Lock Password Surviving Hard Reset - Mogul, XV6800 General

When cooking a custom ROM is there anyway to have a lock password survive a hard reset?
I have been searching online for the past 2 hours and have found nothing. I sync with an exchange server so I can reset the device remotely. I would like a password to survive the hard reset so the phone is not usable.
I have found the registry keys to control the password function being on and off and wipe settings however I can not figure out how the password itself is stored and where.
Thanks for the help in advance.

Solution
I think this is the only way to this issue.
http://forum.xda-developers.com/showpost.php?p=1164331

hybris said:
When cooking a custom ROM is there anyway to have a lock password survive a hard reset?
I have been searching online for the past 2 hours and have found nothing. I sync with an exchange server so I can reset the device remotely. I would like a password to survive the hard reset so the phone is not usable.
I have found the registry keys to control the password function being on and off and wipe settings however I can not figure out how the password itself is stored and where.
Thanks for the help in advance.
Click to expand...
Click to collapse
hybris, did you ever find a solution? I'm interested in the same thing.

skamin said:
hybris, did you ever find a solution? I'm interested in the same thing.
Click to expand...
Click to collapse
No, I never did. What I ended up doing was setting default registry values for owner information.
So if my phone was ever lost or stolen when I remote wipe it and restore it to my ROM defaults it will startup with a custom message that has my name and a phone number to contact me to return the phone.
Defiantly not what I wanted to do originally (which was if I remote wipe my phone it restores with a default password).
If you ever do find a way to set a default password via the ROM please let me know.

You could install something like s2u2 and then set the registry setting in a custom rom to have it lock on boot

hybris said:
No, I never did. What I ended up doing was setting default registry values for owner information.
So if my phone was ever lost or stolen when I remote wipe it and restore it to my ROM defaults it will startup with a custom message that has my name and a phone number to contact me to return the phone.
Defiantly not what I wanted to do originally (which was if I remote wipe my phone it restores with a default password).
If you ever do find a way to set a default password via the ROM please let me know.
Click to expand...
Click to collapse
That's strange. What's the big deal - finding out where the password is stored? I mean, with all the knowledge concentrared around this forum, you'd think someone knows his/her way around the WM registry to find that location .

I am guessing that is isn't a plain text value in the registry. I have searched my registry for my lock code and have found nothing.
If the lock code is anything like Windows then it is probably stored in something similar to an encrypted SAM Database.
However, if someone finds my device then I can remote wipe it via the Exchange 2003 mobile admin interface and I report it as lost. Once a CDMA phone is flagged as lost/stolen it is pretty much useless. If the person who finds it is nice they can return it by calling me at the number displayed, otherwise it is a good excuse to buy a new phone.

hybris said:
I am guessing that is isn't a plain text value in the registry. I have searched my registry for my lock code and have found nothing.
If the lock code is anything like Windows then it is probably stored in something similar to an encrypted SAM Database.
However, if someone finds my device then I can remote wipe it via the Exchange 2003 mobile admin interface and I report it as lost. Once a CDMA phone is flagged as lost/stolen it is pretty much useless. If the person who finds it is nice they can return it by calling me at the number displayed, otherwise it is a good excuse to buy a new phone.
Click to expand...
Click to collapse
Well, that'll work as long as you find out that you've lost your device AND managed to send the wipe command before someone got a chance to hard-reset it...
Anyhow, my purpose is a little different than yours, and not as grave. I simply want to automate the lock code setup after new ROM installation, as my company's IT requires one to connect to the exchange server.
I'd like to be able to set-up the code automatically using SASHIMI, then set-up my Exchange email account (automatically of course, using Makisu), connect to the Exchange server once, then remove the lock code (after disabling the mandatory requirement for one, which naturally I already know how to do).

Related

I Need Heeeeellllpppppp !!!

i have my cingular 8125 for about 4 months now, one day i set a password... i guess the password was SO safe that now i cant even access my phone anymore.... what can i do ? i need my phone please somebody help ME !!!
is there anything i can do !!?? is there like a special password that works in every phone PLEASE HELP!!!
First try this: Meckaleckahi Makahineyho.
You didn't exactly say it , but I am assuming that you have forgotten your password.
I'm not an expert in PPC security but I think you will need to do a hard reset , unless you can find a program that can access the ppc from a computer without needing your pw and adds a program to your startup menu that removes the option for password protection. I doubt that such software exists, but hey, you never know. Search around on yahoo about ppc passwords and security. I beleive Microsoft even once provided a program for unlocking passwords on Windows 98 computers.
Nicnatros said:
You didn't exactly say it , but I am assuming that you have forgotten your password.
I'm not an expert in PPC security but I think you will need to do a hard reset , unless you can find a program that can access the ppc from a computer without needing your pw and adds a program to your startup menu that removes the option for password protection. I doubt that such software exists, but hey, you never know. Search around on yahoo about ppc passwords and security. I beleive Microsoft even once provided a program for unlocking passwords on Windows 98 computers.
Click to expand...
Click to collapse
The fix around Windows 9x passwords were even simplier than that, you could simply delete them...... but unfortunately Windows Mobile has moved on since then.
Unless you have security software built into the ROM like the anti-theft software available, a hard reset will clear the password.
I, like most, won't explaining ways around passwords on a forumn like this, as you may not have stolen the device... but there may be other people out there looking for ways into theirs that haven't come across them innocently...
In future I suggest you do often syncs with a PC to back up contacts/calender etc, and save your important data to memory card, that way if you do need to reset you won't lose much.
jmdrizen said:
The fix around Windows 9x passwords were even simplier than that, you could simply delete them...... but unfortunately Windows Mobile has moved on since then.
Unless you have security software built into the ROM like the anti-theft software available, a hard reset will clear the password.
I, like most, won't explaining ways around passwords on a forumn like this, as you may not have stolen the device... but there may be other people out there looking for ways into theirs that haven't come across them innocently...
In future I suggest you do often syncs with a PC to back up contacts/calender etc, and save your important data to memory card, that way if you do need to reset you won't lose much.
Click to expand...
Click to collapse
ok and how do i do a master reset on my phone... because it doesnt want to acces anything ... it goes straight to the password screen ..... excuse my english i'm spanish !!
i dont really care about losing my contacts/messages etc... i just want to be able of use my phone again how do i do a Hard Reset ? remember my phone goes straight to the password screen
just press the voice button and the comm button at the same time while doing a "soft" reset.
keep both buttons pushed till you get the question if you want to reset the whole thing. you must confirm this by pussing the dial button.
succes
THNAKS IT DID WORK !!! i love you guys !!!

Exchange server pushing security via Wireless Sync

I posted this in another forum, but thought I'd give it a try here.
I'm using Verizon's Wireless Sync for my work email and contacts. The bad part is, by using that it's enabled the Lock feature after a timeout/standby/power cycle. I know the registry keys that disable the PIN requirement, but whenever I sync, it resets them.
I tried the Zenyee StayUnlock program, but it's not working for me. Nothing I can find has been able to keep those entries from being reset
Any ideas?
Bump for some help
Oh, and the registry settings reset when I soft reset also...
I have the same problem except when I change the reg keys it disables the lock until the next day. I don't think there is a way around it. I have done some searching but not a lot and it doesn't seem like there is any other way.
juwalk said:
I have the same problem except when I change the reg keys it disables the lock until the next day. I don't think there is a way around it. I have done some searching but not a lot and it doesn't seem like there is any other way.
Click to expand...
Click to collapse
I can get it to stay..... as long as I don't sync or reset (soft or power cycle).
I had found some people were able to use the StayUnlock program to help keep those entries from reverting back, but I couldn't get it to function.
It is QUITE annoying...
Hi used this StayUnlock program and it worked really well for me never have to enter a password to unlock.
Also, you don't have to use Wireless Sync if your server is Exchange, then you can configure ActiveSync to sync over the air, and this StayUnlock works really well. it just gives me a reminder when my server push the security policy, but it reverse it.
Unzip this, create a shortcut to it and dump it into the \Windows\Startup folder.
Hope this helps.
vboyz103 said:
Hi used this StayUnlock program and it worked really well for me never have to enter a password to unlock.
Also, you don't have to use Wireless Sync if your server is Exchange, then you can configure ActiveSync to sync over the air, and this StayUnlock works really well. it just gives me a reminder when my server push the security policy, but it reverse it.
Unzip this, create a shortcut to it and dump it into the \Windows\Startup folder.
Hope this helps.
Click to expand...
Click to collapse
Use ActiveSync OTA? Never heard of this...
I tried the StayUnlock. It didn't work for me. The reg settings would reset as soon as I ran Wireless Sync or reset the phone.
I installed the program, made a link to it from the Startup folder, but still no go. Do you change the settings BEFORE installing, or AFTER.
Ok, I got it to sync to the webmail server for my Outlook. But it's not a push service.
That's what I like about Wireless Sync. It's a push.

How do you keep your device secure?

Hi All,
I'm fairly new to the Winmo scene having spent a lot of time using Palm. Back then I had little fear of my personal data falling into the wrong hands as I used many software solutions, most notably PDA Defense which not only locked and encrypted the Palm but also wiped it if fell into the wrong hands.
It's important for me that a thief can't access my data (calendar, emails, files on storage card etc.) - and a second goal would be to get the device back / know WHO took it. Even if this isn't the case for some of you; the majority of you may have spent shed-loads to get hold of this device (which I love by the way) and surely that alone makes it worth protecting your investment.
So, what I would like to know is what kind of security-strategy are you professional WM6 users following?
What do you do to maintain physical security (eg Ultimate Theft Alert) and what do you do for information security?
Lets ignore antivirus software for this thread - but I'd be grateful for not just what you use but also information about stability, performance and necessary changes in your workflow (like for backups, file recovery) etc.
Thanks in advance.
Mav.
WIMP - Where is my phone
By sending a text message with a password the program picks it up and sends you its coordinates using the GPS. Also sends you the number of the new sim card if it is changed.
Then you can use Google Maps to find it. It conceals itself really good and it'll take a hard reset to uninstall it and i doubt that lots of thieves out there can do it.
Sounds good I'll take a look at that. Thanks.
However, I assume that's not the only security measure you take is ir?
How do you protect your data (emails, files etc)?
wow some of these suggestions sound better than what I have been doing - locking it in the gun cabinet.
I use WIMP in case the phone is lost/stolen.
For file encryption I use Spb Pocket Plus, which has a file encryption option - tap and hold gives the option to encrypt a file with password and erase the original. Tap and hold the encrypted file gives the option to decrypt. It doesn't encrypt Contacts or Calendar, only individual files.
I got Sprite Terminator for $10 extra when I got the latest Sprite Backup for my HD, it's not bad it does the GPS thing over SMS and you can remotely lock the phone etc.
Well, remotely locking the phone is fine, but it works only as long as the thief doesn't remove the SIM card (or simply turn off the radio). What I would really appreciate is a PIN request for opening certain files and/or applications (like work mail account).
Philio25 said:
I got Sprite Terminator for $10 extra when I got the latest Sprite Backup for my HD, it's not bad it does the GPS thing over SMS and you can remotely lock the phone etc.
Click to expand...
Click to collapse
I really liked Sprite Terminator after using a few of them. The only problem I had with all of them was their ability to get the GPS signal. I'm therefore looking for not so much being able to locate where they are, but just the ability to wipe data, lock phone, get the details of the new sim card, and the telephone number of the thief's friends.
microsoft exchange - remote system wipe.
I pay for Sherweb hosted exchange, but if you dont want to pay or have no need for it, just sign up for free hosted exchange at mail2web, set up on your phone but disable what you dont need (eg email/calendar/contacts sync) and you should still be able to initiate remote system wipe whenever you want
Built-in options
WM 6 itself has two built-in features that can be used to address this - pass code request and encryption (SD). If your phone is lost unless the thief knows the PIN, he cannot access the phone. Even if he resets the phone (lost of internal data), he cannot access the content of the SD as it was encrypted. However, encrypting the whole SD may imply overhead to the system, affecting W/R performance.
Same question here.
I'm currently expirimenting with this app. http://www.mycnknow.com/Safelocken.htm
Very promising I must say.
Has anyone tried Pocket Secure or Sprite Terminator?
In my research I found another one.
MotionApps mSafe. Anyone tried it?
Mavrick said:
Has anyone tried Pocket Secure or Sprite Terminator?
Click to expand...
Click to collapse
I'm using sprite terminator with no issues. Installed with no problems and easy to set up. One slight drawback though is that there is no option to set the gps timeout. Even though the HD GPS is quite sensitive, it can take a while to get a sat lock indoors - especially if the phone is in another location /town since the last sat lock. Sprite terminator times out the gps after 1 - 2 mins.
Looking at sprites forum, this has been reported, and apparently they are looking at adding this option.
You might also wanna look at GuardMobile from Germany, similar to Sprite Terminator. Maybe you can let us know your evaluation of the two, I only use GuardMobile.
http://dontknowme.at/http://www.maspware.de/products/guardmobile/?langct=EN
You might also wanna look at GuardMobile from Germany, similar to Sprite Terminator. Maybe you can let us know your evaluation of the two, I only use GuardMobile.
http://dontknowme.at/http://www.maspware.de/products/guardmobile/?langct=EN
Insaneboy said:
WIMP - Where is my phone
By sending a text message with a password the program picks it up and sends you its coordinates using the GPS. Also sends you the number of the new sim card if it is changed.
Then you can use Google Maps to find it. It conceals itself really good and it'll take a hard reset to uninstall it and i doubt that lots of thieves out there can do it.
Click to expand...
Click to collapse
WIMP is not properly hidden on the phone. It still appears in the "remove programs" list so a thief can easily check if it is installed or not on the phone. Also it has no manual and there are some menu items that I dont get. I have written to the author but am now the wiser.
WIMP and others
I've been trying the different programs and during testing none of them are working. WIMP doesn't sent messages back when it receives the command. Is that because the GPS port settings? Com Port and Baud Rate? what are the default settings for a blackstone? I tried MASPware but again there didn't seem any way to veryify the program was working before I buy it. Same goes with UTA mobile. I just want a reliable program that if i misplace the device, i send a sms and it sends me back a location. suggestions?

HD2 Losing Passwords & Account Details

I have a problem with my HD2 forgeting passwords and account details for a number of apps and system settings. Now I know the Facebook login has been mentioned on another thread (although not sorted), but my HD2 is also fogetting the following after every soft reset or flat battery etc: -
Data Connection. It needs to be set as if it is the first time I have used the phone
Email. It forgets the passwords for the accounts, the download schedule/settings, and the signatures etc
Wi-Fi. Forgets all keys
Other Apps. Forgets passwords, and Facebook will never remember the details even though I check the remember my details box.
If this has been covered and I have missed it my apologies, but I can't find a thread, and if there has been I would be greatful for a link to it.
This problem is really causing me a headache at the moment. This (as always) seems to happen just at a crucial moment at work when I am in the middle of something and I have to soft reset; that would be enough of a pain usually, but now I have to reset the data, add the settings to my email accounts, re-enter wi-fi key, change my signature.....
I have been thinking that a hard reset might fix this, but thought I would ask on here first because I am not looking forward to the prospect of re-instiing my Tom Tom and everything else.
Thanks.
I've started getting the Facebook app problem in the last day or so, why won't it remember me?!?!
Losing email and data settings
Searched but can't find a solution to this problem, It's just started to happen to me on a 6 month old phone. Can't see anything I've altered in the last few days. Did OP find a solution?
The problem stopped and has not happened since. I did not find a solution, it just seemed to sort itself out.
OK. Thanks for the reply, will see if mine resolves itself
any idea of a fix for this problem?
Swype keyboard when installed sometimes has a tendency to wipe the passwords.
i found disabling sense and installing spb mobile shell fixed this issue for me. prior to that it was brutal. hard reset after hard reset.
jason
didn't get this problem in a while already.
I have this funny theory that MAY be true or not: if you need to softreset, before doing that make sure that all the applications that use those data are closed.
i.e., before softreset close with a task manager pocket outlook mail, and wireless properties if they're open
ephestione said:
didn't get this problem in a while already.
I have this funny theory that MAY be true or not: if you need to softreset, before doing that make sure that all the applications that use those data are closed.
i.e., before softreset close with a task manager pocket outlook mail, and wireless properties if they're open
Click to expand...
Click to collapse
indeed, it is not a theory. the key-db is shared between apps (at least the one for wifi+activesync keys), and a softreset may corrupt it.
ephestione said:
didn't get this problem in a while already.
I have this funny theory that MAY be true or not: if you need to softreset, before doing that make sure that all the applications that use those data are closed.
i.e., before softreset close with a task manager pocket outlook mail, and wireless properties if they're open
Click to expand...
Click to collapse
I agree. My HD2 has had this problem (again!!!) for the last couple of days now, and it seemed to start when the phone locked out and I had to remove the battery to reset.
And this time I decided to stop attempting to fix it and just bite the bullet and do a hard reset with the stock rom, which did nothing. Yesterday I changed rom to Energyrom and it still hasn't fixed it. Surely a hard reset/rom change should fix this issue?
Anyway taking the positives, forcing me to hard reset made me try a custom rom for the first time
Has anyone put in a complaint to HTC regarding this? I can put up with most niggles using WM/HTC, but losing exchange details and email account passwords all day is beyond a joke for business users.

HD2 Exchange Lock problem - Not the same issue mentioned in the forums

All,
I've a problem with the exchange server settings. It looks like my admins had pushed the new exchange policy this afternoon. All of a sudden my phone is asking for a password. I had installed the "Stay Unlock.cab" which worked perfectly so far. Now, I'm getting the password prompt when i unlock the device.
But the actual problem is, when I enter the password it takes me to the password screen and asking me to enter a new password. When I enter a new password it fails saying "An Error occurred saving password settings."
Now, I cannot access my phone. I have so many applications installed and I haven't backed up some of my settings & data. So I am hesitant to do a hard-reset and wipe out 3 weeks worth of my work/customization.
Help please!!
Thanks
Nash (TmoUS HD2 - Stock ROM)
I end up hard resetting.
after, 10 times of invalid password entry in the lock screen, it automatically wiped all my data.
anyway I installed hspl2 and installed energy rom, which is much better and beautiful than the stock rom. I am re installing all my applications now...
Thanks
Hello All,
Now I have a weird problem. I could install all the apps and run it properly, but the moment when I sync my outlook with the corporate exchange account, everything stops working. It looks like the Exchange setup is blocking unsigned apps & I could not install any cab files anymore or start an already installed program like CHT Editor. If I remove the email account, everything works fine again. Has anyone come across this problem?
I'm not sure what was changed in the Exchange server. Can someone please help?
Thanks in advance.
Right now, I have Kumar's ROM & I tried Energy ROM too and it looks like I cannot get around this issue. If I remove the Exchange account everything goes back to normal. I also have "Exchange Stay Unlock.cab" installed which doesn't seem to work anymore. Is there anyone else having the same issue?
Is it possible that the exchange admins put a policy to your telephone that its not possible to install software. ,Maybe that is the problem. Then when you delete email, also delete this policy and then its possible to install progs
It looks like it, before & after deleting the exchange sync it asks me to restart. after deleting the problem goes away. Is there anyway to change exchange's behaviour/policy?
The main problem is not just the installation, even the installed apps don't open anymore. Like the "Arkswtich" task manager which I use all the time or any unsigned apps I think. Opera works fine.
could you tell me, what/how I should ask my admins?
Hello All,
It looks like the policies are being updated and I cannot run or install the any unsigned app. I tried to install the cabs to "Remove app lock, unsigned app, etc..", but I can't seem to install these cabs too. Now, I can't even open the registry and update the policies key manually as I can't open a regsitry editor app.
I tried the registry editor from PC (CeRegEdit) and it won't let me update from that too. I totally stuck with this problem now.
Is there way to sign an app (cab file) or make it trusted?
Thanks
I'll continue to update this thread as no one else seem to have this problem.
I used "msigner.cab" to sign couple of cab files and tried to install and it still failed saying "untrusted...". So, I spoke to my admins, those guys plainly said they don't support windows mobile. Now, I don't have an option.
I wonder, why microsoft would enforce a policy on a wm6.5 devices?
Next step.. I reflashed again, installed all the cabs I needed and setup my device. this time, I'm hoping that I don't have to reboot (I know it's tough ) after syncing up with exchange. I'll sync only the emails (in Exchange) and others through the pc (contacts, tasks, calendar).
Finally, I installed all the reg editors before connecting to exchange. Then I synced only the emails with the exchange server and before rebooting the phone, I used the reg editor to change the key (HKLM\Security\Policies\Policy) values as mentioned in other forums (sdkcerts) to 0. Now it looks like its permanent and not changing even after the reboot!
Thanks
gnash.s said:
Finally, I installed all the reg editors before connecting to exchange. Then I synced only the emails with the exchange server and before rebooting the phone, I used the reg editor to change the key (HKLM\Security\Policies\Policy) values as mentioned in other forums (sdkcerts) to 0. Now it looks like its permanent and not changing even after the reboot!
Thanks
Click to expand...
Click to collapse
What Values do we change??? Policies and Policy are two different folders
aash05 said:
What Values do we change??? Policies and Policy are two different folders
Click to expand...
Click to collapse
Yes I too need to know, I am suffering with the same problem
Thanks in advance
Update I think http://blogs.microsoft.co.il/blogs/...curity-policy-for-windows-mobile-devices.aspx can help in resolving, never tried it though
sorry, it is in the "HKLM\Security\Policies\Policies" folder.
I changed the following keys..
00001005 to 1
00001006 to 1
Let me know if it doesn't work, I can export and email you the policies key from the registry.

Resources