Hi all,
i've never used a windows phone, so i've some questions related:
I've seen three license types: student, develop, interop. If i've understood well, these three licenses differ each other on the number of unsigned apps that can be installed into the device (3,10,unlimited). If i have a develop license, the 10 apps limit can be considered "in total" or "in the same time"?For example, can i deploy 10 unsigned apps for one month and 10 new apps the next one?
A signed app downloaded from the store is always encrypted even if the developer doesn't encrypt the code?
Which license i need to exfiltrate an appx file?
If i change the code of a signed appx, can i deploy it on my phone?I need a particular license?
If i need to resign a changed appx, how can i do it?
Thanks
This really doesn't belong in the General forum, more fitted for Q&A.
The FAQ should fix almost all of your problems.
Related
I've been searching for .XAP decompiler/disAssembler (to do reverse engineer) for phone 8 xap files. I've seen that the new .xap files are not longer simple .zip/.rar files. They have something more.
In short I'm asking something similar to http://forum.xda-developers.com/showthread.php?t=1443692 for phone 8 . Does anyone know any (free) tool which can help me out ?
Could you please attache XAP? I'll investigate it.
Sure
Please see the attachment.
It appears MS have encrypted XAPs now - this has a PlayReady DRM header:
Code:
<WRMHEADER xmlns="http://schemas.microsoft.com/DRM/2007/03/PlayReadyHeader" version="4.0.0.0"><DATA><PROTECTINFO><KEYLEN>16</KEYLEN><ALGID>AESCTR</ALGID></PROTECTINFO><KID>w3i0edJP7EOqQ6aQzdAoSQ==</KID><LA_URL>http://microsoft.com/</LA_URL><CUSTOMATTRIBUTES xmlns=""><S>9FcV5qmfIsMc+X2MVmX3Hw==</S><KGV>0</KGV></CUSTOMATTRIBUTES><CHECKSUM>Hu3+fizBvKU=</CHECKSUM></DATA></WRMHEADER>
So, does it mean I'll never be able to decompile any .xap ?
XAPs downloaded from the Marketplace are encrypted starting sometime in summer last year. That was also the time when devices that had not installed the WP7.5 update lost access to the Marketplace.
So unless you know the decryption key no: you won't be able to decompile XAP files downloaded from the Marketplace. As for XAPs you get from a Dev directly or created yourself - those should still be in the same ZIP-Format as before.
if we get admin access on the phone we can make the phone to decompile it for us and then make an unencrypted version of the .xap
StevieBallz said:
XAPs downloaded from the Marketplace are encrypted starting sometime in summer last year. That was also the time when devices that had not installed the WP7.5 update lost access to the Marketplace.
So unless you know the decryption key no: you won't be able to decompile XAP files downloaded from the Marketplace. As for XAPs you get from a Dev directly or created yourself - those should still be in the same ZIP-Format as before.
Click to expand...
Click to collapse
Does anybody developed some hack to see content of .xap files which are from market place ? if yes, where can I get it ?
ellokomen said:
if we get admin access on the phone we can make the phone to decompile it for us and then make an unencrypted version of the .xap
Click to expand...
Click to collapse
And how can I get admin permission on my phone win 8 phone ? In other words, is it possible to get admin permission on win 8 mobile ?
@shek007
WP8 is much more secure than WP7. So it will take much time or never to hack the OS.
Regarding the xap decompile, it seems you are insisting on 'hacking'. That is a bad behaviour, trying to steal other's logic/data If it's your's or friend's .xap, then you'll get access to the code. Otherwise you have no right to decompile the code if it's not yours or the others didn't provide you access.
Anyway, you got the answer back then: no, it won't work.
shek007 said:
And how can I get admin permission on my phone win 8 phone ? In other words, is it possible to get admin permission on win 8 mobile ?
Click to expand...
Click to collapse
1. No one knows what "win 8 phone" and "win 8 mobile" are. Never heard of those.
2. Go somewhere else to discuss theft.
narrowing the subject to "theft" is not appropriate as when one wants to make out the most of some applications.
Examples are: Decompile the Field Test app from nokia to see the internal API calls to the radio module in order to obtain RF related data, such as cell ID, MCC+MNC, Ec/Lo etc..
using this API calls we can make Apps for RF field engineers to test the network performance and signal levels using the Lumia phone.
This functionality is well known on others smartphones but lacking in Windows Phone platform so far.
Another example will be using multiple whatsapp accounts in the same phone ( another functionality from other mobile platform missing in WP)
As far as I understood the security architecture not just any App would be able to access those APIs even if it knew about them. It requires special permissions and I would guess that at the moment those are not available with a regular Developer Unlock.
As for decrypting the file or gaining access to the phone and extracting the data from there: WP8 security has not yet been broken. There might be people working on it but for now we know of no way to do it.
StevieBallz said:
As far as I understood the security architecture not just any App would be able to access those APIs even if it knew about them. It requires special permissions and I would guess that at the moment those are not available with a regular Developer Unlock.
As for decrypting the file or gaining access to the phone and extracting the data from there: WP8 security has not yet been broken. There might be people working on it but for now we know of no way to do it.
Click to expand...
Click to collapse
Idk if you guys know about this website... [http]://xapapp[dot]blogspot.com/
this guys does exactly what the OP asked. If m wrong then please correct me
I guess I'll have to wait until I can learn about this
Btw, I never had intention to hack/theft others app..
tai4de2 said:
1. No one knows what "win 8 phone" and "win 8 mobile" are. Never heard of those.
2. Go somewhere else to discuss theft.
Click to expand...
Click to collapse
1. Yes. No one knows what win 8 phone is.
That is why YOU are on this forum thread., because is called just like that. "Windows Phone 8" looks similar to windows 8 phone. Or not.
2. " Windows Phone 8 Development and Hacking>> Windows Phone 8 Q&A, Help & Troubleshooting" is the name of this thread. So, where else could discuss hacking windows 8 apps.
You just needed to post something.
I just needed to reply (two years later), so I joined to forum. :laugh:
BTW are there any new tools for decompile xap files?
Please don't necropost!
Posting here rather in a PM in the hopes that others will see and remember...
You just posted in a 22-month-inactive thread. This violates a near-universal guideline (sometimes rule) of online forums: do not post in dead threads (common called "necroposting"). Your post added nothing of value and effectively constitutes spam, as it brings a thoroughly outdated thread to the top of the forum list. It's much better to create a new thread (linking the old one, if you feel that will help) as then people who read earlier posts in the thread but don't notice the datestamps won't be seeing stuff that is years out of date.
While I agree that the person you responded to was being needlessly pedantic, it does seriously annoy some members of the community to have people screw up the name of the OS. Win8 and WP8 have about as much in common as Mac OS X and iOS; that doesn't mean it's reasonable to say an iPhone runs "Phone OS X". The fact that there existed a legacy (and *very* different) OS called Windows Mobile (or WinMo), and that people routinely seem to think that WP is just the continuation of WinMo (it's really, really not), is a large part of why some folks stomp on people who use the wrong name for the OS.
Decompiling apps is easy. Breaking PlayReady DRM is really, really hard. There's no decompiler anywhere I know of that can take a DRMed XAP and decompile it. You'll have to get the app without DRM encryption if you want to decompile it.
PLEASE DO NOT POST ANY MORE IN THIS THREAD!
After enrolling my Lumia 920 to the corporate Exchange email, new MDM (mobile device management) policies are applied to my phone. It's OK but company administrator(s) set the unlock password (pin) expiration time too short. Every damn month I should choose and remember a new pin... And I can not use the old pins (or I don't know what is the time for "clearing" my old passwords).
Do you know/could you suggest any tricks/hacks to get around this situation? I want to reuse my old pins.
Hey Dude,
I don't think that you can do anything. And this is not the correct thread for such questions.
In the MS World the recommended value for reusing old passwords is 24 so after 2 years
(if 4 weeks was choosen) you can use the first one again.
Why do you think it's an incorrect forum? This forum is about "hacking", and I need a hack. It's definitely not a "Q&A" or "General" forums question...
Hmmm this WOULD fall under the Q&A because it is technically asking a how-to although it involves hacking. Typically the threads under the Development and Hacking are threads that start projects with the hopes of hacking instead of asking how to. With that said, I'll move that over there for now and if there is some development that comes out of this, it can be renamed and moved back to Development and Hacking.
If you have a registry editor, it's pretty easy to tweak those settings. Unfortunately, you're on a Lumia so right now that's not possible (we're working on it!)
The only other option I can think of right now is to try intercepting the communication between the phone and the corporate server. Exchange ActiveSync uses HTTPS, so any standard HTTPS proxy (like Fiddler or Burp Suite) should work. You may need to set the proxy to use a client certificate (if one was provided for your phone), and you definitely need to install the proxy's certificate on the phone (so the phone trusts it to spoof the corporate server). Anyhow, once you have interception set up, it should be pretty easy to modify the policy rules that get pushed down.
In either case, though, the changes will only last until the next time the phone checks its policy rules. I don't know how often that happens - it *might* even be only at initial enrollment, in which case if you un-enroll and then re-enroll you should be fine - but it could be a problem.
GoodDayToDie, thanks for reply. Could you remind me: is it possible to just read values from registry on the Lumia handsets? At least I want to know value of the DevicePasswordHistory settings (according to this article).
[UPDATE] I installed Fiddler's root certificate on the phone, and able to catch & decode https traffic; however there is nothing about provisioning xml in the content, account synchronization produces 3 https requests, first response is a short binary data, second contains an email body (or header) etc. , no xml at all. Looks like MDM policies are applied only on service discovery (I should google for that). Will try to remove this Exchange account and add it again. By the way, I'm not very familiar with the Fiddler: can I change https XML response on the fly?
Hi guys,
This is my first post in XDA and this question should be posted in "Windows Phone 8 Development and Hacking" but unfortunately, i don't have the minimum requirements of 10 posts for the Development and Hacking Section so i am hoping for someone to give me a push here.
I am looking for a way to access my shared folder on my LAN through Windows Phone Application. I have downloaded a sample from Microsoft which uses File Picker. When i run the project as a windows store application I select network, I type the UNC path and I can browse the folders, but when i run it in phone emulator the network option does not exists. I have searched Google for an example on how to enumerate shared folders in my LAN and i have not found any solution.
So if someone could help me it would be really appreciated.
Thank you
First of all, no, this thread *DEFINITELY* belongs where you put it. System working as intended. This is a Q, it goes in Q&A. It is neither something you've developed nor a hack to share, it does not go in D&H.
With that said, the problem is unfortunately simple: WP8 doesn't (seem to) support Windows networking (SMB) at all, so far as I can tell. This is somewhat odd, since it has both the LanmanServer and LanmanWorkstation services, which are responsible for providing Windows Networking support, plus all the relevant binaries appear to be present. This warrants further investigation!
You can, in theory, implement it using sockets (see Samba for an open-source implementation of SMB, though note that it is GPL code and if you use it you must open-source your application as well) in any case.
Q&A for [WP8.1] Hypothesis about a possible interop unlock with Messaging+ app
Some developers prefer that questions remain separate from their main development thread to help keep things organized. Placing your question within this thread will increase its chances of being answered by a member of the community or by the developer.
Before posting, please use the forum search and read through the discussion thread for [WP8.1] Hypothesis about a possible interop unlock with Messaging+ app. If you can't find an answer, post it here, being sure to give as much information as possible (firmware version, steps to reproduce, logcat if available) so that you can get help.
Thanks for understanding and for helping to keep XDA neat and tidy!
CAPs required for editing registry
snickler said:
You won't achieve any sort of interop-unlock with such an app. The Messaging+ app uses capabilities specific to chat that are restricted. Just because an app uses the interopservices capability, does not mean that it has rights to write to the specific portion of the registry needed to provide interop-unlock. There are a few threads out there that discuss this already
Click to expand...
Click to collapse
I am curious what CAP is required for editing the registry?
gingerjoke said:
I am curious what CAP is required for editing the registry?
Click to expand...
Click to collapse
You at least need ID_CAP_INTEROPSERVICES or ID_CAP_OEM_DEPLOYMENT at the minimum. There are many threads that detail that interop unlock canNOT be achieved unless we have an RPC Service that runs under the SYSTEM account. The MaxUnsignedApp reg value is locked down so that it can only be edited in the way that I just spoke of.
No app on the marketplace, no modifying a store app will achieve this. We were just VERY lucky with Samsung in the beginning.. That's all.
More generally true: there are lots of CAPs (such as OEM_DEPLOYMENT) that permit editing specific parts of the registry. There is *NO* capability that allows you to edit all of it (in theory ID_CAP_BUILTIN_TCB should, through minor additional work, but in practice that cap doesn't seem to do anything for an app).
ID_CAP_INTEROPSERVICES does not give registry access, or at least not any meaningful amount. All that it gives is the ability to call into RPC servers and drivers. *IF* one of those services exposes an externally-callable API for editing the registry - as one of Samsung's (FCROUTER?) does, or at least did - then you can use that to edit the registry. So in that specific case, INTEROPSERVICES indirectly makes it possible to edit the registry, but it doesn't inherently do anything of the sort.
GoodDayToDie said:
More generally true: there are lots of CAPs (such as OEM_DEPLOYMENT) that permit editing specific parts of the registry. There is *NO* capability that allows you to edit all of it (in theory ID_CAP_BUILTIN_TCB should, through minor additional work, but in practice that cap doesn't seem to do anything for an app).
ID_CAP_INTEROPSERVICES does not give registry access, or at least not any meaningful amount. All that it gives is the ability to call into RPC servers and drivers. *IF* one of those services exposes an externally-callable API for editing the registry - as one of Samsung's (FCROUTER?) does, or at least did - then you can use that to edit the registry. So in that specific case, INTEROPSERVICES indirectly makes it possible to edit the registry, but it doesn't inherently do anything of the sort.
Click to expand...
Click to collapse
Finally found RPC service in NdtkSvc.dll
But requires InteropServices Capability
Here is list of functions works as "SYSTEM".
CopyFileEx()
NdrServerCall2()
CreateThreadpoolWait()
SetThreadpoolWait()
CloseThreadpoolWait()
SetEvent()
SetServiceStatus()
CreateEventW()
RegisterServiceCtrlHandlerW()
CloseHandle()
OpenProcessToken()
FindFirstFileW()
CopyFileExW()
GetCurrentProcess()
CreateDirectoryW()
RegCreateKeyExW()
RegQueryValueExW()
IsCharAlphaNumericW()
LookupPrivilegeValueW()
FindClose()
RemoveDirectoryW()
RegOpenKeyExW()
FindNextFileW()
AdjustTokenPrivileges()
InitiateSystemShutdownExW()
DeleteFileW()
RegCloseKey()
RegSetValueExW()
RpcServerUnregisterIfEx()
RpcServerInqBindings()
RpcEpRegisterW()
RpcServerUseProtseqW()
RpcBindingVectorFree()
RpcServerRegisterIf3()
RpcEpUnregister()
ResetPhoneEx()
EncodePointer()
DecodePointer()
QueryPerformanceCounter()
GetCurrentThreadId()
GetSystemTimeAsFileTime()
GetTickCount64()
But I'm confused about how to write a code for as RPC Client or using any DllImport functionality. ?
Can someone provide me at least demo/example code of RPC client ?
... Whoa, that is a seriously valuable list of APIs. Those are callable as SYSTEM, without any restrictions except the caller needing ID_CAP_INTEROPSERVICES? Either I've been out of the loop longer than I thought or this should have been discovered long ago (is it new to some not-yet-widely-available version?) You cannot *trivially* get root this way - it doesn't, for example, include the APIs you would need to inject arbitrary code into a SYSTEM process or similar - but you can certainly do things like write an arbitrarily powerful file-and-registry browser. With that, you can do a hell of a lot of other stuff, stuff that even Samsung's RPCComponent didn't permit.
MS RPC is documented on MSDN here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa378651(v=vs.85).aspx
It includes a full API reference, lots of guidance on development, and a tutorial. The tutorial looks pretty well-written, and is probably a better place to start than the API reference unless you know more about RPC at the moment than I do.
However, this documentation is aimed at "normal" implementations, where the client has, if not the server's source code, at least the interface definition. You have to know the UUID (probably easily findable though I'm not sure where) and the function interfaces (in a reasonable level of detail). Black-boxing that is going to be one of the harder tricks, I think, though somebody may have written one or more tools to make it easier.
EDIT: I can't find NdtkSvc, or its binary, on my phone. It's either OEM-specific or (more likely) requires a particular OS update/upgrade. What version did you find it in?
EDIT2: How'd you get the list of APIs it serves? Do you have the IDL file for the RPC server? That would help a ton; if you have that, we're good to go.
EDIT3: Don't forget you can PM people if you don't want to put this stuff out in public.
@GoodDayToDie
Hi, Sorry for the late reply.
It is only specific for Lumia.
NdtkSvc.dll known as "Nokia Device Toolkit Service".
"C:\Windows\System32\NdtkSvc.dll"
Yes, ID_CAP_INTEROPSERVICES cap is everything here too on Lumia.
Here is a one of the example which same "Nokia.SilentInstaller.Runtime" does that on RPC Access,
Code:
static bool NRSCopyFile(String sourcePath, String destPath);
works without any "RESTRICTIONS", with any "PARTITION".
Even possibilities to "REPLACE" the hidden/non-accessible Registry "HIVE" Files.
Such as,
"C:\Windows\System32\Config\ProvisonStore"
But unfortunately they are all in simply zip file having a signed.
We can't modify and place back them such HIVE/POLICY files, sad
So what i did it so far,
-Modified "DeviceReg.exe" with hex-editor and replaced to "C:\PROGRAMS\DEVICEREG\DeviceReg.exe". (signature getting a braked)
-Replaced "PolicyFiles". (signature getting a braked)
It's frustrating to me, It's shame for me that i cant do anything having a full FS Access, lol.
Such files and System binaries are fully signed with the new 8.1 "Policy Engine".
but i think .dll files doesn't required to be signed to run in System chamber.
Well, Time to write a some RPC library
Thanks.
Edit: I don't know about which update is required, I think it is from WP8.0 GDR1. At least WP8.1 GDR1 or above.
but the "NdtkClient.dll" is available since WP8.0 GDR1 in "Extras+Info" App.
Hello Folks,
I am a bachelor student in germany and at the end of my degree.
Found a bachelor thesis which requires app-developing knowledge.
I am willing to pay to the person/people who can help me with the following topic.
Quizduell is a famous interpersonal game for small computers. It exists for iPhone, Android and Windows Phone. The participants have to answer questions, where 1 out of 4 given answers is correct. These are selected from a database according to topics of the players' preferences. In order to create a non-human player who is supposed to outdo the human participants, this player first would either 1. inherit what is usually considered advanced AI, or 2. start by 'learning', and losing.
Though the chances are 1/4 per random choice, on the other hand per one random win/loss it could garner and store one question, and the correct answer. Since the question-base has a limited number of questions, after some time at playing, the non-human player will have all earlier questions stored, and available from a database, to be answered correctly. The task is, to write a software that intercepts the character string of the questions, as well as the correct answers, probably by an application somewhere within one of the supported devices. Therefore, experience with applications for either of the platforms would be advantageous.
discussion regarding reward will take place if any personal interest arises.
Thanks in advance