Certificate annoyance - Windows Mobile Development and Hacking General

I have written a java MIDlet which frequently ( once every 5 seconds ) accesses the file system to read and write files. On the windows mobile device on which I am testing, the unsigned application causes a security request for every file access. This makes the application useless.
My query is, if I purchase a java code signing certificate from verisign, will the option to grant file access be availble in 'per session' scope for all windows mobile JVM's ?

Related

Remote Application Install

Hi Everyone,
I am just starting to explore developing software for mobile devices. I want to be able to develop an application, generate a CAB file, copy them to a selected device and the make the device automatically expand and install the CAB file.
Does anyone know of an easy way of automating the installation of a CAB file on devices - this is basically so that the end user does not have to be involved in the installation of new software.
Thanks
Dan
I'm interested in it too!
Do you mean that you want to remotely update the software installed in the mobile? Do you plan to send the new installation file by GPRS?
You can't push files over GPRS unless you have a VPN or similar tunnel (most people don't.)
While developing I like to run Eiichiro Ito's ftpd for Windows CE (works with any version from 2.0 to 5.0 - http://www.oohito.com/wince/arm_j.htm) and I have a rule in my Makefile which automatically uploads the new binary to the storage card, ready to run.
Of course if you only want your program to check for updates and install them automatically, then it is just a matter of making it check a website and download available updates each time it is run. This requires extra code in your application but it's the only way to do it for released software. Also it will annoy the user by trying to connect to GPRS every time they run the program.
It sounds like to me you want to know how to make a cab file. Is that right?
If so I can offer some code. The part about getting the cab to automatically work is not so easy. Unless you have some process already running that expects the cab, what will execute it?(unless of cource you mean the device is synched)
Give more detail.

CAB file help - "Installation unsuccessful" on HTC

Hello all,
Attached is a simple CAB file that should have set the PIE user-agent stuff to be identifying the thing as IE6. I think there may be others around, I know I've seen it in a larger cab, so don't worry about this specific function. My question is regarding the fact that when I try to run it on my HTC Wizard (running WM5), I get "Installation of PIE_as_IE6.cab was unsuccessful".
I built the CAB off of the "CAB Template.cab" from http://forum.xda-developers.com/viewtopic.php?p=113615#113615 - just in case I'd run into that version issue with WM5.
Any thoughts out there on what's wrong with the CAB? Or is there a different reason it won't install?
Hi, what CSP are you using to change those settings and how are you deploying it to the device? Chances are access to that provider is restricted to a higher security role than what the cab file has permissions to do. RAPI still has access to most service providers by default but if you're downloading the cab over the air to the device it'll probably need to be signed with a suitable certificate before it's allowed to make setting changes. Mobile 5.0 security has been beefed up and its now a bit of a mission to do what was reasonable simple to do on 2003. All cpf files need to be signed if not deployed over RAPI as well, for even something trivial like adding a browser favourite.
editor is OCP Software's WinCe Cab Manager (version: 1.1)
deploy method is copy over USB cable by ActiveSync through Total Commander+WinCe Device access plugin. Execution of CAB is on the device itself through Total Commander CE or Explorer.
No CSP in use (err.. afaik).
You may be right that the part of the registry in question may simply be unavailable to access without special signing. I'll have to dig for those keywords a bit.
Yeah...the more I research Mobile 5.0 security the steeper it gets. It seems security permissions extend all the way to file IO access. Writing certain recognized system files (like theme files) without adequit permissions effectively renders those files as untrusted and they stop behaving in their expected manner. Its a pain.

Certificate Enroller

I have been searching high and low for a GUI based Certificate enroller for
Windows Mobile devices. Essentially I want a GUI driven enroller similar to
the version found in the WM2003 SDK using enroll.exe and enroll.cfg or
something similar. Ideally this GUI based enroller would be standalone and
would not store any credentials after the enrollment process. The WM2003 SDK enroll utility currently requires you to pre-populate the enroll.cfg file
with a user name, password, domain, CA servername and cert template this file has to be transfered to the device then launched with enroll.exe. The file resides with all credentials after the enrollment process. Any
chance we can get this GUI based that would work for all WM devices?

Unlocking Windows Mobile

I was reading and searching, when i saw this:
Some Windows Mobile smartphones have a safety lock that prevents the installation of "non-certified" (eg MIGSoft SmartTweaks) or editing the content of the record. But beware: this block has nothing to do with those that prevent the use of a device outside of a particular operator.
To perform the unlock, just change two registry keys using a registry editor (but read the specific topic on hacks and the care you must have):
1. Go to: hkey_local_machine \ security \ policies \ policies
2. Change the value of key "00001005" to "40" (without quotes);
3. Change the value of key "00001001" to "1" (without quotes);
In my first Motorola MotoQ CDMA Windows Mobile 5.0 could make this change without any major problems. However, after returning from service, which has changed the board and the ROM version of the device, this key Windows Mobile could not be changed. After some research, I found the procedure that allows the release of ROMs where the editing of this registry key can not be changed - by remembering that this is a hack I'm not responsible for any damage that might do to the system. Test at your own risk:
1. Download and install Device Security Manager Powertoy for Windows Mobile 5.0 from Microsoft. http://www.microsoft.com/downloads/...8c-d587-47e0-908b-09fee6ea517a&displaylang=en
This application shows the type of security policy in the existing Windows Mobile device connected to the PC. Warning:
this software crashes on Vista, but you can use it according to the desired result;
2. Connect the Q to the PC, wait for sync and run the program. You will see "two tier" in the "security policy" if the device has the protection of editing the registry;
3. Download the file secpolicies.cab http://sems.org/content/download/secpolicies.cab amending the security policy. This file is from Telus States
United States;
4. Install the file, moving it into the device and using the file manager of Windows Mobile, click it (run it);
5. Run the application again Device Security Manager Powertoy for Windows Mobile that should now show the value "tier one".
It is done.
Original Post from http://www.seidimobile.com.br/2008/06/05/desbloqueio-do-windows-mobile/

[CLOSED] e

Thread closed as OP removed its content.
- Oswald Boelcke
*********************
e
jastahooman said:
In developing...
Click to expand...
Click to collapse
interesting... looking forward to this
Wow! Waiting impatiently. Will that be bare-bones WM 6.5 or with Sense?
Looking forward to it
Nice, can you please send me kitchen, i also have a solution for the expired certificate problem so you can surf the web. You can extract them from Windows 7, 8 , 10 in the right format and then install with the Builtin certificate manager.
If someone can share them from Windows 10 in a supported format, cer does work maybe der, crt sstl but pem cant be read or converted to the other Formats without private Key.
HERE IS THE SHORT TUT AND FULL TUT LINK
Updating List of Trusted Root Certificates in Windows | Windows OS Hub
All Windows versions have a built-in feature for automatically updating root certificates from the Microsoft websites. MSFT, as part of the Microsoft Trusted Root Certificate Program, maintains and publishes a…
woshub.com
AND HOW TO GET ALL FRESH WIN10/WIN11 Certificates
certificates using the Sigcheck tool. This tool allows you to compare the list of certificates installed on the computer with the list of root certificates on the Microsoft website (you can download an offline file with up-to-date certificates authrootstl.cab).
You can manually transfer the root certificate file between Windows computers using the Export/Import options.
You can export any certificate to a .CER file by clicking on it and selecting All Tasks -> Export;
You can import this certificate on another computer using the option All Tasks -> Import.
​Certutil: Download Trusted Root Certificates from Windows Update​Certutil.exe CLI tool can be used to manage certificates (introduced in Windows 10, for Windows 7 is available as a separate update). It can be used to download an up-to-date list of root certificates from Windows Update and save it to an SST file.
To generate an SST file on a computer running Windows 10 or 11 and having direct access to the Internet, open the elevated command prompt and run the command:
certutil.exe -generateSSTFromWU C:\PS\roots.sst
Updated SST file.
CertUtil: -generateSSTFromWU command completed successfully.
Click to expand...
Click to collapse
You can visit archive.org after adding the certs uploaded in this post, from the Fileexplorer.
It ewould be nice if someone could start a certficiates megathreads,Contianing the ones used by Webbrowser other OSes etc to and the standard Windows Moible Root CAs.
Windows Mobile Root Certificates - Connectivity Analyzer
If the Microsoft Remote Connectivity Analyzer is unable to follow the certificate chain to the trusted root, then it displays the following error: "The security certificate on the server is not valid. Support code: 0x80072f0d."
docs.microsoft.com
Namely
Certificate Authority5.05.0 + MSFP6.0Thawte Server CAYesYesYesThawte Premium Server CAYesYesYesGTE CyberTrust RootYesYesYesGTE CyberTrust Global RootYesYesYesSecure Server Certification Authority (RSA)YesYesYesGlobalSign Root CAYesYesYesEntrust.net Secure Server Certification AuthorityYesYesYesEntrust.net Certification Authority (2048)YesYesYesVerisign Class 3 Public Primary Certification AuthorityYesYesYesVerisign Class 2 Public Primary Certification AuthorityYesYesYesEquifax Secure Certificate AuthorityYesYesYesValiCert Class 2 Policy Validation AuthorityNoYesYesAAA Certificate Services (Comodo CA Limited)NoNoYesAddTrust External CA RootNoNoYesBaltimore CyberTrust RootNoNoYesGo Daddy Class 2 Certification AuthorityNoNoYesStarfield Class 2 Certification AuthorityNoNoYes
There is also a new Windows Mobile build reuglary updated
Download Windows Embedded CE 6.0 Cumulative Product Update Rollup Package (through 12/31/2015) from Official Microsoft Download Center
www.microsoft.com
You can find sysbuilders with searching for
Windows Embedded CE 6.0 R3​or under its prerename
Windows Embedded Compact
docs.microsoft.com
There are several variants bu kernel seems to be same.
So maybe this helps.
There is also a new Windows Mobile Build and UPdate from 2016
Download Windows Embedded CE 6.0 Cumulative Product Update Rollup Package (through 12/31/2015) from Official Microsoft Download Center
www.microsoft.com
Windows Embedded Handheld
docs.microsoft.com

Categories

Resources