Database Users

(New) Crypted GSM network

Now you will not have to be worry about make your calls,send sms..and be spyed.
This software promise to encrypt entire GSM data.
Realized on a Q-Tek 2020 Hardware
http://www.caspertech.com/prodotti.php

Sorry if this is a stupid question but, having looked at the web site briefly it seems to me that this will only work between two devices both equiped with the Cryptech software?
unapproachable2kx said:
Now you will not have to be worry about make your calls,send sms..and be spyed.
This software promise to encrypt entire GSM data.
Realized on a Q-Tek 2020 Hardware
http://www.caspertech.com/prodotti.php
Click to expand...
Click to collapse

This looks very similar to http://www.cryptophone.nl/
Except that cryptophone is open source, and the CasparTech product uses "proprietary encryption algorithms" - I wonder if these CasparTech guys wrote their application from scratch.
If you don't care about being able to see the source (i.e. if you don't care about backdoors -- remember Crypto A.G.?) you could also use skype, although that uses GPRS rather than a connection directly to another xda2 device with crypto software on in. Depending on the codec's bitrate and your GPRS plan, using GPRS/voip on skype may work out more/less expensive when you use it.
The fine people at http://www.cryptophone.nl/ also offer a windows version for your at-home/work PC or laptop to use with a landline for free, and the source code is right there on their website for all to see. Their product is NOT cheap, but knowing that it's secure should be worth it to those who have the need for it (e.g. big business, politicians, etc.)
(There is no pricing on that Caspartech page, so who knows what it costs..)
The http://www.cryptophone.nl/ people also founded xda-developers.com btw.
A PPC version of speakfreely (google for it, it's cool) would be a Nice Thing To Have.

Protect You SOFTWARE

I know it is almost impossible to produce a software that is fully protected. In this I would like to share my experience in protection.
I developed a program that works in PPCPE and I have made a very good protection system….. I think
The protection system works as fallows:
- when the software is first install it capture the date of the installation
- it reads the device ID
- it ask the user for the program serial number
- I have two way of registering the system either through an SMS or through the web using a GPRS.
- The software combines the three number together using some equations to make it almost impossible to find out what I am collecting… also I use an equation verify if the serial number is OK since we are using SMS and it is very costly to send SMS that contains a wrong serial number
- When the user chose the method to register the number is send to my server and the server send back the activation key to the user PPCPE
- The PPCE will read the SMS and delete it and store this SMS in the database …
The above is to get the activation key
In the software the activation key is produce and I use “if statement” to compare the activation key which is stored in the data base and the one the software produce if they are the same it will execute otherwise it will stop execution
To make it very difficult for the hacker I use pointer in the program and in these pointer I add the protiction key to it and subtract the key the program produce to make the additon equal to zero if the two key are the same
The pointer point to each button and each menu item in the program
I hop this information will help and I welcome any comment

Hmmm, sounds nice...but is it worth all the trouble...especially the SMS route could complicate things, no?
Besides, with good debuggers is it not possible to NOP the check section or jmp it, applying a patch?
I would opt more for a good packer such as Armadillo, and protect it that way. It will obfuscate the code, has debugger protections built-in, splits codes and destructs IAT. Additionally, you could add nanomites to make unpacking even harder. Then use a simple license key system.

Yes you are write .. a good hacker can do that …. But
If you use the method of pointer it is almost impossible to get any thing out of the program and it will be use les for any body to use it
And also it is almost imposable to hack it

But armadillo is only available for x86 Windows. But your message is right, HappyGoat.

pointer protection: piece of cake!
Well, the pointer thing as you describe it does not sound too difficult to hack.
You said your software will take the address for a pointer, add the key the user has entered, and substract the one the program has computed so that it equals to zero.
So, this means that the shift is always the same, so if you can get the entry point for any button, you know which value to add to the key generated by your software. Since you don't obfuscate the code this is a matter of minutes to hack this. :roll:
UL

Re: PROTICT YOUR SOFTWARE
As an old cracker I can tell you that this algo would not be difficult to crack. You are not using EXE file encryption, anti-debugging, integrity checking, and other tricks that are used in good protections like ASProtect. They would take some hours to bypass. And playing with pointers can stop only kiddies. UnlockMe said why.
If a cracker would get one valid question-answer pair, he'll easily convert any program to a fully working version. And your code can be cracked without this knowledge.
- The software combines the three number together using some equations to make it almost impossible to find out what I am collecting…
Click to expand...
Click to collapse
Funny. Why should the cracker try to "find out what I am collecting"? Why the cracker should be bothered with all this ****? There are easier ways.
also I use an equation verify if the serial number is OK since we are using SMS and it is very costly to send SMS that contains a wrong serial number
Click to expand...
Click to collapse
Costly SMS? Even in Russia you can get free SMS subscription. I have free SMS + free GPRS + free incoming calls.
Your protection has at least one very thin part that makes it useless. I've seen the similar ideas before. But I would not tell you
And remember:
If it runs, it can be defeated. (c) +Orc
Click to expand...
Click to collapse

It is very nice to see people participates in a subject. I find it very interesting. And very helpful
I am not going to tell what I do but I am given a point to start to programmer
Chatty
Thanks for bringing this point. I can not find it also
UnlockME
I think it is very difficult to hack.
Imagine in my software I have 36 button and menu item. Each of them has a pointer. Let us say button one has a pointer value equal to 11675 let say it is stored in ptr
My key is 123456789 .. let say it is stored in a string str1
The key in the program is 908070605040302010 …… I use more encryption than that but this is just a demonstration
And let us say it is stored in str2
When you address the button you address it like this
Ptr = ptr – (str1[1]-str2[17])
As I mention I am not going to reveal the protection that I use.. I am only giving a point to start
There is more thing in it I leave it to your imagination ..
Mamaich
In my country each SMS cost the mobile owner 0.1 USD … I am not going to cost hem moony for a wrong entry
…….
I think I know what you are thinking …. If the key is produced in the program I can hack it … I hope the above example clear thing up
……..
if you know any EXE encryption or anti debugging software I will be thankful
……..
thanks every body for your replay
-------------------------
pleas remember I am not Claiming that my sAlgorithm is anti-hacked …. It is only an algorithm for protection that I came with

wwb95, I'm not going to disclose in this forum how to actually hack an exe, but what i can tell you is that pointer-based protection will only stop kiddies as Mamaic says.
a hacker is not always a bad guy, though often they use their knowledge for such purpose, but it is before everything a guy that has an extensive knowledge of development tools, operating system, memory management, ...
I can tell you that if you are going to protect your software with this pointer thing, please send me a link I'll be only too happy to provide it for free to the community with a working "yes-code". 8)

wwb95 said:
When you address the button you address it like this
Ptr = ptr – (str1[1]-str2[17])
Click to expand...
Click to collapse
I'll assume that (str1[1]-str2[17]) is always a constant for all Ptrs. Then you can easily find an original button handler (don't ask me how, newbies can check all function addresses, gurus can just look at the code, I'll use a different method), calculate this value and patch a program or write a keygen. And if it is not a constant - the process would not be much more difficult.
if you know any EXE encryption or anti debugging software I will be thankful
Click to expand...
Click to collapse
I don't know any existing protection. Long time ago I was developing such a project, but due to a lack of time and no investitions I've dropped it.
Here is a crackme - http://mamaich.kasone.com/wz/crackme.rar
and a pre-aplha of protector - http://mamaich.kasone.com/wz/protector.rar
It can compress&encrypt ARM WinCE DLLs and EXE files, has minor anti-debugging tricks and primitive import/export/resources encryption. And thats all that was done. No API, no stolen bytes, no on-the fly decryption, no integrity checking, etc.
I would not publish its source codes nor continue the work.

My advice: give up trying to protect your app. It can't be done; anything can be cracked easily. You're only going to piss off your users when the complex reg scheme starts introducing bugs and instability.
All you really want to do is a simple registration scheme. You have to rely on people's honor.
At Airscanner we wrote a book showing how to crack software, with a couple of chapters on ARM-based cracking for Windows CE. But you can get more info, and better, for free at Kaos' website:
http://ka0s.net/
It has everything you need to get started in Pocket PC reverse engineering.
By the way, it's good to see +ORC referenced in this forum. Mamaich do I know you?

airscanner said:
By the way, it's good to see +ORC referenced in this forum. Mamaich do I know you?
Click to expand...
Click to collapse
Some time ago I was a regular poster on www.reversing.net and www.reng.ru and reader of fraviamb. Now I don't have time for that.
Maybe you've seen my name in "thanks" sections of some tools.

ZXEvil why are you posting that link on multiple topics? What is that file?

Anti theft apps available?

I'm looking for an anti-theft app. I don't know if it exists yet.
Is there an equivalent to the symbian phone apps "Anti-thief" or "EzProtect"? It has some nice features to let your pda "phone home" when someone is tinkering with it, or you can remotely disable your pda by sending a password though sms.
I've been searching over the net and found "Kill-pda" but that can only erase the device completely by sms. Thats a bit overkill :lol:
I hope someone knows, because i learned the hard way that you really need an app like this. My phone got stolen once and I got a Huge A$$$ bill for calling to egypt en italy
edit: I found this description for EzProtect:
The application sends an SMS to your specified number as soon as the SIM card has been changed. By this way, you receive SMS on your friend's (or whoever's number u defined) cell with the thief's cellnumber and SIM number (IMSI) so it becomes very easy to track the thief.
I definately want an app that can do this. And I can imagine a lot of people wanting it too.

There was a discussion about this on HoFo in Oct ober when people first started receiving their Wizards. I think BTT (BeyondtheTech) mentioned something about it. I'll see if I can track it down this evening.
It certainly would be cool.

Check this out! http://www.ppcsg.com/index.php?s=0c0cedfa906ae1b85f844fb7b497def6&showtopic=65021
Hope this works. I have not tried this myself.

Thanks a lot for your help, but that was the program i mentioned in the threadstart "PDAKill".
The only thing it can do is erase the device completely when you send a sms to your pda containing a predifined password.
But when the thief takes out the simcard and puts in his own, then this program would be useless.

Guys, if I've seemed distracted for the last few days, this is why:
I've been working on a program called VJAccioPhone.
It is used to detect if your phone has been stolen and to permit remote use of the stolen phone. Your phone doesn't have to be stolen, eg if for some reason your wife is likely to discover your "niece's" affectionate messages to you, you can send a password protected remote keyword to format your phone and hardreset it. I'm sure you can think of better examples!
It's an expansion of some code I wrote for my unreleased plugin, VJEphemeris, which you can read about here. The release version allows you to do pretty much anything you can do with the phone when it's in your hand, all remotely. Destructive and constructive control.
This is a pre-announcement. I don't like preannouncing, but unfortunately this week I've been on a very limited programming quota due to the ministrations of my better half. So although the code is finally finished, it's being beta tested while I'm away on holiday. If all is well when I get back next week, hopefully I'll try to get it released!
Don't tell anyone else, but you can read about VJAccioPhone and see screenshots here. Please note, and don't ask, there is no download available at the moment.
V

Aside from that a program like this would be very handy, and I'm quite curious and will keep an eye on it myself, I advise everyone to activate the pin code on their simcard, and always call their mobile operator as soon as the phone is stolen so they can block your number to avoid getting high bills as the topicstarter said... You should also be able to get your number back easily by requesting a new sim card and having your mobile number set to that simcard again.
This may seem obvious to some people, but I just wanted to post it anyway since a lot of people are still not aware of these simple ways to protect yourself.

Absolutely true; in England, the police aren't interested in persuing phone theft, but for you own benefit, you must always have your IMEI blocked and the phone reported stolen immediately to prevent you being charged for calls.
VJAccioPhone will be able to report back to you even if the IMEI has been changed or it's being used abroad etc. It's more for protecting your data on the stolen phone then getting the phone back. Frankly, any thief would do better to throw the phone away then persue cracking strong protections. Stolen phones are easy enough to come by! However, at least a nice passer by might be able to get in touch with you!
V

Sounds great! Would it be possible to enable the phone ID (Where you can enter your name and contact details) thought this might be good if it was ever found (or part of the hard reset).

Wauw, this is great stuff Vijay!
If you need a beta-tester on the wizard platform, i would highly recommend myself
This would be excactly what everyone needs 8)
Would it be possible to save the configuration settings? Because my idea would be to include the cab file in my extended_rom, and thus make it install itself even after a hard reset. This would mean that the configurations settings also have to be loaded after the hard reset.
Keep up the great work Vijay

frigit: if you mean enable password screen, yes, should be no problem. however i'm thinking of writing a better custom password screen using some strong encryption, with optional destruction on failure.
leploep: of course, it's designed for extended rom etc. right now protection works as a ta k, for the demo, but i'll be writing protection into an invisible app. Remote control is already complete and works transparently when triggered, so the thief won't even realise what you're doing ie there's no sign of the control smss being received to the thief.
eg you can background call the police from the stolen phone
more when i'm back from holiday next week!
v

This is starting to sound like a killer app - pun intended 8)

I'm in for sure when you get this finished, Vijay!

Already finished for the demo version!
kept me quite busy, developing three intersecting programs, like playing chess! but they all seem to work ok. a friend is testing it hopefully this week then i'll see what i can do for wider release when i get back...
v

Well vijay555 , you can put me on the list of very interested persons on buying this soft.
Cheers mate.

vijay will this work on all the wm5.0 devices??
i.e. I have the pda2k with wm5.0 and have been looking for a prog like this since i got my device, also is it possible to keep this program after hard reset ?? as you know if a hard reset is done the data is gone, but the user now has an expensive device to start playing with

it's not been tested on wm5 at this time, actually because the guy testing has a wm2003 motorola - gulp! but everything i write is normally wm5 & wm2003 now. there is no reason why it's not wm5 compatible but i'll ensure it is before release. i can certainly say, to my pain, the hardReset keyword is very wm5, i activated it by accident in testing.
retaining it after hard reset is only possible, as far as i am aware, by using a custom ext rom or rom.i've not tried it on my magician or universal, but hopefully your device in particular ext rom customisation is possible. at this time it uses registry & normal exe/dll files to run, so no reason it can't be ext rom'med. hopefully this will be confirmed in testing shortly.
if anyone can think of any particularly useful remote keywords to incorporate drop me a line. as it is, the full version will permit remote .exe launching so it can do pretty much anything
v

a lot of us have paid an arm and leg for our devices so having that extra peace of mind,knowing that if your device is nicked your going to make it as hard as poss for the theif to try and profit from your loss.
vijay all the best mate so far your app looks very promising iv got the exec running WM05 so if you need a beta tester let me know LOL
and guys if you report your phone as lost make sure your service provider is also going to blacklist the device!
I work for Vodafones in a call centre in the birmingham, UK,but the amount of customer services that is outsoursed to other non vodafone call centres based here in the UK its unbelievable! the amount of complaints I deal with and customers accounts that I come across where the outsourced twats
will admin bar your sim card but not blacklist the handset!
anyway I'll keep my eyes open for any more theftbashing apps and will post on here.

N2h said:
I work for Vodafones i
Click to expand...
Click to collapse
But have an O2 phone.....

Whow V.
Looks very very promising.. !
Great Job man :!:
i'd be happy to check it on my devices :wink:
Cheerz

lol mcwarre
even with our staff accounts we can't get the pdas as they are only available for busniess customers to be honest with you don't know why vodafone is stupid enough not to sell to normal consumers its the biggest network in the uk,
the staff phones we do get we gets 12 months line rental free lol
annnnd from all the universals I think the exec with its black shell looks the most stunning-the white shell devices just look a tad bulkier! lol

Windows Mobile 5 Replace one character in ROM? Reward $1000

Edited: Contact mod.

For $1k I'd buy JTAG and do it . And keep the rest (RIFF BOX is 119€ and a bit of soldering/getting board for another 10€ to avoid soldering).

Haha, this reward smells like scam

mysymbol said:
Hello
Can someone tell me if it posible to replace/change just one character in Rom in Windows Mobile 5 Device, knowing where it is (memory address)
Device is not listed anywhere on this forum, and really it does not matter, since it runs Windows Mobile 5 and I can connect to it with ActiveSync (USB or Serial)
Willing to pay $1000 for solution.
Honestly, will paypal the money to someone that can help
Thanks
Click to expand...
Click to collapse
Why would you pay $1000 for a solution for a Windows Mobile 5 phone when you can get a Windows Mobile 6.1/6.5/WP7 phone for HALF the price.

Response to your concerns
This is not a Mobile Phone and I do not have one but several thousands of these in my posetion. Again this device is very rare and you will not find it anywhere. Solution to my problem can be used over and over again.
Simply its just like a phone running Windows Mobile 5 and I just need to change few lines of memory addresses in ROM. Please help.
For those that think its a scam, fine, I will offer $10 for solution, but for someone that can believe I will paypal $1000 instantly upon working solution.

I would agree with JTAG but I have several thousands of these in my hand and I need faster solution. Please help. I can run any files, commands for you on my device and provide results. Thanks again

You might want to try also itsutils's app "pdocwrite", that might do the job too. Or psetmem, if it is in RAM and not ROM.

wouldnt Jtag be just as quick as connecting a phone to a computer... booting into the rom, changing code etc etc etc? over and over and over again?
That said... Your best bet is to send one of these "devices" to a developer on here who can take the rom and make the changes that need to be done and make a custom rom for you.
Thats my two cents!

You are a little silent on the details of what you want to change in the device. There is hardly a universal solution for the task you have sketched. Let me outline the levels of security that have to be passed:
Running programs e.g. for manipulating memory (RAM or ROM) may in the first place be restricted by OS security (policy). This must be overcome and is also know as "Application Unlocking" of the device.
Some files on a device can simply be replaced by RAM copies and those will take the function of the ROM part after copied to the device and a subsequent reboot.
If really the ROM itself must be changed (as 2. does not work) then you have to be able to read out the ROM, dis- and re- assemble its parts (aka "cooking") and finally load back the results to the device. Several security mechanisms are in place for devices to ensure that only the legitimate authorities can do this.
Thanks to joint efforts et XDA-developers many popular devices could be hacked at that level to foster the popular cooking activities.
So if you give some more hints on what character you want to have changed and where you see it (but want to see a different one) then even other options may come up, e.g. changing data in the databases that are use for translating user interface parts (control panel), other data-driven options (e.g. registry) and so on.
So in the end there may be a much simpler solution to your problem that you thought about so far?

are these some chinese knockoff model and you need to change something to sell them on without non chinese people having problems? i would help but got rid of my chinese to english rom hardware last year

reward still availble
can someone help? I can read files from ROM, but how to write back? utility is there but its uncompiled.

I don't think you've made enough threads on this issue. I think you should post 5,6,7 maybe even 8 more and see if someone responds...

what device are u meaning to change?

Thread closed, contact me to talk about the thread.

Help cracking software on Windows CE Device!

I'm not sure if I am in the right place to ask this, but here goes.
I work for a land surveying company and we have been using a software called C&G to collect data out in the field. The software runs on a piece of hardware called a data collector. To be more exact, it is an Allegro CX made by Juniper Systems. The device is loaded with Windows CE .Net 4.20 along with a program called PocketDOS. The C&G program runs inside of PocketDOS. The software is SUPER old and the company is no longer around to support it. We have no desire to purchase a new software package as this one works just fine for what we need and everyone is used to it.
We have at least 8 licenses for this software, but the problem is, it is coded to register based on the serial number of the Allegro data collector. We have had multiple data collectors go bad, so we are looking to purchase more units, but we will be unable to register the C&G software on these units because the serial numbers will be different.
So my question is, can anyone help me modify the C&G program and make it so that it does not check the serial of the data collector? That way, we can purchase new data collectors and load the software (that we have rights to) on the new units. If the company were around to support the software, we would be able to call them and they would generate new registration codes.
I can send links to download the software, along with any DLLs you might need from the data collector.
Any help on this would be greatly appreciated! Thanks for your time!