manage to unlock the phone), it is nonetheless probably a good idea to keep an eye out for any exploits released against IE10 on the desktop. Much of the code in the Windows Phone version is the same, and it might be possible to use a known exploit (at least, until it gets patched) to have another way to learn more about how the OS works, which might allow us to find a vulnerability that can be used for an unlock. It's not a sure thing, but it *might* help.
So after that guy figured out the tethering hack for iOS by just changing a few lines of test, I decided to try to find one for Windows Phone 8. I have no idea how it would get on the phone (besides possibly flashing a new rom?), but I went and looked anyway. I mounted the VHD from the SDK and I think that I found something. If you use something like Visual Studio's Find in Files and search for ICSSVC, you'll find some interesting stuff.
First of all, in Microsoft,Net.NetCore.reg, I found this: puu.sh/3J9yS.png That's how I learned about ICSSVC. So then I searched for that and in Microsoft.Net.NetCore.policy.xml there is a bunch of capability stuff. I have no idea what to do past here, and the emulator doesn't have the Internet Sharing option. So, yeah.
MichaelC97 said:
So after that guy figured out the tethering hack for iOS by just changing a few lines of test, I decided to try to find one for Windows Phone 8. I have no idea how it would get on the phone (besides possibly flashing a new rom?), but I went and looked anyway. I mounted the VHD from the SDK and I think that I found something. If you use something like Visual Studio's Find in Files and search for ICSSVC, you'll find some interesting stuff.
First of all, in Microsoft,Net.NetCore.reg, I found this: puu.sh/3J9yS.png That's how I learned about ICSSVC. So then I searched for that and in Microsoft.Net.NetCore.policy.xml there is a bunch of capability stuff. I have no idea what to do past here, and the emulator doesn't have the Internet Sharing option. So, yeah.
Click to expand...
Click to collapse
Unfortunately, this involves dumping phone ROMs and modifying the policies (We don't know how crazy this process will be). Another set back involves the fact that the bootloaders for WP8 are signed which would require the the ROM to be signed with the correct cert, etc.
Basically, this will be extremely painful due to WP8 running a Windows NT Kernel (WP7 uses Windows CE) and all kinds of other obstacles that we haven't discovered yet.
snickler said:
Unfortunately, this involves dumping phone ROMs and modifying the policies (We don't know how crazy this process will be). Another set back involves the fact that the bootloaders for WP8 are signed which would require the the ROM to be signed with the correct cert, etc.
Basically, this will be extremely painful due to WP8 running a Windows NT Kernel (WP7 uses Windows CE) and all kinds of other obstacles that we haven't discovered yet.
Click to expand...
Click to collapse
Also while I was searching, I found a registry entry for 'DeveloperUnlock'. So when you run the program to dev unlock your phone, the program must modify the registry on the phone. I'm pretty sure that it would be possible to replicate that.
MichaelC97 said:
Also while I was searching, I found a registry entry for 'DeveloperUnlock'. So when you run the program to dev unlock your phone, the program must modify the registry on the phone. I'm pretty sure that it would be possible to replicate that.
Click to expand...
Click to collapse
As of now, we can't execute the native EXEs on the phone so we won't know whether we can replicate that or not. I know with talking with HeathCliff74, modifying the policy on WP7 took quite a long time and effort to figure out. I can almost guarantee the policies on WP8 are implemented completely different from WP7 and even a bigger pain to modify
snickler said:
As of now, we can't execute the native EXEs on the phone so we won't know whether we can replicate that or not. I know with talking with HeathCliff74, modifying the policy on WP7 took quite a long time and effort to figure out. I can almost guarantee the policies on WP8 are implemented completely different from WP7 and even a bigger pain to modify
Click to expand...
Click to collapse
I meant the program on your computer that comes with the SDK. I think that it modifies the phones registry to dev unlock it.
MichaelC97 said:
I meant the program on your computer that comes with the SDK. I think that it modifies the phones registry to dev unlock it.
Click to expand...
Click to collapse
You are correct, it does modify the registry to dev unlock it by connecting to a running service on the phone and executing native DLLs. The main DLL that interacts with the phone within the program's folder is an Win32 compiled .DLL rather than a .NET file which would require some disassembly to get an idea of what's going on. It also doesn't help that it is a signed DLL.