Accesing marketplace from unsuported locations *potential* - HD2 Windows Phone 7 Q&A, Help & Troubleshooting an

Accesing marketplace from unsuported locations *potential* - HD2 Windows Phone 7 Q&A, Help & Troubleshooting an

So I have an Australian live account, and I don't want to make a new one for many reasons, so I've been trying to work out a way to access the marketplace (specifically the music store) on my phone from and AU account.
Ultimately I haven't solved it yet but I did find something interesting that maybe someone better at this all than me can use for a permanent fix?
Using a registry editor, go to HKLM/Software/Microsoft/Zune/Settings and edit Xuidlocale from (in my case) en-au to en-us.
This enabled the entire marketplace (not instantly, it needed to reload. reboot was the fastest way to get it). Trouble is, after only a few minutes it would revert to en-au. So clearly it is updating from somewhere.
I figure if we can stop it from updating, or even get it to check somewhere else, we could enable full marketplace support permanently. I mean, the fact that I can browse for 5 mins or so suggests that as long as that registry remains as US (or UK or whatever other fully supported country you like), it will continue to work.
Just my thoughts. anyone out there know anything that could help?
UPDATE 1:
ok so after messing around more I found another registry key in the same directory (LastTunerConfigURL). I foolishly ignored this before because in my mind "tuner" could only mean radio.
anyway, the key leads to a zune configuration page (https://tuners-ssl.zune.net/en-au/winMobile/v7.0/configuration.xml) which has lots of interesting parameters. In particular:
<setting id="Music Marketplace Enabled" value="false"/>
<setting id="App Marketplace Enabled" value="true"/>
<setting id="XBox Live Available" value="true"/>
changing the en-au to en-us shows the US config file in which all three are enabled.
So to enable specific marketplaces we would need to either a) change the XML on the zune server (impossible I would assume) or b) change the registry to lead to the US version. Obviously I tried that straight away, and once again, it worked for a minute or two, but very quickly reverted. Thing is though, the last part of the key is a list of additional parameters that aren't set in the XML file (e.g. MCC=505 and OEMID=HTC). These are setting in the XML but they are obviously being set from the phone, and not the zune servers as I initially thought. So if I can work out the setting or file on the phone and change THAT, then it should stop changing back.
any info on where the hell it might be pulling its info from would be greatly appreciated
UPDATE 2:
Ok so I think I found where its getting most of its information. I downloaded the LEO70 dump and worked through some likely files, and I found some entries in the zune.dll file stored in \windows on the phone (or in the dump files \IMGFS\SYS\MediaApps\Zune.dll), specifically the file S000 in the dump files. Most of it I can't understand but there are a few bits and pieces that could be useful.
The one that I think would be most likely the easiest to change is the section that deciphers the Country ID and turns it into the Phone Locale.
Basically looks like:
MapLCIDToXCountry (*ppMapping) != NULL Z W E N - Z W Y E A R - Y E ..... U S E N - U S ..... A U E N - A U A R E S - A R D Z A R - D Z A L S Q - A L.
(I cut out most of the countries but I think you get the idea
Long shot I know but I assume If i can change this to read A U E N - U S, I could trick it into reporting US to the online servers. Thing is, I have no idea at all how to actually change the file on the phone. I don't know how to compile .dll files from raw files, and I can't copy the file from the phone because touchexperience wont allow me to alter (or even copy from) the /windows directory.
Any help doing either of those two things would be greatly appreciated

Great find, wish I could help but I don't have the skills. If we could find a way to host our own xml then maybe can tweak it for marketplace access?

Related

A guide to tweaking your X2.

Disclaimer: I am not knowledgeable about phones. I do not code and nor do I usually do what I describe in this post. The contents herein was put together by me in order to avoid confusion for people with the same interest as myself, making my X2 work better/faster or just plain customized. Because of this, I've made a few assumptions and also only described the way that worked for me.
This guide is based on the collective work of forum users, I take no credit or responsibility for its accuracy other than the fact that it worked for me.
This is only the installation steps, they are not specific to my knowledge. There are other guides out there for changing your language and doing more advanced thing, but this is just the basics. At least they are to me. Let us begin.
-----------------
Hello and welcome, this post is meant to guide you through the process of customizing the installation of your Xperia X2. My hope is that it will make your phone more responsive, but more importantly give you the option of deciding what you want installed.
The first thing we're going to be doing is to get ahold of the right files to install on your X2. Thankfully these files have been made availiable to us by PavelX1 in his post "NEW ORIGINAL X2 ROMS + Extracted CABs update 14.6.2010"*
Don't let the number and letter jumble intimidate you, on your own X2 the information you need to find the right package is found at Settings -> System -> Unit Information**. Here you'll find a bunch of numbers and letter combinations, if you look closely some of these will correspond to the names of the files availiable by PavelX1. Find the one that corresponds to your unit.
In my case it said that the following:
Software ID: 1230-2397
Software Version: R3AA035
Customization ID: 1231-4911
Customization version : R20A
Language Region: GENERIC_SE
I therefore searched for the following file which matched my information :X2_1230-2397_GENERIC_SE_R3AA035_CDF1231-4911_R20A.rar. Below that file was the file we're interested in for this particular guide. The GENERIC_*your language*_*version*_CABS.rar which in my case was named GENERIC_SE_R3AA035_CABS.
Now what we're going to do is get your computer prepared. Please download the Sony Ericsson Update Service (SEUS) available at their website.
If this is the first time connecting your X2 to your computer it might want to install some drivers in order for your computer to communicate with your phone, this is irrelevant to this guide but I mention it in order to let you know that this is normal and you have done nothing wrong.
Once we can connect to our phone and use its memorycard (which I assume you have) we will open the GENERIC_*your language*_*version*_CABS.rar and extract its contents into it. It has been suggested that you throw in an extra file together with the others availiable in the post "Want a fix for the X2? Only us can do it." on page 3.
We may now move on.
If you already have SEUS installed it was suggested by royalbloodvi in his thread "[TESTED 100% WORKING] Quickest way to get MR2 for those of you who can't get it!" that you remove the following folder C:\Program Files\Sony Ericsson\Update Service\db from your computer. I haven't tried any other way so I'll leave that bit of info as is.
Now we can begin the install process, this will take a little while so don't be in a hurry. It's important that you do not do this on a phone with an empty battery as it may interrupt the install process and cause problems, charge it before you do this. You may also want to backup any files important to you on the phone as they will be removed in this step. As an extra precaution you may want to remove the sim card as well.
Now that we're ready, go to Settings -> System -> Clear phone memory and press it. You'll have reset your phone to its original, empty, state. Connect your phone to your computer, if you haven't already, and begin the update process. SEUS might tell you that your phone is already up to date, this may be true, but we don't WANT it to be up to date, we want to decide what it is updated WITH so click update anyway.
Your phone will reboot. Disconnect your phone from your computer and open the backside of your phone by sliding the lock switch and removing the cover. Remove the stylus and you will see a small depression at the top left that was shidden by it. This is the hard-reset button for your phone which we will be using in a moment. Untill then you wait. Your phone will ask you to calibrate it after the sony logo has shown up. Calibrate the screen and your phone will start installing .cab files. quickly go to the hard-reset we mentioned a moment ago and press the tip of the stylus to it. A click was heard on my X2 when I pressed it and I assume the same is true for yours.
Now your phone will reboot, you will notice that it looks markedly different from what it did before this procedure. Don't worry, we can fix that if you like, but first we must address the window that has popped up and asked if you wish to try the install again. No, no we don't. Click no.
We are now freed from the shakles of oppression that is preinstalled and unremoveable software and may begin installing the files we WANT.
GO to the file explorer and select Storage Card and you will see all of the files we extracted to it previously. In order for you to know which ones you want I suggest that you go to the second page in the thread "Want a fix for the X2? Only us can do it." to get an overview of what the individual files do. Installing them is as simple as clicking them and selecting to what part of the phone you want them installed, I choose to install all of these files to my phone and not my memory card.
Now, to get your phone looking like it did before you did this (assuming you didn't use a panel but a standard theme) you will spot three theme files called X2_Saturn.cab (which is the one I use that looks like the stock one) X2_Saturn_Light.cab (which I don't know what the difference is) and X2_Titan.cab (which I also don't know what it looks like).
And that's that, you're done and hopefully your phone is more to your likeing.
--------------
Here is a shorter step by step guide without the filling, unceremoniously "borrowed" from royalbloodvi and slightly reformatted. Please read the full guide and use this only as a quick procedure guide.
1) Reset your phone.
2) Unpack the GENERIC_*your language*_*version*_CABS.rar to your phones memory card and add the multifix.cab found on this site.
3) Open SEUS, start a new update. Even if it says you have the latest version you want to do it update anyway.
4) Once your phone reboots the calibrations screen will appear. After calibration it will start applying .cab files. Now push the reset button that is hidden behind your stylus and battery cover and it will reboot again.
5) You may now find the files you wish to install on your phones memory card in the file explorer.
*I, as I am a new member, am not allowed to post links, thus the name of the forums from which this information is gleaned is named instead of a direct link.
**If this informations isn't named exactly the same as I have described it, but is merely similar, it could be because I've done a literal translation from Swedish to English.
Edit: I just noticed a very similar guide is available on the General section, which I overlooked. I feel like an ass now. This thread may removed at moderators leisure.

Possible to modify versionCode in compiled APK AndroidManifest.xml?

I made a mistake and formatted the hard drive of my old computer and sold it, without backing up my keystore for my app published in the Android Market.
My attempted solution:
Take the version from the market signed with the original key (key A), sign it again with my new key (key B) and upload it to the market. Then I will be able to upload another version signed only with key B.
I successfully signed the application with both keys, the problem is that I can't upload the same application again because the version code is still 10, I need to change it to 11. I've opened the AndroidManifest.xml and found that I can change the irrelevant versionName, but can't find the versionCode in there.
Anyone have any ideas? I would really prefer not to unpublish the application because I rely on the income I make from advertisements in it and I don't want to compromise my downloads/rating/position in the market.
Thanks in advanced to all who provide constructive feedback.

Nexeo said:
Take the version from the market signed with the original key (key A), sign it again with my new key (key B) and upload it to the market. Then I will be able to upload another version signed only with key B.
Click to expand...
Click to collapse
I think Market will require signing by key A in every new version of an app. Otherwise signing would make no sense, because anyone could hack it using above technique.
Second, even if you modify AndroidManifest.xml, then signature for key A will be invalid.
If you have lost your key then you're screwed. I don't think you can do anything, but release new versions of your app as new app - with different package name. Even Google can't help you.

I could try to modify version number in your AndroidManifest.xml file if you really want, but I don't see any sense in this.

Brut.all said:
I could try to modify version number in your AndroidManifest.xml file if you really want, but I don't see any sense in this.
Click to expand...
Click to collapse
The sense/hope was that I could take version 1.9 (currently in the market signed with the now lost key) and sign it again with the new key, then upload it with both signatures as version 1.9.1 so therefore I could upload version 2.0 signed only with the new key. If I had both keys this would be a successful way of switching between keys, but because I do not have both I was hoping to modify the compiled/signed app to change the versionCode (not versionName) from 10 to 11 (so the android market would accept it as a new version) and then sign it with the new key, and somehow make it so the signature with the old key was still valid.
The more I work on this and try the more I realize it's probably not possible. I've tried inserting new MD2 hashes for everything that has changed after I've tried modifying files and such but I always get that the application failed to install on my device...

Nexeo said:
The sense/hope was that I could take version 1.9 (currently in the market signed with the now lost key) and sign it again with the new key, then upload it with both signatures as version 1.9.1 so therefore I could upload version 2.0 signed only with the new key. If I had both keys this would be a successful way of switching between keys, but because I do not have both I was hoping to modify the compiled/signed app to change the versionCode (not versionName) from 10 to 11 (so the android market would accept it as a new version) and then sign it with the new key, and somehow make it so the signature with the old key was still valid.
The more I work on this and try the more I realize it's probably not possible. I've tried inserting new MD2 hashes for everything that has changed after I've tried modifying files and such but I always get that the application failed to install on my device...
Click to expand...
Click to collapse
I was just in a similar situation and emailed Google directly. Surprisingly, I received a personally written response. So I can tell you with 100% confidence that you are out of luck: to update a published application you HAVE to use the same digital signature as the original. Otherwise, you'll have to publish the update under a new package name. There is absolutely nothing Google can do. Of course, if you were Angry Birds I'm sure they'd make an exception, but small timers like us are out of luck.

Nexeo said:
The sense/hope was that I could take version 1.9 (...)
Click to expand...
Click to collapse
Yeah, you said that already and I gave you two reasons, why you can't do that:
invalid signatures for key A
requirement for key A in all future versions of your app
Chalup said:
Of course, if you were Angry Birds I'm sure they'd make an exception, but small timers like us are out of luck.
Click to expand...
Click to collapse
Google can't do anything even if they want - it's technically impossible. They could replace your app with new one with different package name, then copy all ratings, comments, etc. from old one, but they simply can't change key for existent package name.

Been there, done that...lost keystores of 3 published apps. Wrote Google too...no joy.
You are puckered As am I because I can not post an update to my apps without a new package name. Which of course, leaves all current users unable to get the update without repurchasing.
I wish there was a better way.... we all lose files from time to time. Why not make part of the publish process an upload of your keystore to the Google servers? Seems like a solution to me
In the meantime, I now have at least 5 copies of my keystores saved on various medium: e-mails to myself, file server, CD etc. Just have to deal with it I guess

Sending the hard drive off to a data recovery company who seems to be pretty confident. Hopefully they can find .keystore files.

I GOT MY KEYSTORE BACK!!!
I used the best f-ing software in the universe to restore the file (it truly is amazing): http://www.ntfs.com/boot-disk.htm

Nexeo said:
I GOT MY KEYSTORE BACK!!!
I used the best f-ing software in the universe to restore the file (it truly is amazing): http://www.ntfs.com/boot-disk.htm
Click to expand...
Click to collapse
Sweet find, I have all my stuff backed up on an IronKey flash drive. But it's a lot more than just my Keystores, it's also all of my work files and such. If you have some extra money I would recommend one. The only bad thing is the highest model's capacity is 32GB.

Rootstonian said:
Why not make part of the publish process an upload of your keystore to the Google servers? Seems like a solution to me
Click to expand...
Click to collapse
I think you don't understand what is this signing for. Its purpose is to make sure you're installing application from original author, not some hacked or infected version. And you want to open some backdoor for installing an application created by different author (no keys = different author). Your "solution" would make signing totally useless.

Chalup said:
Of course, if you were Angry Birds I'm sure they'd make an exception, but small timers like us are out of luck.
Click to expand...
Click to collapse
I don't think that's true. Recently, the wildly popular app "Vignette" suffered from pretty much the same issue and had to republish.

Fiddlin with WIndows Updates

So after reading about all the App Store hacks that have developed around Fiddler2, I decided to give it a go myself. After setting up the proxy, I noticed that most SSL-based transactions were failing to connect on my device (Windows Updates, Email, etc).
I exported the SSL cert that fiddler 2 installed on my development PC, emailed it to myself, and installed it on my Windows Phone device. LO and Behold, Most of my SSL issues went away! (App store still woudn't auth). More Interestingly, Windows Updates started checking for updates successfully. These transactions are done with SOAP calls.
The basic process is as follows:
1. Phone initiates a connection to the windows update server
2. a series of cab files are downloaded containing certificate and base URL info of the update server
3. the phone connects to the update server with a list of all updates it has installed as well as a unique device identifier.
4. the server responds with a list of updates that it wants the phone to evaluate.
5. If the phone decides it needs the update, it sends a request to the server for instructions to deter
6. the server responds with a specially crafted packet that contains a link to where the microsoft cab can be downloaded from as well as a checksum of the cab file and evaluation instructions to determine if the update is needed. (checking registry keys, etc the SOAP commands contain things like RegRead32)
7. the phone then downloads and installs the update, if needed.
Fiddling around with fiddler, I was able to remove the "filter" GUID from the phones request to the server. As a result, it evaluated and installed any update it could get its hands on. The Hardware Test app still shows that my last update was 5/1/2013, but the number of updated packages included in that update jumped from 83 to 200!
I have some more experiments I would like to try (such as trying to blindly write a reg key instead of just reading it...anyone know of a good one?). I am also wondering if I can somehow package a Microsoft cab file, and tell the update mechanism to download and install it. Depending on how it evaluates the cabs, I might be able to get away with signing the cab with the private key from the Fiddler certificate I installed.
Just thought I'd pass along

Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!

Not that i seriously looked into that, but you may probably consider these entries as interesting
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=DWORD:A
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppLicenseCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppSignatureCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppProvisioning"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\.NETCompactFramework\Managed Debugger]
"Enabled"=dword:0
"AttachEnabled"=dword:1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\Debugger]
"WaitForAttach"=dword:1
Some of those might get obsolete already, though.
Though, the most interesting thing one can do with registry is enabling KD.
For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now.
Click to expand...
Click to collapse
Yeah
I've never really looked at the fact: which certificate is used by actual cabs? look at *.cat file

GoodDayToDie said:
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Click to expand...
Click to collapse
Will do! Here is where it gets interesting...The attached screenshots are of a SOAP request from my phone to the update server (I disabled filtering, so the GUID isn't present) and then it's response for "missing" updates to evaluate.
the section labeled "xml" contains the instructions on how to evaluate if the update is needed.
here is a cleaned up, friendly dump of what is in the "XML" section it needs to parse to determine if an update is applicable:
Code:
<UpdateIdentity UpdateID="f092f820-8161-410b-ab11-c7a6d36b7837" RevisionNumber="101" />
<Properties UpdateType="Software" />
<Relationships>
<Prerequisites>
<UpdateIdentity UpdateID="eb644fbf-5e6e-4719-b97c-485ffb9e867f" />
<AtLeastOne>
<UpdateIdentity UpdateID="450b8808-d056-4c18-a383-2db11e463eb0" />
</AtLeastOne>
</Prerequisites>
</Relationships>
<ApplicabilityRules>
<IsInstalled>
<CspQuery LocUri="./DevDetail/SwV" Comparison="GreaterThanOrEqualTo" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
</IsInstalled>
<IsSuperseded />
<IsInstallable>
<And xmlns="http://schemas.microsoft.com/msus/2002/12/LogicalApplicabilityRules">
<CspQuery LocUri="./DevDetail/SwV" Comparison="LessThan" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
<b.RegSz Key="HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Windows\CurrentVersion\DeviceUpdate\Agent\Protocol" Value="TestTarget" Comparison="EqualTo" Data="72c5dc6d-00a9-412f-9d13-f4f483f2ed7f" xmlns="http://schemas.microsoft.com/msus/2002/12/BaseApplicabilityRules" />
</And>
</IsInstallable>
</ApplicabilityRules>

an interesting URL with info from someone else that was looking into this for Win7...
http://withinwindows.com/2011/03/06/notes-on-windows-phone-7-update-process-thus-far/
I wonder if we can figure out what "updates" are actually required if we can trick the server into giving us more OOB updates/othercarrier updates/updates we aren't "supposed" to have..
Found some info on the "Evaluate" action:
Action: The action that clients in the specified target group will perform on this revision: Install, Uninstall, PreDeploymentCheck (which means that clients will not offer the update, just report back on the status), Block (which means that the update will not be deployed, and is used to override another deployment), Evaluate (which means that clients will not offer the update and will not report back on the status), or Bundle (which means that clients will not offer the update for install; it is only deployed because it is bundled by some other explicitly deployed update).
Click to expand...
Click to collapse
source:
http://msdn.microsoft.com/en-us/library/cc251980.aspx

I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?

If either that DLL or any of those certificates are not signed (highly unlikely, but worth checking), or if the DLL doesn't enforce the signature check (extremely unlikely), or if any of the certs include the private key or use a weak hash algorithm or a short key... maybe. I checked the certs, though; they at least are clean. Nothing useful that I saw.
Reverse engineering the DLL may be useful, but it's probably native code and therefore a pain to decompile.

aclegg2011 said:
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
Click to expand...
Click to collapse
Those are the first steps in the update process. Basically, it gets the certs that it will use for validation and server communication. then the CAB file contains the info on what servers are used for Windows Update communications. It then logs that a request has been made to the tracking server. After that, it gets a list of updates from the v6 address. If there are no updates, Once the update process is complete, it logs the result to the tracking server.

Do you guys think I could use this to fix the problems I seem to have when trying to stream or download music from Xbox Music? I get a lot of errors, or this song can't be played on your device and some times the app crashes. I have had this problem since I switch from my Windows Phone 7 device to my Nokia Lumia 920, and I am on my 4th 920. I think for some reason the Music store is getting botched certificates or something.

Kind of on the same subject. anyways i extracted around 140 Certificated from a HTC 8x Ruu. then installed them to my pc. Which is windows 7. The cool part was i was able to install windows phone sdk 8 and 8.1 with emulators and visual studio 2013. which i though all of these were not possible to run on windows 7. all because of certificates from a rom.

WP8 SYSTEM registry files from FFU

I found where the system registry files are stored inside the ffus. This is from my Lumia 928 factory ffu.
Code:
\Windows\System32\config - DEFAULT, DRIVERS, FP, ProvisionStore, SAM, SECURITY, SOFTWARE, SYSTEM
\Windows\System32\config\MOUNTMGR - SYSTEM
\Windows\System32\config\unmodified - BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
\EFIESP(Different Partition)\Windows\System32\config\unmodified - BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
All of these files contain regf as the first few characters in hex. Beyond that, the files are mostly garbage looking at them in Notepad++.
I haven't been able to find any registry editors yet that can edit them, including ones built for Windows CE/Mobile or even Win7/8.
Anyone know of something that can display it in a normal fashion? (without needing a WP8 device to attempt to edit it on.)
EDIT: The files from \Windows\System32\config have been zipped for simplicity reasons (for those of you who don't have a ffu handy)
EDIT2 (August 22): The files from the GDR2/Amber update from my phone's rom have been added.
WalkingCat said:
OK, this is a reply to this thread, but apparently I can't post in that forum yet.
So, you've found registry file inside \Windows\System32\config, and this is the way to open and edit it.
No third-party tools needed, just use regedit.exe in your Windows system
1. Run regedit.exe
2. Click on any root key, like HKEY_LOCAL_MACHINE
3. Open File menu, select Load Hive
4. Select a file in your mounted ROM \Windows\System32\config, like SOFTWARE or SYSTEM, open it
5. In the dialog asking for a name, input any text, like WP8Software
6. Registry is now loaded under HKEY_LOCAL_MACHINE\WP8Software, you can edit it.
7. Open File menu, select Unload Hive, then its written back to disk.
reference: http://technet.microsoft.com/en-us/library/cc732157.aspx
Click to expand...
Click to collapse

Check this post : http://forum.xda-developers.com/showpost.php?p=44312736&postcount=41
I used 7zip to extract the file

vivekkalady said:
Check this post : http://forum.xda-developers.com/showpost.php?p=44312736&postcount=41
I used 7zip to extract the file
Click to expand...
Click to collapse
That works fine for .wim or a .zip, but these files are the complete registry store that's same format that Windows 2000, XP, Vista, ect. uses to store the settings for hardware/drivers, windows itself, and other apps that have that kind of access (e.x. Tier3 Applications)

If it's same format as XP/Vista type it should be easy openable, look for the application on the internet.

GodlikePL said:
If it's same format as XP/Vista type it should be easy openable, look for the application on the internet.
Click to expand...
Click to collapse
Apparently it isn't. I used RegistryEditorPE, that's supposed to work with offline registries for 2000 to 7, but it kept erroring out.
Sent from my RM-860 (Lumia 928) using the OFFICIAL Tapatalk app.

This is good stuff to know. Something that should be good to note is that while I decompiled the .NET for a few of the Verizon Xaps from the 928 ROM, I discovered some Nokia-specific COM Interop that interfaces with the registry. I'm hoping I can try something out and put up a test program within the next few days and make some registry changes.

Hi
I found a registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Office Mobile\SPMC\Action\doc]
"Application"=dword:00000005
"ApplicationCommand"="app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/Default?CmdLine=-url %s"
"Action"=dword:00000003
this is for Microsoft office Word
I think we can open word using the link i guess (app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/)
so is this part useful?
can external commands executable through this part (CmdLine=-url %s) ??
something like this
http://dotnet.dzone.com/articles/windows-phone-7-tip-day-know

@snickler: Let me know if you succeed with that. I managed to sideload an app using one of those libraries (after removing nearly all the interesting capabilities...), but immediately got an error about the component not being registered. I didn't try running regsvr or anything, though...

GoodDayToDie said:
@snickler: Let me know if you succeed with that. I managed to sideload an app using one of those libraries (after removing nearly all the interesting capabilities...), but immediately got an error about the component not being registered. I didn't try running regsvr or anything, though...
Click to expand...
Click to collapse
Hmmm, which phone do you have?
Edit: I tried to deploy just a sample app with one of the .winmds referenced, and got the 0x81030120 error
Holy fuzzle.. ANOTHER EDIT: I was able to do it. I had to remove all the damn Capabilities that I added from the Nokia Maps xap though.
I referenced the NokiaRegistryUtils.winmd and just ran this sample code
MessageBox.Show(NokiaRegistryUtils.Registry.IsChinaFirmware().ToString());
It returned "false" as expected.
I'm going to try something else now.
Something to note, in the WMAppManifest.xml, the following needs added after the <Tokens> declaration
<ActivatableClasses>
<InProcessServer>
<Path>NokiaRegistryUtils.dll</Path> <-- or whatever dll you're adding
<ActivatableClass ActivatableClassId="NokiaRegistryUtils.Registry" ThreadingModel="both" />
</InProcessServer>
</ActivatableClasses>

vivekkalady said:
Hi
I found a registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Office Mobile\SPMC\Action\doc]
"Application"=dword:00000005
"ApplicationCommand"="app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/Default?CmdLine=-url %s"
"Action"=dword:00000003
this is for Microsoft office Word
I think we can open word using the link i guess (app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/)
so is this part useful?
can external commands executable through this part (CmdLine=-url %s) ??
something like this
http://dotnet.dzone.com/articles/windows-phone-7-tip-day-know
Click to expand...
Click to collapse
Where did you find that key?

in ffu file
location <ffu mount>\Windows\Packages\RegistryFiles\Microsoft.Office.Word.reg

Perfect. That's what I'm doing now, but just from my 920 ROM dump. I can access the registry sections that Nokia provides in their app, but I can't from the one you provided me. I'm going to do more tests to see if this is using HKCU rather than HKLM. It could also be that the registry keys have permissions placed on them.

Hmm,
I'm able to get the value of SOFTWARE\Classes\MIME\Database\Codepage\1254 -> BodyCharset

I may write a simple app that reads registry from Lumia devices... I think that's going to happen today.

found these things dont know it is of any use
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3]
"DefaultId"="{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
Click to expand...
Click to collapse
http://support.microsoft.com/kb/287547

vivekkalady said:
found these things dont know it is of any use
http://support.microsoft.com/kb/287547
Click to expand...
Click to collapse
I did find THIS..
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=dword:7FFFFFFF"
That translates to the value of InterOp unlock by default which means we should be able to sideload more than 10 apps at a time.
I also found these within policy xml files
Code:
Microsoft.BaseOS.SecurityModel.policy.xml
<Capability ElementID="2EF45E94A01864DE3387212D6E73AEA885E709AD0F24FB97FE2E84728CB09D14" AttributeHash="49B8EC80A54998B68D7F65A44A340FD28B535494B7A41D650FD94851E38A6B6B" Id="ID_CAP_DEVELOPERUNLOCK" AppCapSID="S-1-15-3-1024-2489250862-3731101856-757172019-2830005102-2903107461-2549818383-1921265406-345878668" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1443" FriendlyName="Enable bearing chamber to load unsigned modules" Visibility="Internal" />
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>

Need a Nokia Device?
snickler said:
I may write a simple app that reads registry from Lumia devices... I think that's going to happen today.
Click to expand...
Click to collapse
Thats great! If anyone needs a Nokia device to test on, Nokia has Remote Device Access to those who need it. Its a free service to anyone who has a Nokia DEVELOPER account, which is separate but free as well. The devices they mostly have are Lumia 820s, but the have a few others (620, 720, 920 and the 928.) The great thing about them, you can deploy an xap and run the apps. Some of those phones have sims in them and some of them have a "Nokia On-Device Diagnostic Tool". The only drawback, is that the connection can be SLOW.

Huh, you had to add the InProcServer manually? That may be the problem, then. I'm not sure why they're using COM - it works just fine to simply use the native Win32 APIs (add references to ADVAPI32LEGACY.LIB and/or KERNELBASE.LIB; that's what my NativeAccess library does and it works fine) - but it's good to know that COM is, in fact, usable.

Yeah, I already found those policy files. As I've said in other posts, if you can find a way to sideload an app that uses them, we can do a lot more than is currently possible - the internal and private capabilities (and some of the so-called public ones, most of which still won't install) have all kinds of cool potential.
One advantage of the WP8 app model, as opposed to the WP7 model that used ID_CAP_INTEROPSERVICES for everything, is that an app like you're making may well work on other devices. The fact that you got the interop-lock error means that the app did have ID_CAP_INTEROPSERVICES specified, so it may use it for some things, but the registry access is probably not one of them.

GoodDayToDie said:
Yeah, I already found those policy files. As I've said in other posts, if you can find a way to sideload an app that uses them, we can do a lot more than is currently possible - the internal and private capabilities (and some of the so-called public ones, most of which still won't install) have all kinds of cool potential.
One advantage of the WP8 app model, as opposed to the WP7 model that used ID_CAP_INTEROPSERVICES for everything, is that an app like you're making may well work on other devices. The fact that you got the interop-lock error means that the app did have ID_CAP_INTEROPSERVICES specified, so it may use it for some things, but the registry access is probably not one of them.
Click to expand...
Click to collapse
The best part is that the Nokia CityLens uses ID_CAP_INTEROPSERVICES, but I can't find anything that references it.
The winmds use System.Runtime.InteropServices though.
The Nokia app I got the RegistryRT from didn't use the INTEROP Capability at all, but I did notice that I had to add that extra stuff in the AppManifest.

[Q] PERMANENTLY changing MAC address (Samsung Galaxy S5 G-900H)

Hi,
First off i want to state that i have some knowledge of the legal issues concerning changing of MAC addresses and the sole reason that i want to do this is because privacy is a big issue for me and i have a right to enjoy my right. Therefore, any posts or argument concerning such are requested to be posted elsewhere where the topic expressly states so.
Also, please treat me like a newbie when it comes to developing and programming of any kind. I have a very shallow understanding of kernel and the likes.
I am using a rooted S5 G-900H(Exynos with BCM 4534 chip)
Running on 4.4.2 Kitkat stock ROM and Kernel
So without further ado, here is what i have found so far
The MAC address is reflected in a hidden file called .mac.info in the /efs/wifi/ folder. However, editing the file does not change the actual MAC address in anyway. A phone reboot or even turning the wifi on/off will just change it back to the original.
I dumped partitions from /dev/block/ on to my SD card and copied it to my laptop. I searched through the files and found the MAC address in the efs.img partition.My wifi was turned off and the plane was in airplane mode. I modified it and flashed it back using the dd command from terminal emulator on my phone(this can also be done through adb shell but im guessing if you know what that is then you obviously know how to do it).
I rebooted the phone and everything seemed fine. The Wifi MAC address in the status screen in settings displayed my edited address. The .mac.info file also displayed the same. The problem is that it reverted back to the original as soon as i turned on the wifi. The MAC address values in the .mac.info file, status screen and the efs partition from the /dev/block/, all changed back to the original.
I have read that for most phones the important information unique to that particular phone(like IMEI, wifi/BT MAC address, unlock codes and so on) is stored in the NV_DATA.bin file, but everything is encrypted. Also there are only guides as to searching unlock codes and such, so i tried to search for hash blocks randomly using Hex Editor but there was nothing of the sort and the only hash block i can recognize is the one with AES-Encryption as shown from another forum on this site.Maybe it is another type of encryption, but that was another dead end for me.
Then i tried to search and edit various files and kernels as such, but there are no kernels that directly offer this customization. Tried to edit init.tuna.rc but there was no such file in the root directory. Searched init.goldfish.rc and init.wifi.rc and found nothing, but i did see init.svc.macloader mentioned and since i didnt want to mess with programs in the /system/bin/file i left it as is.
Also tried to search through PARAM partition using Hex Editor but nothing was there. Did the same for RADIO and BOOT but i dont think i did find anything major there.
tried to edit /sys/class/net/wlan0/address but it didnt let me, even though i was mounted as r/w. Flashing through dd command on terminal also resulted in permission denied. I was only able to view or dump it. I thought that may have been the source, but modifying the MAC address through the busybox if config command was reflected on the file. which obviously means that its not.
Looked through the dmesg (kernel) log and found a few interesting things but i dont know how to interpret them and what to do with it either. Ill post it later.
There is no NVRAM.txt the only ones in place of it i have are nvram_mfg.txt, nvram_mfg.txt_wisol, nvram_mfg.txt_semco3rd, nvram_net.txt, nvram_net.txt_semco3rd, nvram_net.txt_wisol.
I did do a bit more searching and editing, but i dont recall them right now.
Now, After all that what i think is this.
There is a source for the original MAC address somewhere either hardcoded in the Broadcom chip or somewhere in the partitions under a layer of encyrption.
The Original MAC address is only accessed when the wifi is turned on and not on reboot. This means it is not in any file, program or script that activates on boot, so only scripts and files accessed and imported during the turning on of wifi
must have it. Also while wifi is on and running, busybox ifconfig command changes the MAC address succesfully albeit temporarily, although the change is not seen on the status screen and but it does on the .mac.info file.
Any help from anyone, especially from developers with knowledge of Android kitkat ROm and kernels would be very much appreciated.

Alpaca_Bandit said:
Hi,
First off i want to state that i have some knowledge of the legal issues concerning changing of MAC addresses and the sole reason that i want to do this is because privacy is a big issue for me and i have a right to enjoy my right. Therefore, any posts or argument concerning such are requested to be posted elsewhere where the topic expressly states so.
Also, please treat me like a newbie when it comes to developing and programming of any kind. I have a very shallow understanding of kernel and the likes.
I am using a rooted S5 G-900H(Exynos with BCM 4534 chip)
Running on 4.4.2 Kitkat stock ROM and Kernel
So without further ado, here is what i have found so far
The MAC address is reflected in a hidden file called .mac.info in the /efs/wifi/ folder. However, editing the file does not change the actual MAC address in anyway. A phone reboot or even turning the wifi on/off will just change it back to the original.
I dumped partitions from /dev/block/ on to my SD card and copied it to my laptop. I searched through the files and found the MAC address in the efs.img partition.My wifi was turned off and the plane was in airplane mode. I modified it and flashed it back using the dd command from terminal emulator on my phone(this can also be done through adb shell but im guessing if you know what that is then you obviously know how to do it).
I rebooted the phone and everything seemed fine. The Wifi MAC address in the status screen in settings displayed my edited address. The .mac.info file also displayed the same. The problem is that it reverted back to the original as soon as i turned on the wifi. The MAC address values in the .mac.info file, status screen and the efs partition from the /dev/block/, all changed back to the original.
I have read that for most phones the important information unique to that particular phone(like IMEI, wifi/BT MAC address, unlock codes and so on) is stored in the NV_DATA.bin file, but everything is encrypted. Also there are only guides as to searching unlock codes and such, so i tried to search for hash blocks randomly using Hex Editor but there was nothing of the sort and the only hash block i can recognize is the one with AES-Encryption as shown from another forum on this site.Maybe it is another type of encryption, but that was another dead end for me.
Then i tried to search and edit various files and kernels as such, but there are no kernels that directly offer this customization. Tried to edit init.tuna.rc but there was no such file in the root directory. Searched init.goldfish.rc and init.wifi.rc and found nothing, but i did see init.svc.macloader mentioned and since i didnt want to mess with programs in the /system/bin/file i left it as is.
Also tried to search through PARAM partition using Hex Editor but nothing was there. Did the same for RADIO and BOOT but i dont think i did find anything major there.
tried to edit /sys/class/net/wlan0/address but it didnt let me, even though i was mounted as r/w. Flashing through dd command on terminal also resulted in permission denied. I was only able to view or dump it. I thought that may have been the source, but modifying the MAC address through the busybox if config command was reflected on the file. which obviously means that its not.
Looked through the dmesg (kernel) log and found a few interesting things but i dont know how to interpret them and what to do with it either. Ill post it later.
There is no NVRAM.txt the only ones in place of it i have are nvram_mfg.txt, nvram_mfg.txt_wisol, nvram_mfg.txt_semco3rd, nvram_net.txt, nvram_net.txt_semco3rd, nvram_net.txt_wisol.
I did do a bit more searching and editing, but i dont recall them right now.
Now, After all that what i think is this.
There is a source for the original MAC address somewhere either hardcoded in the Broadcom chip or somewhere in the partitions under a layer of encyrption.
The Original MAC address is only accessed when the wifi is turned on and not on reboot. This means it is not in any file, program or script that activates on boot, so only scripts and files accessed and imported during the turning on of wifi
must have it. Also while wifi is on and running, busybox ifconfig command changes the MAC address succesfully albeit temporarily, although the change is not seen on the status screen and but it does on the .mac.info file.
Any help from anyone, especially from developers with knowledge of Android kitkat ROm and kernels would be very much appreciated.
Click to expand...
Click to collapse
As you said, ifconfig changes it, there are several apps that do it for you as well, chainfire also released a mac randomizer app. You also noted it's hardwired in, so i would just have a startup script that changes it if i were you, there night be a better way to do it though.
Sent from my Tw5ted SM-G900A using Tapatalk

Yes, I have been using pry-fi as an option but the thing is that when i'm watching videos or downloading large sized files from playstore or other file hosting sites, it starts to turn my wifi on/off several times before becoming stable and logging in to the AP again. I have tried macchanger also and both misbehave after an interval of time. Thats why im trying to search for a more cleaner way to do it.
Running an init script would be nice but i have no idea how to do that. But there should be a script that only runs when turning on the wifi right? Would you know where this file was located and how to modify it? and if so please tell me.

Alpaca_Bandit said:
Yes, I have been using pry-fi as an option but the thing is that when i'm watching videos or downloading large sized files from playstore or other file hosting sites, it starts to turn my wifi on/off several times before becoming stable and logging in to the AP again. I have tried macchanger also and both misbehave after an interval of time. Thats why im trying to search for a more cleaner way to do it.
Running an init script would be nice but i have no idea how to do that. But there should be a script that only runs when turning on the wifi right? Would you know where this file was located and how to modify it? and if so please tell me.
Click to expand...
Click to collapse
You can just use init.d to make the script, shell scripting isnt very hard and i won't give you a tutorial here. Also as noted many places when researchng changing a mac on android, you can't connect to secured APs, or it won't be easy at least. As i said before, there may be a better way to do this, but i do not know it.
Sent from my Tw5ted SM-G900A using Tapatalk

Ok, thanks a lot. Running a script might just be cleaner than anything else I have right now. I'll still be on the lookout for other ways though. Call me hard to please.
Btw, I think the reason most custom MAC addresses(if they do get changed) are too different than the ones registered on the chip. I've found that changing only the 2nd digit out of the 12 in the address, to an even hexadecimal number like 2 or A, works for me on my pc.
Also you need to forget the networks on your pc or android as soon as you change it. Doesnt matter if you have the password or not, it doesnt connect. Must be something to do with the saved info about the ap on the phone that messes it up.

Alpaca_Bandit said:
Ok, thanks a lot. Running a script might just be cleaner than anything else I have right now. I'll still be on the lookout for other ways though. Call me hard to please.
Btw, I think the reason most custom MAC addresses(if they do get changed) are too different than the ones registered on the chip. I've found that changing only the 2nd digit out of the 12 in the address, to an even hexadecimal number like 2 or A, works for me on my pc.
Also you need to forget the networks on your pc or android as soon as you change it. Doesnt matter if you have the password or not, it doesnt connect. Must be something to do with the saved info about the ap on the phone that messes it up.
Click to expand...
Click to collapse
I know on for example ddwrr and even some official router firmwares they allow you to spoof your mac, may be worth looking into how they do it, but i have a suspicion it might be done with a script.
Sent from my Tw5ted SM-G900A using Tapatalk

Hard Wired?
I have been messing with 2 Alcatel Ideal 4060a, (because I bricked the first one i had).
After bricking the first 4060a I had, (wiping all partitions), I bought a second, (so I could install TWRP on it back it up and restore the backup onto the first).
After Restoring the backup of the second onto the first, all was good until I tried to get them online together.
When one connected it knocked the other offline, because they both share the same MAC address.
This is my problem and I wish the Mac Addresses were hard wired, then i wouldn't have this problem.
This is good news for anyone who wants to know if mac addresses are indeed hard wired. They are not, (at least not in the 4060a).
Hope This Helps.
gscripting

MAC for bt and wifi reside in the EEPROM or NVRAM. And that is not editable.

To put it simply you can't change it. Only spoof it. And if you know it's not legal you probably shouldn't be asking.

Reported Is different from original
gscripting said:
I have been messing with 2 Alcatel Ideal 4060a, (because I bricked the first one i had).
After bricking the first 4060a I had, (wiping all partitions), I bought a second, (so I could install TWRP on it back it up and restore the backup onto the first).
After Restoring the backup of the second onto the first, all was good until I tried to get them online together.
When one connected it knocked the other offline, because they both share the same MAC address.
This is my problem and I wish the Mac Addresses were hard wired, then i wouldn't have this problem.
This is good news for anyone who wants to know if mac addresses are indeed hard wired. They are not, (at least not in the 4060a).
Hope This Helps.
gscripting
Click to expand...
Click to collapse
More info relative to these 2 phones
I installed an app called Change my Mac.
It Lists:
Original MAC 12:34:56:78:90:ab
Current MAC ff:ee:dd:cc:bb:aa
They Are Different.
I thought the original MAC address it's showing, was the one written in the EEPROM or NVRAM,
but it turns out, after installing Change My MAC on the other phone also, its lists the same Original and Current MAC addresses as the first phone.
The Current MAC address listed is the one reported in settings and my network.
I Use Change My MAC to set the reported MAC to the original every time the phone boots using Tasker on only one of them.
Using Change My MAC, the change lasts til boot.
Just passing it on for those that might be interested.
When I get link privileges, I'll add a screenshot of Change My MAC.
gscripting

Database Users

welcome