Database Users

SecurIt 1.1: Sim/IMSI checking opensource security for us all

I'm been working on this for a little bit now since I found all the existing apps don't work well in WM6 or don't work well in a custom rom. This is a open source program (as all of mine are) and I welcome help/donations/and comments. Bug reports will be helpful in this first release as I certainly consider this a alpha release at the moment.
What it does:
once setup at every boot it compares your IMSI number with the one stored, if it's a match it plays a little sound and that's it. If it's not a match, it locks the device and displays your email and a request to please get it back to you. It also send you the "new sim's" imsi and phone number via a SMS.
------------------------------
SecurIt 1.1 (BETA) by Shadowmite
------------------------------
TODO: Build in SMS rule filtering thus adding remote control
Lock out activesync connections?
Protect the datafile from being deleted, or keep a backup in registry.
NOTE: THIS DOES NOT WORK WITH CDMA PHONES!
Version 1 (BETA) Instructions:
This security applicatioon can run loaded normally via a cab file to your device, or via being cooked into a rom. It will require your phone able to run unsigned code (most roms at this site are fine in this regard). Furthermore it does require the .NET Framework so it's really for WM6 devices, WM5 will be more tricky and is left up to the user to figure out how to make it all work.
When first run the program resides in \windows and must run from there. If you ran the cab installer it will have created a shortcut for you into the Programs folder.
The application comes up with a form showing you the current device imei, imsi, and phone number. You need to enter a password (needed to disable security programmatically or change SIM info), a email you can be reached at my a "finder" of your phone, and a SMS phone number you'd like alert messages sent to. Once done click set. Finally, click Enable security.
The application then sets itself up to autorun upon boot and if the SIM matches, it plays a little sound file to let you know everything is fine. If the sim is found to have changed, it will lock down the device until a password is entered. Meanwhile it shows your contact email and has sent the alert sms to you with the new imsi and phone number.
If you enter the proper password the program will take you to the settings screen where you can reenter the password and make changes to the settings and resave them. Simply clicking enable security without making changes will keep the settings as they are.
Clicking disable security will remove the autorun entries and remove the data file the programs keeps at \windows\SecurIt.dat.
The data file keeps 5 lines, MD5 hashes of your imei, imsi, password, and also your email and sms phone number as plain text. Thus stealing this file does not enable retrieving the password or easy changing of the imsi. Deleting this file however would remove security. Furthermore activesync will still link to a locked device. Knowledgable people about these devices could therefore defeat this security, however it's goal is to keep the casual theif / finder out of the phone.
This program is a work in progress and I welcome help with modifications to it as well as bug fixes. Source can be found at:
svn://www.shadowmite.com/shadowmite/SecurIt
To cook this into a rom, you need 3 files. 2 of them need to be generated when you first install it like normal and set it up. Copy the SecurIt.dat from \windows and the SecurIt.lnk from \windows\start up to your rom as well as the SecurIt.exe file. It's that simple. Enjoy!
History:
1.1: Fixed all kinds of bugs causing security to crash with various sims
1.0: Initial release
If you like my work and would like to help insure I continue to have time for this, please consider a donation to: foglemATshadowmiteDOTcom

Shadowmite, thnx for starting an "opensource" project for this. I havent tried it yet, will try once I reach home.. But I had a cpl of suggestions\questions:
1. Why do u keep email and sms phone no in plain text instead of encrypting them as well?
2. Instead of storing config in a file, store the config in registry which lessens the chances of someone finding out about the prog and deleting the file to disable security.

nice work as usual...

shantzg001 said:
Shadowmite, thnx for starting an "opensource" project for this. I havent tried it yet, will try once I reach home.. But I had a cpl of suggestions\questions:
1. Why do u keep email and sms phone no in plain text instead of encrypting them as well?
2. Instead of storing config in a file, store the config in registry which lessens the chances of someone finding out about the prog and deleting the file to disable security.
Click to expand...
Click to collapse
number 2 is in the TODO list...

#1) we could encrypt them as long as it's not a one-way hash like the first 3 lines, however those are the bits of data we don't mind the theif/finder seeing afterall as they are the means to get the phone back to its rightful owner. I suppose we could hide them but the phone number will be on his next bill for sending it a SMS and the email is displayed on the locked screen.
And as walshy said, #2 is certainly on the todo, but locking our activesync connections is a bigger concern and I believe completely doable.

#1) we could encrypt them as long as it's not a one-way hash like the first 3 lines, however those are the bits of data we don't mind the theif/finder seeing afterall as they are the means to get the phone back to its rightful owner. I suppose we could hide them but the phone number will be on his next bill for sending it a SMS and the email is displayed on the locked screen.
And as walshy said, #2 is certainly on the todo, but locking our activesync connections is a bigger concern and I believe completely doable.
Click to expand...
Click to collapse
ok, and sorry abt the #2, I missed the TODO part..
Keep up the good work..I myself was thinking abt making smthing similar but now I think I'll drop my idea to make a different one, as this seems to be a better idea (opensource is always better )..
I hope I can make some contribution to the code if possible..

shantzg001 said:
ok, and sorry abt the #2, I missed the TODO part..
Keep up the good work..I myself was thinking abt making smthing similar but now I think I'll drop my idea to make a different one, as this seems to be a better idea (opensource is always better )..
I hope I can make some contribution to the code if possible..
Click to expand...
Click to collapse
What advantages does this give over "Mobile Justice"..another similar util...my rom has Mobile Justice cooked with it which makes it hard to remove.

famewolf said:
What advantages does this give over "Mobile Justice"..another similar util...my rom has Mobile Justice cooked with it which makes it hard to remove.
Click to expand...
Click to collapse
If you like that software and have it working properly use it. Maybe you'd like to post in every rom thread asking why not use some other rom while you're at it?

Shadowmite said:
If you like that software and have it working properly use it. Maybe you'd like to post in every rom thread asking why not use some other rom while you're at it?
Click to expand...
Click to collapse
I'm not using Mobile Justice which is WHY I asked what advantages YOURS had over theres for COMPARISON. If it had additional features I was going to recommend it for addition into XM6R3 (the next release of the current rom), but with an attitude like yours I won't bother with further review.

famewolf said:
I'm not using Mobile Justice which is WHY I asked what advantages YOURS had over theres for COMPARISON. If it had additional features I was going to recommend it for addition into XM6R3 (the next release of the current rom), but with an attitude like yours I won't bother with further review.
Click to expand...
Click to collapse
you dont bother with a review but bother with a slagging ... take your "fame" somewhere else...

Ok, for starters mine isn't based on assuming every device has a GPS built in (while technically being a Trinity owner I should go that route). I instead base mine on nicely locking down the interface so far with a polite message to get the device back to the owner. Furthermore mine is trivial to build into a cooked rom which was my main reason to write it. I tried every security app out there over the last weekend without any of them working "properly" and figured the best way to get one is to write one. In addition mine is open source, mobilejustice is not.
Now then, you said you're not using it... But the last post said you had it cooked in? WTF? Need some help deciding what you use and don't use?
my rom has Mobile Justice cooked with it which makes it hard to remove.
Click to expand...
Click to collapse
I'm not using Mobile Justice which is WHY I asked what advantages YOURS had over theres for COMPARISON.
Click to expand...
Click to collapse

Shadowmite said:
Now then, you said you're not using it... But the last post said you had it cooked in? WTF? Need some help deciding what you use and don't use?
Click to expand...
Click to collapse
1) The rom I currently have installed comes with Mobile Justice preinstalled.
2) I have not configured and am not currently using Mobile Justice
3) The author is currently taking suggestions for software to include in the next revision of their rom.
What part of any of those statements are you having difficulty comprehending?
Perhaps you and the gentleman from Melbourne should both grow up and quit reading an insult where one was not intended.

Well than back on track... Give it a try and see what you think. I really want feedback from folks outside the USA as I believe it will not properly catch your phone number of the "thief's sim" however if the sms works it should still get the phone number to you obviously.
The GPS coord. request feature is a nice one and will have to go on the todo list.

well, well, fights apart, what drew me to this app over the other apps was the opensource nature as mentioned by Shadowmite because I, like shadowmite, was not happy with the other apps doing things properly or just because I wanted somethings to be done differently..
@shadowmite:
1. I have a few ideas of getting "coordinates" and sending to the original owner even on non-GPS devices ..Maybe we can discuss some things later on once the basic structure of the app is ok.
2. Couldn't find the source code of the app on ur site..(May be am just one dim-witted dim-sighted git ) Please point me to it..

You'll need svn to get it, windows users: http://superb-west.dl.sourceforge.n...vn/TortoiseSVN-1.4.4.9706-win32-svn-1.4.4.msi
svn://www.shadowmite.com/shadowmite is my master repository for all projects.

cool, I do have TortoiseSVN installed at home..Will check it when I go back..

Will it sustain a hard re-set ? Dont think so.

@shailesh, for sustaining hard resets, it has to be cooked into the rom, pointed out by shadow on post 1..
I don't know if something else can be done for this (writing into ext rom is one option but that is not possible for most devices now)

Sounds like a great piece of software. And open source is a great idea too.
I did tried several others like this one (Eye on the thef, Ultimately Theft Alert ...) some features were still missing :
First an autoconfig method :
As already said, whatever your storage methode is (file or registry), you 'll everytime lose the configuration when a hard-reset is done on the device. The only one possibility i can imagine is to store your "installer" program on extended rom with the ability to add an external config (encrypted) file as a parameter.
Installation will be handled by the autoconfig process, using this external file. Config will probably needs to be stored on extended rom too. It's not peace of cake to create an extended rom, but easier that cook a rom.
This feature won't be very helpfull if there is no way to generate a config file automaticaly base on settings done by user : kind of export process.
On standart start/soft-reset, your program will run as it does actually, but when a hard-reset, is proceed, programm will reinstall unattented and will still be running after boot... No way to easily remove it. Bad effect is that it will also be difficult to update programm/config.
Secondly, i'd like to have the a way to "format"(or encrypt) a memory card remotely.
Do you thinks those could be part of your TODO list ?
Will try it on few next days and i'm ready to help you translating it in french

hi shantzg001,
thanks for replying,
My mistake, did not read the whole text.

Feature requests - give them to me!

Hey,
I am parsing a list of feature requests for the next update on touch innovation
Basically post whatever you want to see on there to make your browsing experience easier!
Thanks
(see sig for link)

not sure if you have this already
but how about a mobile version of the site where you can
easily download the cab files to the phone
-=edit=-
Sorry you have already something similar
Keep up the good work

Yeah I do,
It will automatically re-direct you if your on your phone! But this feature is to be improved. I am also recoding the website's html to make it more cross-browser compatible!
Another feature soon to come will be "Add applications LIVE to the website" where you can add a program, choose the category and it will add it, with of course lots of security such as only cabs and zips allowed, and it will warn you when you download a "User-submitted" application, that it is liable for virus's. But each and everyone will be checked by our admin team.
Any more ideas?
Thanks

Specific descriptions of what the programs are and do. The "copy and paste" of the author's descriptions aren't always descriptive enough to figure out what the programs really do or if they're worth a try.
The names themselves are good clues, but it's limiting.
I would also suggest taking out the narrative and simply write what the programs are. For example:
HTC Home Customizer:
"Do you have a HTC phone, that has the htc today plugin? No? Ah well doesn't matter because this programs automatically downloads and installs it for you, not only that.. but it lets you customize it to the tiniest detail.
Enjoy!"
Why not just say that it "The program customizes and if needed, installs the HTC Today plugin."
One sentence that says the same thing.
Or...
iContact - Burt Edition:
"Truburt has done it again. Yet more features, including:
- Improved scroll speed
- Improved search feature
- Lots of small improvements
- Lots of bug fixes.
Enjoy!"
This should be in the features section and a description of the program (it's differences to the others) should be there.
You get the idea. There's a lot of good stuff there, but I might just be the only one that have a hard time figuring out what the new programs do. It'll be obvious to a regular user, but to someone new, it'll be hard to figure out the difference between the three... four... five? iContact programs.
On that note, I suggest removing the old versions of Burt's iContact.
And maybe put the Main Features right under the Information section.

[APP][PRJ] MyDVD Collection - a Barcorama companion

Hey guys,
I'm delving into PPC development for the first time (have done other development in .NET but never for PPC). I'm creating an application called MyDVD Collection. It will be a handheld database for keeping track of DVDs/CDs/Console games. Now, what's going to make mine a little different than others like this is that I have designed it to work in conjunction w/ Barcorama. Basically, you'll be able to set this program as the external executable which Barcorama passes its scanned barcode to. It will then check your collection to see if you already own it, give you the ability to add it if it does not exist, and will eventually pull information from the Internet about that item and auto fill (as soon as I find a reliable way to do that).
So far, I have the basic database structure defined and have the screen built to view the items in the database, as well as a way to filter that view. Next is to build the entry form for adding items, and a basic search function. I should have an alpha version ready for testing soon. If anyone is interested in testing, please let me know.

[Q] Help disabling features on Windows Mobile 6.5 Professional

I am using a phone that has a Windows 6.5 operating system on it.
I wish to disable all the features on my phone other than GPRS connectivity,Wifi connectivity and Camera features.i.e.I shouldnt be able to make or receive calls,text anyone,play games,or use any other default feature.
Either it must be completely disabled or i should be able to give so kind of password protection to these features.
Please help me at the earliest,i require it for a project completion,and i am not able to figure it out as how this can be done.
Thank You in advance
i dont know whether this is the right place to post as i am a new user,so i am extremely sorry if i have made a mistake.

You should get a SIM card that only supports data access for your project. This will prevent any circuit switched (i.e. voice) features and linked services like SMS. There are also options to activate call barring features for a normal SIM (so you can steer what is allowed or not) - but his is then again part of the SIM card subscription (and can be used on any phone likewise).
There are no default options which could cripple your device in such way as you have asked for.

How to make changes in security policy of Windows Mobile 6.5 Professional?
i was browsing through the net and i found this matter:
4102
Unsigned Applications Policy
SECPOLICY_UNSIGNEDAPPS
This setting indicates whether unsigned applications are allowed to run on Windows Mobile devices. If a signed application does not have a matching root certificate in the Privileged Execution Trust Authorities or the Unprivileged Execution Trust Authorities certificate store, the application is unsigned.
You should always use SECPOLICY_UNSIGNEDCABS together with SECPOLICY_UNSIGNEDAPPS policy. This means that when you block unsigned applications from running, you should also block unsigned cab files from getting installed on the device.
Default value is 1 for Windows Mobile.
The following list shows the possible values:
0 indicates that unsigned applications are not allowed to run on the device.
1 indicates that unsigned applications are allowed to run on the device.
Any value other than 1 is treated as 0.
The required role to modify this policy is SECROLE_MANAGER.
i think this will help me as i can make the applications that i dont need as unsigned applications and then make it 0 which will serve my purpose...but i have no clue how to make these changes in my mobile..
Can u please help me with this???
the solution that is given wont work for me because if anyone changes the sim then the settings i require will change and thus the solution is not full proof. i also dont know i will get any sim dat only offers data transfer.
thank you for the quick reply and i am expecting the same in future too!!
Thanks in advance
Regards,
Sneha

Let me write you this last reply to your query, please do not expect any further from my side.
This forum deals with understanding restrictions and enabling previously hidden or restricted functions mainly - learning from each other's experience.
The subforum you have chosen (chef central) deals with understanding how the Operating System is constructed from packages and how these can be recombined to new (cooked) ROMs.
There is no intention to cripple the existing functions of the operating system itself or to restrict the Radio part of it in any way.
You may think that the snippet you took from a MSDN page delivers something you could use for your purpose (which you have not outlined) without understanding the security concept of Windows Mobile. This is quite complex and often (for simplicity) simply disabled completely on several levels - so no security either for whatever you want to do.
The existing packages of the OS do not have separate components that you could omit to disable your desired functions.
Even if so, these core packages of the OS are usually delivered as modules (another special concept of Windows CE/Mobile) that do not need any security or signing - so they run anyway without restrictions.
So finally good luck with whatever you want to do, but I believe that you cannot achieve this with a crippled Windows Mobile - at least not fool proof.

Hello Sneha,
Welcome to the forums.
Unsigned Applications Policy is totally different then what you are looking for. More info here. When enabled, you will be allowed to install or run unsigned aka untrusted apps.
But the inside apps or features are already signed so you cannot stop them from running by enabling or disabling Unsigned Applications Policy.
The really thing you need is to make a custom ROM, remove all the unnecessary things and flash it to your device(s). That means you should change/modify the built in OS (in a simple word) but you cannot do within the device
However, its not a day, week or even a month task. It takes many months to learn things and then you can finally do it. I'm 99% sure that all of your needs can be fully filled but :
1. Takes many months to learn.
2. You need to get the stock ROM, Modify and flash to the device.
BTW; which device you really have?
Thanks...
Best Regards

Closed environment is something that should be done in bsp: kernel to be precise. Also it is possible via custom certmod.dll.
BUT. Little problems:
1) no bsp sources unless you're OEM
2) no certmod.dll sources.

Please look at the initial request on the restriction of radio features. This is handled in the radio layer and this cannot be cut in pieces. So there are no components to sign/restrict/omit for that query.
Cooking can do a lot, but it does not go inside one component.
Cutting all other things may be feasible - but not for radio relevant parts imho.

tobbbie said:
Please look at the initial request on the restriction of radio features. This is handled in the radio layer and this cannot be cut in pieces. So there are no components to sign/restrict/omit for that query.
Cooking can do a lot, but it does not go inside one component.
Cutting all other things may be feasible - but not for radio relevant parts imho.
Click to expand...
Click to collapse
Of courses its a lot of work but its possible. Within the OS functions. Radio thing is just for input and output but the way its handled is under OS itself. Am I right or wrong? Think of removing packages depending to what you don't want.
i.e to disable messaging, Remove all things which are related to it. I'm sure you know it.
Though its a plenty of work and have to be expert so not messing around things.
ultrashot is right but if we had the source, every thing would have been different and even easy.

Radio is special and never dealt with in cooking. The Radio lower layers are treated with code in a dedicated partition (GSM) and accessed via an interface Layer (RIL = Radio Interface Layer) from the OS.
On top of that are applications like messaging or MMS - these can be cut.
I see no option to prevent e.g. only speech calls but allow data calls. On RIL level these are just different GSMBCIE elements (look up the relevent 3gpp specs). Of course you could find dirty ways to cut off e.g. the GSM speech codecs, but this would possibly not prevent to set up a call - creating cost but not having success when connected.
Tweaking these parts has not been of anyone's interest and thus "in theory" possible but hardly practically feasible.

How can i make changes on the OS?
Thanx a lot Cracing for the positive advice.I was planning to consult the OEM to make changes in the security policies.
I am working with the Synqe device .My main aim is barcode scanning and sending the data via GPRS or Wifi.and at the same time i want that all others connectivities and applications are to be deactivated.
Moreover i wish to restrict the usage of GPRS strictly for my application.
As u mentioned that i will have to make changes in the OS,will the OEM be able to do that for me or should i consult a good Mobile OS developer?

sneha6689 said:
Thanx a lot Cracing for the positive advice.I was planning to consult the OEM to make changes in the security policies.
I am working with the Synqe device .My main aim is barcode scanning and sending the data via GPRS or Wifi.and at the same time i want that all others connectivities and applications are to be deactivated.
Moreover i wish to restrict the usage of GPRS strictly for my application.
As u mentioned that i will have to make changes in the OS,will the OEM be able to do that for me or should i consult a good Mobile OS developer?
Click to expand...
Click to collapse
I see
Going with OEM should be better idea. They have the sources to do anything. Its not so easy for 3rd party Mobile OS developers (i.e here ). Need things and takes long enough to R&D and finish the project.
Hope you will find a good solution for your project soon.
Thanks...
Best Regards

C++: open file for writing in the LocalStorage

Hi guys, could you tell me how to open file for writing in the phone app LocalStorage for the non-unlocked handset (regular app for store)?
Code below doesn't work
Code:
FILE *tmp;
auto tmpPath = Windows::Storage::ApplicationData::Current->LocalFolder->Path + "\\tmp.txt";
auto tmpErr = _wfopen_s(&tmp, tmpPath->Data(), L"w");
Any suggestions?

Try looking though msdn articles. I found it somewhere in there. But I have forgotten it now.
Sent from Board Express on my Nokia Lumia 1020. Best phone ever!!
Note to noobs: DON'T PM ME WITH QUESTIONS. POST IN THE FORUMS. THAT'S WHAT THEY ARE HERE FOR!

@wcomhelp, please keep your rtfm advices for yourself, OK? I'm not a noob and of course I've searched msdn, google, codeplex, github etc. and so on before posting here. If you don't know how, much better be silent (like others who read this post but have no idea what I'm talking about)
I've tried a few possible methods including ugly "MS-way" with task & lambda syntax (see below) but nothing worked as it should be (code below works if no file exist and fails if file already exist - CreationCollisionOption::ReplaceExisting options is not worked/not implemented/buggy/billgates_knows_only ).
Code:
auto folder = Windows::Storage::ApplicationData::Current->LocalFolder;
Concurrency::task<Windows::Storage::StorageFile^> createFileOp(
folder->CreateFileAsync(CONFIG_FILE_NAME, Windows::Storage::CreationCollisionOption::ReplaceExisting));
createFileOp.then([=](Windows::Storage::StorageFile^ file)
{
return file->OpenAsync(Windows::Storage::FileAccessMode::ReadWrite);
})
.then([=](Windows::Storage::Streams::IRandomAccessStream^ stream)
{
auto outputStream = stream->GetOutputStreamAt(0);
auto dataWriter = ref new Windows::Storage::Streams::DataWriter(outputStream);
// data save code skipped
return dataWriter->StoreAsync();
})
.wait();
BTW, I've used workaround, to save ported C++ app data to the LocalSettings instead of text file (as it was in original code).

"Doesn't work" doesn't give us a lot to go on, troubleshooting-wise. Can you tell us what error you get?
Only thing I see in the code that looks a little weird is that the
Code:
"\\tmp.txt"
part isn't explicitly a wide-character string, but I'd expect string concatenation to take care of that.
Also, out of curiosity, why libc functions instead of Win32? Obviously, the code you're writing here isn't intended for much portability...

@GoodDayToDie, there is no error code at all - standard POSIX functions returns NULL FILE, the ::GetLastError() also return 0.
I'm porting old C-style app to WinRT platform and don't care about portability (but the first post code - just a simplified example, nothing more).
POSIX (libc) functions works pretty well for reading only but not for writing - that's the problem...
As I said before, I resolved my issue by workaround but still curious why the POSIX calls fails for file writing in the app storage.

buuuuuuuuuuuuuuuuh
No need for lambdas
https://paoloseverini.wordpress.com/2014/04/22/async-await-in-c/
You may also want to rethink your strategy
You can't create files at arbitrary locations, so your method is kinda redundant. All the locations you are allowed to create and read files to/from are available through KnowFolders and ApplicationData classes. These return StorageFolders which in turn can create files with CreateFileAsync (used for both creating and opening existing files) and get files with GetFilesAsync ( I recommend against this one though) and similar methods.

@mcosmin222, could you please re-read my posts one more time? I'm not trying to create files at "arbitrary locations"; I wanna create/write simple text file at the app's local storage (which one should be available for reading/writing). And the problem not in the lambdas or task usage (yes, it looks ugly but it works as it supposed to be).
Could you provide a working example instead of words? And I'll be glad to say you "thanks a lot"; can't say now...

sensboston said:
@mcosmin222, could you please re-read my posts one more time? I'm not trying to create files at "arbitrary locations"; I wanna create/write simple text file at the app's local storage (which one should be available for reading/writing). And the main problem not in the task (async execution).
Could you provide a working example instead of words? And I'll be glad to say you "thanks a lot"; can't say now...
Click to expand...
Click to collapse
Sure, just gimmie a few hours till I can get near a compiler that is capable of doing that

Of course, no rush at all, take your time. It's not a showstopper for me now (actually, my workaround with AppSettings is more preferable way - at least for universal app and roaming settings) but the issue still has an "academic interest" and maybe will be useful in the next projects for porting old C/C++ code to WinRT.

sensboston said:
Of course, no rush at all, take your time. It's not a showstopper for me now (actually, my workaround with AppSettings is more preferable way - at least for universal app and roaming settings) but the issue still has an "academic interest" and maybe will be useful in the next projects for porting old C/C++ code to WinRT.
Click to expand...
Click to collapse
hi
in vs 2015
#include <pplawait.h>
Something of the like should work
Code:
WriteSomeFile() __resumable
{
auto local = ApplicationData::Current->LocalFolder;
auto file = __await local->CreateFileAsync("some file", CreationCollisionOption::eek:penIfExists);
__await FileIO::WriteTextAsync(file, "this is some text");
}
However, as of right now, in VS 2015 RC, you have a host of limitations when dealing with this, but I do not believe this will be of any issue to you.
Code:
Cannot use Windows Runtime (WinRT) types in the signature of resumable function and resumable function cannot be a member function in a WinRT class. (This is fixed, but didn't make it in time for RC release)
We may give a wrong diagnostic if return statement appears in resumable function prior to seeing an await expression or yield statement. (Workaround: restructure your code so that the first return happens after yield or await)
Compiling code with resumable functions may result in compilation errors or bad codegen if compiled with /ZI flag (Edit and Continue debugging)
Parameters of a resumable function may not be visible while debugging
Please see this link for additional details
http://blogs.msdn.com/b/vcblog/archive/2015/04/29/more-about-resumable-functions-in-c.aspx
you should also note that this works with native, standard C++ types.

@mcosmin222, looks like unbuffered writing works (i.e. without streams) fine but it still not an answer for my initial question
I'm curious why the standard POSIX libc writing operations are not working on the app's local storage (but reading from files works fine). Actually, it's all about porting old C/C++ code for WinRT; of course for the new app it's not a problem but re-writing old code to FileIO should be a huge pain in the ass. What I did: I've "mechanically" changed all libc formatted outputs from file to string, and use LocalSettings class (actually it's XML file) to store that string (I'm planning also change LocalSettings to RoamingSettings, to provide settings consistency between WP & desktop app).
P.S. <pplawait.h> is not available in my VS 2015 (release pro version) so I've tested by using lambda pattern.

OK, first things first, LIBC != POSIX! The POSIX way to do this would be to call the open() function and get back an int as an "fd" (file descriptor), which is of course not implemented on Windows Phone because Windows Phone is not a POSIX platform (you might find the Windows compatibility functions _open() and _wopen(), but I doubt it). You are attempting to use the standard C library functions, which are portable but implement kind of a lowest common denominator of functionality and are generally slightly slower than native APIs because they go through a portability wrapper.
Second, sorry to be all RTFM on you but you should really Read The Manual (or manpage, or, since this is Windows, the MSDN page)! Libc APIs set errno (include errno.h) and use different error values than Windows system error codes (or HRESULT codes, or NTSTATUS codes, or...). Error reporting in C is a mess. If you were calling CreateFile(), you would check GetLastError(), but since you're calling _wfopen(), you check errno (not a function).

@GoodDayToDie, _wfopen_s returns 0 (i.e. "no error") but tmp pointer receives also 0 (NULL) Could you explain why libc file functions are working for reading (at the app installation & local data folders of course) but not for writing? Any logical ("msdn based") explanation? Or you just... don't know, heh?

sensboston said:
@GoodDayToDie, _wfopen_s returns 0 (i.e. "no error") but tmp pointer receives also 0 (NULL) Could you explain why libc file functions are working for reading (at the app installation & local data folders of course) but not for writing? Any logical ("msdn based") explanation? Or you just... don't know, heh?
Click to expand...
Click to collapse
LIBC functions will most likely work just in debug mode. The moment you try to publish the app it will fail. You can do lots of crazy stuff on your developer device with basic C functions, but if you try publishing, it won't pass the marketplace verification.
Most C APIs are simply not supported, since they do not comply with the sandbox environment of the Windows Runtime.
The code I gave you is tested with VS 2015 RC. You should be able to include <pplawait.h> just fine, if you are targeting toolchains newer than November 2013.

mcosmin222 said:
The moment you try to publish the app it will fail. You can do lots of crazy stuff on your developer device with basic C functions, but if you try publishing, it won't pass the marketplace verification.
Click to expand...
Click to collapse
Hmm... Are you sure or it's just your assumption? My app is still under development but (just for test!) I've made store app package for WP and it passed local store verification I also uploaded package to the store (via browser) and it also passed. I don't have time to create all tiles and fill all fields to complete beta-submission (actually, I don't know how to mark app as beta in the new dashboard) but for me it looks like app don't have any problem and will pass store certification easily. And you may be sure - it uses A LOT of libc calls 'cause originally it was written for Linux (or kind of UX system)

sensboston said:
Hmm... Are you sure or it's just your assumption? My app is still under development but (just for test!) I've made store app package for WP and it passed local store verification I also uploaded package to the store (via browser) and it also passed. I don't have time to create all tiles and fill all fields to complete beta-submission (actually, I don't know how to mark app as beta in the new dashboard) but for me it looks like app don't have any problem and will pass store certification easily. And you may be sure - it uses A LOT of libc calls 'cause originally it was written for Linux (or kind of UX system)
Click to expand...
Click to collapse
Once usage reports get up to microsoft, you will be given a notice to fix the offending API (happened to be once). You are much better off using the platform specific tools: not only they are much faster, they are also much safer and you won't have problems later on.
You might get away with reading stuff (since reading is not that harmful), but you should be using the winRT APIs each time they are available.
Simply uploading your app to the marketplace just reruns the local tests in their cloud servers: once you submit the actual app (not beta, not tests) for consumers, it will be much more aggressively checked. This is because the store allows specific scenarios for distributing apps in close circles that may break the usual validation rules.

@mcosmin222, one more time: is it your assumptions or personal experience? I don't know how many apps you have in store (I do have a lot) but I never heard that you said. I've used C++ libraries with WP hacks in some of published apps but never had any problem with "aggressive checks". What I know: if you are using some "prohibited" calls, your app will not pass uploading to the store (uploading, not a certification).
P.S. I'll send you personally a link when I publish release Hope, you'll like it

sensboston said:
@mcosmin222, one more time: is it your assumptions or personal experience? I don't know how many apps you have in store (I do have a lot) but I never heard that you said. I've used C++ libraries with WP hacks in some of published apps but never had any problem with "aggressive checks". What I know: if you are using some "prohibited" calls, your app will not pass uploading to the store (uploading, not a certification).
P.S. I'll send you personally a link when I publish release Hope, you'll like it
Click to expand...
Click to collapse
By "hacking" you mean recompiling the code to fit the windows phone toolchain? if so, then you shouldn't have to worry about too many things.
but even so, calling stuff like fopen in locations other than local storage will get your app banned. Even if it makes past the first publication, you can get noticed weeks later or even months (yes, it did happen to me personally).
In most cases, calling C APIs that can potentially break the sandbox (like opening a file in doc library with fopen) will always fail the marketplace verification, eventually. If it hasn't happened to you yet, then you may have not been using such APIs.

No, my C++ code is not accessing other than approved locations but the app has a lot of libс (and of course other C/C++ libs) calls; I'm 99.9% sure it's legitimate and will be not a source of any problem. Otherwise what is the advantages of having C++ compiler?!
As far as I know, just some of API's are prohibited but you will notice it right after local store compatibility test run...
As for "hacks" I mean usage of undocumented ShellChromeAPI calls (including loading hack).
P.S. I've found why <pplawait.h> header is missing. Initially I've created solution with the 12.0 toolset but now I can't (or don't know how to) change it to 14. However creating the new empty universal solution in VS 2015 also gives me toolset 12 by default. What is the toolset 14 for? Windows 10?

sensboston said:
No, my C++ code is not accessing other than approved locations but the app has a lot of libс (and of course other C/C++ libs) calls; I'm 99.9% sure it's legitimate and will be not a source of any problem. Otherwise what is the advantages of having C++ compiler?!
As far as I know, just some of API's are prohibited but you will notice it right after local store compatibility test run...
As for "hacks" I mean usage of undocumented ShellChromeAPI calls (including loading hack).
P.S. I've found why <pplawait.h> header is missing. Initially I've created solution with the 12.0 toolset but now I can't (or don't know how to) change it to 14. However creating the new empty universal solution in VS 2015 also gives me toolset 12 by default. What is the toolset 14 for? Windows 10?
Click to expand...
Click to collapse
The advantage of C++ is the obvious versatility: the standard C++ APIs will work fine for you as long as you stay inside the sandbox (this means you can't access files even in locations that are outside of sandbox but you have permission to them, such as music library). You can use most classic C/C++ libraries without issues as long as you do the interface with the runtime broker yourself. That means using windows runtime APIs instead of classic C APIs when dealing with stuff such as file access, for example. This is a pretty extensive topic and It is rather difficult to explain it all with 100% accuracy, especially when there is lots of docs running around.
You also get deterministic memory management, which is huge in specific scenarios.
Long story short
You will be fine with standard C/C++ when using
any in-memory functions supported by the compiler (you can manipulate data types, string, mutex, etc).
File IO in isolated storage only (applicationData folder)
Threads (although you are better off using threadpool or the like, it is much easier and cleaner). You can also use futures, and std::this_thread.
You will have to use winRT replacement
File system access in any other location than application data (you must use the windows::storage APIs)
sockets, internet access and the like.
any hardware related thing: music&video playerback must be interfaced through winRT (although the underlying decoders can be classic C/C++), messing around with the device sensors.
Retrieving system properties (internet connection state etc)
cross process communications
communicating with other apps
There are also win32 equivalents
mutex, threading, fileIO (isolated storage only)
Media playback with custom rendering pipeline.
Basically, winRT functions as an abstraction layer between the hardware and your code. You can use classic C++ up to the point where you need to interact with the system in any way. At that point, system interaction must be done with winRT. This way, microsoft ensures a higher degree of stability and security for devices.
check this link out for more information on the toolchains. You should be able to use this in VS 2013 as well with windows 8 (this is a compiler feature, has nothing to do with supported platform)
https://paoloseverini.wordpress.com/2014/04/22/async-await-in-c/