Before my first flash, I installed Android ID and did a Save ID. I never located the backup file (to copy off to my PC), I did write down the Android ID value displayed in this app.
I have since did my one and only flash... to FF 1.5.
I just now went back into Android ID app and it reports a different ID than the one I had before.
I am not aware of any problems due to this.
What should I do? It looks like I could manually enter my original Android ID value in this app, and hit Change ID. Should I do this?
thanks!
sboltman said:
Before my first flash, I installed Android ID and did a Save ID. I never located the backup file (to copy off to my PC), I did write down the Android ID value displayed in this app.
I have since did my one and only flash... to FF 1.5.
I just now went back into Android ID app and it reports a different ID than the one I had before.
I am not aware of any problems due to this.
What should I do? It looks like I could manually enter my original Android ID value in this app, and hit Change ID. Should I do this?
thanks!
Click to expand...
Click to collapse
This belongs in Q&A but...yes you can do this. I do it everytime I flash. Some roms generate random id's when you boot up, others use the same across devices. You can change it to your stock ID using the app you mentioned.
If you have a ROM with the correct script (I know mine has it, and DG uses it) there's an update.id file on your SD card that will randomly generate a number the first time it boots up.
You should be able to change that in a text editor or whatever and put the one you want in.
Also. WRONG FORUM ZOMG
[WIP][HTC 8x][8.1]Fiddler2 Update Utility UEFI, BOOT Dumps & Templates[ExploitsFound]
heres the story. i hex edit, spyder, leech, rip, hack all day everyday from my inseure server. always trying to break security on multiple platforms and remote locations. anyways my pc is just filthy. my devices probably have more imfections than a skid row street hooker. the is no exact explination on how this happened but all i know is a combination of a app\xap called webserver native access 0.4.3 , xenu url checker for pc and fiddler2 all running on the same ip and port [9999] started doing strange things. i fiddles when i typed in the address that webserver xap gave me while spyder crawling my phone with xenu,fiddler picked up lots of certificates while decoding system files.then o e after another probably 5 or 6 updates poped up on my phone. ive already had 3 windows 8.1 updates in the past. and wasnt aware of anything new. . also fiddler never picked up any remote link only local. strabge thing is i think rom updates for other devices got flashed to my phone. anyways the phone still works. im not sure the exact situation but the other day microsoft gave me a security signed symantic enterprise mobile code signig certificate when i made my store on the app studio website. i could of swore it was something of 250 dollar fee to get symantic to sign the cert for you. cant rember the process i went through a year or 2 ago when i need a cert signed. nice of mixrosoft the hook it upi guess. thats not enen the start with certs . i ripped hundreds of crt and crl from ruu's including qualcomm protected root ca's htc-cert , uefi keys, pulled from my device. anyways i had a dumb idea to install all of these onto my pc. what a dumb/smart mistake good happening. now i cam download all ota cabs with out going through proxy loops, and now have deeper access to htc and qualcomm based devices, it seems as the mpment i plug and windows phone with secure boot locked within minutes the device registery hive syncs with my servers hive and forcesthephone to disable uefi secure boot since my server isnt uefi compatible. i not if any sense is made here. ........soonyou will be seeing custom roms for htc8x fully flashable with out the use of a ycable. 2 jumps away from fullly rebuilding partitions from a 3.41 ruu . new roms will be a completely different platform. choice is in the air. right now my htc 8x is compiled from a mixture of windows phone 7 & 8, embedded compact 2013 and windows RT. strange thing is my device is based on gdr2..
my thumbs hurt from thping this on my nexus. sorry for the bad grammer and broken up sentences.
one last note anybody know wherr to get the OAK (OEM Adaptation Kit) layers and the 9600_POWERTOOLS with out having to sign up as an oem for microsoft.? I Have part of oak but only the portion for embedded compact 8
if anybody woild lit to join in be my guest. the more heads in this project the faster we break one of the most secure phones in the world. i will get everyone caught up wothin the soon on info. got to sort my files.
as of right now i think the ruu_signed.nbh is actually a .egisenx file extension which can be decrypted with edatasecurity by acer. once i find the framework software to install edatasecurity. i will give it a shot. in the mean time in anybody has an acer or gateway computer with that software installled on it already you could take a crack at. pick up any ruu_accord and 7z the exe file directly open the ruu_signed.nbh with a hex editoe without extracting the file and save the the nbh as a .egisenx file extension then proceed to attempt to decrypt. if it requires a password. i will provid some strings i pulled from the hexeditor. even beter if anybody has decrypting software that might work too.
also some of the htc 8x partitions arr encrypted SHK (SENTENIAL SKYNET) this is interensting i think this might be easier to crack.
softqare used so far in project accord
Revskills final release
Revskills 1.xx
qmi by revskillz
winrar good for converting damaged files
7zip good old extract to temp location
telerik justdecompile standalone version or visual studio extenson
webserver 0.4.3 or 0.5.0 .xap for wp8 winpone8 works on windows phone 8.1 also!
xenu url checker
fiddler2
winhttrack rip my phone like a website
010 editor with lots of custom scripts templates and syntex.
hhd hex editor is optional
hiew hex editor for the pros. still experimentig with this one.
lots of time.
cmd.exe and ecery damn xommand executible you can find that rips, strios, converts, merges, splits de/compress makes thing go backwards forward up down and flip around.
lots more fime
brew mp
win phone 7 tools.
OAK
osbuilder for wp7
basicly any file you can find that de/compiles that was made my microsoft mobile, embedded or ce department.
wak, wdk, hck 8.1 microsoft hardware tools
visual studio 2012 2013.
visual studio .net compiler 'rosylin'
lots of samples.
2014-05-24
RUU PARTITION RIPPING THE EASY WAY.
7zFM build 932 can directly open any file when using the options in the contex menu. just right click on the .ruu_signed.nbh highlight 7z open with arguement submenu and eithe choose # option or the #e option. both arguements work but with different outcomes. when 7z is done loading you will end of with a numbered liat of files some witj or without extensions. extensions as folowing .efi, .elf, .fat, .ntfs, .exe. all extenses with extensions open. the fat files are complete partitions. thw ntfs partition is metadata that is also embedded with in a file called boot.sdi located in one of the fat partitions. the exe files are normal MZ PE executable system32 applications. efi executable files are also located within the fat partitions. the elf files which strangely exist within the phones operating system can be extracted and read with a hex editor. strange that windows phone contains elf. considering Microsoft binary format is COFF/PE. DOWNLOADS WILL BE UP SOON FOR DEVELOPMENT. it is a possibility that the boot partition ripped form a accord_u_wwe was part of the updateos.wim. therr is refrence on how to add packages to the wim on the windows phone developer oem site.
an interesting experement done which worked on nokia ffu files. convert the nokia ffu to a vhd using winimage with fixed size settings. once completed. mount it with osfmount tool. none of the partitions show up nor are they mountable. so i proceded to generate a raw img from the vhd in osfmount which put out a raw img just over 7gb. jezuz the vhd was only just over 1gb. decided to mount the raw img using diskinternals linux reader and what do you know every partition showed up. even the secret one. most were still unable to open but boot uefi data and mainos. it did give me good insite on what to look for and discover within the windows phone lock filesystem.
There is a metadata file hidden deeply with MFT (MasterFileTable) called $Boot. this $Boot file header is R.NTFS.
i will get more in depth on thia later.
File system encryption used for the MAINOS is called RSDS mi. very hard maybe impossible to reverse engineer. I did find an explination in a .text file located inside of the file Liveupdate.exe located in The windows/system32 folder of my phone. the file gave vague instructions on how to compile an Fupdate.xml template which and be used to push update packages over wifi. more details layer.
Possibility to mount several partitions including mainos directly on my pc by minipulating binary regestery keys on windows 7. more soon.
Found these in my pc. Going to play around with them see what happens
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\WP8]
[HKEY_CURRENT_USER\Software\WP8\DL]
"MODE"=dword:d10ad121
"CSC"=hex:00,00,00,00
"SBL"=hex:00,00,00,00
"RPM"=hex:00,00,00,00
"UEFI"=hex:00,00,00,00
"ACPI"=hex:00,00,00,00
"MainOS"=hex:00,00,00,00
Click to expand...
Click to collapse
Diffrences in files located in the fat16 partitions cross refrenced branded and unbranded ruu's csv.cfg on the branded ruu has the radio build number defined while the unbranded ruu is blank 00 hex bytes through the entire csv.cfg file. RADIOVER.CFG unbranded ruu has anextra line IMEI line configured to 1 while the branded ruu is missing the imei line. my guess is with the imei 1 assignment with the unbranded ruu is once the device gets flashed with the original firmware it also gets assigned a new imei as well. just my guess. some insite would help on this.
Well, as the dev of NativeAccess I'm certainly very interested in what you found. My first guess is that you wandered into the section of the registry where the phone's certs are stored (yes, it's readable), although the format that the app returns them in isn't something that would normally be recognized as a certificate. Which means my *best* guess is that you wandered onto some certificate files stored on the phone in a readable directory, because the server app will let you download files
Everything from there is Really Weird though, and we'll need to investigate it more. I should spin up some VMs to try this... anyhow, getting additional updates to your phone is pretty weird, so let's start with that. Did you install those updates? What were their descriptions (i.e. what did they say was getting updated)? What are your current phone version strings (OS, Firmware, etc.) from Settings -> About -> More info (and do any of those look notably different than you expect)?
Installing certs ripped from RUUs onto your PC is... well, I would never have tried it on my main box, but now I really want to try it on a VM. Do you have the list of certs you installed anywhere handy? What ROMs did you rip them from, and where in those ROMs?
Deeper access into WP8 devices sounds *seriously* interesting! I don't have a modern HTC (only my old HD7, a WP7 device) but I could probably obtain one, at least temporarily, for research purposes. What registry hives do you think are synching (and why do you think it's a synch)? Is it actually turning off Secure Boot for real, or just causing the registry to report that it's off? (We can override the report value on Samsung WP8 phones, but that does no good.) If you've managed to turn off Secure Boot on HTC WP8 devices, you've probably just found the door to custom ROMs and possibly other fun hacks. Do you have any non-HTC WP8 devices you could test with too, to see if anything else interesting is happening?
Good luck cooking up those custom ROMs! That is unfortunately not my field at all, so I can't really help... but it would be pretty cool to have the ability to run RT instead of / in addition to WP! There's also a ton of tweaks and unlocks we can do if we have totally arbitrary access to the device and no pesky code signing enforcement getting in the way.
GoodDayToDie said:
Well, as the dev of NativeAccess I'm certainly very interested in what you found. My first guess is that you wandered into the section of the registry where the phone's certs are stored (yes, it's readable), although the format that the app returns them in isn't something that would normally be recognized as a certificate. Which means my *best* guess is that you wandered onto some certificate files stored on the phone in a readable directory, because the server app will let you download files
Everything from there is Really Weird though, and we'll need to investigate it more. I should spin up some VMs to try this... anyhow, getting additional updates to your phone is pretty weird, so let's start with that. Did you install those updates? What were their descriptions (i.e. what did they say was getting updated)? What are your current phone version strings (OS, Firmware, etc.) from Settings -> About -> More info (and do any of those look notably different than you expect)?
Installing certs ripped from RUUs onto your PC is... well, I would never have tried it on my main box, but now I really want to try it on a VM. Do you have the list of certs you installed anywhere handy? What ROMs did you rip them from, and where in those ROMs?
Deeper access into WP8 devices sounds *seriously* interesting! I don't have a modern HTC (only my old HD7, a WP7 device) but I could probably obtain one, at least temporarily, for research purposes. What registry hives do you think are synching (and why do you think it's a synch)? Is it actually turning off Secure Boot for real, or just causing the registry to report that it's off? (We can override the report value on Samsung WP8 phones, but that does no good.) If you've managed to turn off Secure Boot on HTC WP8 devices, you've probably just found the door to custom ROMs and possibly other fun hacks. Do you have any non-HTC WP8 devices you could test with too, to see if anything else interesting is happening?
Good luck cooking up those custom ROMs! That is unfortunately not my field at all, so I can't really help... but it would be pretty cool to have the ability to run RT instead of / in addition to WP! There's also a ton of tweaks and unlocks we can do if we have totally arbitrary access to the device and no pesky code signing enforcement getting in the way.
Click to expand...
Click to collapse
right now im hexediting ruus and they seem almost completely decrypted. its strange becUse a few weeks ago they were all scrambled.
i will postnmy findings on my website for every one to view
i rememersomeones post on possible certificates could bethekey to jailbreaking qindows phone 8. i think theymight beright
it said the updates i got stated they would further enchance my device. windows phone 8.1. funny.
i ripped certs from several ruu_accord_u and img_accord_u packages. i have 9 or 10 htc 8x ruu's stashed.
i installed the certs that had embedded htc_cert, qcom, qualcomm, symantic, uefi, and a few others i cant remember them all.
i have a lot to catch everybody up on. about 50gb of findings from accord ruu's and from files ripped from my phone. its a cluster **** of work.
uefi flashing
uefi disabling
source code
software lots of software refrences found.
wince800
winrt
qcomedk2 = edk2 part of the original dev kit ised to build flash dump reflash enable and disable uefi bios
certificates thousands of crl cer in every device. even the smallest file has a certificate. and i found their passwords
rsa-keys in the tesst faze
uefi keys
esn keeys
every partition size, format, offset and sector size.
port numbers and usages
every single registery key
.....
.....
keeps going on.
reserved
grilledcheesesandwich said:
reserved
Click to expand...
Click to collapse
reserved
Background:
I have two build types: release and debug.
I have two flavors: full and demo.
Problem:
I am using Build->Generate Signed APK… to compile and build a release version of Demo/Release. That goes fine. However, I can't figure out how to run the resulting APK from within Android Studio. More specifically, using the "Run" command (with the Build Variant value set to the desired variant) causes the following error:
app-demo-release-unsigned.apk is not signed. Please configure the signing information for the selected flavor using the Project Structure dialog.I get this error despite the fact that there *is* an app-demo-release.apk also (i.e., a signed version). In fact, I get that same error whether or not either APK (app-demo-release.apk, app-demo-release-unsigned.apk) exists. (Note: I specifically do not add signing information to the Project Structure dialog, as suggested, because I don't want to have my passwords stored in build.gradle or in environment variables.)
How can I run a release app, as generated with Build->Generate Signed APK…, from within Android Studio? Alternatively, how can I specify where to find the APK I would like to have deployed (e.g., as part of the Run/Debug Configuration)? (Note that setting the Build Variant value doesn't fully specify the APK.)
Thanks,
Barry
Hi,
with all those Lumia posts I'm wondering if it is also possible to interop-unlock a Samsung Ativ S with the latest software (8.1 Update 1 or later) on it *without* a prior downgrade to 8.0 GDR2/GDR3. If it is possible please tell me how or where to find the answer (my search yielded no result so far).
With interop-unlock I mean accessing the 'full' file system and registry and having additional capabilities just like it was/is possible with 8.0 GDR2.
Thanks.
Unblock RPC (file called "Non-production errors.txt" in the Documents folder of the phone, if I recall correctly). There are now two options:
First option: use chamber hijacking.
* Move an app with ID_CAP_INTEROPSERVICES (I like to use HTC's silly "Converter" app; it should still be available on all devices, but other targets are more popular) to the SD card.
* Either sideload or unzip and copy the contents to the SD card an app that uses Samsung RPC to write to the registry. You may need to remove ID_CAP_INTEROPSERVICES from the app before sideloading.
* Use any of the several tools for app hijacking, or do it manually (remove the Hidden and System flags from D:\WPSystem, then rename D:\WPSystem\apps to something like D:\WPSystem\apps1, then delete the files from the install folder of the app that you're hijacking, then move or copy the files from the install folder of the app that uses RPC into the install folder of the app you're hijacking; don't forget to un-rename the apps folder afterward).
* Run the hijacked app; it should by the registry editor app you replaced it with instead, and you can now interop-unlock the phone.
Second option: Use @djamol's "Root Tool" app from the Store, or another app that can modify its own capabilities via SD card tricks.
* Install "Root Tool" from the store; it should show up in Search.
* Move it to the SD card if it wasn't installed there to start.
* Run the app, hit Help, and follow the instructions (several of them are similar to the manual instructions above, but at the end you have to move the app from SD back to Phone before the trick works).
Note that in either case, the EnableAllSideloading app won't work (technically BootstrapSamsung will, but you shouldn't use it since it assumes EnableAllSideloading will be used afterward). Microsoft basically removed the capability that EnableAllSideloading relies on.
Thanks for your reply! So basically the same way works with Ativ S that works with Lumia and you don't need the Samsung diagnosis tool anymore. You just need SamWP8 or a similar tool that uses Samsung RPC after unblocking RPC.
I'll give this a try on the next weekend(s). :good:
Yeah, basically just that. The diagnosis app no longer has the registry editor, and the steps needed to launch to a specific page in an app (such as the reg editor) are technically still possible but are identical to just installing an interop-based registry editor (via hacks), so do that instead.
GoodDayToDie said:
Yeah, basically just that. The diagnosis app no longer has the registry editor, and the steps needed to launch to a specific page in an app (such as the reg editor) are technically still possible but are identical to just installing an interop-based registry editor (via hacks), so do that instead.
Click to expand...
Click to collapse
But after is it possible to unlock all capabilities?
How to interop-unlock now?
Mattemoller90 said:
But after is it possible to unlock all capabilities?
Click to expand...
Click to collapse
I'm curious about that as well.
I tried the second option from (you) GoodDayToDie: It is not possible to use Samsungs Registry Editor component from Root Tool after following the instructions (moved app to SD, deleted the two files, moved stuff from HACK-subfolder to its parent, moved app to phone memory; file "Non-Production Errors.txt" exists in Phone\Documents -- BTW: Is the file name case-sensitive?). The general registry editor from Root Tool works, but with this one it is not possible to write several important keys (e. g. MaxUnsignedApps).
After this I tried the first option: I can successfully deploy CustomPFD (replacing Preview for Developers by hand or with CustomWPSystem). But what to do then?
I tried replacing Preview for Developers with SamWP8, but the app won't start then (getting "Loading ..." for about ten seconds then it closes); also tried commenting some capabilities of SamWP8 and repeating, but has no effect.
Deploying SamWP8 or IO Explorer using application deployment tool obviously fails because of missing interop capability.
This is a fresh and clean installation of WP 8.1 Update 2 now if it should matter.
Any further hints would be appreciated.
My Samsung died months ago (spontaneous hardware failure; I wasn't even hacking on it at the time) so I can't test Samsung-specific things anymore.
The steps as described (by both you and me* *should* work - I assume you rebooted the phone afterwards - so if it's not then I'm confused. The registry editor in Root Tool is mildly terrible and sometimes gives error messages when stuff actually works, but if it's really not working then I'm not sure what you do about that.
As for unlocking all capabilities, that's going to take a little work. The hack used by BootstrapSamsung unlocks one capability, and technically it could be applied to *all* the capabilities, but it changes the registry value type and loses a couple of NULL bytes at the end of the value every time you do it, which is potentially going to break things if you do it to all the capabilities / leave the capabilities in that state for long.
For what it's worth, if you're willing to hard-reset, the OemSettings.reg method mentioned in a few other threads should work too. It requires writing to a normally-unreachable part of the file system, but the Samsung RPCComponent class allows you to do this. I haven't tested it, though, and it does require a hard-reset.
Im interested in this too
If it does not work then what to do if im on 8.1 update already?
@up
AFAIK path is
Unblock RPC Functions proved easy. You just need to create an empty file:
Phone \ Data \ Users \ Public \ Documents \ Non-Production Errors.txt
Click to expand...
Click to collapse
Maybe that's why it didn't worked if you put it just in documents.
I just want to change black/white background-color and accent color in registry. That's all.
Regards
GoodDayToDie said:
My Samsung died months ago (spontaneous hardware failure; I wasn't even hacking on it at the time) so I can't test Samsung-specific things anymore.
Click to expand...
Click to collapse
Ouch, too bad. Would be really useful to have your helping hands on getting this done.
The steps as described (by both you and me* *should* work - I assume you rebooted the phone afterwards - so if it's not then I'm confused. The registry editor in Root Tool is mildly terrible and sometimes gives error messages when stuff actually works, but if it's really not working then I'm not sure what you do about that.
Click to expand...
Click to collapse
I did reboot.
Is there an app with a basic registry editor out there so I could at least change phone manufacturer like I could with Root Tool (Root Tool doesn't seem to be available in the store anymore)?
As for unlocking all capabilities, that's going to take a little work. The hack used by BootstrapSamsung unlocks one capability, and technically it could be applied to *all* the capabilities, but it changes the registry value type and loses a couple of NULL bytes at the end of the value every time you do it, which is potentially going to break things if you do it to all the capabilities / leave the capabilities in that state for long.
For what it's worth, if you're willing to hard-reset, the OemSettings.reg method mentioned in a few other threads should work too. It requires writing to a normally-unreachable part of the file system, but the Samsung RPCComponent class allows you to do this. I haven't tested it, though, and it does require a hard-reset.
Click to expand...
Click to collapse
I tried to use ROMRebuilder, but it just gave me "Failed " when tapping "Backup". But with full file system access I copied OEMSettings.reg zip-file out of the known C:\Windows subdir, extracted the .reg-file, appended all the unlock stuff, repacked and put it back to its original place overwriting the original file (with Root Tool, because in Windows Explorer I didn't have the right to write - Root Tool told me it was successful. I didn't double check ). But after resetting (About - Reset phone) no unlock or access to C:\ was there. Looks like the stock ROM. What went wrong..?
Edit: Used CustomPFD for registry access. Looking at "This PC\Samsung ATIV S\Phone\Windows\Packages\RegistryFiles\OEMSettings.reg" I can see that it is the original file, not my modified one. Is this file restored from somewhere upon reset or did my copy action fail?
Edit2: Tried using vcREG_1_2_BOOTSTRAP (replaced Extras & Info). It gives me an error about missing ID_CAP_INTEROPSERVICES, so it can't do anything.
And CustomPFD can't write MaxUnsignedApp. :-/
Not sure if ROMRebuilder is smart enough to use Samsung's RPC instead of Nokia's for moving the file into place, but regardless it requires interop itself (at least, I'm not sure how it could work otherwise). Root Tool definitely requires interop in order to overwrite Windows files, although it can do so. For the record, for stuff like just reading files or registry values, you can use the (normal-caps) version of my webserver; might be a bit easier.
vcREG should work, assuming it supports Samsung RPC - I think so, but I haven't checked - and you use the whole app hijacking thing correctly. Did you launch the hijacked app after the installation? Pretty sure Extras+Info has interop, so that *should* work.
EDIT: Assuming that the Samsung RPC service is working at all. I don't know of any easy way to test that short of just trying to do things with it, though. I don't think they "fixed" the RPC unblock, though...
GoodDayToDie said:
Not sure if ROMRebuilder is smart enough to use Samsung's RPC instead of Nokia's for moving the file into place, but regardless it requires interop itself (at least, I'm not sure how it could work otherwise). Root Tool definitely requires interop in order to overwrite Windows files, although it can do so. For the record, for stuff like just reading files or registry values, you can use the (normal-caps) version of my webserver; might be a bit easier.
Click to expand...
Click to collapse
Okay, so it probably didn't replace the file at all but only showed a success message. Grmbl. Which file manager would you recommend for moving the file to its place or in general?
vcREG should work, assuming it supports Samsung RPC - I think so, but I haven't checked - and you use the whole app hijacking thing correctly. Did you launch the hijacked app after the installation? Pretty sure Extras+Info has interop, so that *should* work.
Click to expand...
Click to collapse
Ohhh, you mean if I started the app that's about to be hijacked before actually hijacking it? No, I did not. (Not sure what Extras+Info would do on a Ativ S...)
But I do have to?
Edit: Removed Extras&Info (with dummy.xap), installed it again, started it (it actually works) and replaced it with vcREG_1_2_BOOTSTRAP.xap. Started vcREG, but it still gives me "error initializing. check if you have correct permissions (ID_CAP_INTEROPSERVICES). registry functions disabled".
I've also deployed CustomPFD and original preview for developers to sdcard. I have access to the registry but can't write values
Have you tried to hijack Extra+Info permissions with CustomPFD? It does not work with original PFD but it may work with Nokia one. I can't find Extra+Info xap to test, sorry.
Ok tried to deploy ROMRebuilder and hijack original PFD permissions. ROM Rebuilder just crashes on start (no message) WP 8.1 14157.
Installed ROMRebuilder with deleting Capabilities from xap and deployed it from deployment tool.
Manually removed PfD with SD hack and replaced it with ROMREbuilder.
It starts but when pushing "Backup" it says FAILED
Jesus im so tired with this phone...
ROM flasher does not work at 8.1 x64 even with test mode..
Ezio21 said:
Have you tried to hijack Extra+Info permissions with CustomPFD?
Click to expand...
Click to collapse
Yes I have. CustomPFD doesn't start in this case (it does when I'm replacing Preview for developers).
cerebos said:
Edit: Removed Extras&Info (with dummy.xap), installed it again, started it (it actually works) and replaced it with vcREG_1_2_BOOTSTRAP.xap. Started vcREG, but it still gives me "error initializing. check if you have correct permissions (ID_CAP_INTEROPSERVICES). registry functions disabled".
Click to expand...
Click to collapse
Your phone can't initialize Lumia RPC.
So what can we do?
What apps are there that use Samsung RPC to write to the registry? I know SamWP8 and IO Explorer. Any more?
@cerebos
Huh im sorry but it seems that only one way to get that Interop unlock is to flash GDR3
I flashed GDR3 but there is NO WAY to unlock your phone anymore. WP 8.0 developer registration is down. You can't install developer unlock helper and can't interop unlock your phone.
Also because of Samsung firmware update you can't install custom rom on wp8.0
How to interop unlock WP 8.0 without developer unlock? Any way? Or we're locked forever?
As far as I know you can still use beta apps on windows store. Is there anyone with personal developer account reading and could upload Interop_Unlock_Helper_Debug_ARM.xap as BETA to the store and send me the link? I would be very grateful (
@-W_O_L_F- maybe?
We're in very bad situation now. Thanks for any help or advices
Based on the Posting here (by @-W_O_L_F-) it looks like 8.1 Update 2 can't be interop-unlocked. So I'll need to downgrade first.
Edit: Assuming vcREG could write to Samsung Registry is only true for a small set of values, it is never true for interop-unlock. For this you need a registry editor with Samsung's RPC components.
Hi guys,
I was recently reverse engineering a package com.huawei.autoinstallapkfrommcc and trying to understand what it is doing.
From what I could see it looks like this service after system boots up, is checking what mobile carrier you are using and then loads a list of packages from file autoInstallAPK.xml and then installs/uninstalls them based on mcc and mnc codes.
I am wondering if this xml file can be used to bypass device security. However I can't find it on my device.
Could you please check if you have a file at
Code:
[ROOT]/System/etc/xml/autoInstallAPK.xml
and share it if it exists there?
Check your
/cust/vendor/country/xml/*.xml
&
/preload/model/vendor/country/xml/*.txt
Look also for :
APKInstallListEMUI5Release.txt
&
DelAPKInstallListEMUI5Release.txt
Share back your tweaks and findings
oslo83 said:
Check your
/cust/vendor/country/xml/*.xml
&
/preload/model/vendor/country/xml/*.txt
Look also for :
APKInstallListEMUI5Release.txt
&
DelAPKInstallListEMUI5Release.txt
Share back your tweaks and findings
Click to expand...
Click to collapse
I don't have such folders, did you mean main partition? I don't have root so I am quite limited.
Maybe this config file is included only in roms which come from mobile carriers like Verizon, T-Mobile etc.
So far what I think this package is reading from that xml is:
* package name
* apk path
* action type (install, uninstall, disable, maybe others)
* card info (probably sim card info/ carrier info)
Then this data is being processed (atm I don't fully understand the process flow but in general it goes through each element (app) described in the xml list and takes defined action depending on the carrier you have). Ofc whole process is not started untill system is booted and sim card present/installed.
I wonder why Huawei have implemented such service. Maybe to make it easier for carriers to install branding apps on EMUI? Maybe this is only used to install carrier config package to. Can't really tell at the moment.
However I see a potential use case where someone uses buffer overflow or other vunerability to alter/overwrite this xml file. This could allow someone to install malicious apps on the device.
I am now analyzing bytecode of the part that is parsing InputStream from xml to see if I have missed something.