Unlike others (see numerous Tomtom threads) I would like to change my DeviceID.
Is there a possibility to alter the coredll.dll (as I know the DeviceID procedure is stored inside this dll) so my DeviceID will be altered?
I searched using this forum and google, and I found a rom for the hermes which keeps changing the deviceid every flash and hard reset, but I couldn't find the cause of this behavior.
Thanks
Krypt said:
Unlike others (see numerous Tomtom threads) I would like to change my DeviceID.
Is there a possibility to alter the coredll.dll (as I know the DeviceID procedure is stored inside this dll) so my DeviceID will be altered?
I searched using this forum and google, and I found a rom for the hermes which keeps changing the deviceid every flash and hard reset, but I couldn't find the cause of this behavior.
Thanks
Click to expand...
Click to collapse
Yes, this is really what I need too. The latest WM6 T-Mobile ROM for Hermes changes the device-id in that way that the TomTom Plus services no longer work... So no traffic anymore.
I'd really like to use this ROM because there are many coocked versions of it.
But without traffic no ROM....
I wan't the other way around. I WANT to change my deviceID.
I used to have the trial traffic and bought a traffic subscription, which is ended right now, but my deviceid is recorded on the tomtom servers, so I cannot reenable the trial.
The reason I want to change my deviceid is the following:
I advised a friend to enter a non-existing email address ([email protected] or somesort) and 'plus' as password. When the trial ends, just enter another email address with 'plus' as password, and use the trial again. He's doing this for 1,5 years right now, and it keeps working.
So I want to try the same thing, but my deviceid is already known to tomtom.
Are you referring to Start -> Settings -> System -> About -> Device ID?
Nope; I'm referring to the DeviceID which the IOCTL_HAL_GET_DEVICEID call returns. A unique ID per device.
Krypt said:
Nope; I'm referring to the DeviceID which the IOCTL_HAL_GET_DEVICEID call returns. A unique ID per device.
Click to expand...
Click to collapse
This is used to get the IMEI no. of the device and not the description. You're right TomTom does have your IMEI no. on its database, along with your IP address which I think cannot be changed. Ask your friend who's been doing this for 5 yrs. how he 's been getting new trials.
8125
2.25.11.1
IOCTL_HAL_GET_DEVICEID should not be connected to the IMEI; IOCTL_HAL_GET_DEVICEID also works on PDA without phone, and those do not have an IMEI (I've also read somewhere the IOCTL_HAL_GET_DEVICEID doesn't have a connection to the IMEI). Also the IP address isn't stored; I'm getting another IP everytime I connect to my provider.
I suggested it to my friend to work in this way. Change the email address every month, only on the device. Do not create an account at Tom, only enter an email address and 'plus' as password. And it works.
almost two years later: is this done by someone yet? Change DeviceID for TomTom to be able to use plus services (traffic) after trial expires?
I have no use for this as of yet, but would be very interested if it's possible...
Has anyone managed to change device ID?I have a HTC S740 but i can`t flash a new wwe ROM because my device it`s from italy and the device ID doesn`t match so i want to change the ID if it`s possible
I am developing a Pocket Outlook add-in, and I have a problem on a Windows Mobile 6 smartphone. It's actually an O2 Xda with Windows Mobile 6 Professional (CE OS 5.2.1238 Build 17745.0.2.3).
The problem is that when I try to access the message body, by calling OpenPropery and supplying PR_CE_MIME_TEXT. This returns S_OK, but the message stream is empty i.e. 0 bytes.
This works correctly in both the Windows Mobile 6 emulators, and the Windows Mobile 5 emulators, and on a Windows Mobile 5 smartphone. I am connecting to an exchange server to access messages.
My question is why might OpenProperty return an empty stream even though the message clearly has a message body? I did try with PR_BODY_W too, but the results are the same.
I noticed when I installed our SSL certificate onto the smartphone there was an extra security message to go through before it installed the certificate. The emulator just installed it after I clicked on it. Maybe the problem is in some way security related?
Jamie
Does the PR_BODY_HTML works?
Sadly no it returns MAPI_E_NOT_FOUND
Jamie
Solved
Actually tene you were nearly right. In the end I have modified my code to firslty call GetProps passing PR_MSG_STATUS. This will indicate either MSGSTATUS_HAS_PR_BODY or MSGSTATUS_HAS_PR_CE_MIME_TEXT. I didn't know about this previously so I hadn't called it.
From there I then try to access either PR_CE_MIME_TEXT or PR_BODY, depending on the message status returned.
Actually to access PR_BODY I have to firstly use PR_BODY_A and if that fails try PR_BODY_W because there doesn't seem to be a way to determine which is present. My DLL is a Unicode DLL, and PR_BODY on its own didn't work (because this maps to PR_BODY_W which doesn't exist), I explicitly had to use PR_BODY_A and then convert it using MultiByteToWideChar.
Silly me for thinking I should expect consistant behaviour.
My Hero ID shows up on my wireless network as UNKNOWN, is there a way to change this? I know there was in WinMo, but I can't find anything in Android.
Thanks.
Do you mean the hostname?
I've not tried it but try setting it in /etc/hostname, and add it to the end of the localhost line in /etc/hosts, might work..
Hi Sam, thanks for the reply. Not sure what you mean by hostname.
I'm referring to how the phone is identified on a wireless network. With my WinMo devices I gave the phone a name in the Device ID section. Then, when I go to my router, I am able to see IP address, Device Name, and MAC address.
I cannot find any settings in the Hero that allow me to specify a device name, so it always shows up as UNKNOWN on the network.
Linux / unix
Deke
a Hosts file is a file that links IP address with Names... Windows have them UNIX and macs... etc...
its a file you will rarely see in windows. but in unix/linux you very well could.. as Android is based on Linux i beleive the sugesstion mentioned is to edit this file on your phone and ad the Local host (the phone itself) in there with the name you want it to have...
In UNIX (which i use) i can totaly see this working but have no idea if this will work on the phone, and you will need it to be 'rooted'
this means have access to the Administrators privlages to edit files...
(in linux root = Administrator)
there are posts on the forums on how to root your phone and it will open up function to you but at the same time will allow you to happly **** up the system files if you dont know what your doing and make your phone into a nice paperweight...
hope this helps
Hi Bobro; very helpful, thanks.
So basically I can't do something as simple as give my phone a useful ID without rooting it? I would regard that as a fundamental requirement, so it seems a bit foolish to omit the functionality from Android.
Hello everyone,
I come to you for some advice about an application I'm developing for Android 1.6 and higher.
Specifically, this application must be able to query a remote MySQL database and display the retrieved data. It need also be able to UPDATE data on this databse and that is where things get complicated ...
For selection queries, I wrote a small PHP script on the remote server that retrieves the desired data in the database and encodes them in JSON. From my Android application, I have no problem to retrieve, process and display them.
Now I wonder about the solution (if there is one ...) to run UPDATE from my application on the remote database. For now, I see only two solutions:
- Develop a webService on the server with an update method. Several problems with that: it seems webServices on Android are not easy (not native, have to go through external libs). Moreover, as it's UPDATE query, I want to make sure nobody else can use this webService.
- Alternatively, write a PHP script that makes the UPDATE and call it via HTTP. Same problem as webService: I want to secure this call to be sure that only I can use this script. These scripts can be integrated into an application already present on my server and which is secured by login / password. So, if it is possible to manage PHP sessions from Android, it's won! but Ican't find anything about it ...
What do you think? Ideas?
Thx!
While I was writing and testing a WP 8 web app, I had it connected via wifi to Fiddler2. When I plugged my Dev Unlocked HTC 8x into my computer, the phone "dialed out" to h ttps://developerservices.windowsphone.com/Services/WindowsPhoneRegistration.svc/01/2010/DeviceStatus?deviceId=deviceid&fulldDeviceId=fulldeviceid The response is an XML packet that tells the phone how many days are left of being DeveloperUnlocked as well as the number of apps that are allowed!
this request/response sequence happens EVERY time I plug my developer unlocked Windows Phone 8 into the USB port of my Dev PC and PIN unlock it.
Keep in mind I installed the root cert that Fiddler generated for my PC a while back, so it can decrypt HTTPS traffic to/from my phone.
If anyone knows what the integer equivalent of "that magic DWORD value" is, I will craft a custom response packet and see if it changes anything.
Please see the attached screenshot for proof!
Edit:
So I did try GoodDayToDie's xaps and it looks like increasing the value from 10 to 2147483647 (I think its the integer equivalent to 0x7FFFFFFF) didn't have any effect that I could see. The InteropCapNoOem xap fails to deploy with error code 0x81030120. This error code normally means you are NOT interop unlocked back in the WP7 days. The OemCapsNoInterop.xap file generates an error telling me to "fix the Capabilities in [the] WMAppMAnifest.xml file.
I wonder if I can sideload more than 10 apps now though?
Maybe we can figure out what app is generating this "call home" and see if there are any other funky things we can stick in the xml tree?
Whoa. I could have sworn they were using cert pinning for that. I'll investigate, though...
EDIT: Couldn't get that connection request even showing up on my work computer. Will try from home.
Here is the service operations page:
https://developerservices.windowsphone.com/Services/WindowsPhoneRegistration.svc/help and (according to API) DeviceStatus call don't have fullDeviceId={FULLDEVICEID} parameter.
BTW, compu829, what is the fullDeviceId parameter, how it looks like?
Wait... You could change the value on the phone? That's a huge improvement. I'm stuck with only 3 apps (stupid dreamspark) and desperately need more!
This is a great find! I, unfortunately have never seen this happen though. Do you happen to know if you had the WP Device Registration program or the Application Deployment program running at the time?
EDIT: I've been debugging multiple apps with Fiddler up and proxy on my phone and I haven't noticed this. I see it now. I feel stupid lol Time to play around
EDIT 2: Microsoft does NOT like when you have fiddler intercepting on Registration. It returns a success result, but the developer registration tool gives an error indicating that it cannot connect to the phone. Grrr and after I went through the work of changing the response value for the number of apps that can be sideloaded. I bet this is a timing thing... I'll see what I can do.
I don't think it's timing. Even if I left the request completely unmodified and just ran it through the proxy to watch the process, the tool said that there was a problem, and the phone did not get unlocked. They're either testing for the presence of a proxy somehow, or there's some side channel that *is* using cert pinning, and is therefore unable to connect through Fiddler.
Also, editing the a:AppsAllowed element doesn't seem to work. The phone doesn't complain or anything, but the registry value doesn't change.
On my phone, I noticed it AFTER I had developer unlocked it. More concrete steps on what I did to reproduce:
1. On test PC, Installed Fiddler.
2. On test PC, exported trusted root certificate that Fiddler installed.
3. Emailed certificate to my phone and installed it.
4. Now enable the proxy on the phone. Things like email, Windows Phone Updates, etc will now work normally!
5. Plug phone in to Visual Studio Development PC, and wait for the PC to detect the device.
6. You will see the phone "dial out".
Without installing the fiddler trusted root certificate, you will see the handshake, but the phone doesn't know what do do with the packet because the certificate generated by fiddler is untrusted.
Using this same technique, you can have some serious fun with Windows Updates
GoodDayToDie said:
Also, editing the a:AppsAllowed element doesn't seem to work. The phone doesn't complain or anything, but the registry value doesn't change.
Click to expand...
Click to collapse
see last post Are you guys installing the trusted root certificate on your phone?
compu829 said:
see last post Are you guys installing the trusted root certificate on your phone?
Click to expand...
Click to collapse
It would be nice if Fiddler's cert was trusted :/. I'm able to see all HTTPS requests, etc but it just hates it when dev unlocking the phone. Which other trust root cert are you speaking about?
more detailed instructions
snickler said:
It would be nice if Fiddler's cert was trusted :/. I'm able to see all HTTPS requests, etc but it just hates it when dev unlocking the phone. Which other trust root cert are you speaking about?
Click to expand...
Click to collapse
this is what I did:
On Development PC:
1. Click Start, click Start Search, type mmc, and then press ENTER.
2. On the File menu, click Add/Remove Snap-in.
3. Under Available snap-ins, click Certificates, click Add, select current user, and then click Finish.
4. click ok to close the add/remove snap-in dialog
5. In the left-hand pane navigate to "Trusted Root Certification Authorities" --> "Certificates"
6. in the right-hand pane, look for the certificates labeled "DO_NOT_TRUST_FiddlerRoot" (I have two for some reason, you may only have 1)
7. Right-click on the certificate and go to "All Tasks" --> "Export".
8. Run through the certificate export wizard, leaving everything as the defaults.
9. Once you have exported your certificates, email them as attachments to your Windows phone.
10. Open the email on your WIndows Phone. Click on the certificate file and wait for it to process. Then when prompted, install it.
11. After that, any https traffic that you intercept/edit will go through as trusted to your Windows phone, provided that the application isn't expecting a specific certificate.
Things this made work:
1. all App communications over https
2. Windows Updates
3. all email accounts.
4. App Store communications (except for actually downloading apps, IIRC).
Things that didn't work:
1. Anything that requires certificate pinning as the certificate is embedded within the app. Therefore it doesn't make a call into the trusted root certificate store. I believe this includes running the actual "Developer Unlock" app.
if you place the following code in the "OnBeforeResponse" section of the CustomRules.js file, you should be able to install more than 3 or 10 apps, provided the program that is "phoning home" isn't using certificate pinning.
Code:
oSession.utilDecodeResponse();
oSession.utilReplaceInResponse("AppsAllowed>10</","AppsAllowed>400</");
... These are steps that have already been taken. You actually did even more steps then necessary. All you have to do is point to your computer's IP address and port that Fiddler is running on within IE Mobile (Make sure Remote IP access in Fiddler is enabled), click on the certificate and it will install on the phone. You'll be able to see the requests from the phone. Everything you listed above is what I've been able to do. Nothing different from what I was saying .
@compu829: Yes, of course I am. If I weren't, it wouldn't be possible to edit that value at all; I wouldn't even see it because the TLS handshake would fail... (FWIW, I work with proxies all the time, usually Burp Suite not Fiddler, but in any case I'm quite familiar with setting up the MitM certs). I do wonder whether there's something changed here (GDR2 change, maybe?) because I could have sworn that intercepting the phone's traffic during unlock didn't work at all before (presumably due to cert pinning). I may be mistaken, though.
In any case, it still doesn't *actually* work. I guess I could try invisible proxying - use ARP spoofing or a custom routing rule on the router to send the data through my PC, and capture/modify it there, without revealing the presence of a proxy - but I don't know if that's the issue or if it's something else entirely.
EDIT: Your steps are way more complex than needed. For example, you can export the root cert from Fiddler by going to Tools menu (in Fiddler) -> Fiddler Options -> HTTPS.
whoops lol. Oh well. I didn't realize it was so easy to export/Import!
Anyways, All I know is that I could pretty much do nothing on my phone when I connected it to the proxy until I emailed myself the root cert. Once I did that, email started flowing, apps started working, and WIndows Updates stopped erroring out.
It is entirely possible that whatever is generating the call is silently rejecting the response packet. I was just shocked when I plugged my phone in to see that packet show up.
I know that Windows Updates lets me modify the requests and responses without complaining, so maybe that is another way in? I assume that must be running elevated lol. Maybe we can get it to launch a background app that is already on the phone.
The way I see it, this will only work temporarily. Next time phone dials home without you running the Fiddler it will reset the AppsAllowed value. Am I right?
@amaric: If you'd actually read the thread, you'd see that it doesn't appear to work at all...
But yes, it would probably reset itself too. We don't have the ability (right now) to edit the registry keys which control that phone-home behavior. However, it might be / have been possible to do that if we had interop-unlock...
on the phone there is the file "PhoneReg.exe", which works with this data, and it check certificate Common Name (must be Microsoft...) and Thumbprint to hardcoded data
Didn't the ChevronWP7 work exactly like this until MS fixed the bug in NoDo?
@snickler, @GoodDayToDie
There is something I can't get out of my head...after the Ativ S devices are interop unlocked, they'd "reset" after a while until we made them stop phoning home...This means that somehow Microsoft is associating the phone's device ID with your interop level...is this something done purely server side, or is there a way to maybe send this info TO Microsoft's servers so they can send the info back to our phones? Just a thought....
That's an interesting research question; we can set the URLs which are used to make those "phone home" checks to a site we control, possibly use HTTP instead of HTTPS, and see if they work. Worst case, cert pinning will cause the connection attempt to fail and we're right where we are now; best case, it's... umm, well it's interesting, but I don't see any likelihood of actually getting *additional* permissions out of this. Still, I've been wrong about things like that before. Somebody want to set up a transparent HTTP -> HTTPS proxy to listen for the request, forward it, record the response and forward it?