Protect You SOFTWARE - Windows Mobile Development and Hacking General

I know it is almost impossible to produce a software that is fully protected. In this I would like to share my experience in protection.
I developed a program that works in PPCPE and I have made a very good protection system….. I think
The protection system works as fallows:
- when the software is first install it capture the date of the installation
- it reads the device ID
- it ask the user for the program serial number
- I have two way of registering the system either through an SMS or through the web using a GPRS.
- The software combines the three number together using some equations to make it almost impossible to find out what I am collecting… also I use an equation verify if the serial number is OK since we are using SMS and it is very costly to send SMS that contains a wrong serial number
- When the user chose the method to register the number is send to my server and the server send back the activation key to the user PPCPE
- The PPCE will read the SMS and delete it and store this SMS in the database …
The above is to get the activation key
In the software the activation key is produce and I use “if statement” to compare the activation key which is stored in the data base and the one the software produce if they are the same it will execute otherwise it will stop execution
To make it very difficult for the hacker I use pointer in the program and in these pointer I add the protiction key to it and subtract the key the program produce to make the additon equal to zero if the two key are the same
The pointer point to each button and each menu item in the program
I hop this information will help and I welcome any comment

Hmmm, sounds nice...but is it worth all the trouble...especially the SMS route could complicate things, no?
Besides, with good debuggers is it not possible to NOP the check section or jmp it, applying a patch?
I would opt more for a good packer such as Armadillo, and protect it that way. It will obfuscate the code, has debugger protections built-in, splits codes and destructs IAT. Additionally, you could add nanomites to make unpacking even harder. Then use a simple license key system.

Yes you are write .. a good hacker can do that …. But
If you use the method of pointer it is almost impossible to get any thing out of the program and it will be use les for any body to use it
And also it is almost imposable to hack it

But armadillo is only available for x86 Windows. But your message is right, HappyGoat.

pointer protection: piece of cake!
Well, the pointer thing as you describe it does not sound too difficult to hack.
You said your software will take the address for a pointer, add the key the user has entered, and substract the one the program has computed so that it equals to zero.
So, this means that the shift is always the same, so if you can get the entry point for any button, you know which value to add to the key generated by your software. Since you don't obfuscate the code this is a matter of minutes to hack this. :roll:
UL

Re: PROTICT YOUR SOFTWARE
As an old cracker I can tell you that this algo would not be difficult to crack. You are not using EXE file encryption, anti-debugging, integrity checking, and other tricks that are used in good protections like ASProtect. They would take some hours to bypass. And playing with pointers can stop only kiddies. UnlockMe said why.
If a cracker would get one valid question-answer pair, he'll easily convert any program to a fully working version. And your code can be cracked without this knowledge.
- The software combines the three number together using some equations to make it almost impossible to find out what I am collecting…
Click to expand...
Click to collapse
Funny. Why should the cracker try to "find out what I am collecting"? Why the cracker should be bothered with all this ****? There are easier ways.
also I use an equation verify if the serial number is OK since we are using SMS and it is very costly to send SMS that contains a wrong serial number
Click to expand...
Click to collapse
Costly SMS? Even in Russia you can get free SMS subscription. I have free SMS + free GPRS + free incoming calls.
Your protection has at least one very thin part that makes it useless. I've seen the similar ideas before. But I would not tell you
And remember:
If it runs, it can be defeated. (c) +Orc
Click to expand...
Click to collapse

It is very nice to see people participates in a subject. I find it very interesting. And very helpful
I am not going to tell what I do but I am given a point to start to programmer
Chatty
Thanks for bringing this point. I can not find it also
UnlockME
I think it is very difficult to hack.
Imagine in my software I have 36 button and menu item. Each of them has a pointer. Let us say button one has a pointer value equal to 11675 let say it is stored in ptr
My key is 123456789 .. let say it is stored in a string str1
The key in the program is 908070605040302010 …… I use more encryption than that but this is just a demonstration
And let us say it is stored in str2
When you address the button you address it like this
Ptr = ptr – (str1[1]-str2[17])
As I mention I am not going to reveal the protection that I use.. I am only giving a point to start
There is more thing in it I leave it to your imagination ..
Mamaich
In my country each SMS cost the mobile owner 0.1 USD … I am not going to cost hem moony for a wrong entry
…….
I think I know what you are thinking …. If the key is produced in the program I can hack it … I hope the above example clear thing up
……..
if you know any EXE encryption or anti debugging software I will be thankful
……..
thanks every body for your replay
-------------------------
pleas remember I am not Claiming that my sAlgorithm is anti-hacked …. It is only an algorithm for protection that I came with

wwb95, I'm not going to disclose in this forum how to actually hack an exe, but what i can tell you is that pointer-based protection will only stop kiddies as Mamaic says.
a hacker is not always a bad guy, though often they use their knowledge for such purpose, but it is before everything a guy that has an extensive knowledge of development tools, operating system, memory management, ...
I can tell you that if you are going to protect your software with this pointer thing, please send me a link I'll be only too happy to provide it for free to the community with a working "yes-code". 8)

wwb95 said:
When you address the button you address it like this
Ptr = ptr – (str1[1]-str2[17])
Click to expand...
Click to collapse
I'll assume that (str1[1]-str2[17]) is always a constant for all Ptrs. Then you can easily find an original button handler (don't ask me how, newbies can check all function addresses, gurus can just look at the code, I'll use a different method), calculate this value and patch a program or write a keygen. And if it is not a constant - the process would not be much more difficult.
if you know any EXE encryption or anti debugging software I will be thankful
Click to expand...
Click to collapse
I don't know any existing protection. Long time ago I was developing such a project, but due to a lack of time and no investitions I've dropped it.
Here is a crackme - http://mamaich.kasone.com/wz/crackme.rar
and a pre-aplha of protector - http://mamaich.kasone.com/wz/protector.rar
It can compress&encrypt ARM WinCE DLLs and EXE files, has minor anti-debugging tricks and primitive import/export/resources encryption. And thats all that was done. No API, no stolen bytes, no on-the fly decryption, no integrity checking, etc.
I would not publish its source codes nor continue the work.

My advice: give up trying to protect your app. It can't be done; anything can be cracked easily. You're only going to piss off your users when the complex reg scheme starts introducing bugs and instability.
All you really want to do is a simple registration scheme. You have to rely on people's honor.
At Airscanner we wrote a book showing how to crack software, with a couple of chapters on ARM-based cracking for Windows CE. But you can get more info, and better, for free at Kaos' website:
http://ka0s.net/
It has everything you need to get started in Pocket PC reverse engineering.
By the way, it's good to see +ORC referenced in this forum. Mamaich do I know you?

airscanner said:
By the way, it's good to see +ORC referenced in this forum. Mamaich do I know you?
Click to expand...
Click to collapse
Some time ago I was a regular poster on www.reversing.net and www.reng.ru and reader of fraviamb. Now I don't have time for that.
Maybe you've seen my name in "thanks" sections of some tools.

ZXEvil why are you posting that link on multiple topics? What is that file?

Related

Question about registry entries in the Kitchen (PHP help)

XDA-dev guys, We need help.
Ok, We have right now, a Kitchen working with a couple of cool enhancements, we have acomplished to install, from the kitchen, some commercial programs, like Resco Explorer 2003, SPB Pocket Plus, and others. And we want to make this kitchen available to the public, so everyone can download their custom ROMS with these cool programs, but of course, for legal purposes, we can't just post them like that, already registered versions of programs.
We have an idea, basically what we want is a the text field provided under each program, (kind of the same as thing as the "NBF header string" that is at the bottom of the regular kitchen). This text entry would be each user's own serial (entered by the user). This would create a registry entry file which will put the fields in and then merge it into the rom, in that way the user would be able to use the programs and would not have to worry about the Serials anymore.\
In short, A text field in the webpage, under each program choice, so the user can enter his/her own serial number. With this text, it will generate a registry entry automaticly in the ROM generator, so The program is registered from the ROM, and the user is free to use its own program directly from the ROM
We have the progs working fine from the ROM, but we are using our own serials, we want each user to enter its own, so everyone is happy, and we don't get in trouble giving away software that is not ours for free.
Any help would be appreciated.
So what exactly do you need help with?
i'm a webdesigner with knowledge of php so maybe i can be of asistance.
Rico
exactly what I want is how to create a text field where people can enter their serial and this entry will generate a registry file that will go to the creation of the ROM, and to register the programs installed.
Sounds like you need a form with multiple text-fields targeting a page where these textfields are converted to registry entries.
maybe we could mns about this. that would probably speed things up.
or mail me @ [email protected]
Rico
The textbox feature in the current kitchen can put the literal typed string anywhere in the registry. Have you looked at how it works?
If you need more, you could write some php to do that. You'd still need permission to distribute the included programs though. Easy way to get this permission is to become a point of sale: you would point people to the place to buy it if they did not already have a serial. Could even make you some money through these affiliate programs.
Thanks guys. kenofalte, i might need ur help with php. I'm not a good programmer. I'll try to do it myself but in case i get lost.
alex
Most SPB and Resco programs come with the Trial versions that you can use for 14 days etc. that can later have a registration code entered... can't you setup your custom kitchen ROM with these different Trial versions instead and then whoever burns their own ROM can pick and choose what they want, burn it, and when setup and finished, they can enter their own code then? Just a curiousity. I am not sure about the permission to distribute the programs then? Either way, just a thought.
Regards,
mS
that's another option. i just wanted to make it so that they can register it during the "cooking" process. otherwise everytime they do a hard reset they have to re-register the product.
alex
Alex
just mail or msn me at the previous mentioned e-mail.
We will make it work.
Rico

Anti theft apps available?

I'm looking for an anti-theft app. I don't know if it exists yet.
Is there an equivalent to the symbian phone apps "Anti-thief" or "EzProtect"? It has some nice features to let your pda "phone home" when someone is tinkering with it, or you can remotely disable your pda by sending a password though sms.
I've been searching over the net and found "Kill-pda" but that can only erase the device completely by sms. Thats a bit overkill :lol:
I hope someone knows, because i learned the hard way that you really need an app like this. My phone got stolen once and I got a Huge A$$$ bill for calling to egypt en italy
edit: I found this description for EzProtect:
The application sends an SMS to your specified number as soon as the SIM card has been changed. By this way, you receive SMS on your friend's (or whoever's number u defined) cell with the thief's cellnumber and SIM number (IMSI) so it becomes very easy to track the thief.
I definately want an app that can do this. And I can imagine a lot of people wanting it too.
There was a discussion about this on HoFo in Oct ober when people first started receiving their Wizards. I think BTT (BeyondtheTech) mentioned something about it. I'll see if I can track it down this evening.
It certainly would be cool.
Check this out! http://www.ppcsg.com/index.php?s=0c0cedfa906ae1b85f844fb7b497def6&showtopic=65021
Hope this works. I have not tried this myself.
Thanks a lot for your help, but that was the program i mentioned in the threadstart "PDAKill".
The only thing it can do is erase the device completely when you send a sms to your pda containing a predifined password.
But when the thief takes out the simcard and puts in his own, then this program would be useless.
Guys, if I've seemed distracted for the last few days, this is why:
I've been working on a program called VJAccioPhone.
It is used to detect if your phone has been stolen and to permit remote use of the stolen phone. Your phone doesn't have to be stolen, eg if for some reason your wife is likely to discover your "niece's" affectionate messages to you, you can send a password protected remote keyword to format your phone and hardreset it. I'm sure you can think of better examples!
It's an expansion of some code I wrote for my unreleased plugin, VJEphemeris, which you can read about here. The release version allows you to do pretty much anything you can do with the phone when it's in your hand, all remotely. Destructive and constructive control.
This is a pre-announcement. I don't like preannouncing, but unfortunately this week I've been on a very limited programming quota due to the ministrations of my better half. So although the code is finally finished, it's being beta tested while I'm away on holiday. If all is well when I get back next week, hopefully I'll try to get it released!
Don't tell anyone else, but you can read about VJAccioPhone and see screenshots here. Please note, and don't ask, there is no download available at the moment.
V
Aside from that a program like this would be very handy, and I'm quite curious and will keep an eye on it myself, I advise everyone to activate the pin code on their simcard, and always call their mobile operator as soon as the phone is stolen so they can block your number to avoid getting high bills as the topicstarter said... You should also be able to get your number back easily by requesting a new sim card and having your mobile number set to that simcard again.
This may seem obvious to some people, but I just wanted to post it anyway since a lot of people are still not aware of these simple ways to protect yourself.
Absolutely true; in England, the police aren't interested in persuing phone theft, but for you own benefit, you must always have your IMEI blocked and the phone reported stolen immediately to prevent you being charged for calls.
VJAccioPhone will be able to report back to you even if the IMEI has been changed or it's being used abroad etc. It's more for protecting your data on the stolen phone then getting the phone back. Frankly, any thief would do better to throw the phone away then persue cracking strong protections. Stolen phones are easy enough to come by! However, at least a nice passer by might be able to get in touch with you!
V
Sounds great! Would it be possible to enable the phone ID (Where you can enter your name and contact details) thought this might be good if it was ever found (or part of the hard reset).
Wauw, this is great stuff Vijay!
If you need a beta-tester on the wizard platform, i would highly recommend myself
This would be excactly what everyone needs 8)
Would it be possible to save the configuration settings? Because my idea would be to include the cab file in my extended_rom, and thus make it install itself even after a hard reset. This would mean that the configurations settings also have to be loaded after the hard reset.
Keep up the great work Vijay
frigit: if you mean enable password screen, yes, should be no problem. however i'm thinking of writing a better custom password screen using some strong encryption, with optional destruction on failure.
leploep: of course, it's designed for extended rom etc. right now protection works as a ta k, for the demo, but i'll be writing protection into an invisible app. Remote control is already complete and works transparently when triggered, so the thief won't even realise what you're doing ie there's no sign of the control smss being received to the thief.
eg you can background call the police from the stolen phone
more when i'm back from holiday next week!
v
This is starting to sound like a killer app - pun intended 8)
I'm in for sure when you get this finished, Vijay!
Already finished for the demo version!
kept me quite busy, developing three intersecting programs, like playing chess! but they all seem to work ok. a friend is testing it hopefully this week then i'll see what i can do for wider release when i get back...
v
Well vijay555 , you can put me on the list of very interested persons on buying this soft.
Cheers mate.
vijay will this work on all the wm5.0 devices??
i.e. I have the pda2k with wm5.0 and have been looking for a prog like this since i got my device, also is it possible to keep this program after hard reset ?? as you know if a hard reset is done the data is gone, but the user now has an expensive device to start playing with
it's not been tested on wm5 at this time, actually because the guy testing has a wm2003 motorola - gulp! but everything i write is normally wm5 & wm2003 now. there is no reason why it's not wm5 compatible but i'll ensure it is before release. i can certainly say, to my pain, the hardReset keyword is very wm5, i activated it by accident in testing.
retaining it after hard reset is only possible, as far as i am aware, by using a custom ext rom or rom.i've not tried it on my magician or universal, but hopefully your device in particular ext rom customisation is possible. at this time it uses registry & normal exe/dll files to run, so no reason it can't be ext rom'med. hopefully this will be confirmed in testing shortly.
if anyone can think of any particularly useful remote keywords to incorporate drop me a line. as it is, the full version will permit remote .exe launching so it can do pretty much anything
v
a lot of us have paid an arm and leg for our devices so having that extra peace of mind,knowing that if your device is nicked your going to make it as hard as poss for the theif to try and profit from your loss.
vijay all the best mate so far your app looks very promising iv got the exec running WM05 so if you need a beta tester let me know LOL
and guys if you report your phone as lost make sure your service provider is also going to blacklist the device!
I work for Vodafones in a call centre in the birmingham, UK,but the amount of customer services that is outsoursed to other non vodafone call centres based here in the UK its unbelievable! the amount of complaints I deal with and customers accounts that I come across where the outsourced twats
will admin bar your sim card but not blacklist the handset!
anyway I'll keep my eyes open for any more theftbashing apps and will post on here.
N2h said:
I work for Vodafones i
Click to expand...
Click to collapse
But have an O2 phone.....
Whow V.
Looks very very promising.. !
Great Job man :!:
i'd be happy to check it on my devices :wink:
Cheerz
lol mcwarre
even with our staff accounts we can't get the pdas as they are only available for busniess customers to be honest with you don't know why vodafone is stupid enough not to sell to normal consumers its the biggest network in the uk,
the staff phones we do get we gets 12 months line rental free lol
annnnd from all the universals I think the exec with its black shell looks the most stunning-the white shell devices just look a tad bulkier! lol

Capture Voicestream to encrypt calls

Is there anyone who has done this, kind of like recording the phonecall... Though my query is slightly more advanced, I would like to see a Crypto program creating secure phonecalls using WM5...
So we would need to capture the datastream incoming(to decrypt) and outgoing to crypt, this creating a nice safe way to talk to your...friends... Anyone else up for this project?
Or any feedback on the concept?
...and...
i dont think its only me intrested in this so ill send this source code aswell from a company that works from a PC via isdn... This company sells cellphones with encryption...
http://www.cryptophone.de/support/downloads/downloads.html
Dont know if this could help in the initial stage?
Ps.
A similar software does exist (180 dollars per phone + all your details are sent to australian gov) www.securegsm.com
Anyone up for the task?
Re: ...and...
it is impossible to intercept the audio data coming through PPC unless your hardware is specially designed for it and it provides you a specialized API for doing that. All crypting software encrypts calls via doing CSD calls and senging data. There is another program - www.cryptophone.de
this looks like a HTC anyway...
http://www.cryptophone.de/products/CP220/index.html
???
Then how can secureGSM do it in a software made for any WM5?
So theoretically i dont think there is a problem there....
SecureGSM is an end to end app, which I suppose all such apps would have to be.
As such, it almost certainly doesn't need to pick up the phone/modem audio path (which as Mamaich says, seems to be impossible without a particular hardware implementation), but just use the normal microphone and loudspeaker recording/playback functions.
V
AddeBC,
Vijay is right. SecureGSM is working on the same principal as criptophone.
Establish a modem connection between two devices running the same software run a negociation with the network (v.110 is much faster then v.32) start a data connection with the other dude...the stream that the mic receives is encrypted and sent over to the other party there the software decrypts the stream and plays it troughout the speaker.
There were quite a few threads regarding csd connections between phones so could start from there.
The only thing that you're going to miss in this deal is the logistic for selling the software + phone.
Cheers,
Raul
I often thought of adding this as a feature of GSMbeam but I just can't think when I would ever really need it. It would be cool to communicate without the possibility of Big Brother knowing what is said, but what would you say?
To sell this kind of software may also bring you in contact with undesirable groups, criminals or terrorists are propably in need of good voice call encryption.
To do this it will have to have a reletively low quality of sound because of the poor data rate on voice calls. How would one go about encoding the sound to data? Are there any off the shelf open ended codecs for this purpose or would the work need to be done from scratch?
OdeeanRDeathshead said:
......To sell this kind of software may also bring you in contact with undesirable groups, criminals or terrorists are propably in need of good voice call encryption....
Click to expand...
Click to collapse
as per SecureGSM FAQ:
http://www.securegsm.com/pages.php?pageid=16#4
Is your software designed to support criminals and terrorists?
Absolutely not! We do not condone any such activities, and take extreme care to ensure that our products are used to prevent, rather than encourage criminal or terrorist behavior.
AddeBC
AddeBC said:
A similar software does exist (180 dollars per phone + all your details are sent to australian gov)
Click to expand...
Click to collapse
End User Details are being collected as part of identity verification procedure.
First name, Second Name, living address, phone number and contact email address. I suppose, this is standard practice. We do not support criminals and terrorists and would not sell if in doubt.. At the same time our software does just what is says to do: encrypts phone conversation end to end to the military standards and beyond.
It is buyer's resposibility to provide correct information on the order form.
see this page for details:
http://www.securegsm.com/pages.php?pageid=26
Also, I suppose providing end user information to the Australian Government does not automaticaly lead to the conclusion that SecureGSM is flawed or insecure, has master key, back door or leaving any other way to interfere with contents of SecureGSM encrypted conversation. And no! Big Brother does not know what is said..
Any way, if terrorists or any of the countries listed there want call encryption they would not trust their lives to someone elses software. I am sure they are smart enough to write their own.
As for the laws governing the sale, that just makes me mad. I do not trust John Howard, I think I should have the right to a private conversation without registering it with him. I guess that is the beauty of computers. Computers make the world go round and its the size of your brain that gets results not politics.
Well, for a less.. 'big brother-ish' scenario, I would, personally like to have my line phone to be encrypted, as it is way much easier to have someone bugging your phone line.
However, for a cell/mobile phone, it is relatively difficult for amateur people to bug it, right? What are the chances that someone around you that is interested on your conversations, is capable of intercepting your mobile/cell phone calls.
Raseac Secure Phone - for WM 2003 and WM 2003 SE
This looks worthwhile! Downloads are available from the website for testing.
[Also, as a side note, I have been in touch with Phil Zimmermann, the creator of PGP, and lately of Zfone (crypto SIP phone for XP/Linux/Mac), and he says he realizes the importance of the Pocket PC platform and is considering ways of implementing Zfone for Pocket PC.]
Code:
http://www.raseac.com.br/
Encryption system for end-to-end secure voice communication. It was developed to be used in palmtop computers running Microsoft PocketPC 2003 e 2003SE (Intel).
When installed in a palmtop connected via modem to a telephony system (fixed or mobile), it allows your company and your business a secure means of communication anywhere around the world.
Since Raseac encryption technology was developed for high capacity processors, it allowed for the implementation of state of the art security, featuring:
* Exceptional sound quality;
* 256-bit encryption key;
* Encryption technology based on the Rijndael block cipher (AES);
* CBC, Random IV, Time Stamp, Integrity check by MAC/SHA-256;
* 100% protected against "man in the middle attack";
* No backdoor.
Need for secure phone line; the brazilian site and others
Well, I'd say that common people don't have much to worry about being tapped... Usually, nothing that sensitive is talken EVER over line.
Things begin to change when you are involved with something sensitive, be that legal or not. Most of the guies who work with corps, above management level may have some need from time to time, to be contacted that way by a superior. From director and up, depending on what kind of business the company is into, it IS a must!
People who work with security, government and other agencies may need it. As already said, people who work with barely legal to blatantly criminal stuff are always in need of such trappings. I think terrorists end-up on that class.
Equipment, hard and soft is always expensive and cost prohibitive for most of us.
Paranoid, techno-junkies and just curious people may want it, just to have.
Since I fit two or three of the said categories, I would like to put a program like that on my cell phone...
Just for the sake of having it there!
(mind you! Curious, telecom and management+ position...)
That said, a basic voice scramble-de-scramble program is OK for me!!!
(the more open-source, the better!)
About the brazilian company, they changed the site's name to secvoice. I tried to have a look-see on their specs but they ignored my e-mail and so I've done with it.

SecurIt 1.1: Sim/IMSI checking opensource security for us all

I'm been working on this for a little bit now since I found all the existing apps don't work well in WM6 or don't work well in a custom rom. This is a open source program (as all of mine are) and I welcome help/donations/and comments. Bug reports will be helpful in this first release as I certainly consider this a alpha release at the moment.
What it does:
once setup at every boot it compares your IMSI number with the one stored, if it's a match it plays a little sound and that's it. If it's not a match, it locks the device and displays your email and a request to please get it back to you. It also send you the "new sim's" imsi and phone number via a SMS.
------------------------------
SecurIt 1.1 (BETA) by Shadowmite
------------------------------
TODO: Build in SMS rule filtering thus adding remote control
Lock out activesync connections?
Protect the datafile from being deleted, or keep a backup in registry.
NOTE: THIS DOES NOT WORK WITH CDMA PHONES!
Version 1 (BETA) Instructions:
This security applicatioon can run loaded normally via a cab file to your device, or via being cooked into a rom. It will require your phone able to run unsigned code (most roms at this site are fine in this regard). Furthermore it does require the .NET Framework so it's really for WM6 devices, WM5 will be more tricky and is left up to the user to figure out how to make it all work.
When first run the program resides in \windows and must run from there. If you ran the cab installer it will have created a shortcut for you into the Programs folder.
The application comes up with a form showing you the current device imei, imsi, and phone number. You need to enter a password (needed to disable security programmatically or change SIM info), a email you can be reached at my a "finder" of your phone, and a SMS phone number you'd like alert messages sent to. Once done click set. Finally, click Enable security.
The application then sets itself up to autorun upon boot and if the SIM matches, it plays a little sound file to let you know everything is fine. If the sim is found to have changed, it will lock down the device until a password is entered. Meanwhile it shows your contact email and has sent the alert sms to you with the new imsi and phone number.
If you enter the proper password the program will take you to the settings screen where you can reenter the password and make changes to the settings and resave them. Simply clicking enable security without making changes will keep the settings as they are.
Clicking disable security will remove the autorun entries and remove the data file the programs keeps at \windows\SecurIt.dat.
The data file keeps 5 lines, MD5 hashes of your imei, imsi, password, and also your email and sms phone number as plain text. Thus stealing this file does not enable retrieving the password or easy changing of the imsi. Deleting this file however would remove security. Furthermore activesync will still link to a locked device. Knowledgable people about these devices could therefore defeat this security, however it's goal is to keep the casual theif / finder out of the phone.
This program is a work in progress and I welcome help with modifications to it as well as bug fixes. Source can be found at:
svn://www.shadowmite.com/shadowmite/SecurIt
To cook this into a rom, you need 3 files. 2 of them need to be generated when you first install it like normal and set it up. Copy the SecurIt.dat from \windows and the SecurIt.lnk from \windows\start up to your rom as well as the SecurIt.exe file. It's that simple. Enjoy!
History:
1.1: Fixed all kinds of bugs causing security to crash with various sims
1.0: Initial release
If you like my work and would like to help insure I continue to have time for this, please consider a donation to: foglemATshadowmiteDOTcom
Shadowmite, thnx for starting an "opensource" project for this. I havent tried it yet, will try once I reach home.. But I had a cpl of suggestions\questions:
1. Why do u keep email and sms phone no in plain text instead of encrypting them as well?
2. Instead of storing config in a file, store the config in registry which lessens the chances of someone finding out about the prog and deleting the file to disable security.
nice work as usual...
shantzg001 said:
Shadowmite, thnx for starting an "opensource" project for this. I havent tried it yet, will try once I reach home.. But I had a cpl of suggestions\questions:
1. Why do u keep email and sms phone no in plain text instead of encrypting them as well?
2. Instead of storing config in a file, store the config in registry which lessens the chances of someone finding out about the prog and deleting the file to disable security.
Click to expand...
Click to collapse
number 2 is in the TODO list...
#1) we could encrypt them as long as it's not a one-way hash like the first 3 lines, however those are the bits of data we don't mind the theif/finder seeing afterall as they are the means to get the phone back to its rightful owner. I suppose we could hide them but the phone number will be on his next bill for sending it a SMS and the email is displayed on the locked screen.
And as walshy said, #2 is certainly on the todo, but locking our activesync connections is a bigger concern and I believe completely doable.
#1) we could encrypt them as long as it's not a one-way hash like the first 3 lines, however those are the bits of data we don't mind the theif/finder seeing afterall as they are the means to get the phone back to its rightful owner. I suppose we could hide them but the phone number will be on his next bill for sending it a SMS and the email is displayed on the locked screen.
And as walshy said, #2 is certainly on the todo, but locking our activesync connections is a bigger concern and I believe completely doable.
Click to expand...
Click to collapse
ok, and sorry abt the #2, I missed the TODO part..
Keep up the good work..I myself was thinking abt making smthing similar but now I think I'll drop my idea to make a different one, as this seems to be a better idea (opensource is always better )..
I hope I can make some contribution to the code if possible..
shantzg001 said:
ok, and sorry abt the #2, I missed the TODO part..
Keep up the good work..I myself was thinking abt making smthing similar but now I think I'll drop my idea to make a different one, as this seems to be a better idea (opensource is always better )..
I hope I can make some contribution to the code if possible..
Click to expand...
Click to collapse
What advantages does this give over "Mobile Justice"..another similar util...my rom has Mobile Justice cooked with it which makes it hard to remove.
famewolf said:
What advantages does this give over "Mobile Justice"..another similar util...my rom has Mobile Justice cooked with it which makes it hard to remove.
Click to expand...
Click to collapse
If you like that software and have it working properly use it. Maybe you'd like to post in every rom thread asking why not use some other rom while you're at it?
Shadowmite said:
If you like that software and have it working properly use it. Maybe you'd like to post in every rom thread asking why not use some other rom while you're at it?
Click to expand...
Click to collapse
I'm not using Mobile Justice which is WHY I asked what advantages YOURS had over theres for COMPARISON. If it had additional features I was going to recommend it for addition into XM6R3 (the next release of the current rom), but with an attitude like yours I won't bother with further review.
famewolf said:
I'm not using Mobile Justice which is WHY I asked what advantages YOURS had over theres for COMPARISON. If it had additional features I was going to recommend it for addition into XM6R3 (the next release of the current rom), but with an attitude like yours I won't bother with further review.
Click to expand...
Click to collapse
you dont bother with a review but bother with a slagging ... take your "fame" somewhere else...
Ok, for starters mine isn't based on assuming every device has a GPS built in (while technically being a Trinity owner I should go that route). I instead base mine on nicely locking down the interface so far with a polite message to get the device back to the owner. Furthermore mine is trivial to build into a cooked rom which was my main reason to write it. I tried every security app out there over the last weekend without any of them working "properly" and figured the best way to get one is to write one. In addition mine is open source, mobilejustice is not.
Now then, you said you're not using it... But the last post said you had it cooked in? WTF? Need some help deciding what you use and don't use?
my rom has Mobile Justice cooked with it which makes it hard to remove.
Click to expand...
Click to collapse
I'm not using Mobile Justice which is WHY I asked what advantages YOURS had over theres for COMPARISON.
Click to expand...
Click to collapse
Shadowmite said:
Now then, you said you're not using it... But the last post said you had it cooked in? WTF? Need some help deciding what you use and don't use?
Click to expand...
Click to collapse
1) The rom I currently have installed comes with Mobile Justice preinstalled.
2) I have not configured and am not currently using Mobile Justice
3) The author is currently taking suggestions for software to include in the next revision of their rom.
What part of any of those statements are you having difficulty comprehending?
Perhaps you and the gentleman from Melbourne should both grow up and quit reading an insult where one was not intended.
Well than back on track... Give it a try and see what you think. I really want feedback from folks outside the USA as I believe it will not properly catch your phone number of the "thief's sim" however if the sms works it should still get the phone number to you obviously.
The GPS coord. request feature is a nice one and will have to go on the todo list.
well, well, fights apart, what drew me to this app over the other apps was the opensource nature as mentioned by Shadowmite because I, like shadowmite, was not happy with the other apps doing things properly or just because I wanted somethings to be done differently..
@shadowmite:
1. I have a few ideas of getting "coordinates" and sending to the original owner even on non-GPS devices ..Maybe we can discuss some things later on once the basic structure of the app is ok.
2. Couldn't find the source code of the app on ur site..(May be am just one dim-witted dim-sighted git ) Please point me to it..
You'll need svn to get it, windows users: http://superb-west.dl.sourceforge.n...vn/TortoiseSVN-1.4.4.9706-win32-svn-1.4.4.msi
svn://www.shadowmite.com/shadowmite is my master repository for all projects.
cool, I do have TortoiseSVN installed at home..Will check it when I go back..
Will it sustain a hard re-set ? Dont think so.
@shailesh, for sustaining hard resets, it has to be cooked into the rom, pointed out by shadow on post 1..
I don't know if something else can be done for this (writing into ext rom is one option but that is not possible for most devices now)
Sounds like a great piece of software. And open source is a great idea too.
I did tried several others like this one (Eye on the thef, Ultimately Theft Alert ...) some features were still missing :
First an autoconfig method :
As already said, whatever your storage methode is (file or registry), you 'll everytime lose the configuration when a hard-reset is done on the device. The only one possibility i can imagine is to store your "installer" program on extended rom with the ability to add an external config (encrypted) file as a parameter.
Installation will be handled by the autoconfig process, using this external file. Config will probably needs to be stored on extended rom too. It's not peace of cake to create an extended rom, but easier that cook a rom.
This feature won't be very helpfull if there is no way to generate a config file automaticaly base on settings done by user : kind of export process.
On standart start/soft-reset, your program will run as it does actually, but when a hard-reset, is proceed, programm will reinstall unattented and will still be running after boot... No way to easily remove it. Bad effect is that it will also be difficult to update programm/config.
Secondly, i'd like to have the a way to "format"(or encrypt) a memory card remotely.
Do you thinks those could be part of your TODO list ?
Will try it on few next days and i'm ready to help you translating it in french
hi shantzg001,
thanks for replying,
My mistake, did not read the whole text.

[Q] What debug and log tools are available?

Hi,
I'm interested to know which debugging/logging tools are available.
I'd like to get more information about the processes at startup, and specially logs of the CPU usage by each application over a period of time.
I've been searching for some time and the only I've found are the old Htc Test applications, but can't get what I want.
Noted that HTC devices have a builtin debug tool (debuglog.dll). Anyone knows how to use it?
Also found the following the following post describing the HTCDiagDriver and the possibility to analyze the device using QUALCOMM eXtensible Diagnostic Monitor.
http://forum.xda-developers.com/showpost.php?p=12624471&postcount=2
Anyone uses it?
Global debuglog can be enabled via DebugTool.exe (available in Htc Test Applications). It depends on debuglog.dll, yeah. Read manual, it works quite well.
Then, if you want to get log for selected app, launch it via IDA.
Also we have CeLog available, I will post needed launchers soon. I can hardly call it useful as we have retail/ship SYS builds. The only useful purpose for us is page faults chart.
EDIT: CeLog attached.
Some of the builds come with the Perfman package. That s.o.b. will really slow down your device, though, and it creates a massive log file, which I could never find the tools to analyze. I think celog does it, though, which is pretty sweet.
The htc debugger works better. You just change one of the debug flags and reset, and the device starts writing the log file. It doesn't slow down the device nearly as much as perfman. I think celog may work on that log file, too. You can royally eff up your device with that tool, though, if you mess with the radio flags. It's pretty cool how it writes to flash memory. Too bad you can't change other things with it like the page pool size.
ultrashot said:
Also we have CeLog available, I will post needed launchers soon. I can hardly call it useful as we have retail/ship SYS builds. The only useful purpose for us is page faults chart.
EDIT: CeLog attached.
Click to expand...
Click to collapse
I have been playing with the tool on my Tornado and observed the following (usage related):
Use it while the device is disconnected from PC. The overhead of repllog.exe (connected to ActiveSync on XP PC) and syncing is just filling your log. For my installation (no further MS Mobile development tools on the PC) kerneltracker.exe does not connect to the device anyway.
Though obvious, the files CeLog*.exe have to run on the device, so copy them to a convenient place there.
The CeLogAttach.exe seems to start the kernel logging and it slows down the device (kind of obvious). There is no way to stop this logging. Something like CeLogDetach would be needed, if it exists, to restore the state before CeLogAttach.exe was run.
The CeLogFlush.exe will flush the existing log but also immediately start the logging again.
The CeLogStopFlush.exe does just what the name tells - it stops the flush to file of the (still ongoing) logging.
After transfering the celog.clg file (from \Release\ directory of the device) it can be opened in kerneltracker.exe. Then you see all the kernelactivities logged and aligned per process/thread on a zoom-able timeline (10ms - 10s) including the labels of the logged primitives. With event filtering you can sort out what you are not interested in. Here you may need advice on what to look after when you want to hunt down a certain device behaviour.
I have checked for page-faults, Virtual Memory related actions (Allocate, Copy, Free) and also Module actions (load, free) to get a clue if and how modules and paging (or better said: the use of the Page-Pool) is correlated. Nothing eye-striking coming up here, but it may just be for the unknowing observer like myself.
@ultrashot: I could not find anything I would call a "page faults chart" - where is that - or what is that?
Looking further: If I change certain device properties (like increase the pagepool or playing with OSB advanced options) I fear that the logged information here is just far too detailed for a useful compare. For that you would have to create identical conditions for the action under scrutiny - something that cannot be done with a disconnected device.
So I have to admit that all objective compare of such tuning and tweaking is far above my head and I just have to join the many that make more or less clever assumptions trusting on their model of actions in their heads. I hope that the better knowing heads continue to spread their wisdom without only telling RTFM or guide with LMGTFY (which can help if the results really point to right places).
tobbbie said:
@ultrashot: I could not find anything I would call a "page faults chart" - where is that - or what is that?
Click to expand...
Click to collapse
Use Event filter->Miscellaneous->Page fault.
I am not too advanced user of this tool. If we had builds with extra celog instrumentation, we could have take much more from this tool. However, there are some articles in the internets about celog, so anyone who wants to be get more info may just try to google it. I don't want
ultrashot said:
Use Event filter->Miscellaneous->Page fault.
Click to expand...
Click to collapse
That is what I did already when telling about the items I cared below. Page faults are however part of generic virtual memory management and they do also apply for any normal loaded executables. As you know I seek for traces of module related paging and the use of the page-pool.
So it will stay with the trial and error and side-by-side compare with two devices having different settings. Not a big thing doing that...
Some interesting articles on MSDN regarding the paging pool (aka "pagepool"):
Kernel Blog article explaining the fundamentals (highly recommended): http://blogs.msdn.com/b/ce_base/archive/2008/01/19/paging-and-the-windows-ce-paging-pool.aspx
Pagepool Variable explained and simple methods to measure impact: http://msdn.microsoft.com/en-us/library/aa451041.aspx
-> this is what kitchentools are patching in the kernel
Then some more backup on virtual memory - just to complete on that:
http://blogs.msdn.com/b/ce_base/archive/2006/10/30/what-is-virtual-memory.aspx
http://blogs.msdn.com/b/hegenderfer/archive/2007/08/31/slaying-the-virtual-memory-monster.aspx
http://blogs.msdn.com/b/hegenderfer...aying-the-virtual-memory-monster-part-ii.aspx
And to get back to the debug tools topic of this thread, linked form the first article an introduction to the Remote Kernel Tracker to explain what you can actually see there (and why you cannot see certain things as we have shipped ROM builds and not profiling builds to deal with): http://blogs.msdn.com/b/sloh/archive/2005/05/17/introduction-to-remote-kernel-tracker.aspx
Great insight if you want to get a glimpse of how Windows CE operates under the hood.
...reading a little deeper in the MSDN articles, Sue Loh mentions there when talking about the paging pool size determination:
The best tool I know is that readlog.exe will print you a page fault report if you turn on the “verbose” and “summary” options. If you get multiple faults on the same pages, your pool may be too small (you may also be unloading and re-loading the same module, ejecting its pages from memory, so look for module load events in the log too). If you don’t get many repeats, your pool may be bigger than you need.
Click to expand...
Click to collapse
To avoid dealing with a full setup of the Mobile Development toolsets, could any one (ultrashot - you have been so helpful - could you??) post that mentioned "readlog" tool? If there is something like "CeLogDetach.exe", please add it too.
BTW: you may notice that the paging pool is a central part of the Windows CE memory management when it comes to running executable code from "memory mapped files" (as Sue Loh calls them). In my understanding these are simply what we know as "modules".
A lot of tweaking strategies go around that when building ROMs with OSBuilder. There are several ways how to avoid or optimize the use of the paging pool for certain or all modules in OSB. I think these options deserve an own thread and I am not sure if the one OSB thread we have should be cluttered with discussing this.
don't have any of those.

Categories

Resources