US-CERT is aware of reports of a trojan that affects Microsoft Windows CE. This trojan disables Windows Mobile application installation security.
The trojan may take any or all of the following actions on the mobile device:
* spreads via seemingly legitimate application installation files
* installs as an autorun program on the memory card
* installs itself to the device when an infected memory card is inserted
* protects itself from deletion by copying itself back to disk
* replaces the browser's homepage
* allows unsigned applications to install without warning
US-CERT encourages users to take the following preventative measures to help mitigate the security risks:
* Install anti-virus software on the mobile device, and keep its virus signature files up-to-date.
* Use caution when downloading and installing applications.
US-CERT will continue to provide more information as it becomes available.
http://blogs.zdnet.com/security/?p=904
Apparently it's targeted at WM devices, and is in the wild.
CERT has a waning too:
http://www.us-cert.gov/current/index.html#microsoft_wince_trojan
I'll tell you who created it. One of the companies that sells the useless "anti-virus software" for our smartphones! LOL Now they can actually sell it...
NRGZ28 said:
I'll tell you who created it. One of the companies that sells the useless "anti-virus software" for our smartphones! LOL Now they can actually sell it...
Click to expand...
Click to collapse
^^^^^^^^^^^
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
well be sure to check the guy who posted a thread about creating viruses, right here in our forum!!!
This statement i agree.
Up to now WM was the only safest Windows been.
I really have seen anti-virus soft for ppc, and always wondered is there a viruses for ppc? Now I know they exist I wondered the same about Linux. But never heard of "virus for *nix".
Malicieux said:
I really have seen anti-virus soft for ppc, and always wondered is there a viruses for ppc? Now I know they exist I wondered the same about Linux. But never heard of "virus for *nix".
Click to expand...
Click to collapse
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
NRGZ28 said:
I'll tell you who created it. One of the companies that sells the useless "anti-virus software" for our smartphones! LOL Now they can actually sell it...
Click to expand...
Click to collapse
Could not agree more
Something Dodgy about McAfee Screenshots
" Timing"
One of McAfee's screenshots shows the autorun.exe trojan as having a creation date of 25th may 2006. Thats nearly 2 years ago - have McAfee really just discovered it now, or have they just been sitting on the discovery... Que publicity of their mobile antivirus software coming to the rescue for every paranoid corporate IT Manager....
My thinking exactly...
TheChampJT said:
well be sure to check the guy who posted a thread about creating viruses, right here in our forum!!!
Click to expand...
Click to collapse
I remember that thread from a few days ago, then saw the CERT issue...
A coincidence?
Malicieux said:
I really have seen anti-virus soft for ppc, and always wondered is there a viruses for ppc? Now I know they exist I wondered the same about Linux. But never heard of "virus for *nix".
Click to expand...
Click to collapse
i am happy because i will not feel anymore as an idiot when update my antivirus(mobile).
anyway i want to be in contact with this.....
I think the first part of your statement is still true....
Are we going to start seeing ppc anti virus banners now?
Hah???????????????????
Anti virus for ppc? Why? unlike PC we could reset the ppc and get back the fresh rom in 10 mins.
Moderator, pls kill this useless thread.
HaiLe512 said:
Anti virus for ppc? Why? unlike PC we could reset the ppc and get back the fresh rom in 10 mins.
Moderator, pls kill this useless thread.
Click to expand...
Click to collapse
Even though recovery is simple and with all the ROM flashing that goes on...virus' don't stand a chance; people need to be informed.
This thread is not useless and leave it to the moderators to decide this.
Two new articles:
http://www.avertlabs.com/research/b...zed-information-and-leaves-device-vulnerable/
http://www.pocketpcthoughts.com/index.php?action=expand,58603
I personally think that AV (Anti-Virus) Developers (Norton, McAfee, etc.) want some of this PPC $.
Now why would anyone from XDA make a virus while there is anuogh spyware to kill that MS tries to enforce on Windows Mobile?
Here is a source code of the first ppc virus
Yeah in the last T-Mobile NL 2.26 Rom for ELf they allso included a download link to AV. Made it even slower.
After putting TomTom on my SD card I noticed that every time I inserted or removed the card I got an error message about AutoRun.exe not being digitally signed or an invalid application.
Looking at the screenshots I noticed the folder name was 2577 (same as the TomTom installation folder.) TomTom auto installs when you enter the TomTom miniSD card into your phone, so I assumed that the autorun.exe was part of that implementation.
I don't think this is the virus as my homepage stayed intact but you never know.
Where's the link for download?
Related
I obviously am sensative as to who while looking my XDA over could accidentally find my porn stash.
What software package is best for encrypting movie files and pics?
resco explorer come with a built in encrypt file software.
Or Airscanner Encrypter to encrypt whole folders easily.
perhaps make the folder "hidden" then take the view hidden files function away so that the general browser doesnt find it.
i also apply a name that will not attract attention such as work or parents .... or system or temp cache or similar, anything but say porn xxx look here
then again, dont be ashamed of your actions, or dont do the actions....
nothing wrong with a bit or even a lot of porn
if it offends people, they shouldnt be looking, and even if they found it, they should choose not to look
This image always comes to mind:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I find that merely zipping the folder and putting it somewhere obfuscated prevents accidental clicks. But airscanner looks cool. Will have to try it out.
V
Nice one V! :lol:
So now we know what you do so long in the nights on your pc... :roll:
...looking for funny pics .
Am I the only one that would have really appreciated it if you wouldn't have told us what you're using the encryption for ?
TheBlasphemer: if he'd said:
"I need an encryption app to encrypt information I'd rather other people didn't see", he's most probably either a hacker, a spy, or a male Glad he >eugh< "came" straight out with it... :shock:
Rottie: you back from holiday? Your request, what seems to be the Holy Grail of hacks, the closed clam keyboard hack - I've had some ideas and some contributions that have given me some ideas. I'll try to progress them shortly.
And what I do on the long nights - I wish! I'm programming every spare minute now, even during lunch times, running home to code a few lines
This made me snort tea all over my desk:
I love Penny Arcade.
Anyone tried AirScanner yet? (blatant attempt to bring back on topic!)
V
vijay555 said:
TheBlasphemer: if he'd said:
"I need an encryption app to encrypt information I'd rather other people didn't see", he's most probably either a hacker, a spy, or a male Glad he >eugh< "came" straight out with it... :shock:
Click to expand...
Click to collapse
If he hadn't told us, I could still just refuse to believe the pr0n thing and believe he was a govt spy or anything
If you were to put the porn on your ipod, you could call it porn-on-the-pod.
porn-on-the-pod
Click to expand...
Click to collapse
Do you want butter with that? A little "Last Tango in Paris" perhaps?!
V
Last Tango reminds of the ads ... Can you tell the difference between butter and margerine ?
chetccox said:
If you were to put the porn on your ipod, you could call it porn-on-the-pod.
Click to expand...
Click to collapse
ROTFL
I actually use Airscanner for er..... encrypting stuff that.....er I'd rather wasn't....... er easy to find. <coughs>
I can vouch it works well under WM5, and it appears to work by using multi-pass bitwiping to ensure there is no trace of the original files prior to encyption.
Odd thing is though, I'm sure it used to be free, but now they seem to charge for it. My advice is look at free download sites for a copy.
Not sure where the software came from, but my press and hold menus provide encryption, I think its resco explorer.
I can use normal file explorer to "hide" files from general view, but I noticed in Resco explorer, the hidden files are still clearly visible, so not sure if there is a bug in the resco app for hidden files, but they are definitely hidden from the normal ppc file explorer. add that to resco encryption, I think should be sufficient.
Good (and bad) news - looks like we won't be needing this software anyway:
http://www.theregister.co.uk/2006/02/23/masturbation_worse_than_sex/
V
On a side note: On my communicator I had a password safe with categories like credit card, shopping accounts etc... Is there something similar for WM5 available?
TauTau said:
On a side note: On my communicator I had a password safe with categories like credit card, shopping accounts etc... Is there something similar for WM5 available?
Click to expand...
Click to collapse
There is a program called KeePass which works on most devices, relevant here is the Desktop and PocketPC. The datafiles are transferable between both devices. I have used it on my Universal without problems. I have actually been using this program for a long time, I keep the DB on a USB key and a copy of the program. This means that when I plug in my key the password safe opens and asks for the password, or I can run it from the key if on another machine.
As for encrypting the pr0n, what about a good old .RAR archive? The version that I use (Pocket RAR 3.50) will encrypt and decrypt folders and files, quite fast too.
If you're talking about a large stash this won't work, but if you're only carrying round < 10MB you could always use the ExtendedROM partition and leave it hidden.
This means that you could have all your files in readable format, but without knowing the name that you used for the partition they couldn't access it without searching the registry for the name.
Not many people are going to search the registry for a name they don't even know exists.
This might sound like a difficult thing to do, but Buzz made an unlocker and the registry change for the name is in the thread.
Once you have done your hard reset and loaded the ExtendedROM you don't need the stuff in there anymore, and can use the space for storage.
"stash"
I agree, I know "people" that use a zip file for text, and otherwise just buried folders.
How's abouts we make a small app to render files unusable? You could take the filename, pre-pend it to the file in binary to render it unusable, using a simple XOR encryption for those few bytes. Then give it a generic filename and extension, eg Sheet1.prn.
When launched, .prn files will launch our decrypter, asking for the password. I suppose you could possibly memory map the decrypted file to even ensure an unencrypted version doesn't exist on the device for any considerable period (ie until you close the decrypter).
just an idea.
V
Sounds good V,
When can we expect VJPhorEnsic to first arrive on the board ;-)
M
After doing my ActionScreen, I realised I could adapt the framework very easily to create a download manager.
Currently, the only applications on it are ones that I've hardcoded, although I'm almost certainly going to extend it to 3rd party software, and probably build in some form of updates system...
I will also be implementing this as an "add ons" system to a ROM I'm working on. E.g. it's a very light ROM with a long list of cabs that can be downloaded and installed from one place.
Why am I posting it here you may ask... Well, I want to get some ideas for what to do, and see what people think of it before I release it.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What I'm hoping to do:
Application categories
Sorting by developer
Submissions (two levels, trusted - have been checked, and untrusted - haven't been checked but have warnings plastered all over them)
Details screen with a screenshot and some text
Proper updates mechanism
Kinetic list scrolling (I just can't be asked to derive displacement from velocity at the moment...)
Warning, this may destroy your device, and possibly the planet, but I cannot be held responsible!
Cab attached below, backup anything you care about, copy it across install and run...
0.04 is identical (bar the fact that it thinks its 0.04 instead of 0.03...), but is hosted somewhere else to demonstrate the current update mechanism.
Reserved for me
Looks good so far!
I would initially focus on included barebone (trusted) apps in the download manager (with auto-update notification functionality) and eventually branch it out to 3rd party apps...
This notion in general is the one (and only) thing that the iphone has over all other devices currently
great idea
PorX said:
Looks good so far!
I would initially focus on included barebone (trusted) apps in the download manager (with auto-update notification functionality) and eventually branch it out to 3rd party apps...
This notion in general is the one (and only) thing that the iphone has over all other devices currently
Click to expand...
Click to collapse
Currently, there are nine applications I've built from the Diamond 2.03 ROM (the Blackstone Manila is from mun_rus), and no form of update function has been implemented.
All the icons and images are the ones the Diamond Comm Manager uses, so changing them changes the skin in this.
Anyone have any ideas for what kind of data base I should use? So far, everything is hardcoded!
looks very nice and clean, as a past nokia user i used to use nokias download manager, maybe you could have folders on the opening/main screen and have dif things also like games, themes, wallpapers etc but keep the folders etc in with the style of manila like uv done so far, very good work, keep it up.
regards,
biggzy
Nice work mate.
Glad to see MS havn't put you off with their Sky*** stuff
How about colaborating with CRC and his Device Update stuff? He has a killer back end that use Geo Balanced FTP Servers. The client just makes HTTP requests and the server returns XML.
Me and Chainfire were working on it with him, but Chainfire got busy and we were waiting for a "grand design" from him.
Just a suggestion...
Dave
DaveShaw said:
Nice work mate.
Glad to see MS havn't put you off with their Sky*** stuff
How about colaborating with CRC and his Device Update stuff? He has a killer back end that use Geo Balanced FTP Servers. The client just makes HTTP requests and the server returns XML.
Me and Chainfire were working on it with him, but Chainfire got busy and we were waiting for a "grand design" from him.
Just a suggestion...
Dave
Click to expand...
Click to collapse
That sounds cool...
A nice back end would be good (I have an ini, some hardcoded variables, and download files directly rather than HTTP requests because my current host can't deal with them!)
Also, there is a cab attached to the first post.
Read the warning!
You never stop
Hi l3v5y,
You never stop. You are developing a new action screen, this download manager now. What will be the next? ;-)
Both tools are great. Thanks!!
Regards
elparra72 said:
Hi l3v5y,
You never stop. You are developing a new action screen, this download manager now. What will be the next? ;-)
Both tools are great. Thanks!!
Regards
Click to expand...
Click to collapse
I had two days off school because of snow, so I released some things I'd been working on!
I do have a reworking of "ScrollLauncher" that I did some time ago, and I need to make iShell work better!
But, what could I do next instead?
Just realised the version of Opera I uploaded was a QVGA one, so you'll need eyes like a hawk and pointy fingernails to use it... I'll fix that later though.
PDM
I actually use and like the pdm software that comes inside the TIR rom
eurorpeen said:
I actually use and like the pdm software that comes inside the TIR rom
Click to expand...
Click to collapse
In what ways is it better or worse than this? It would be nice to get some feedback on it in comparison to this...
Cool.
This app will build a APPSTORE for Diamond.
Hi,
what about to build a kind of appstore with a much bigger database with possibility to filter applications by device compatibility? I have the database
Feel free to contact me if you are interested.
worki2k1 said:
Hi,
what about to build a kind of appstore with a much bigger database with possibility to filter applications by device compatibility? I have the database
Feel free to contact me if you are interested.
Click to expand...
Click to collapse
There are a few things I need to work on in my frontend (categories, sorting the list, kinetic scrolling etc), and then I need to find a fast, lightweight database system before I can consider having a decent database.
I have tried to contact CRCinAU (DeviceUpdate) and there's some discussion about the Gecko database, which may be potential backends. The thing I don't want to end up with is a completely seperate system. I think to be able to distribute apps in a decent, managed way, all the frontends need to work with a single unified backend, so developers can submit their application once, and only once.
isn't this illegal, providing those cabs?
Richardprins said:
isn't this illegal, providing those cabs?
Click to expand...
Click to collapse
What CABs?
Dave
Hi all,
BSODroid is my first Android application. It is a proof of concept implementation of a flaw in Windows Vista, which is so far unpatched (although Microsoft are due to start distributing the patch any moment now), that allows a user to send a Blue Screen of Death to that computer over the network.
To test your home, office or clients' machines, or even just to have some fun with your friends, all you need to do is connect to their network via WiFi, enter in their hostname (either IP or actual hostname will work), and press Execute!
Note: the target Vista machine must have network file / printer sharing turned on (though most people have it turned on these days)
This is a fun little application I created yesterday and have been having playing with my friends' computers on their home network and showing them the Windows flaw.
Video of it in action: http://www.youtube.com/watch?v=eIy_d94tDmQ
As I said, it will be patched soon, so anyone who has Windows Updates enabled will be immune to it within the next 72 hours or so.
BSODroid can be downloaded from the Android Market (just search for BSODroid!) or alternatively you can download the APK directly from my website: http://www.dereenigne.com/
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As always, if you enjoy my software, please consider donating! http://www.dereenigne.com/donate.php
Well, it works.
will try on win 7
Ather said:
will try on win 7
Click to expand...
Click to collapse
From what I can tell, it works on most of the beta copies and some RC copies of Windows 7, but it doesn't work on the RTM version - what a shame!
Still, lots of fun!
Didn't work on my Win 7 RC machine. Maybe I'm up to date?
My boss and I just had some fun with one of our users on MO. (we are in TN)
Minker17 said:
Didn't work on my Win 7 RC machine. Maybe I'm up to date?
Click to expand...
Click to collapse
Yeah, seems as though it works on some builds of Win 7, but not others.
It works on Win Server 2008 too.
I hope people are having their fun with it now, because Microsoft already have a patch in the works - I'm not sure if it's being pushed through Windows Updates yet, but if not then it will be quite soon!
Though, it will still always work on machines that don't run Windows Updates
man, a winmo version would be awesome...
GreenLantern said:
man, a winmo version would be awesome...
Click to expand...
Click to collapse
That whould be consider a virus.
rogeriopcf said:
That whould be consider a virus.
Click to expand...
Click to collapse
A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner.
Click to expand...
Click to collapse
It's being installed by the user, so it's not a virus at all. I personally think this is a neat little proof of concept program, and would love to have a copy for my WinMo device. Besides, if these proof of concept exploits weren't created, the software companies wouldn't have a reason to patch/fix their software until somebody with more malicious intents came along and used it. Hope there's a port to WinMo soon.
rogeriopcf said:
That whould be consider a virus.
Click to expand...
Click to collapse
why? there's ton's of stuff everyone at my office does that could be considered a 'virus' then...
even so, if you can do it from an android phone it's not a virus? somehow I don't understand that.
Quick video example: http://www.youtube.com/watch?v=eIy_d94tDmQ
Ha cool...
Could be fun to make a "one stop shop" for stuff like this.
There's the unpatched IIS flaw as well which is easy as hell to abuse.
Select exploit (or select all), select target ip (+port/username etc for stuff like an IIS exploit), execute (on an iis exploit that'd use default port, anonymous/anonymous).
Is there any interest in this? Think it could be rather interesting to code
nurre said:
Could be fun to make a "one stop shop" for stuff like this.
There's the unpatched IIS flaw as well which is easy as hell to abuse.
Select exploit (or select all), select target ip (+port/username etc for stuff like an IIS exploit), execute (on an iis exploit that'd use default port, anonymous/anonymous).
Is there any interest in this? Think it could be rather interesting to code
Click to expand...
Click to collapse
I"d be highly interested in that.
Have almost broken 1000 downloads! (Currently at 950)
If anyone's interested, go ahead and give it a try from the market!
Thank you. Great app, worked with my windows vista sp2.
Thanks!! I'm dying for this kind of apps
If this had a way to find IP's in use on the network it would be perfect, or just a multicast mode. Go to starbucks and listen to everyone groan at the same time.
Hey ppl
i found a SD Card and this photo was in it
http://i.imgur.com/axUeIJd.jpg
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
who can confirm if this is wp8.1 or GDR3 ??
Nice!
i dont think so its GDR3
I'd say it's a build from WP8.1 branch.
OMG!!!
PLEASE use SD card file recovery software, you might be able to get more out of it!!!!!
Post more deleted files please!!!
when im gone said:
Hey ppl
i found a SD Card and this photo was in it
http://i.imgur.com/axUeIJd.jpg
who can confirm if this is wp8.1 or GDR3 ??
Click to expand...
Click to collapse
what the hell is that asterisk ???
dotcompt said:
what the hell is that asterisk ???
Click to expand...
Click to collapse
i dont like that notifications square
http://www.youtube.com/watch?v=tRVC4BKWaP8
this on is better
NA
sorry i was busy at work last day
there is like a thousand of empty folders in the SD card and there is too many .tmp files
i tried to use SD card file recovery but the result was Zero
it's weird that the SD card is 8GB and there is just 5.6GB free space with empty folders and there is no hidden files
should i format the SD card ? :laugh:
***EDIT***
i found something interesting ( wp_ss_201307011_0001.tmp )
now how to change the extension to jpg
***EDIT*** (2)
what a shame
upload the files...
Check the partitions in disk managment, might have one hidden.
I have confermed real seen pictures of gdr3 and this is not gdr3 microsofts mobile os is amed at hardwhare spects and the gdr3 update is no different most wont beabele to take advantage of the gdr3 updates other then the notifications.
when it does hit there will be a new kid in town wp8.1 device in full hd 1920x1080 rez.
if that was gdr3 the tiles would not look like that.
WP8.1 branch. (Maybe!)
Has anyone noticed the background, something about Microsoft Confidential
funnypharmacist said:
Has anyone noticed the background, something about Microsoft Confidential
Click to expand...
Click to collapse
Yea and nobody has a funny feeling about these things??????
Those things are always found by ones who are "Phone minded" and by "coincidence" members of a cociety.
Never by a child, or a housewife, or ................. Always found by a "geek".
Why on earth should someone put a picture on a sd card, specialy those guys who forces anyone else in the cloud.
And Always a picture, never ever some specific documents, no names or familypics just one single "mysterious" picture.
Lousy security or stupid people at work................yea sure
I belief its a sneaky act of commercial, just to make people curious and eager to buy
funnypharmacist said:
Has anyone noticed the background, something about Microsoft Confidential
Click to expand...
Click to collapse
All non-public Windows pre-release builds have that watermark on desktop.
Amadeus01 said:
Yea and nobody has a funny feeling about these things??????
Those things are always found by ones who are "Phone minded" and by "coincidence" members of a cociety.
Never by a child, or a housewife, or ................. Always found by a "geek".
Click to expand...
Click to collapse
maybe millions of housewives or children find thousands of these pictures everyday. But since they are not "geek" to them it's just a stupid photo of a phone. It requires a geek to see the details etc.
yeah, it happens a lot lately,
lost sd cards/usb sticks, hell even complete unlocked prototype cell phones.
And if i red of the sanctions, they are even bigger fools then they already wore.
Taking sneaky pictures.
Taking it outside
And for the final touch .....losing it.
Those offenders should not getting fired,
they should be getting shot at dawn.
just too many coincidences
But thats my opinion.
temporary_24 said:
upload the files...
Click to expand...
Click to collapse
if you don't know how to change the extensions just please upload the files .. don't write anything on that SD card.
if the "memory" is really what most people believes to, then it might have a partition for WP 8.1
the new tiles layout matches vs GDR3 (notifications tile asterisk means a new message) and consolidated message center with Skype embedded
should be worth trying to recover the partition (some mfg use a microsd for internal storage) partition for system and rest for user available space (disregard having an additional slot)
P.S. is a MicroSD or just an SD?
WP8 devices are not using SD cards as internal storage. There were some WP7 devices that did but those activated the security features on the card so when it was removed from the device the only way to get the card usable again was formatting it (which deactivated the SD security feature). It's therefore highly unlikely that there is a system partition on a WP8 device's SD card.
Today, Microsoft removed the "Message History" section from my Outlook account, so I can no longer use a well-known trick to view my sms history. I notice that in the WP8.1 emulator, I can now log in to my MS account and my sms history are synced to the emulator. I am trying to take advantage of this feature to retrieve the file that stores my sms from the emulator image.
So far, I have managed to merge the emulator snapshot with the base .vhd and mount the resulting virtual disk to view all the files. Hell, I can even decompile the stock apps to view their source code...However, I cannot find where my sms are stored. There is one suspicious folder that has modification time at the moment the sms are synced.
"K:\SharedData\Comms\Unistore\data" where K is the Data volume.
In this folder, I can find all my emails in plain text and a bunch of other files in binary/encrypted text. I hope the binary/encrypted files are not my sms. Anyone has any idea?
I got the answer to my own problem thanks to this post. http://resources.infosecinstitute.com/windows-phone-digital-forensics-2/
The name of the file is still store.vol but it is in another location compared to WP7.5. You can find it in Data\Users\WPCOMMSSERVICES\APPDATA\Local\Unistore . If you want to follow my steps and there are any questions, feel free to post below.
Edit: now I need to find a way to read this EDB database file, including the date and time the sms were sent.
illidanx said:
I got the answer to my own problem thanks to this post. http://resources.infosecinstitute.com/windows-phone-digital-forensics-2/
The name of the file is still store.vol but it is in another location compared to WP7.5. You can find it in Data\Users\WPCOMMSSERVICES\APPDATA\Local\Unistore . If you want to follow my steps and there are any questions, feel free to post below.
Edit: now I need to find a way to read this EDB database file, including the date and time the sms were sent.
Click to expand...
Click to collapse
Hmm, don't know but EDB Files are used on Exchange 2003 Servers.
I had a Software to open such files. But this piece of Software is really expensive.
When i'm in the Office I will look for the name of the Software.
DarkD1988 said:
Hmm, don't know but EDB Files are used on Exchange 2003 Servers.
I had a Software to open such files. But this piece of Software is really expensive.
When i'm in the Office I will look for the name of the Software.
Click to expand...
Click to collapse
that file is also the exchange database used in windows mobile. I heard the format is different for different purposes and MS has never provided the documentation for this format.
illidanx said:
that file is also the exchange database used in windows mobile. I heard the format is different for different purposes and MS has never provided the documentation for this format.
Click to expand...
Click to collapse
If you trust me an there is nothing important in this edb file you can Upload them to an Hoster/dropbox
and give me the Link so i will try to open the edb file.
thats the Software I use:
http://www.krollontrack.de/produkte-und-software/kostenlose-software/registrierung/
There is a possibilty to test them.
But we (my Company) have a full version with add ons. So I think there is a bigger chance.
EDB (on WP7, at least) was Embedded DataBase. The API for them is documented here: http://msdn.microsoft.com/en-us/library/aa914733.aspx
I know WP8 has some mobile DB APIs (even though it uses NT, not CE) although I haven't tried them at all. You could also try using the Mail API (MAPI) http://msdn.microsoft.com/en-us/library/office/cc842118(v=office.15).aspx for documentation.
There was a homebrew app on WP7 (hosted here on XDA) that extracted SMS for backup, because there wasn't an SMS backup feature. I don't know if it would be useful with WP8, even as a reference, though it may be worth checking to see if the source for it is available.
DarkD1988 said:
If you trust me an there is nothing important in this edb file you can Upload them to an Hoster/dropbox
and give me the Link so i will try to open the edb file.
thats the Software I use:
http://www.krollontrack.de/produkte-und-software/kostenlose-software/registrierung/
There is a possibilty to test them.
But we (my Company) have a full version with add ons. So I think there is a bigger chance.
Click to expand...
Click to collapse
I created a throw away outlook account and send a test message from the emulator to phone number 555-555-5555 (Yes you can send it in the emulator even though that will never been sent). The content of the test message is "this is a test". With a hex editor, I have verified that the message existed in the store.vol file at address A0233. You can download the whole folder here https://www.mediafire.com/?4id993y8gnii3v9
This is the screenshot of the folder
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thank you for helping me.
GoodDayToDie said:
EDB (on WP7, at least) was Embedded DataBase. The API for them is documented here: http://msdn.microsoft.com/en-us/library/aa914733.aspx
I know WP8 has some mobile DB APIs (even though it uses NT, not CE) although I haven't tried them at all. You could also try using the Mail API (MAPI) http://msdn.microsoft.com/en-us/library/office/cc842118(v=office.15).aspx for documentation.
There was a homebrew app on WP7 (hosted here on XDA) that extracted SMS for backup, because there wasn't an SMS backup feature. I don't know if it would be useful with WP8, even as a reference, though it may be worth checking to see if the source for it is available.
Click to expand...
Click to collapse
Hi, thanks for helping. The first link is for windows mobile 6.5 CE so I'm not sure if it applies. I will check out the second link. I have also made a post in the thread about extracting WP7 SMS to ask for the source code.
illidanx said:
Hi, thanks for helping. The first link is for windows mobile 6.5 CE so I'm not sure if it applies. I will check out the second link. I have also made a post in the thread about extracting WP7 SMS to ask for the source code.
Click to expand...
Click to collapse
kay, try this. And sry the Programm Kroll Ontrack for exchnage don't works.
DarkD1988 said:
kay, try this. And sry the Programm Kroll Ontrack for exchnage don't works.
Click to expand...
Click to collapse
Thanks for testing it though.
Edit: found this article about reverse-engineering Embedded Database. This looks like a NSA personnel's job...
http://www.sciencedirect.com/science/article/pii/S1742287612000874
Sorry, I should have been more clear: WP7 used CE internally, so the WM6.5 APIs worked on it. WP8 uses NT instead of CE, but has some of the embedded database APIs anyhow (because the code was imported straight from WP7, maybe?) so it might still work. You'd need to find the library with the relevant exports, though; that part of the documentation will be wrong for WP8.