Ignoring certifications - Windows Mobile Development and Hacking General

Is there a way via registry editing or otherwise to set up a device to ignore the requirement to have certified dll's and executables.
This would be temporary just for trying out programs extracted from other roms without having to worry about certifying everything just to see if it works.
Thanks

the policies that control this can be viewed here:
http://msdn.microsoft.com/library/d.../wce51conwindowsmobiledevicesecuritymodel.asp
the "unsigned applications policy" should already be 1.
change the "Unsigned Prompt Policy" to 1 also. I.e. change the following registry entry to 1.
HKLM\Security\Policies\Policies\101a
Note that the web page says that this policy is 4122, but 4122 is 101a in hex.
You may also want to set "unsigned cabs" to 16
(HKLM\Security\Policies\Policies\1005 to 16)
Also, this will not work for drivers that are loaded during booting. I'm pretty sure they must be signed. It's not that difficult to create a certificate, install it on your device, then sign the driver dll so it will work.
you can also change this using the "SecurityPolicy Configuration Service" see
http://msdn.microsoft.com/library/d...lesdk5/html/wce51samsettingsecuritypolicy.asp

Thanks a bunch! good info.

Related

Trusted Applications on WM5

Hello,
I have problems with different applications under Windows Mobile 5.0. When i try to run them i get the following error.
Code:
The file 'foo' cannot be opened. Either it is not signed with a trusted certificate, or one of its components cannot be found. You might need to reinstall or restore this file.
Is there anyway of disabling the checks for trusted applications in Windows Mobile 5.0 on the Wizard?
Does this help? (From Windows Mobile Blog)
Code:
This post will be a quick reference to the application security model in WM 2005. I'll gloss over some fine details in order to cover the broad points.
For CreateProcess() or running any executable
First, examine the signature on the binary. The three possibilities are that it is signed privileged, signed unprivileged, or unsigned. (determined by checking the Authenticode signature)
If signed by cert that chains to Privileged Execution Authorities store:
App runs privileged(CeGetCurrentTrust() == 2)
Else if signed by cert that chains to Unprivileged Execution Authorities store:
If device is one-tier (policy 4123 == 1)
App runs privileged.
else (two-tier)
App runs unprivileged. (CeGetCurrentTrust() == 1)
Else if app is unsigned
If unsigned apps are blocked (policy 4102 == 0)
App fails to load. (returns NTE_BAD_SIGNATURE).
Else if the device prompts, and the prompt times out or the user presses No
App fails to load.
Else if we are configured not to prompt (policy 4122 == 1) or the user accepts the prompt
If device is one-tier
App runs trusted.
else (two-tier)
App runs untrusted.
Greetings,
Brezel
This is from the wiki. It works on the Universal, should work on WM5 generally I guess:
Code:
Allow the unsigned app from installing for everything.
HKEY_LOCAL_MACHINE\Secutiry\Policies\Policies] Change value 0000101a from 0 to 1
Do a soft reset.
I think that's just for installing, not running. Tell me if it works.
V
On my Wizard that key already has a value 1, perhaps I should change it to 0 to get this effect? have no app to install right now, but will try if I install next time.
because..
..wizard has much older version of ROM than Universal. The old ROMs of Universal has the value 1 too..
I changed the following registry values
Code:
HKLM\Security\Policies\Policies\00001001 = 1 (RAPI)
HKLM\Security\Policies\Policies\00001005 = 40 (Cert)
HKLM\Security\Policies\Policies\00001017 = 144
HKLM\Security\Policies\Policies\0000101B = 1
HKLM\Security\Policies\Policies\0000101B = 0
HKLM\Security\Policies\Policies\00001006 = 1
Those values change nothing at all. The only difference is that i am not asked to allow installation of non certified applications. My problem, however, is not the installation, which works, but the application. Whenever i try to run it i get the error mentioned above. It is just not possible to run certain applications without certificate.
Greetings,
Brezel
I got the exact error and have asked for help on this forum and on HowardForum without any luck
You could re-sign the application using your own code signing certificate and add your certification authority certificate to trusted root certificate authorities on your WM5 device. :wink:
V-Ger said:
You could re-sign the application using your own code signing certificate and add your certification authority certificate to trusted root certificate authorities on your WM5 device. :wink:
Click to expand...
Click to collapse
I tried this, but without success. I already have my own root cert installed on the device (for SSL Activsync) and that works fine, but the app still won't work as a "signed app" :-(
Have you got this working?
Yes I tried it and it works!
1.First you have to issue a Code signing certificate:
- Add a code signing template using Certification Authority snap-in
- Issue a code signing certificate
2. Download and Extract code signing tools:
http://ftp.intron.ac/pub/security/raw/codesigningx86.exe
3. Run signcode.exe on WM5 executable file using the certificate you created earlier.
4 Copy executable file to WM5 device
V-Ger said:
Yes I tried it and it works!
1.First you have to issue a Code signing certificate:
- Add a code signing template using Certification Authority snap-in
- Issue a code signing certificate
2. Download and Extract code signing tools:
http://ftp.intron.ac/pub/security/raw/codesigningx86.exe
3. Run signcode.exe on WM5 executable file using the certificate you created earlier.
4 Copy executable file to WM5 device
Click to expand...
Click to collapse
I did create a code-signing cert in Certsrv, but I must have cocked something up. I will try again this afternoon and let you know.
Thanks for the help
V-Ger said:
Yes I tried it and it works!
1.First you have to issue a Code signing certificate:
- Add a code signing template using Certification Authority snap-in
- Issue a code signing certificate
2. Download and Extract code signing tools:
http://ftp.intron.ac/pub/security/raw/codesigningx86.exe
3. Run signcode.exe on WM5 executable file using the certificate you created earlier.
4 Copy executable file to WM5 device
Click to expand...
Click to collapse
Ok, this is what I did (and it still didn't work):
1) Installed my own trusted-root CA onto my Mini S by opening the .cer file. This bit definately works as I'm able to sync my email with Exchange over SSL and this doesn't work unless the correct root cert is installed
2) Added a code-signing template in certservices with default settings. (Custom templates are not allowed in my Windows Std edition :-( )
3) Using IE, create a code-signing cert with default settings. Also export the private keys into a PVK file.
4) Using cert2spc, convert the cer file to an spc file
5) run signcode -spc cert.spc -v privkeys.pvk filetosign.exe ("Result successful with warning about file not being timestamped)
6) Copy .exe to device and run - still whinges about unknown publisher
Bah. Any suggestions as to what I'm doing wrong?
Daern
I have the same very irritating problem.
1.First you have to issue a Code signing certificate:
- Add a code signing template using Certification Authority snap-in
- Issue a code signing certificate
How do I do that ?
daern said:
V-Ger said:
Yes I tried it and it works!
1.First you have to issue a Code signing certificate:
- Add a code signing template using Certification Authority snap-in
- Issue a code signing certificate
2. Download and Extract code signing tools:
http://ftp.intron.ac/pub/security/raw/codesigningx86.exe
3. Run signcode.exe on WM5 executable file using the certificate you created earlier.
4 Copy executable file to WM5 device
Click to expand...
Click to collapse
I did create a code-signing cert in Certsrv, but I must have cocked something up. I will try again this afternoon and let you know.
Thanks for the help
Click to expand...
Click to collapse
Ah. More success now. I've switched to using "signtool.exe signwizard" and that has enabled me to get it working...
daern said:
Ah. More success now. I've switched to using "signtool.exe signwizard" and that has enabled me to get it working...
Click to expand...
Click to collapse
Bugger. Too quick off the mark. It's still not working. Arrrrrgh!
easycure1974 said:
I have the same very irritating problem.
1.First you have to issue a Code signing certificate:
- Add a code signing template using Certification Authority snap-in
- Issue a code signing certificate
How do I do that ?
Click to expand...
Click to collapse
[WIN2k3 Server]
START/All Programs/Administrative Tools/Certification Authority
SERVER/Certificate Templates/New/Certificate Template to Issue
http://servername/certsrv
-Request a Certificate
-advanced certificate request
-Create and submit a request to this CA
-Certificate Template: Code Signing
[leave default settings]
-SUBMIT
Thank you - shall try and if that could help me solve this annoying problem !
V-Ger said:
Yes I tried it and it works!
1.First you have to issue a Code signing certificate:
- Add a code signing template using Certification Authority snap-in
- Issue a code signing certificate
2. Download and Extract code signing tools:
http://ftp.intron.ac/pub/security/raw/codesigningx86.exe
3. Run signcode.exe on WM5 executable file using the certificate you created earlier.
4 Copy executable file to WM5 device
Click to expand...
Click to collapse
Are you *absolutely* sure that this works? I am now sure that I am doing this right, but I don't believe that apps signed against a certificate that only exists in the public root store (i.e. the one used for SSL connections) will be accepted as "valid". I've tried every way I can think of getting this to work, but with no success :-(
When I posted to say that it was working, what I actually saw was PPC recognising a file with a different file name, but the same CRC as a file that I had already said "Yes, I know it's unsigned. Run it anyway". Even though the new file was a different name, WM2005 ran it anyway without comment, as it assumed (correctly) that it was the same file with a different name... As I haven't yet found a way to make WM2005 forget the exes that I have accepted (I assume it's in the reg somewhere) I have now resorted to recompiling the same exe each time, but with different resource data, thus ensuring it's always different!
What device are you using to test this? I wonder if your derivative of the HTC Wizard has different certs installed than mine (UK O2 XDA Mini S)
Would it be possible for you to send me a sample .exe and your own root cert for me to test on my device. At least then I'll know if it's my device or my technique that is causing me problems ;-)
Thanks
Daern
Yes, I am positive it works. I am using Universal (Qtek 9000), but that shouldn't make any difference.
Besides the error message after each soft reset.
I can still install many software and use it smoothly.
Haven't seen any other problem yet.
What is the certificate about?
At the risk of appearing as a heretic..is there any way that this problem (which I get when clicking on any hyperlink) is related to the SdkCerts.CAB installed as part of ozVGA?
Dumb idea I know however I have no idea of what that CAB did. Can I somehow remove its effects just to prove it isn't the cause? ..hope this isn't off topic.
J

[Released] The Settings Creator

Howdy all. Do you flash your phone a lot? Don’t you hate it having to put in your WIFI and Exchange settings all the time? Well now you don’t have to with the Settings Creator. I started off creating a XML for just myself but then I decided to give back to the community that has helped me so much with my flashing and cooking needs.
To run the program all that is required is the .NET framework 2.0 (See below for link). After you input the information that is required a nice CAB file will be created, just pop that on your phone and viola settings are all done. In the words of my Cousin Vinny "Make once, use a bunch".
Known Issues:
1. WEP 128bit does not work (I think this is a limitation of the Hermes because even manually I cannot get it to work)
2. E-mail is for Exchange Direct Push Only
Help requested:
1. I don’t have access to a AP/Router that does WPA2 therefore I have no idea if this works with that level on authentication works (Also try manually to see if it is a limitation of the device)
2. I don’t have access to a AP/Router that does WPA with AES Encryption therefore I have no idea if this works with that level on authentication works (Also try manually to see if it is a limitation of the device)
Please provide any feedback you may have. Thanks guys.
-UllSang
Program requires .NET 2.0 Framework. (Download at http://www.microsoft.com/downloads/...CB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en
Also required is Visual J#)
Attachment 1: The binary release
Attachment 2: Source code.
Licensed under: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
Change log:
---0.1
-----First Release
Running this on the desktop complained at first - you need to install the Visual J# Redistributable to make it work, as it doesn't seem to be part of the .NET framework by default.
Hope that helps.
Ah thanks for the heads up, I had no idea that it wasn't a part of the .NET framework by default. Did you instal the J# package and try the program? Thanks.
UllSang said:
Known Issues:
1. WEP 128bit does not work (I think this is a limitation of the Hermes because even manually I cannot get it to work)
Click to expand...
Click to collapse
A humble suggestion - this may be worth looking at again as I use wep 128bit and do not find any problem when entered as hex key.
Mike
Hmm.. intresting... I can not get it to work. I am inputting it as an ASCII though and it only works for 64 bit. After i saw your post i tried it entering as hex and it still does not work, it could be my cheap piece of crap router. Any chance you tried it out with the program? Thanks

Auto updates of software - how to?

Hi,
I need auto update functionality for my application. I.e., the new exe/dll shall be downloaded by GPRS and existing program files shall be replaced. Now I wonder, how this could be done in an easy way.
The problem is, that the application is continuously running and updates shall be done more or less "on the fly". Currently, the application is automatically started on boot through registry settings in HKLM/init
So my idea was the following: Creating a "starter programme" for the application: When the device (HTC ARTEMIS) is booted, the starter programme is first launched (through HKLM/init), looks into a pre-defined directory if there are any files. If there are, these files are copied into the directory of the application. Afterwards, the starter programme launches the main application. Do you think that could work? Or are there any better ways (maybe even supported by the OS) to perform SW-updates?
Günther
I have auto update functionality in my commercial application.
1) When data is replicated to server, main appliation also check availability of new version. If new version is available a and upgrade is mandatory, application launch new process - updater.exe.
2) Updater waiting to main application correct exit (saving data on dirty forms etc.)
3) After main application exit updater download new version descriptor (list of files with targer location, install scripts (dll with well known special interface which can be used for many special tasks - create shortcuts, delete file, modify registry, install new certificate). Updater downloads all files, process install scripts and then launch main application again. New install CAB file is usually stored to extended ROM (autoinstall after HARD Reset).
As a server component is used web service with some methods (GetDescriptor, DownloadFile).
ma_gu said:
Hi,
I need auto update functionality for my application. I.e., the new exe/dll shall be downloaded by GPRS and existing program files shall be replaced. Now I wonder, how this could be done in an easy way.
The problem is, that the application is continuously running and updates shall be done more or less "on the fly". Currently, the application is automatically started on boot through registry settings in HKLM/init
So my idea was the following: Creating a "starter programme" for the application: When the device (HTC ARTEMIS) is booted, the starter programme is first launched (through HKLM/init), looks into a pre-defined directory if there are any files. If there are, these files are copied into the directory of the application. Afterwards, the starter programme launches the main application. Do you think that could work? Or are there any better ways (maybe even supported by the OS) to perform SW-updates?
Günther
Click to expand...
Click to collapse
Seems to be a good idea. This way, you can update the application while it's running and changes become active when the device is rebooted or the application is exited and started again. It's just excellent.
My needings were more simple, so the update feature I designed works as following:
1. The program is divided into a launcher, an updater library and the true application.
2. When the program is started, the launcher copy the update library call such a copy (just call it updlibcpy).
3. updlibcpy uses http to check if an update is available. The check is performed by downloading an "update manifest" containing the MD5 hash of each file of the updated application and checking it against the MD5 hashes of the current program files.
4. If one or more files need to be updated, updlibcpy does the task. Since only updated files are downloaded, no bandwidth is wasted. The only file that cannot be updated is the launcher, but it is so simple that it should never need an update.
5. When updlibcpy has ended, the control is passed back to the launcher, which invokes the true application executable.
The main difficulty was handling the high packet loss that the HTC devices I used has shown. This caused frequent application hang-ups during start-up, unless the GPRS connection was terminated and started again. Once I solved this problem by giving a timeout to the update (using threads), all worked perfectly.
The only improvement I'm thinking about is some sort of "transactionality" of the update, so that if one file updates correctly while another doesn't, the succesfully updated files roll back to the not updated version.

OpenVPN?

The N7 just got delivered. I immediately and successfully unlocked and rooted, thanks to Wugs (thanks Wugs!). Now I need to figure out how to connect to my VPN provider who uses OpenVPN and .ovpn config files. There are a few apps in the store, and I'm not sure which ones to install, or how to configure.
Thanks,
RF
I think Android supports VPN's (or at least it does in ICS) without the need of any 3rd-party apps, but then again I don't think I ever messed with OpenVPN.
If it means anything, I was able to connect to my own VPN I made with Windows 7 from ICS.
Install both OpenVPN apps from F. Schäuffelhut.
One is the binary, the other checks your setup and manages your tunnels.
You will also need busybox.
just tested all this today.
espionage724 said:
I think Android supports VPN's (or at least it does in ICS) without the need of any 3rd-party apps, but then again I don't think I ever messed with OpenVPN.
If it means anything, I was able to connect to my own VPN I made with Windows 7 from ICS.
Click to expand...
Click to collapse
If a standard port etc, yes, this should just work.
martyg7 said:
Install both OpenVPN apps from F. Schäuffelhut.
One is the binary, the other checks your setup and manages your tunnels.
You will also need busybox.
just tested all this today.
Click to expand...
Click to collapse
If not on a standard port (like I have set up, so I can OpenVPN out of my work wifi), or an oddball configuration, it works out of the box, rooted of course. I was afraid of the TUN module/config but it was compiled in. Thanks Google
There is also another openvpn by schwabe that doesn't require you to install any binaries. You just need to copy the authentication cert files, edit the .ovpn file to include the correct cert files and the server and import the profile. If you're having trouble, i can write a small tutorial on how to do so. There are also other tutorials on how you can do it if you Google openvpn on Android tutorials/guides.
Sent from my Nexus 7
I used the OpenVPN apps from F. Schauffelhut. I copied the config files from my Windows PC setup, and edited the ovpn file. However I don't know how to store the login credentials as encrypted. The OpenVPN Settings from F.S. doesn't query the user for id/pw. It just fails. So I added "auth-user-pass pwd_file" entry into the ovpn file, but it's in plaintext.
I don't want to have to type the login each time, but I do want it encrypted. Can anyone provide some info here? I'm a noob with OpenVPN. TIA.
Edit: It is working right now, just that the login info is unencrypted.
BTW, here is my ovpn file:
Code:
client
dev tun
proto tcp
remote xxxxxxxxxxx ###
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher BF-CBC
keysize 512
comp-lzo
verb 4
mute 5
tun-mtu 1500
mssfix 1450
auth-user-pass pwd_file
reneg-sec 0
route-method exe
route-delay 1 10
route-metric 512
route 0.0.0.0 0.0.0.0
I believe you can encrypt the .cert files that are used by adding them to the credentials manager in settings-security. I haven't tried it so i can't confirm. Alternatively you could try an app that encrypts that folder so that it needs to be decrypted before use.
Sent from my Nexus 7
Thanks for the replies.
I went a different route, and it worked flawlessly: I made a folder in the N7 main directory (same place as Alarms, Music, etc..) called OpenVPN. Inside that, I placed a folder from my PC OpenVPN/config folder, that contained my ,ovpn file and the .crt files, etc. I then installed OpenVPN For Android from Arne Schwabe. Launching that app, and going into the 'Precious VPNs' option, allowed me to 'Import'. I navigated to the OpenVPN folder, and then the folder containing the VPN files. Highlighting the *.ovpn file and then hitting 'Select' has the app 'do it's thing'. When done, you hit finish/complete/done (forget what it was), and the VPN connection shows up in the list. Activating it and browsing to an IP check website, showed my VPN provider's exit IP. It was all easier than it looks by typing it.
RF
PS. I also installed Orbot, and since I'm rooted, the 'Transparently Proxy All Applications' option. After also checking the option to use the N7's default IP Tables (this is not the default, the app tries to use it's built in binaries and it will fail on the N7) everything connected through Tor as well...so I have two options for browsing - VPN or Tor.
I love this device (rooted) !
Glad it worked out however remember that the app is also storing info in a file that can only be read by the app but it is still in plain text. The author of the app describes it in detail in the faq section. However it is much better than having to keep the files available in plain text at all times.
Sent from my Nexus 7

Install Unsigned APPX / UWP

Hi,
Situation \ Case
I was facing a problem with some apps because some of them
Without certificate or expired
The minimum target system is higher than my system
Related Errors
Failure text: A Prerequisite for an install could not be satisfied
The app package must be digitally signed for signature validation
Solution
Export Signed Certificate with private key
Open Manage Computer Certificates by searching for it in Start Menu
Find any certificate with long expiry date in the available folders, you may start with
Personal
Only the certificate with key icon will work so be sure there is a key icon at the top-left corner
Right Click-> Tasks -> Export
Click Next -> Choose "Yes, export the private key"
Click Next -> Keep the options as it is
Click Next -> Activate Password Option -> Enter any password you need
Click Next -> Select Any Location to save the certificate
Click Next -> Review -> Finish
Why you need this certificate?
When you edit any appx file using the MSIX Tool you will lose the original certificate
also this certificate will be helpful to install any appx with expired certificate.
(If you didn't find any certificate let me know)
On your PC
Download and install MSIX Packaging Tool
https://www.microsoft.com/en-us/p/msix-packaging-tool/9n5lw3jbcxkf​​Prepare your appx:
Some times your app could be packed as appxbundle
In this case just open the file using 7-Zip or any archive software
Extract the appx that Named at the end "ARM" (based on your system)
Exam. extract APP.UWP_2.1.0.0_ARM.appx
If you sure that you have the right file which is for "ARM" and ".appx" Move To the next step
Edit the package using MSIX Packaging Tool:
Select "Package Editor"
Select Your appx file
Assign new certificate
In "Signing preference" Select Sign with a certificate (.pfx)
Select the certificate and enter the password
Edit Manifest file
Scroll Down and click on "Open file" In "Manifest file"
A Text Editor will appear with the Manifest file content
You will edit "MinVersion" value Inside "TargetDeviceFamily"
Set MinVersion="10.0.1.0" (Lower than you device target absolutely)
Save the changes and close the file
The changes will be assigned automatically to package
Click Save -> Choose to keep the same version or to Increase it
Now before you save change the extension from "msix" to "appx"
Done.
Installing
To Install the appx you need to install the same certificate (assigned by MSIX tool) before.
On mobile: Just open the certificate, click install.
On PC:
Open the certificate
Click "Install Certificate"
Select "Local Machine" then click "Next"
Select "Place all the certificates in the following store"
Click "Browse"
Select "Trusted People" then click "OK"
Click "Next" then click "Finish"
Hope this will help.
@astifan Thank you for this. Do you think i will be able to install PC UWP apps on Mobile using this ? For example i want to install Slack on my Lumia 950 with Latest Jan 2020 Update,
warriorvibhu said:
@astifan Thank you for this. Do you think i will be able to install PC UWP apps on Mobile using this ? For example i want to install Slack on my Lumia 950 with Latest Jan 2020 Update,
Click to expand...
Click to collapse
Most welcome , sadly no you can't, the app should for ARM devices only and desktop apps only for x86-x64
You can force it to install by change the architect in "Manifest file" from x86-x64 to arm but it will not work for sure
astifan said:
Most welcome , sadly no you can't, the app should for ARM devices only and desktop apps only for x86-x64
You can force it to install by change the architect in "Manifest file" from x86-x64 to arm but it will not work for sure
Click to expand...
Click to collapse
Yeah true, I was hoping that they already have them arm ready with all Windows X news and now it seems that not coming anymore. Such amazing OS (Windows Phone) just wasted.
warriorvibhu said:
Yeah true, I was hoping that they already have them arm ready with all Windows X news and now it seems that not coming anymore. Such amazing OS (Windows Phone) just wasted.
Click to expand...
Click to collapse
Right, Microsoft wasted many important projects for no reason
If you are looking for real PC experience and you are not using you phone as main phone
try to flash one of the recent builds from WOA project
Release Version 2105.22 · WOA-Project/Lumia-Drivers
Lumia Drivers BSP - Version 2105.1 Released: 05/08/2021 11:00 PM UTC+2 Quality: Preview Important installation notes Please make sure your battery is fully charged before installing this driver pa...
github.com
Now it's really good and provide better performance
+Disabling Windows Defender will solve a lot of performance issues.
or check this channel for Fadil Fadz which contains many good solutions to use WOA even boot from SD card if you want to keep your W10M
Than you for sharing i recently bought Lumia 950 for experimentation and projects .. Only challenge is i heard WOA is performing extremely poorly on Lumia 950, Nevertheless worth a try. I will take up that project today and keep you posted.
@astifan So I went through the cycle of flashing Windows 10 and getting all the updates. I even got 21H1 feature update. Sadly its very slow and unusable.
I also tried multiple methods to try to retain Windows Phone and still keep development / developer menu but was unsuccessful.
Do you know how I can flash just the developer / development Menu that lets me booth into USB Mass storage Mode without Flashing the whole WOA. Sorry if its common knowledge or dumb question.
A link to WOA SD Card Installer will also help.
I cannot find any certificate, could you share some?
Rechard Jack 1229 said:
I cannot find any certificate, could you share some?
Click to expand...
Click to collapse
Use the attached certificate,
Password: w10mgroup
astifan said:
Use the attached certificate,
Password: w10mgroup
Click to expand...
Click to collapse
Thank you. I will try it.

Categories

Resources