Related
I read on the Tech blogs that Samsung put keyloggers on their notebook computers.
I am wondering, do they do that on their tablets too?
Read more. Samsung has already explained how it's false.
mbazdell said:
Read more. Samsung has already explained how it's false.
Click to expand...
Click to collapse
The admitted doing it...... Check slashdot...
-Sno
Snocrash7 said:
The admitted doing it...... Check slashdot...
-Sno
Click to expand...
Click to collapse
No, the guy who made the allegations *claims* that they admitted it.
It has since been shown to be false!
Regards,
Dave
So some "independent" security consultant runs his software to see about spyware or whatever, gets a false positive, news runs rampant and then Samsung gets an independent body to buy product from a retailer and test. The independent body confirms it is a false positive but I don't see any "breaking news" with apologies.
That pisses me off.
fragdagain said:
So some "independent" security consultant
Click to expand...
Click to collapse
This "so called" consultant ran an off the shelf virus checker, known to produce a false positive, and published his "results" without even a modicum of research into the cause.
He looks incredibly retarded and incompetant now, and I can't see why anyone would ever again utilize his services.
Regards,
Dave
well samsung might not be putting keyloggers. But they sure install rootkits for drm purposes (i have known that since i first got my samsung mp3 and installed media studio as a syncing program).
Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.
As our great spacemoose dev said why does samsung have to do everything in backwards ass possible.
DarkPal said:
Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.
Click to expand...
Click to collapse
I don't have such a folder, but the existence of a folder doesn't imply the existence of a rootkit. I've tried googling "samsung kies rootkit" and found nothing.
Regards,
Dave
Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.
www.bleepingcomputer.com/forums/topic77076.html
DarkPal said:
Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.
www.bleepingcomputer.com/forums/topic77076.html
Click to expand...
Click to collapse
OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".
However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.
To me, that doesn't meet the definition of a rootkit.
Regards,
Dave
I hate this malware bundled in Samsung softwares
foxmeister said:
OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".
However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.
To me, that doesn't meet the definition of a rootkit.
Regards,
Dave
Click to expand...
Click to collapse
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.
MarkAny describes this process as "watermarking". This behaves like a rootkit because once the malware is running, it then attempts to HIDE this watermark to the normal OS I/O operations, in order for these files to appears as if they were still clean of any alternation.
BUT....
This watermarking process not only has a very intrusive effect (no this is not a keylogger process, but a process that will report to some internet server in Korea all media files that contain any other watermark inserted by "MarkAny ContentSAFER" from another PC/user. The watermark is personnally identifiable because MarkAny ContentSafer is installed SILENTLY as a REQUIRED bundle with other softwares requiring an online registration (for example when installing Samsung Kies, you need to register an account at Samsung, and this registration includes this personal data which is sent SILENTLY to MarkAny to associate your generated UUID which will be stored in YOUR media files, with YOUR identity).
Later, if ever you use a media shared LEGALLY on your local network (suppose you have several PCs including for backups, or several virtual OS installations) and you play the shared media file, as it will not match your current personal UUID in the currently running instance of "MarkAny Content SAFER", the two UUIDs will be sent and compared online (as soon as you get an internet connection), to track how you use that media file. In addition, the existing remote watermark will be replaced by the new one (or added) in your media file.
And here comes the effect of the ROOTKIT ! This silent modification of your mediafiles is completely stupid. It effectively alter these files even if they are in fact NOT true media files.
One bad effect: you legally download a new ISO for installing Windows, and want to copy the content of tyhe mounted ISO to an USB key in order to install a PC. The installer will FAIL (missing or corrupted files), just because it runs WITHOUT the MarkAny rootkit being active to restore the expected content that the OS should see.
I had a lot of troubles just trying to figure out why all my attempts to create a bootable USB key for installing Windows on another PC constantly failed (the USB key refused to boot), until I cleaned my PC from this spyware BEFORE attempting to create the USB key (no my ISO download was NOT corrupted, but all files copied from the ISO to the USB key were immediately corrupted on the fly by this malware during the copy, if I was not connected to the Internet when creating the USB key as the watermarks supposed to be there temporarily were not in fact removed before they were checked online with the spying Korean server).
Such silent modification of media files is stupid, it breaks applications and it adds supplementary trafic to the internet each time a media file is checked (and reported to companies trying to track illegal copies, even if YOUR copies are perfectly legit).
Blame Samsung from installing this component silently (now it is no longer installed in a separate program, but directly within the installation of Kies, and it is extremely difficult to remove from there, and if it's not running, Kies will not even recognize correctly your Samsung Smartphone (and you won't be able to perform a legal firmware update to the current version for your Samsung smartphone or tablet).
I cannot understand why antimalwares do not classify this "MarkAny ContenSAFER" software as a real rootkit, it is really one because it silently modify your files, corrupts them, and logs to Korea any new media files you would have even created yourself, sending some extracts of them on request from the Korean server, so that they can check what it is. MarkAny is effectively monitoring ALL your media files (and this is also a severe privacy breach).
We should campaign immediately against Samsung for delivering MarkAny contentSafer and installing it WITHOUT your permission and for spying on every media files you use (MarkAny contentSAFER is effectively running as a DLL linked to ALL applications that start, and it will activate itself if it detects this is a known media player, including the basic Media player built in Windows with the Sound applet when you logon and a sound is played, or when your PC just wants to play a "beep" sound with the associated sound file (visibly, MarkANY ContentSAFER is silently modifying a LOT of media formats, including MP3, WMA, WMV, RA, Flash video, MPEG4, and even the most basic WAV files, if ever its file size or play diuration is above some threshold; it also alters your own JPEG photos or videoa taken with your OWN cameran, and ALL photos and videos taken with YOUR Smasung smartphone or tablet, as soon as you synchronize them to your PC, and sometimes this causes the modified media file to be corrupted and unplayable or showing some extra "garbage" pixels along the image borders) !
You can easily detect that the media files are corrupted if you start Windows in safe mode, and attempt to compute their checksum with a strong secure hash algorithm (at least MD5 or SHA1) : they no longer match the data signatures you find when running Windows in normal mode, even if their filesize is apparently unchanged.
We cannot tolerate silent watermarking of media files (notably when their security is asserted, for example for default sound files that are part of the standard Windows distribution and which are digitally signed by Microsoft, but that Markany sometimes will alter as well, when it should NEVER modify any media file which is already digitically signed : it's not the job of Samsung to verify the authentificty of Windows components, only Microsoft has a right to do that to check "genuine" Windows installations).
Let's ban MarkAny, it is a malware, causing system corruptions, and a spyware, and a software which also has its own bugs (causing other programs to hang, and even some system drivers to fail and Windows stopping with BSOD, for example when performing system backups, because it also corrupts some SCSI commands needed to control I/O access to your drives within filesystem drivers like NTFS).
I hate those illegal spiers.
Thanks!
verdy_p said:
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.........
Click to expand...
Click to collapse
Thanks for the full explanation, verdy_p. Much appreciated:good:
---------- Post added at 07:19 PM ---------- Previous post was at 07:13 PM ----------
Found a suggestion on how to remove this. I'm going to try this method - but if anyone can suggest a better way, please describe?
Boot into Safe Mode, Make sure if the program has icon in the System Tray by the clock that is disabled. Use the CCleaner/Tools/Uninstall option to uninstall the program. Once it is completed, boot into Safe Mode again and in CCleaner Search for ContentSafer. Delete any instances of the file. Then do another search for MarkAny. Delete any instances of the file
Click to expand...
Click to collapse
acuxda said:
Thanks for the full explanation, verdy_p. Much appreciated:good:
---------- Post added at 07:19 PM ---------- Previous post was at 07:13 PM ----------
Found a suggestion on how to remove this. I'm going to try this method - but if anyone can suggest a better way, please describe?
Click to expand...
Click to collapse
wow thank you for that explanation. that is pure evil time to boot into safe mode and eradicate this plague.
JeremySeven said:
How to remove mobile spy without losing the data?
Click to expand...
Click to collapse
I have since redone my system and flat out refused to install Kies. you can install the usb drivers separately and not get this spyware installed on your systems. as to removing it once you installed it it's just a matter of booting your desktop/laptop into safemode finding it renaming it and running a reg cleaner like ccleaner. you will however lose the ability to use Kies to install signed firmware updates etc but it's a small price to pay for peace of mind. after all your could always use Odin for flashing. the data is not actually encrypted etc just watermarked so you will not lose access to any files it touched but if you did a bit for bit comparison on them you might see the changes the watermarking did to them in a hex editor. what worry's me most about this spywear is it digitally watermarks every single media file on your computer and talls some random server in god knows what country the checksum in short nasty nasty nasty form a privacy perspective.
so, is it true that they place keylogger in KIES?
fauzanfirefox said:
so, is it true that they place keylogger in KIES?
Click to expand...
Click to collapse
Keylogger no root kit yes.
Sent from my SAMSUNG-SGH-I547 using xda app-developers app
verdy_p said:
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.
MarkAny describes this process as "watermarking". This behaves like a rootkit because once the malware is running, it then attempts to HIDE this watermark to the normal OS I/O operations, in order for these files to appears as if they were still clean of any alternation.
BUT....
This watermarking process not only has a very intrusive effect (no this is not a keylogger process, but a process that will report to some internet server in Korea all media files that contain any other watermark inserted by "MarkAny ContentSAFER" from another PC/user. The watermark is personnally identifiable because MarkAny ContentSafer is installed SILENTLY as a REQUIRED bundle with other softwares requiring an online registration (for example when installing Samsung Kies, you need to register an account at Samsung, and this registration includes this personal data which is sent SILENTLY to MarkAny to associate your generated UUID which will be stored in YOUR media files, with YOUR identity).
Later, if ever you use a media shared LEGALLY on your local network (suppose you have several PCs including for backups, or several virtual OS installations) and you play the shared media file, as it will not match your current personal UUID in the currently running instance of "MarkAny Content SAFER", the two UUIDs will be sent and compared online (as soon as you get an internet connection), to track how you use that media file. In addition, the existing remote watermark will be replaced by the new one (or added) in your media file.
And here comes the effect of the ROOTKIT ! This silent modification of your mediafiles is completely stupid. It effectively alter these files even if they are in fact NOT true media files.
One bad effect: you legally download a new ISO for installing Windows, and want to copy the content of tyhe mounted ISO to an USB key in order to install a PC. The installer will FAIL (missing or corrupted files), just because it runs WITHOUT the MarkAny rootkit being active to restore the expected content that the OS should see.
I had a lot of troubles just trying to figure out why all my attempts to create a bootable USB key for installing Windows on another PC constantly failed (the USB key refused to boot), until I cleaned my PC from this spyware BEFORE attempting to create the USB key (no my ISO download was NOT corrupted, but all files copied from the ISO to the USB key were immediately corrupted on the fly by this malware during the copy, if I was not connected to the Internet when creating the USB key as the watermarks supposed to be there temporarily were not in fact removed before they were checked online with the spying Korean server).
.......
Click to expand...
Click to collapse
Thanks for the information, but can you provide some proof, please? I'm interested in seeing the connection to the server in particular. Do you by chance have a wireshark capture of this?
Hello,
I'm just starting my dev journey with WP8 with my new T-Mobile Lumia 520.
First what I need to do is to debrand my lumia - for faster updates. T-Mobile is not offering yet the next release of fw which allows to disable images in IE, and as dev I need to be up-to-date as fast as possible. I need to download the FW, but I don't know which one - localized for sure, but what GDR is? What Amber means? I can't decide which one do I need to download and flash. (http://forum.xda-developers.com/showthread.php?t=2515453 This instruction doesn't show the moment of decision).
Next question is about unlocking. I'm downloading music from Soundcloud via Cloudoh and I want to access them from my PC, same as files located inside of other apps - do I need to unlock the device to do that? For example - how to upload a pdf from PC to winpho pdf reader?
Windows Store allows me to download installable files at PC and install them via SD Card. Some apps aren't supposed to work with my device. Is there any solution how to install them at my risk?
And the last question, but not least - I have my dev account but its time limited and app-count-limited. Is there any way how to check if my Lumia is dev-unlocked, how long this unlock lasts and what is my current app-limit? Just for my information - I like to have the ways to check everything.
Please, help me
GDR = General Distribution Release (a brief web search would have told you this). Microsoft-ese for a post-initial-release update (think of service packs for other MS software). The current version is GDR3, also called Update 3. "Amber" is Nokia's codename for the firmware version that they ship along with GDR2. "Black" is Nokia's firmware name for GDR3. Note that OEM firmware (such as Amber or Black) are different from Microsoft OS updates (such as GDR2 or Update 3), although they are typically delivered together. If you're already on at least GDR2, you can get Update 3 directly from Microsoft without waiting for T-Mobile or Nokia; search the Store for "Preview for Developers".
You cannot access files stored inside an app from anywhere else, either a PC or another app, unless the app explicitly makes them available by including a method to export them. Most apps don't implement this. The only exceptions to this rule are for images (which can be stored in the Pictures Library of the phone, much like the built-in camera app or screenshot functions) and OEM apps, which can have extra permissions (Capabilities, such as ID_CAP_PUBLIC_FOLDER_FULL) that aren't allowed for third-party developers. However, for development apps (that is, ones which were sideloaded to your phone from an unsigned XAP file), you can access their Isolated Storage from your PC using the aptly-named Isolated Storage Explorer Tool (or any other program that implements the required APIs, such as Windows Phone Power Tools).
To upload a PDF to the phone, you can do any number of things. Over USB, copy it to the Documents folder on the phone using any MTP software (Windows Explorer works). Over Bluetooth, just send the file directly. Over email, just attach the PDF. Over the Internet, you can use SkyDrive, or any other "cloud" app, or if it's on a web server you can get it from the phone's browser...
I'm not aware of any work-around for the minimum-memory restriction on some apps. I believe it mostly only applies to large games? In any case, you have one of the lowest-end WP8 devices on the market; there are limits which come with that.
The official way to tell if your phone is dev-unlocked is to use the Windows Phone Developer Registration tool, the same one you use to do the dev-unlock in the first place. A paid developer account always gives a limit of 10 apps (the free one is 2 apps). There's no official way to tell how many apps you have remaining, but it's simple enough to tell if you have any space left; just try sideloading any app that isn't already installed!
GoodDayToDie said:
GDR = General Distribution Release (a brief web search would have told you this).
Click to expand...
Click to collapse
Yeah, I did some sort of search on forums and Google and I haven't found anything.
GoodDayToDie said:
You cannot access files stored inside an app from anywhere else, either a PC or another app
Click to expand...
Click to collapse
After unlock it is still unaccessible? I had to jailbreak my iPad because without jb it is not easy to operate. I thought about something like this for Lumia. I think it is only the need of time for others to omit this problem
Disney offered lastly a promotion for its games. I was interested with some of them, but only one was accessible for my device. xap file needed only 70 mb of space. I think there was a problem with performance, but if I want see a laggy game I should have the ability to install it despite everything.
There's no jailbreak available for Lumia phones yet. Something like that should, indeed, allow accessing the storage of the apps (and everything else) but we don't have one...
The size of the XAP has very little to do with the runtime requirements of the app (RAM and CPU). I have written apps of only a few kilobytes that required over 10 gigs of RAM to run (not a phone app, obviously). To avoid people with low-end phones getting annoying with the platform and thinking it's the fault of either Microsoft or the app developer when an app crashes from running out of RAM, they've prohibited installing high-RAM apps on low-RAM devices.
You mean T-Mobile's Lumia 521 right? There's no other ROM you can flash to it that might have the update.
Hi,
So, Android has a permission system which albeit somewhat flawed (malware can gain permissions not intended for it) and not very suitable for laymen (non rooted phones have to either accept all permissions or be denied from the app. In many programs people don't have the luxury of not using them) theoretically has merit. IOS has...well actually I'm not sure how it works security wise but I pressume it creates sandboxes for each app, layman wise it is reasonable since you (theoretically) can deny access for all programs to certain components (no need to jailbreak).
How does WP works?
Thank you.
Security is different, apps can't do as much as on android. But iOS is better in this, because capabilities are like in Android: you can see what the apps want prior to installing them, but blocking some of them isn't possible.
I am very saddened to hear this.
Is there an ability in place similar to Androids rooting?
Also, what do you mean by "apps can't do as much as on android"?
Thank you!
@th0mas96's post is technically *mostly* accurate but very confusing and doesn't actually answer your question at all.
The short version is that WP apps use a capability-and-sandbox system much like iOS and Android, with each app getting a sandbox that gives it read-only access to the app-specific install directory and the global system directory, read/write access to the app-specific data directory, and access to whatever other stuff is specified in the capabilities. Capabilities are currently all-or-nothing; you can't reject or disable any capability except by just not installing the app.
I could go into the technical implementation of the system a bit, but the short version is that WP8 apps use fairly standard NT (as in the NT kernel that is at the core of PC Windows versions) security features: each app has a unique token (rather than inheriting the token of the process that crated it, the way it normally works on PC but very much like how Windows Store apps work on Win8) which contains the app-specific Security IDentifier (SID) that gives access to the app directories, plus the SIDs of the various capabilities that the app has.
What @th0mas96 was talking about is that WP capabilities usable by third-party developers are much more restrictive than they are on Android. For example, Android allows an app have full read-write access to your contacts or to send SMS directly. WP8 doesn't allow that unless you use capabilities that are normally neither allowed on the store nor allowed in sideloaded apps (Microsoft's code can have them, of course - that's how the built-in SMS app works - but not Joe Random Dev). The downside of this is obvious; some app behaviors (like a full replacement for the SMS app or phone dialer) are not possible. The upside is that apps are *way* more limited in how malicious they can be; the most common way that Android malware makes money (remember, the vast majority of malware is for profit) is by sending SMS to "premium" numbers. On WP8, an app could *compose* such a message, but it couldn't *send* it for you (unless it had a capability that third-party apps normally can't have) so you'd have a chance to see what the app was doing and decide not to send that message after all.
This means that the ability to disable capabilities is much less important on WP8 than on Android.
Oh, then those restrictions are actually good news.
Aside from from your typical run-of-the-mill malware my main concern was actually privacy. I have a huge displeasure from apps like Whatsapp which on android takes a whole plethora of liberties and was hoping that perhaps some other system may contain their user data voracity and their ability to control the divice their on.
Is there any link in which I could see the full list of those restrictions?
I'm still downhearted from not having a more fine grained control of the system but maybe it still has it uses in some scenarios...
Also, thank you very much for your comprehensive explanation!
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Window phone Security Issues
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
grilledcheesesandwich said:
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Click to expand...
Click to collapse
Sounds interesting.
Not something I'd try )) but interesting.
Aman Raien said:
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
Click to expand...
Click to collapse
I pressume this is an advert for Master Software Solutions, but nevertheless I did google the term you suggested and got nil results. I also browsed the main site of the company itself but haven't found anything related, nor did I find anything on their facebook page.
Regardless, I checked out this Kids corner thing, it's cute but not really security related...
Thx anyway.
Hello - I am doing a pen test for a customer. They are not giving me the xap files like they did last time. Is there a way to pull the xap file off the phone and on to your PC? I have a dev unlocked phone which I can sideload apps using power tools. I have done some research and it doesn't sound like this option is available, but I wanted to ask.
Thanks in advance.
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
GoodDayToDie said:
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
Click to expand...
Click to collapse
Thanks again for all your help. So my situation is this: I am doing pen testing for a client (and I'm sure we are competitors some what). The have provided me a Nokia Lumia phone running 8.0 and another Lumia running 8.1. The app is installed by their dev team (app is not avail from the store). They are reluctant to provide my the XAP file as they consider it proprietary info. I have done a dev unlock on the phone, but my primary goal is to view the isolated storage/dlls for the app to make sure they are not storing sensitive data. I am using the standard tools for viewing the isolated storage, but for these to work (best of my knowledge) they require you to sideload the application which I cannot due (not XAP file). I am proxying the traffic, but without looking at the file system there is not much I can do. As an aside, they are using MDM with jailbreak detection.
Whoa, somebody actually got around to writing jailbreak detection for WP8? Crazy. I wish I could see that; I'm sure it's trivial to bypass (at least for interop-unlock, the difference between locked and unlocked is changing a registry value and it would be easily possible to re-lock it, launch the app while keeping the editor app open in the background, switch back to the editor, and unlock/jailbreak again) but I'm amused that anybody even bothered trying. Also, the APIs you would need to do the detection aren't even available on 8.0, officially; you're in violation of the store rules if you use them. Then again, maybe this is an internal, "Enterprise" app; those have permissions to do stuff that typical third-party apps do not. Are you sure they don't just mean they have jailbreak detection for iOS? I see something about Office365 MDM offering JB detection, but while I suppose they could have written something for WP8.x as well I feel like I probably would have heard of it?
If the app was sideloaded by the dev team, then you can see its isostore using the official tools or using Windows Phone Power Tools. If it's an enterprise app and the app was installed that way, then things get more difficult (especially if the phone they gave you doesn't have an SD slot). Not giving a pentester access to the binary they're testing is silly on a number of levels; if you succeed in breaking in then you'll get it anyhow, and an attacker will have a lot more than a week or two to poke at it so they're wasting your presumably-paid-by-the-hour time if they want you to see how good their security is without actually examining the app. I bet they used obfuscation, too... Some people just don't get it. "Security" by obscurity... isn't. Sorry, end of mini-rant. Anyhow, there's a guy on the forum who claims to have a non-JTAG unlock for Lumias, but no idea when or if it'll see the light of day.
https://www.xda-developers.com/android-q-storage-access-framework-scoped-storage/
... Looks like porting old pie roms to new phones is going to become a thing
According to what I've read, it would be very easy to build a workaround for it, especially considering Google already has a workaround in place until Q apps are enforced in Google Play.
Also looks like it might be a pain in the ass
I cannot believe what I just read. I wasn't aware this was coming and I couldn't despise the decision more.
Proper access to the file system was for me one of the main advantages Android offered over iOS.
Way to go, Google...
I think this is the best move Google made for security thus far. Too many apps ask for full unfettered access to my storage. I will be happy when apps get a little bit more locked down in this aspect.
Scott said:
I think this is the best move Google made for security thus far. Too many apps ask for full unfettered access to my storage. I will be happy when apps get a little bit more locked down in this aspect.
Click to expand...
Click to collapse
It's not even just storage, it's to everything these days. Why does the app for my Apex Fusion interface on my reef tank need access to contacts and text messages?
On topic, I agree 100% with you.
Those tears in my eyes... yeah not because of the blue light in the middle of the night here... because of what I read... agree +1
I personally think it's a good move. I don't use a lot of apps because of their required permissions.
Well if you can disable Q's "scooped storage" on per app basis with adb shell then it's easy to write a script that enables general storage for every app.
Sent from my OnePlus 6T through Tapatalk
hank81 said:
Well if you can disable Q's "scooped storage" on per app basis with adb shell then it's easy to write a script that enables general storage for every app.
Click to expand...
Click to collapse
True, but I'm sure eventually, just like with most every other special permission these days, you will wind up having to enable it on every boot.
Yes, the entire bug report is atrocious, but let's not get our pitchforks just yet. Google effectively punted on this for Android Q, by making it possible to contribute business as usual. It's quite possible that these issues will be resolved by Android P, or even that the whole idea will be scrapped in favor of something else.
The fact of the matter is that storage permissions in Android are terrible, Trying to address that is not in and of itself a bad thing, in fact I would argue that part alone is a good thing.
Attempting to read the tea leaves a little, this whole project reeks of "new hotshot product manager with poor (at best) understanding of the technical complexities at play forces bad decision into product because he needs to make 'highly visible' changes to the product to demonstrate his worth or get himself promoted". Especially given that the general idea at play isn't the part people are complaining about, just the fact that it's currently technically unusable as a posix api replacement, but the fact that the current one they have is terrible/slow/etc I find the above scenario to be highly likely
partcyborg said:
Attempting to read the tea leaves a little, this whole project reeks of "new hotshot product manager with poor (at best) understanding of the technical complexities at play forces bad decision into product because he needs to make 'highly visible' changes to the product to demonstrate his worth or get himself promoted". Especially given that the general idea at play isn't the part people are complaining about, just the fact that it's currently technically unusable as a posix api replacement, but the fact that the current one they have is terrible/slow/etc I find the above scenario to be highly likely
Click to expand...
Click to collapse
Thats deep!
Scott said:
Thats deep!
Click to expand...
Click to collapse
Lots of adult beverages to come up with this ?
Ayahuasca ?
Scott said:
I think this is the best move Google made for security thus far. Too many apps ask for full unfettered access to my storage. I will be happy when apps get a little bit more locked down in this aspect.
Click to expand...
Click to collapse
I don't get this. Correct me if I'm wrong, but can't you already disable specific permission for every app through system settings? Unless something like a wallpaper app refuses to work without access to your phone's contacts or something. Do you get what I'm saying?
roaduardo said:
I don't get this. Correct me if I'm wrong, but can't you already disable specific permission for every app through system settings? Unless something like a wallpaper app refuses to work without access to your phone's contacts or something. Do you get what I'm saying?
Click to expand...
Click to collapse
Not exactly. Storage access in the current world is a binary yes/no decision (well, 2 binary yes/no decisions if your device has a SD card slot), either "yes here is access to all of /sdcard" or "no you can't read or write to anything outside your specific app data folder". Using something like the API gives you the ability to do much more fine grained access like "give Poweramp access to my normal music collection in /sdcard/Music, but not my keepassxc password file.", Or "let photos index all the pics it finds on my machine, except for the ones in a 'certain' telegram folder".
The cause for pitchforks in the bug report isn't that people are in love with the posix apis for file access, just that the current Android API implementation is something like 50x slower in Android Q, making it essentially useless for file manager apps that need to do things like directory listings and maintain indexes of all shared storage, etc.