Related
Hello everyone,
I'm writing an android application that needs to swap between 2G/3G networks.
I wasn't able to find any suitable function in the SDK documentation.
I tried "digging" into the android code to see how other activities (such as Settings.ACTION_WIRELESS_SETTINGS, the Phone Information technician code [*#*#4636#*#*]) implement it and came across com.android.internal.telephony.Phone which is in charge of the switching.
I guess the device has to be rooted to perform this (and of course, my application needs root privileges), however, I can't change the android code on the device.
So, my question is: How do I access com.android.internal.telephony.Phone from my application without changing the android code?
Many thanks,
Omri.
Anyone has an idea?
Thank you
CDMA or GSM?
And a lot of the telephony is private.
Sent from my iPhone with the bigger GeeBees.
I have good news: I got it working and I wanted to share on how.
I had a few problems on the way, but I faced them all.
First of all, being able to access com.android.internal.* from the SDK (with ADT) wasn't that comfortable before I ran into this guide, which lets you include all the hidden & internal APIs in your android.jar library and override the access rules limiting you not to access them in ADT.
After that was done, I thought I'm done, but I was wrong.
To switch from 2G to 3G you need to invoke setPreferredNetworkType() method on the Phone object (com.android.internal.telephony).
To get the Phone object, you'll need to invoke the getDefaultPhone() method on PhoneFactory (com.android.internal.telephony).
But, of course, nothing will be simple, this method only runs when your manifest inclues android:sharedUserId="android.uid.system" (aka, your process runs as system user).
Your process won't be able to run with the android.uid.system UID without your package being signed with the platform certificate.
To sign your package with the platform certificate, you need signapk.jar, platform certificate (platform.x509.pem) and platform key (platform.pk8).
Because I'm using CyanogenMod I was able to put my hands on the platform cert&key pair without recompiling android. (available here)
Once you have these, the rest is pretty simple:
Sign your APK with signapk.jar:
Code:
java -jar signapk.jar platform.x509.pem platform.pk8 Application.apk Application-signed.apk
Because this is a system package, you won't be able to install it with "adb install Application.apk", we'll have to use a different method.
Upload your APK to the /system/app folder (don't forget to mount /system for read-write before you do that):
Code:
adb push Application-signed.apk /system/app/Application.apk
The next thing to do is launch your activity:
Code:
adb shell am start -a android.intent.action.MAIN -n com.your.package/.YourActivity
That's it!
You got it working!
Good luck to whoever runs into this post
Cheers,
Omri.
Evening all-
Post #1 of many I suspect. I have been tinkering around with my KF trying to make it a bit more tailored to my needs. I have been reading up on rooting, gathered my tools and have done this much:
1) Installed Android SDK + installed some of the tools noted in the 'how-to"
2) Without thinking I installed rootexplorer (2.15) when I meant to install ES File Explorer
...too a break for the night. It was getting late and my charge was less than 50% so I called it a night.
3) Today I go to use Wifi Transport and I get the message:
The folder 'ftp://..../documents' os read-only because the proxy server is not set up to allow full access.
To move, paste, or delete files... you must use a different proxy.
So, the question is, related to something I have done installing the SDK or running adb.exe or root explorer?
I haven't changed anything on my wifi so I am not sure what this message is really telling me. I don't run through a proxy.
Any suggestions to correcting the read/write access?
Thanks -
Benjamin.
So after reading about all the App Store hacks that have developed around Fiddler2, I decided to give it a go myself. After setting up the proxy, I noticed that most SSL-based transactions were failing to connect on my device (Windows Updates, Email, etc).
I exported the SSL cert that fiddler 2 installed on my development PC, emailed it to myself, and installed it on my Windows Phone device. LO and Behold, Most of my SSL issues went away! (App store still woudn't auth). More Interestingly, Windows Updates started checking for updates successfully. These transactions are done with SOAP calls.
The basic process is as follows:
1. Phone initiates a connection to the windows update server
2. a series of cab files are downloaded containing certificate and base URL info of the update server
3. the phone connects to the update server with a list of all updates it has installed as well as a unique device identifier.
4. the server responds with a list of updates that it wants the phone to evaluate.
5. If the phone decides it needs the update, it sends a request to the server for instructions to deter
6. the server responds with a specially crafted packet that contains a link to where the microsoft cab can be downloaded from as well as a checksum of the cab file and evaluation instructions to determine if the update is needed. (checking registry keys, etc the SOAP commands contain things like RegRead32)
7. the phone then downloads and installs the update, if needed.
Fiddling around with fiddler, I was able to remove the "filter" GUID from the phones request to the server. As a result, it evaluated and installed any update it could get its hands on. The Hardware Test app still shows that my last update was 5/1/2013, but the number of updated packages included in that update jumped from 83 to 200!
I have some more experiments I would like to try (such as trying to blindly write a reg key instead of just reading it...anyone know of a good one?). I am also wondering if I can somehow package a Microsoft cab file, and tell the update mechanism to download and install it. Depending on how it evaluates the cabs, I might be able to get away with signing the cab with the private key from the Fiddler certificate I installed.
Just thought I'd pass along
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Not that i seriously looked into that, but you may probably consider these entries as interesting
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=DWORD:A
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppLicenseCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppSignatureCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppProvisioning"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\.NETCompactFramework\Managed Debugger]
"Enabled"=dword:0
"AttachEnabled"=dword:1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\Debugger]
"WaitForAttach"=dword:1
Some of those might get obsolete already, though.
Though, the most interesting thing one can do with registry is enabling KD.
For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now.
Click to expand...
Click to collapse
Yeah
I've never really looked at the fact: which certificate is used by actual cabs? look at *.cat file
GoodDayToDie said:
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Click to expand...
Click to collapse
Will do! Here is where it gets interesting...The attached screenshots are of a SOAP request from my phone to the update server (I disabled filtering, so the GUID isn't present) and then it's response for "missing" updates to evaluate.
the section labeled "xml" contains the instructions on how to evaluate if the update is needed.
here is a cleaned up, friendly dump of what is in the "XML" section it needs to parse to determine if an update is applicable:
Code:
<UpdateIdentity UpdateID="f092f820-8161-410b-ab11-c7a6d36b7837" RevisionNumber="101" />
<Properties UpdateType="Software" />
<Relationships>
<Prerequisites>
<UpdateIdentity UpdateID="eb644fbf-5e6e-4719-b97c-485ffb9e867f" />
<AtLeastOne>
<UpdateIdentity UpdateID="450b8808-d056-4c18-a383-2db11e463eb0" />
</AtLeastOne>
</Prerequisites>
</Relationships>
<ApplicabilityRules>
<IsInstalled>
<CspQuery LocUri="./DevDetail/SwV" Comparison="GreaterThanOrEqualTo" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
</IsInstalled>
<IsSuperseded />
<IsInstallable>
<And xmlns="http://schemas.microsoft.com/msus/2002/12/LogicalApplicabilityRules">
<CspQuery LocUri="./DevDetail/SwV" Comparison="LessThan" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
<b.RegSz Key="HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Windows\CurrentVersion\DeviceUpdate\Agent\Protocol" Value="TestTarget" Comparison="EqualTo" Data="72c5dc6d-00a9-412f-9d13-f4f483f2ed7f" xmlns="http://schemas.microsoft.com/msus/2002/12/BaseApplicabilityRules" />
</And>
</IsInstallable>
</ApplicabilityRules>
an interesting URL with info from someone else that was looking into this for Win7...
http://withinwindows.com/2011/03/06/notes-on-windows-phone-7-update-process-thus-far/
I wonder if we can figure out what "updates" are actually required if we can trick the server into giving us more OOB updates/othercarrier updates/updates we aren't "supposed" to have..
Found some info on the "Evaluate" action:
Action: The action that clients in the specified target group will perform on this revision: Install, Uninstall, PreDeploymentCheck (which means that clients will not offer the update, just report back on the status), Block (which means that the update will not be deployed, and is used to override another deployment), Evaluate (which means that clients will not offer the update and will not report back on the status), or Bundle (which means that clients will not offer the update for install; it is only deployed because it is bundled by some other explicitly deployed update).
Click to expand...
Click to collapse
source:
http://msdn.microsoft.com/en-us/library/cc251980.aspx
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
If either that DLL or any of those certificates are not signed (highly unlikely, but worth checking), or if the DLL doesn't enforce the signature check (extremely unlikely), or if any of the certs include the private key or use a weak hash algorithm or a short key... maybe. I checked the certs, though; they at least are clean. Nothing useful that I saw.
Reverse engineering the DLL may be useful, but it's probably native code and therefore a pain to decompile.
aclegg2011 said:
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
Click to expand...
Click to collapse
Those are the first steps in the update process. Basically, it gets the certs that it will use for validation and server communication. then the CAB file contains the info on what servers are used for Windows Update communications. It then logs that a request has been made to the tracking server. After that, it gets a list of updates from the v6 address. If there are no updates, Once the update process is complete, it logs the result to the tracking server.
Do you guys think I could use this to fix the problems I seem to have when trying to stream or download music from Xbox Music? I get a lot of errors, or this song can't be played on your device and some times the app crashes. I have had this problem since I switch from my Windows Phone 7 device to my Nokia Lumia 920, and I am on my 4th 920. I think for some reason the Music store is getting botched certificates or something.
Kind of on the same subject. anyways i extracted around 140 Certificated from a HTC 8x Ruu. then installed them to my pc. Which is windows 7. The cool part was i was able to install windows phone sdk 8 and 8.1 with emulators and visual studio 2013. which i though all of these were not possible to run on windows 7. all because of certificates from a rom.
Hi guys,
I tried to implement good old method to block unwanted ads by adding advertising sites to the HOSTS file, on the Sammy ATIV Odyssey (full FS unlock) and it works perfectly But I'm still unsure ('cause I'm developer and do have some ad-based apps in store) - should I post this info? BTW, we do have mods, lets give 'em the rights to decide, delete this thread or not...
So, this method is pretty simple (he-he, same as my very-very first WP7 hack):
1) You muist have an interop-unlocked handset with full FS access
1) Download the latest "blocking" hosts file, for example, from here
2) Rename your download from hosts.txt to HOSTS
3) Connect your handset to PC, navigate to \Windows\system32\drivers\etc folder
4) Paste downloaded HOSTS file, choose "replace" in the copiyng dialog.
5) That's all folks!
You don't need to reboot (like on Android phone with AdAway app) - now your handset is ads-free...
If you wanna revert back, just delete \Windows\system32\drivers\etc\HOSTS file.
Nice! I will try it! ?
Sent from my Ativ S with Tapatalk 2
@sensboston:
Am I right in assuming that there's no way to interop-unlock a WP8.1 phone like the Lumia 930? At least I couldn't find one...
After some years I did the 2nd attempt to adopt to WP. The first one lasted for a day or so. Now, after some days of using the Lumia 930, I really really love it. Not only the device, but also WP8.1. But the fact that there is no way to block ads in browsers is really really annoying. I have no problems with ads in apps, because if I like an app, I purchase it anyway. But I can't "buy away" ads in browsers, and lots of sites get more or less unusable in mobile view and without ads being blocked.
Unfortunately there's not even an alternative browser for WP that would have the capability to block ads...
Worked on Lumia
I did this on my Lumia 1520 without Interop unlock
Works fine, thanks
I did this AGES ago on my 8X. Didn't think it was post-worth lol.
djamol said:
I did this on my Lumia 1520 without Interop unlock
Click to expand...
Click to collapse
How exactly did you do that? My assumption was that you need interop-unlock in order to access the file system, including the hosts file. If you are not interop-unlocked, I would assume you have some other kind of unlock. Developer-unlock?
compu829 said:
I did this AGES ago on my 8X. Didn't think it was post-worth lol.
Click to expand...
Click to collapse
You know, right after my first "hack" for WP7 (also it was my first post here ), a lot of websites and forums are announced this hack without reference to me or xda. But (he-he ) , just AFTER my post...
This hack (from the user experience) is one of the most useful hacks for WP. But as a developer with ads-based apps, I was in a quandary - should I post it here or not...
BigBlue007 said:
How exactly did you do that? My assumption was that you need interop-unlock in order to access the file system, including the hosts file. If you are not interop-unlocked, I would assume you have some other kind of unlock. Developer-unlock?
Click to expand...
Click to collapse
No Interop Unlock, nor developer unlock, I used my own "Root Tool" app from windows store. Which is capable of all second party capabilities.
My pleasure.
djamol said:
No Interop Unlock, nor developer unlock, I used my own "Root Tool" app from windows store. Which is capable of all second party capabilities.
My pleasure.
Click to expand...
Click to collapse
Is there a way you can walk me through the process to use your app
Oh, I've got your "Root Tool" - still no luck for handsets without SD-card
P.S. He-he, I believe, I'll get WP10 Lumia-940 before someone will release hack for the Lumias without sd-card...
@djamol: I'm curious, how'd you manage to replace the HOSTS file on a non-Samsung phone? Root Tool doesn't allow moving files out of Windows directory, or copying or moving files in, unless you're using the Samsung CRPComponent.
Similarly, while you can get read access to the Windows directory via MTP when using Root Tool, you can't get full FS access; most of the file system (like the Windows dir) will be read-only or even totally unavailable.
I edited the HOSTS file on my Samsung - in fact, I wrote an app to do it, because I had to do it for work sometimes - but that was using CRPComponent or Full FS Access via MTP, neither of which are currently possible on a Lumia using any public hack I know of...
GoodDayToDie said:
@djamol: I'm curious, how'd you manage to replace the HOSTS file on a non-Samsung phone? Root Tool doesn't allow moving files out of Windows directory, or copying or moving files in, unless you're using the Samsung CRPComponent.
Similarly, while you can get read access to the Windows directory via MTP when using Root Tool, you can't get full FS access; most of the file system (like the Windows dir) will be read-only or even totally unavailable.
I edited the HOSTS file on my Samsung - in fact, I wrote an app to do it, because I had to do it for work sometimes - but that was using CRPComponent or Full FS Access via MTP, neither of which are currently possible on a Lumia using any public hack I know of...
Click to expand...
Click to collapse
He used this http://www.windowsphone.com/en-in/store/app/root-tool/f4acc009-ea1e-4063-9bab-fec50195aa1e
GoodDayToDie said:
@djamol: I'm curious, how'd you manage to replace the HOSTS file on a non-Samsung phone? Root Tool doesn't allow moving files out of Windows directory, or copying or moving files in, unless you're using the Samsung CRPComponent.
Similarly, while you can get read access to the Windows directory via MTP when using Root Tool, you can't get full FS access; most of the file system (like the Windows dir) will be read-only or even totally unavailable.
I edited the HOSTS file on my Samsung - in fact, I wrote an app to do it, because I had to do it for work sometimes - but that was using CRPComponent or Full FS Access via MTP, neither of which are currently possible on a Lumia using any public hack I know of...
Click to expand...
Click to collapse
So what i told you before a many times. I've mentioned you a lots of time in my posts.
http://forum.xda-developers.com/showthread.php?t=3014867
http://forum.xda-developers.com/showpost.php?p=58925177&postcount=7
On Lumia device there is a lots of some pretty well arbitrary resources that can allow us to access the "SYSTEM" resources.
I think we had a big miss-understanding about the RPCComponent. because of RPCComponent uses "DeviceIOControl" for registry access and not the RPC functionality. (forgive me if i wrong in my knowledge. I'm a student and new to WP/.Net Platform)
On Lumia Device there is .winmd component known as "Nokia.SilentInstaller.Runtime.winmd" uses "DeviceIOControl" API.
For the "FileSystem" API it works fine without any restrictions which is implemented in "Nokia.SilentInstaller.Runtime.winmd"
But registry access could not getting a well token privileges. we need to find some unlocking trick for registry access (like NonProductionErrors.txt) for that .winmd component to handle the "CreateFileW" function for "DeviceIOControl" API.
About the "Root Tool" App.
There is no update for "Root Tool" app. It is still on the FIRST Release.
Currently I'm working for the "Root Tool Beta" update and I've implemented such resources in my "BETA" build.
I can't do a fast development because of my less/poor Programming knowledge and due to my college busy scheduled.
Thanks.
Can someone make a tutorial how to make it work on lumia 735 please ? i'm new on WP and doesn't understand everything for now
@djamol: My apologies, I somehow missed that you'd managed to get file access working. That's great!
Looking at the APIs that NdtkClient.dll imports, I'm pretty sure it's using RPC, not DeviceIoControl (IOCTL). That's not really important, though; both require INTEROPSERVICES. It's just easier to write our own code using IOCTLs than using RPC, but since we already have a client library, hopefully that won't be needed...
@GoodDayToDie, @djamol: guys, could you please be a little bit more specific? Do you have a .winmd for this dll or function prototypes (not just exports)? NdtkClient.dll library is already on \Windows\system32? Or it should be ingested to the app package? (in this case, the app will be banned on automatic certification process).
As for the "Root Tool" (published in store), it's not using NdtkClient.dll (as far as I know). The file access via FileSystem.winmd/FileSystem.dll to system areas is read-only...
Could you share your finds to general public here or (at least) in private mail? Thanks!
@GoodDayToDie
Yes, Both requires ID_CAP_INTEROPSERVICES.
Can you send me FileSystem's code which is you developed base on the RPCComponent ?
I'll try to port it for lumia using NtdkSvc as possible.
I hope you can port it also for lumia in minutes but I'll try though.
@sensboston
There is no .winmd file for "NtdkClient.dll". You will find that .dll in extras+info app.
and "NtdkSvc.dll" in this path "C:\Windows\System32\NdtkSvc.dll".
There is a very simple trick to bypass the Store Submission process including with kernel libs.
sensboston said:
FileSystem.winmd/FileSystem.dll to system areas is read-only...
Click to expand...
Click to collapse
Even those cap's cant write here until using any System Resources.
"C:\Data\Users\PUBLIC"
But can write here.
"C:\Data\SharedData\OEM\Public"
"C:\PROGRAMS\CommonFiles\OEM\Public"
FileMoveEdit alpha-ish thing
Here you go. It's not been updated in ages, aside from some really minor tweaks I made just now. It's a WP8.0 app; it'll run on a sufficiently-unlocked 8.1 phone, but uses no 8.1 APIs. It also has some known bugs that I really ought to fix, though I'm working on other stuff at the moment.
You can probably get at least some of its tricks working on Lumias, though you may need to drop the symlink functionality as that both requires full capability-unlock and requires editing the NTFS configuration settings in the registry (the same key that, on desktop Windows, is edited by the "fsutil" program).
@GoodDayToDie
Sad thing happened for me. My device screen got broken
So I'm opening a new thread for "Root Tool" app public development.
It would be great for everyone.
Can anyone suggest me for which is best method for public development or any github/codeplex useful ?
@djamol, github is allright.
Hi, I was trying to automatically inject a dll to every process (including GUI) whenever it is started by a user . My DLL hooks DoDragDrop method of winapi and communicates with server to decide allow or disallow the drag & drop process. I use easyhook (particularly [this] for hooking part. I created a gist for my code : [Gist]
In [this ]url it says: Doesn’t work reliably against GUI applications. Stick to console apps. No wonder it didn't work in microsoft edge, and chrome.
I also tried code parts in these urls:
[first]
[second]
Finally , I already [certificated ]my dll.
Is there any other way apart from appcertdlls? Thank you in advance.
Edit: I can't use appinitdlls, some users might have secure boot enabled.
Edit2: Seems like dlls in some tutorials is under system32 ([this], and [this]) , and I moved mine under system32 too, but it did
work.