professional support in rom cooking wanted - Windows Mobile Development and Hacking General

Hi there!
I've a special request: my company has developed a special tracking & communication software for the HTC p3300 (in fact we assigned someone to do so).
Now we should be able to set up hundreds of devices for our clients.
This could be done by semi-automatic installing of the software.cab.
But: the goal is to have a own rom-version to flash the devices in one simple step, with the advantage of the additional option of an "all-resetting hard reset out in the wild" in the case of some inexplainable errors...
Who is interested in accepting this order?
Get in contact (see my email below)
Thanks a lot
Bernhard Dominguez
Portal Manager
[email protected]

Maybe this is what you're looking for:
http://www.spbsoftwarehouse.com/products/clone/?en

Did not know this....
Thanks, this is a good hint. For the first step it will serve.
But I imagine, that an onw rom will improve the reliability of the devices. I can not get sure, that nobody is playing around with his device. In the case of malfunction (deleted sw packets etc), a hardreset will serve...
greets
bernhard

Related

unlocking software licensing restrictions

is it true that xda2 has very strict restrictions on wat is allowed to be installed on it?
if so is it then possible to unlock that feature so i can write my own c programs for it?
maybe even write a new browser that has jvm say ?
Dave
No. You can write and install whatever you like. Where did you hear that rumour?
Surur
Dave,
So youre a programmer.
I am still looking for someone who can contribute the following software to this community:
Today pluging that makes ot possible to toggle Bluetooth & TomTom GPS being switched on / off. If youre interested, let me know, I can supply you with more exact specs. It seeems to me quite simple: just reading / updating some registry values.
programming
sure ill give it a go.
email me with specs and sourcecode
[email protected]
this would be my first xda2 programming experience tho, so it ight take me a little while to get fammiliar with xda2 programming first. im mostly a pc proammer good in c++ and opengl graphics, however im fast learner.
there are enoug forums for PPC programmers where u can read how to modify registry:
www.devbuzz.com
www.pocketpcdn.com
amd of course www.msdn.com
etc
flashing the phone rom what does that do for u practicaly?
flashing the phone rom what does that do for u practicaly?
flashing means to upgrade the s/w (firmware) that is stored in (flash) "rom".
Normally you only flash the device when
- You suffer from bugs in the old'rom
- The new rom has specific benefits
There are 3 types of rom on the device that can be flashed:
OS- the operating system
Phone (aka Radio)- the gsm/gprs radio functionality
ExtendedROM- add-on and customisation s/w (usually put together by the service operator)
Flashing the rom on the xda 1 since the developers got their hands on it is a whole new ball game, they discovered that the autoconfig program was taking up acres of space and wasnt really needed, there was also some unused space. They devised a way of writing complete programs to this space and my xda has numerous programs in rom that would normally be taking up precious ram when installed. These guys are brilliant in adding value and funcionality to a brilliant device.

I've managed to compile cryptophone for PocketPC 2003

I've build a version of crypto phone for PocketPC 2003. ( unsing the sources from www.cryptophone.de ),
with some workarrounds for license test.
I don't have two phone to test it yet. If anyone can test it please send feedback.
As i see it use data call as link layer so your provider must suport it.
PS: Who's testing it , please send feedback.
I've tested in my Qtek 2020, (XDA II, MDA II…).
Is it working? I was able to compile it too, but it died on exchanging keys.
mamaich said:
Is it working? I was able to compile it too, but it died on exchanging keys.
Click to expand...
Click to collapse
Don't work. :-(
I have programmed 2 xda 1 with wm2003 and the crypto, it works perfectly. The only bug is the "file" bar vanishes after a call is placed or received, other than that its great. 8)
Can you post what you changed in the source file in order we could reply your compiled code?
The idea is simple, if we can have access to the original source code and can do the changes you documented, generating the same code as you, with the same hash value for the encrypted code, we can assure that your code have the same security of cryptophone.
dumb ?
what is cryptophone?
Hi,
i am very interested in this (or a similar) software for
the Wallaby or Himalaya platform.
Anyone here who has a working & easy too install binary?
(Or are there any real free & opensource applications like cryptophone?).
kind regards,
Ben
Has anyone managed to get cryptophone working on the XDA ??
... or find a similar program ??
Regards
There are several similar commercial projects. Just wait some time for their announcements.
mamaich said:
There are several similar commercial projects. Just wait some time for their announcements.
Click to expand...
Click to collapse
Hi mamaich,
thnx for that prompt reply
I know about cryptophone.de, raseac.com.br & caspertech.com
Are there any others I have missed ??
Regards
John
2-3 russian companies are also working on similar projects. I don't know their sites.
cryptophone Somebody to compiled? for motorola smartphone mpx220 :?
one more company.
http://www.securegsm.com
and question - where is source download page on http://www.cryptophone.de ?
in general "cryptophone" application isn't difficult
- good vocoder
- some crypto
- good realtime data transfer - CSD for GSM network
- some audio components like AEC
could some one point me to good ARM implementation of vocoder with 2.4-4.8kbitps bitrate? ARM9(v5) PXAxxx ~100MIPS.
Free is preferable, but reasonable commertial offers are welcome too.
just a question,
isn`t it possible with the sourcecode of this software and the sdk for windows mobile 2003 smartphones to make a installer?
is very interesting, or?
is there any other software for ppc or smartphone avalable?
a free wm5 client for this should be awesome! coders go compile now!
is the encryption limited to "only" this version of application ?
- or is there some sort of standard ?
ryhor said:
one more company.
http://www.securegsm.com
and question - where is source download page on http://www.cryptophone.de ?
in general "cryptophone" application isn't difficult
- good vocoder
- some crypto
- good realtime data transfer - CSD for GSM network
- some audio components like AEC
could some one point me to good ARM implementation of vocoder with 2.4-4.8kbitps bitrate? ARM9(v5) PXAxxx ~100MIPS.
Free is preferable, but reasonable commertial offers are welcome too.
Click to expand...
Click to collapse
here
http://www.cryptophone.de/support/downloads/downloads.html
Lord Ashmedai said:
I've tested in my Qtek 2020, (XDA II, MDA II…).
Click to expand...
Click to collapse
Hi, did you manage to get it to work?
I tried on my O2 xda... it hung on the key exchange part...
It concerns me that this program starts two processs, spcore.exe and ui2003.exe. I have not looked over the code, but can you tell me why it must use two. Furthermore once they are going there is no way to stop the spcore.exe. My guess is that if that process contains the thread that is waiting for tapi events, its stopping mechanism has not been implemented properly. If you want to make a thread that is waiting for the event for line state then when the user wants to stop the thread/process, the event interest needs to be reset. eg SetCommMask(hSerialHandle,0); ,but it must be done from the ui thread not the waiting thread because obviously the waiting thread cant do anything. Once it is set to 0 (as apposed to EV_RXCHAR for example) the waiting thread will finish waiting imeadiately.
I tried sending a message to destroy the window with no effect, I then tried using terminatethread to stop it but that did not work so it must be in an api call (such as waiting).
On my mini it starts up ok, and dose not interfear with the phone. I could not test the functionality because the only other phone I had with me was my xda and it dose not install corectly on that. No error messages on intalation but the icon in the program files is not shown properly and it fails when I try to start it.

New XDA II rom tool

Hi - notice many having problems with country ID's and provider codes in XDA II images. The common complaints inexperienced people trying to use hex editors etc. I decided I would write a nice win32 GUI replacement for the er2003edit and the nbf2 tools to roll them into one easy to use application. I have also addressed the second prov/country in the ms.nbf so I think would be usefull to many less experienced users on the forum trying to flash new roms into there XDA II's
It so far will open and display the rom file as hex or ascii - and automatically works out the 'key' to decrypt the actual file (if its an nbf) etc - and all is funtional.
Have got it substantially finished - but am needing some feedback from other developers on a couple of technical issues.
Issue 1 is that I have noticed that the padding bytes in the older nk.nbf files are 00's - as opposed to FF's in newer nk's. Is this consistant across most images based on vintage etc (need this for auto calculate key).
Issue 2 is I have not yet worked out the checksum algo - which I am happy to experiment with - but I can assume seeing as both the apps I am trying to roll into one 'know' how to re-checksum the files etc - that someone here could explain to me how (if they see fit)
Not and issue - so Question 3 - are there any other functions that anyone here believes would be a good addition to this tool - speak up now (I am short of ideas here).
I will post app as soon as I egt the checksum working (which should be fairly soon if I can get the basic algo without too much work) as all the other bitsa and pieces are already functional.
cheers
^lave
Good Idea brother....
Waitng for it....
I have prgressed on application - have written the CRC algo now and working (better way to learn) - but am still lokking for some advice from the more knowledgable people on this board.
So far I can now re-checksum both nk and radio rom - but for some reason algo is failing on the ms_ roms - do I need to delve into structure a little further (ms being different to the rest as far as checksum goes) - or have I simply got a bug which only appears on ms roms (not too likely as working on multiple other roms).
Am able to decrypt the ms roms like the other but just not correctly CRC it - any clues anyone ????
cheers
^lave
See PM I sent you.
Sounds like a great project.
As I remember correctly, itsme also tried to calc CRC...not sure if he ever succeeded.
Personally, I can not help you.
@HappyGoat - yes thanks for the PM - that advice gave me some pointers and let me find a description of the algo which allowed me to write my existing work so far - I am perusing the source of xda2nbf to try to find answer for the ms_.nbf's as they definately seem to follow a slightly different format (ie I think either more header - or datablocks start at different point) with reguards the CRC therefore is different.
I did try to reply with thanks in PM but xda.developer was so slow at the time I gave up waiting for reply page after a few minutes. Thanks a lot for your input
cheers
^lave
OK - at last some progress - I finally worked out my bug crc'ing the ms_.nbf - was a silly assumtion that I had mada re the file sizes (ie radio 4MB + header) - (nk 32mb + header) - (ms 16mb + header - WRONG) - how about I check the filesizes - was missing 210 odd KB off the end in the crc - derrr.
Never mind - next question is an easy one and simply to prevent having to DL lots and lots of images - are all the MS_.nbf's a consistant size ??? - I have download 3 so far and they have been - but without download many many 40MB+ bundles - someone must know the answer to this one ????
cheers
^lave
PS what I am really looking for is a reliable method to identify one type of nbf from the next - trying to identify if filesize is the obvious answer.
Hi everyone - this is a totally useless version of app - from perspective has no write functionality yet and is very alpha. Idea is if anyone wans to have a play am interested in suscess or failure at opening different rom files. Is only design to handle XDAII images atm. Also interested in getting feedback on if the calculated checksum matches the one in the file. If anyone does get a chance to try out let me know.
cheers
^lave
More progress - a less useless version of the editor. Still treat with caution as is still beta and not a lot of feedback on compatibility wth a variety of NB10 roms yet.
Changelog:
several bugfixes
speed improvement in CRC
Write functionality
Plain to XOR and XOR to plain conversion
2nd details in ms_.nbf now working and editable
Allows changing the XOR key
If you save a file from the app with no extension or a non .nbf extension will save out plaintext rather than re-encrypting with the XOR key etc.
Again - if you download to play - consider giving some feedback on bug and features additions.
Cheers
^lave
good work!!!
Just an email to say good work as you don't seem to be getting much feedback for your program. The problem is that those who most need the program (noobs) are the least able to help, and those who can help don't need the program so are less inclined to help. There are some real whizzes lurking around here, some of them should be able to give you a bit more support.
Good Luck,
JJ
oh and the other thing is, if you want more coverage post this program as a news article on the main pageas it tends to stay up for a few weeks!
Thanks!!!!
Hi ^lave,
It's a very nice tool. Is this a alpha version, right? Will you are going to add more features, ie make change to the ROM content to prevent Authentication Check. etc.
I think you may need to change some label wording:
Provider ID ----> Country ID
Country ID ----> Language ID
Am I right?
Hello
Do you plan to adapt tools to 2020i (PH10C) Alpine ??
It will be greater to have tools to manage ROM on this PDA
Thank's for reply
Yes - is very early code still and I intend more features as I work things out. I only got my first PDA at Christmas just past (a bottom end iPaq - enough to catch the bug though)- and the O2 a few weeks ago so its still all new to me (yep I am a newbie).
Most of my more recent coding for past few years has been satellite related - so my terminology certainly has that bent at the moment and needs some serious work.
I certainly intend the app to be more universal as far as PDA models go - but of course that will rely somewhat on availability of hardware to test with (or alternatively people with other hardware to test for me).
Thanks for feedback and suggestions (I certainly need them at this stage of things).
cheers
^lave
Thank's
I can be tester for you on Qtek 2020i (PH10C) Alpine.
The extended ROM do work different than 9090, S100, 2020.
I have new registry entry and TRUEFFS_DOC that was for Extended ROM is now for Storage and EXTENDED ROM Profile is VDISK that use vdisk.dll.

Pocket Mechanic (AntonTomov) - Installation problems

Hi,
I purchased the latest version of AntonTomov's PocketMechanic via Handango and received the registration key immediately after finished purchase procedure.
Installation on my TyTN seemed to work out first (the program accepted the key with a message box and a sound).
But only moments later a message box popped up, telling me I use a pirated version and should turn to the manufacturer, which I did (also mailed Handango).
Meanwhile tried to install PM several times (always removing all traces from both PC and TyTn incl. Registry and rebooted) - to no avail.
Meanwhile received a new serial, but same story again: first accepted and immediately afterwards aborted with Piracy message.
A new complaint mail is on ist way.
Meanwhile I'm asking here if anybody had similar problems in getting the Pocket Mechanics to work on a TyTN.
Appreciating feedback and will let te community know how it worked out for me.
I would not use or buy Tomov's products out of principal.
Found a lot of threads about earlier version doing a hard reset without asking, when inputted a "pirated" serial. So be glad it only shows a box nowdays.
While software piracy is not a good thing, at least for people developing propietary software. Tomov has used a bit too drastic measures to fight
back.
jeezus said:
I would not use or buy Tomov's products out of principal.
Found a lot of threads about earlier version doing a hard reset without asking, when inputted a "pirated" serial. So be glad it only shows a box nowdays.
While software piracy is not a good thing, at least for people developing propietary software. Tomov has used a bit too drastic measures to fight
back.
Click to expand...
Click to collapse
This does not make me too comfortable :-(
I also read a few note about that on the net and a reply by Tomov, complaining that this is not true and only a campaign to cut him off his revenues.
Well, I do not know what to believe, however this uncertainty is also not too comfortable...
Well the Pocket Mechanic way of uses some hardware dependent functions and - if you dare to take use of such - you have to either be very careful and also prepared that they might not work on untested and after all very new (such as the TyTN) devices.
I was prepared for all of that but not that I receive a piracy mail (which somewhat alsmost accuses you of being a software pirate and telling you to mail to [email protected]) when I purchased the software (which I can also prove).
Maybe he uses some hardware related mechanism to check eligibility of the serial and as he hasn't tested yet the TyTN (which he admits) this software won't allow being registered at all. I do not know.
But isn't such a meachanism pure over-kill ?
Actually something like that must be going on as I receive this pop up also after a new install and having purged all remnants from the PC, the PDA and the registry.
If I'd be trying out serials just at random, would anyone think that I'll millions of times do that complete procedure just to find any working key at the end of my life maybe ???
(And if I'd be a professional hacker I'd disassemble the code and be able to work around even these barriers.)
So, applying over-kill measures like that only brings problems to decent users, risking to run into problems when using special configurations or ne devices.
+++
Apart from that I must say that Tomov's applications seem well coded and also graphically very nice (one wonders how graphically nice application you can program for PDAs; shame upon Microsoft for their pre-installed poor applications !!!).
Also I see no real alternatives for some functionality he provided within one software, that's why I purchased the PM.
Finally again my question:
Has anyone encountered the same problems with the PM on a HTC TyTN ?
(btw: Thanks "jeezus" for your feedback.)
Might I inquire which funktionality you need?
Maybe we can find an alternative solution.

Windows Mobile 5 Replace one character in ROM? Reward $1000

Edited: Contact mod.
For $1k I'd buy JTAG and do it . And keep the rest (RIFF BOX is 119€ and a bit of soldering/getting board for another 10€ to avoid soldering).
Haha, this reward smells like scam
mysymbol said:
Hello
Can someone tell me if it posible to replace/change just one character in Rom in Windows Mobile 5 Device, knowing where it is (memory address)
Device is not listed anywhere on this forum, and really it does not matter, since it runs Windows Mobile 5 and I can connect to it with ActiveSync (USB or Serial)
Willing to pay $1000 for solution.
Honestly, will paypal the money to someone that can help
Thanks
Click to expand...
Click to collapse
Why would you pay $1000 for a solution for a Windows Mobile 5 phone when you can get a Windows Mobile 6.1/6.5/WP7 phone for HALF the price.
Response to your concerns
This is not a Mobile Phone and I do not have one but several thousands of these in my posetion. Again this device is very rare and you will not find it anywhere. Solution to my problem can be used over and over again.
Simply its just like a phone running Windows Mobile 5 and I just need to change few lines of memory addresses in ROM. Please help.
For those that think its a scam, fine, I will offer $10 for solution, but for someone that can believe I will paypal $1000 instantly upon working solution.
I would agree with JTAG but I have several thousands of these in my hand and I need faster solution. Please help. I can run any files, commands for you on my device and provide results. Thanks again
You might want to try also itsutils's app "pdocwrite", that might do the job too. Or psetmem, if it is in RAM and not ROM.
wouldnt Jtag be just as quick as connecting a phone to a computer... booting into the rom, changing code etc etc etc? over and over and over again?
That said... Your best bet is to send one of these "devices" to a developer on here who can take the rom and make the changes that need to be done and make a custom rom for you.
Thats my two cents!
You are a little silent on the details of what you want to change in the device. There is hardly a universal solution for the task you have sketched. Let me outline the levels of security that have to be passed:
Running programs e.g. for manipulating memory (RAM or ROM) may in the first place be restricted by OS security (policy). This must be overcome and is also know as "Application Unlocking" of the device.
Some files on a device can simply be replaced by RAM copies and those will take the function of the ROM part after copied to the device and a subsequent reboot.
If really the ROM itself must be changed (as 2. does not work) then you have to be able to read out the ROM, dis- and re- assemble its parts (aka "cooking") and finally load back the results to the device. Several security mechanisms are in place for devices to ensure that only the legitimate authorities can do this.
Thanks to joint efforts et XDA-developers many popular devices could be hacked at that level to foster the popular cooking activities.
So if you give some more hints on what character you want to have changed and where you see it (but want to see a different one) then even other options may come up, e.g. changing data in the databases that are use for translating user interface parts (control panel), other data-driven options (e.g. registry) and so on.
So in the end there may be a much simpler solution to your problem that you thought about so far?
are these some chinese knockoff model and you need to change something to sell them on without non chinese people having problems? i would help but got rid of my chinese to english rom hardware last year
reward still availble
can someone help? I can read files from ROM, but how to write back? utility is there but its uncompiled.
I don't think you've made enough threads on this issue. I think you should post 5,6,7 maybe even 8 more and see if someone responds...
what device are u meaning to change?
Thread closed, contact me to talk about the thread.

Categories

Resources