yay
Sent from my PC36100 using XDA App
jmollabi said:
yay
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
^thanks a bunch!
I'm pretty sure it's for the superbowl commercial thing.
Sent from my PC36100 using XDA App
watch it permissions has changes it wants to read your sms and mms in and out
Now that makes absolutely no sense at all. WTF would Angry Birds want to read your SMS and MMS messages. REMOVING!
This is from Android Cemtral
Update: You might well have noticed that the app now says it needs/has permission to access your SMS messages. The developer, Rovio Mobile, tells us on Twitter that it "Must be a mistake in some permission file. Will get it sorted on Monday."
To be on the safe side, probably won't download until Monday when he fixes it. Is there a changelog to see what all changed?
androidcentral.com/angry-birds-update-brings-30-new-levels
Looks like new levels. And some easter eggs with unlock codes coming in a Super Bowl commercial.
Yeah, let's see here... The permissions say it is reading/sending SMS's, and for a company's flagship $1M+ product to have such a bug in it, I think someone would be called in to fix it on the weekend. After all, it'd take only a few minutes to edit the XML file which declares permissions, sign the APK, then send it to the Market.
I reckon the Superbowl "easteregg" is going to be using SMS's without users' knowledge/consent, and that's why they're waiting until Monday.
drmacinyasha said:
Yeah, let's see here... The permissions say it is reading/sending SMS's, and for a company's flagship $1M+ product to have such a bug in it, I think someone would be called in to fix it on the weekend. After all, it'd take only a few minutes to edit the XML file which declares permissions, sign the APK, then send it to the Market.
I reckon the Superbowl "easteregg" is going to be using SMS's without users' knowledge/consent, and that's why they're waiting until Monday.
Click to expand...
Click to collapse
Editing the xml to not say that is one thing, but what if the app was actually reading/sending sms? It would take time to remove that bit of code. I would rather check to see what it is doing than rely on what it says it is or isnt doing.
Oh, come on people! This is XDA afterall.
You unpack the apk, edit the xml yourself, repackage and sign. Then you beat all then new levels over the weekend at make fun of the people who are waiting until monday.
I saw a $22 angry birds t-shirt at the mall today. Cute but maybe $10 at max.
posted via the xda app with my Evo
Solution: Dont DL angry birds. At least not on YOUR phone!!! In any event. Its too addictive anyway. I had to force myself to uninstall it!!!!
iconoclastnet said:
Oh, come on people! This is XDA afterall.
You unpack the apk, edit the xml yourself, repackage and sign. Then you beat all then new levels over the weekend at make fun of the people who are waiting until monday.
Click to expand...
Click to collapse
You do realize that when a program apk is compiled that programs access is determined according to what it does and what it uses and not manually listed by the devs in an xml file.
The fact that the xml file says it means that apk does in fact use or do some actions that involve sms.
I can make a simple apk that stores numbers in a db for the user at their execution and when compiled the xmls will be automatically updated by eclipse to display the type of permissions it requires along with the actions and access it has to your system.
You can edit the xml like you said but it doesn't remove that bit of code that interacts with the sms operations.
lovethyEVO said:
You do realize that when a program apk is compiled that programs access is determined according to what it does and what it uses and not manually listed by the devs in an xml file.
Click to expand...
Click to collapse
You do realize that you're completely wrong.
http://developer.android.com/guide/topics/manifest/manifest-intro.html#perms
bkrodgers said:
You do realize that you're completely wrong.
http://developer.android.com/guide/topics/manifest/manifest-intro.html#perms
Click to expand...
Click to collapse
So you're telling me that you have personally compiled a program apk in eclipse and you had to manually specify what permissions and access it needs in the android manifest? Your eclipse somehow does not automatically update the manifest as your code changes?
if you can edit whats in their manually.. whats stopping you from falsifying permissions.. i call false.
rovio.com/index.php?mact=Blogs%2Ccntnt01%2Cshowentry%2C0&cntnt01entryid=57&cntnt01returnid=58
I guess its not a bug.
"SMS payment coming to Android devices
We are bringing Angry Birds players on Android the option of purchasing the Mighty Eagle and other cool new content in the future using our brand new payment system, Bad Piggy Bank!
Bad Piggy Bank purchases will be paid through operator billing. No credit card is required, you simply select the content you want to purchase in the game, and select the Bad Piggy Bank icon. You confirm your purchase, the payment is made via SMS, and you will be charged in your phone bill.
The Android version of Angry Birds asks for SMS permission because this mobile payment capability has been added in version 1.5.1.
Angry Birds does not use the SMS functionality of the device for any other purpose than Bad Piggy Bank payments.
If the Bad Piggy Bank is not available for your operator, no purchases can be made, and you cannot be charged for anything.
Right now, the system will be available only in Finland for Elisa customers, with more countries and carriers following later. We are working globally with operators on bringing Bad Piggy Bank to all of our users worldwide - ask your mobile carrier or operator for more details!"
aimbdd said:
if you can edit whats in their manually.. whats stopping you from falsifying permissions.. i call false.
Click to expand...
Click to collapse
The point is that just because you can edit the manifest to stop the permissions after the program has been compiled the bit of code that needed those permissions still exists in the program.
If the developer really wanted their code to run they would/could find a loophole/exploit to have their code run regardless if the program is allowed the permissions.
It's just like rooting our devices. It was possible through the exploit of a flaw in the system.
If rovio (for whatever reason) was really intent on interfacing with the sms functions they would have tried to circumvent the simple permissions in the manifest.
I'm not saying rovio is trying to be malicious with their code but once the program is compiled editing xmls doesn't really change the actual code, just parameters of the program such as strings, values, etc.
Who uses sms anyway?
Related
OP deleted on account I am knot vary smert.
That's nice. Do you want some French Cries with that Whaa Burger?
Sent from my SCH-I500 using XDA App
Nice. You know, my mom always told me that if you don't have anything good to say, then just don't say anything.
Good advice in my opinion.
You've lost your keys or have problems accessing them - it's your problem, not Google's. This is called security - it's a feature, not a bug.
And you can't delete app for quite obvious reasons: in IT world you should try to not delete anything ever. Want some more practical reason? If you would delete your app and release new one with same package name, but signed with different keys, then people who already downloaded your first app wouldn't be able to install a new one.
Yeah, I guess y'all are right. OP deleted because apparently 15 years of work in IT and 2 degrees makes me stupid for losing a file. Thank god no one else has ever lost a file
Yeah... the android market system is pretty well thought out. But can you imagine if they lost the key to angry birds, or to some corporate app?
Lakers16 said:
Yeah... the android market system is pretty well thought out. But can you imagine if they lost the key to angry birds, or to some corporate app?
Click to expand...
Click to collapse
This is the reason why there are all of these "Keep backup(s) of your private key." warnings
You know, there may be much, much, much worse consequences of losing private keys. Many devices or technologies are designed to restrict access to themselves using keys of their manufacturers. Lets imagine Apple lose keys they use for app signing: there would be no more apps for any existent device - for millions of them! Same for other technologies: one harddisk failure and thousands or millions of devices around the world become totally useless.
Private keys are one of the most important and most secured things in many companies.
Rootstonian said:
OP deleted on account I am knot vary smert.
Click to expand...
Click to collapse
Don't forget childish. 8-D
carnegie0107 said:
Don't forget childish. 8-D
Click to expand...
Click to collapse
Always Never plan on getting old, even though the "50" mark is around the corner! LOL
It wasn't too painful to re-create the app. Now I have my keystore files saved on computer, external drive and burned to CD. Live and Learn I guess
Well, I never did find the keystores to my first 2 apps. Thankfully the user interface is really just there for pulling from my hosted databases. I can update the databases outside of Market updates.
Sorry about "whining" about this, but when I first created these apps, i had NO idea how important that keystore file was. I wish the Eclipse Export popped-up a 30 point font dialog box with:
"WARNING! DO NOT LOSE THIS FILE OR YOU WILL NEVER BE ABLE TO UPDATE YOUR APPLICATION!"
I actually thought the keystore was somehow integrated into the apk (which it might be, I don't know, but you still need the keystore file).
I've gone the extra steps and copied my current keystore files to my hosted site AND e-mailed them to myself. That makes 5 copies! LOL
Need an apk that signs my update.zip files from titanium blackup.
I don't understand why it hasn't been done. The code to do it is already in java! Search the forums for testsign.jar
I know everything you need to do to get it done but I don't have a development environment at my disposal. Help me out and I'll show you how to convert your jarred up code libraries to run on android!
Please and Thank You.
* edit - this question has been solved by brainmaster! ZipSigner if you find this application helpful please thank him below.
- Posted via mobile
New application proposal: ZeroNetAccess (ZeNA?)
Concept: an app that can block other apps network access.
Market alternative: DroidWall (root only, low market potential)
Methods: Maybe by modifying the apk manifest and resigning? Im not sure if there is a framework you could subclass for this.
Why: i turned off stats reporting for an app and i saw it writing reports to the web from logcat. Google took our rights away by not letting us do this from the application settings. Its my device and i have to pay the bill not google or the rude ppl who made the app. I will never understand why we were not given the right to administer mobile data access rights.
Potential: highly lucrative. People want to save money nowadays. In that respect voiding phone warranty for root access may not sit well with potential customer.
- Posted via mobile
Avid Droidery said:
New application proposal: ZeroNetAccess (ZeNA?)
Concept: an app that can block other apps network access.
Methods: Maybe by modifying the apk manifest and resigning? Im not sure if there is a framework you could subclass for this.
Why: i turned off stats reporting for an app and i saw it writing reports to the web from logcat. Google took our rights away by not letting us do this from the application settings. Its my device and i have to pay the bill not google or the rude ppl who made the app. I will never understand why we were not given the right to administer mobile data access rights.
Potential: highly lucrative. People want to save money nowadays.
- Posted via mobile
Click to expand...
Click to collapse
For rooted devices try DroidWall
Application Proposal: Web Page to PDF/HTML Safari Plug-In
Concept: Seriously?
Why: Cant save pages from the browser I safari always reloads the page when you come back to it from other activities (pointless nethog!) whats the friggin cache for anyway? It is better to save an article copy that you could view on the computer later or add to your info library if you write books or do any kinda technical research than it is to save a bookmark that may become 404 not found. Researchers nightmare!
Methods: execute shell command wget on page source. Use regular expression to get media list. Build directory tree. For each media call wget. Done.
Potential: medium. Not many people are so technically inclined.
Usefulness: extremely high, especially with zip/+email caps.. Roundabout source code viewer for nosy/curious folks.
Average potential, stream lehigh usefulness I would sell for a buck 99. Free (1 ad per saved page, no zip email)
- Posted via mobile
3rdstring said:
For rooted devices try DroidWall
Click to expand...
Click to collapse
Thank you! Will do!
- Posted via mobile
Application proposal: WarBastard
Concept: wardriving app featuring google my maps! Maps are shared globally by locale. Signals can be pinpointed by triangulation through cross reference of mac address, signal strength and previously detected locations in a global locale based database. While we are at, throw in a google navigation intent, and a compass with distance to closest accesible AP! Dont stop there! I wonder where that cell tower is located?
Purpose: to aid weary travellers and cheap bastards to connect with their loved ones and services over open networks. Services could also be used for cellular network signal diagnostics across hundreds of thousands of devices.
Potential: astronomical I would pay 5 bux. Better yet 12 bucks per year. Free (1 ad per download of database, 1 ad per connect to AP. Possibly integrated with APs for increased revenue potential across the board.) The map data can also be used to find good places to set up an advertising AP 4 even more potential earnings.
Anybody wanna pay me to sit around and do this all day? Lol.
SERIOUSLY you are looking at my qualifications. Asking 50k p. yr. to start Project Mgr./Analyst/Sr. Developer. consulting options available. Willing to relocate. Pm for inquiries/proposals.
- Posted via mobile
Avid Droidery said:
Need an apk that signs my update.zip files from titanium blackup.
I don't understand why it hasn't been done. The code to do it is already in java! Search the forums for testsign.jar
I know everything you need to do to get it done but I don't have a development environment at my disposal. Help me out and I'll show you how to convert your jarred up code libraries to run on android!
Please and Thank You.
- Posted via mobile
Click to expand...
Click to collapse
You should use the search function: ZipSigner.
It implements in the Titanium Backup and signs it on your wish.
brainmaster said:
You should use the search function
Click to expand...
Click to collapse
You are correct. I should never have assumed that this wasn't already in the market. Actually I didn't really plan to use this to sign titanium backups. For my purpose however the concept is the same.
* edit Human beings arent the fastest search engine but collectively we are the most accurate information sources on the planet. feel free to quote me on this
I thought that it would be better to ask someone who might know than it would be to search for something that may not exist. If I had access to a computer I would have no questions to post. Only answers! Being that I am stuck on my android for the time being, I appreciate all the help I can get!
Thank you for providing me with another helpful for resource!
* Edit: Dear brainmaster, words cannot express my level of gratitude! I am truly overjoyed by the passing of this shortcoming. Signapktic is exactly what I was looking for and I never would have found this application had it not been for your assistance. The topic of this thread is kick ass apps wanted. Even though this is an application that no longer needs to be developed (because real developers don't reinvent the wheel unless absolutely necessary,) you have met or exceeded the topic issue with flying colors!
- Posted via mobile
New application proposal: Launchpad Homescreen Widget
Concept: a widget that will pop up an on screen menu (complete with icons) onClick similar to pc desktop start menus. Customizable shortcuts Horizontal or vertical (and scrollable) layouts by preference and Customizable folders.
Why: I would rather have a feature like this than an app drawer any day. This would allow individuals to organize launcher short cuts by task. It would also be great if it were possible to open files in the system such as pdf, video, music or text files with appropriate application. Another great feature would be the ability to launch shell scripts. I have searched the market and nothing like this was found.
Potential: high. will save customer time allow them to become more visually organized and task oriented as well as adding more visual appeal to the home screens. $5.99 I would buy it! Time limited trial only.
- Posted via mobile
Hi
I've made an app a while ago (8 months ago), now, i made an update. but i cant release it it says i need the same certificate file.
Is there any way to retrieve it using the old applications apk?
XabdullahX said:
Hi
I've made an app a while ago (8 months ago), now, i made an update. but i cant release it it says i need the same certificate file.
Is there any way to retrieve it using the old applications apk?
Click to expand...
Click to collapse
No! This uses a public/private key system so if you lose your private key, you're screwed.
Been there, done that (on TWO apps). You are indeed TOAST. I feel your pain
Auch. Thanks guys.
Now my question is. Can i create an identical keystore as the other one to fake it inside market?
I see jarsigner is telling me this about the original app:
X.509, CN=Abdullah Gheith, O=Abdullah Gheith, L=Denmark, C=45
[certificate is valid from 22-05-10 01:22 to 14-05-40 01:22]
Wouldnt it be possible to fake these information inside the new keystore somehow, maybe change date and stuff.. i know the password used for the original keystore
While waiting for your reply i am trying it ^^ . updating here when i find something out.
EDIT: Okay, nevermind. I am the only one naive enough to think that this will work, even though the file i newly created showed me this certificate:
X.509, CN=Abdullah Gheith, O=Abdullah Gheith, L=Denmark, C=45
[certificate is valid from 22-05-10 01:22 to 14-05-40 01:22]
You know, app signing was added for some reason, not because someone was bored ;-) If you would be able to properly sign an app without private key, then whole signing thing would not make any sense.
Brut.all said:
You know, app signing was added for some reason, not because someone was bored ;-) If you would be able to properly sign an app without private key, then whole signing thing would not make any sense.
Click to expand...
Click to collapse
Yea, sadly
<rant on>
I'm not sure why they don't make uploading the key file part of the publishing process; they're damn picky enough about have the right number and size of images.
Store the damn key on your servers Google!!!! That 20% or 30% you're taking from us developers could buy you some frikkn' server space
Oh hell, just thought of this...they'll start storing the key...and charge you $50 to get it back! LOL
</rant on>
Rootstonian said:
I'm not sure why they don't make uploading the key file part of the publishing process; they're damn picky enough about have the right number and size of images.
Store the damn key on your servers Google!!!! That 20% or 30% you're taking from us developers could buy you some frikkn' server space
Click to expand...
Click to collapse
You're joking, aren't you?
Forgive me if this is in the wrong place.
As stated in the title, I'm willing to offer a $50 bounty to anyone who can create this app for me, the perfect thief catcher app. Here's how it works:
The app runs in the background constantly (possibly as a service to avoid task killers), so it must be as minimal as possible. Upon receipt of a specifically worded text message, the app will trigger the GPS and wait 5-10 minutes for full lock. After this time has passed, the app will text the GPS coordinates to a preconfigured email address and then disable the GPS.
Optional function: Activate the front facing cam (silently and invisibly if possible), take a picture, and attach to said text message to be sent to preconfigured email address.
The main focus of this app is to accurately capture the location of the device while being light on battery, so that optimal capture can take place in the event the device is stolen.
If something like this already exists, please let me know so that I can donate to that developer.
Specifics: I have an Evo with CM7, if it matters in coding the app at all.
Lookout has lost phone features similar to what you are asking for. I have Lookout on my phone, uses almost no battery.
They also have an app called Plan B that you can install after the phone is lost to get a GPS location on it.
Both are free.
I don't expect the bounty, but feel free to buy me a sandwich for helping.
Lookout causes too many problems from what I've seen. I'll check out the Plan B app.
Bounty is still up.
I'm not the "fastest" coder in the world, but I would hazard a guess of minimum 20 hours for development, testing, etc.
Great app idea but I'm not writing code for $2.50 an hour ...just sayn'
And Android OS prevents someone from NOT being able to stop a Service.
Try apps "Where's My Droid" or GPS Tracker. Both have remote activation capabilities.
________________________________
http://ron-droid.blogspot.com
rigman said:
Try apps "Where's My Droid" or GPS Tracker. Both have remote activation capabilities.
________________________________
http://ron-droid.blogspot.com
Click to expand...
Click to collapse
Did you read the entire OP? I realize WMD has a few of the features that I listed, but I want ALL of the features working like I stated.
I'm no coder, but I could quite easily make a Tasker profile to do this.
Sunsparc said:
Did you read the entire OP? I realize WMD has a few of the features that I listed, but I want ALL of the features working like I stated.
Click to expand...
Click to collapse
Yes I read the entire op and wasn't very impressed. Texting coordinates wouldn't be very reliable way to catch someone. There's a very good chance the person could be driving at the moment you send your activation text.
Same for turning on the camera. Highly unlikely they'd have the camera pointed at their face or anything recognizable. Or even if they did, probably couldn't make out much without the flash.
Just my opinion. But I'd much rather have an app that gave me continuous GPS coordinates as does the apps I suggested.
________________________________
http://ron-droid.blogspot.com
Look up Prey. it runs as a background service and has a lot of cool stuff. Google it, they have a whole web interface and everything, you can use the same service on your laptop under the same account. I think it would suit your needs.
Sent from my MIUI SCH-i500
The best lost/stolen app imo is Theft Aware. From the app's website:
Theft Aware runs (and this is worldwide UNIQUE) completely invisible in the background. That's right! Theft Aware is COMPLETELY INVISIBLE. You'll be able to remotely control your phone by SMS at any time. Theft Aware will reply to your commands by SMS as well. The sent or received SMS leave no trace on the mobile phone, no signal will alert the thief - who will feel safe!
Sure, as soon as the thief changes the SIM card of the phone, the phone number of it will change. NO PROBLEM. Theft Aware will detect the change and will inform your buddy automatically about the new phone number by SMS.
Click to expand...
Click to collapse
Best thing to do with lost or stolen phone?
-Call provider and they'll kill the phone.
-Buy new phone
Edit: Mainly a reply to an edited out part of a post but still applicable so I'll leave what I wrote
At 9.99 EUR, Theft Aware is far from free but I understand your point. It's good to watch for security and privacy issues. I would only caution that one could easily miss out on good/helpful apps if generalizations are made based on one bad app(le) or the possibility of one. But really this is what Android is all about...individual choice. To each their own.
I've been using Prey for a while now and I'm very happy with it.
All the current apps are dependent on your sim card remaining in the phone so you can text it. So in the reality of your phone being stole they will be useless.
Sent from my Nexus One using XDA App
nutsnut said:
All the current apps are dependent on your sim card remaining in the phone so you can text it. So in the reality of your phone being stole they will be useless.
Click to expand...
Click to collapse
Since you must not have read my first post...
If a thief changes the SIM card, Theft Aware will proactively send you the location and the new phone number of the thief to predefined friends of yours. Once you got the new number, you will again be able to locate your phone at any time.
Click to expand...
Click to collapse
So even if the SIM card is changed, the app will inform you the phone number associated with that new card by messaging both of the numbers you assigned when you set it up. Once you have that, you can message commands invisibly to that new number to control Theft Aware as well as now knowing the thief's phone number to hand over to police, your carrier, or to figure out the owner of that number on your own.
nutsnut said:
All the current apps are dependent on your sim card remaining in the phone so you can text it. So in the reality of your phone being stole they will be useless.
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
I think you mean if you have a gsm phone.. i have a CDMA, so I really don't need to worry about it. However, if i ever stole someones phone, the first thing I would do is take out the battery and let it sit on the shelf for a month or two until the previous owner has given up. And trust me, you will if it happens to you. It happened to me.
Sent from my HERO200 using XDA Premium App
Theft Aware
Theft Aware isn't sim card depending. If the sim gets changed a sms is sent to up to two notification numbers you define on installing theft aware.
it meets all requirements you specify (except that the location is sent via sms not email).
but that will soon be available via a webinterface where you can control your device.
I don't need the bounty either - try theft aware and buy a license. thats enough compensation as my company sells theft aware
Check out "watch droid"......
Every beginning thief knows that if you steal a smartphone you get out the body the battery and SIM card as first thing. Second thing is looking for hard reset instructions.
It should be something deeper than OS level.
Khisha said:
Every beginning thief knows that if you steal a smartphone you get out the body the battery and SIM card as first thing. Second thing is looking for hard reset instructions.
It should be something deeper than OS level.
Click to expand...
Click to collapse
It's been said a couple times that Theft Aware can detect a SIM card change and inform you of the new number so you can continue to control it through text messages. It will also survive a factory reset if you have rooted your phone and installed it appropriately. It won't survive a full data wipe like you would do when flashing a new ROM through recovery, but nothing can...that's the point of a full wipe. If you are waiting for or expecting something to come out that will persist through a full wipe, then you will never be satisfied.
Microsoft just announced today that Windows Phone developers can now unlock their devices for free, with a 2-app sideload limit. Those needing higher limits can grab an account for cheap during the summer ($19 USD).
Just use your Microsoft account with the Windows Phone Developer Registration tool and you should be off and running.
Beginning today we are simplifying the developer phone registration process. Now, any developer can unlock and register 1 phone to load up to 2 apps. Registered developers with Dev Center accounts continue to have the option to unlock up to 3 phones and upload up to 10 apps on each.
Click to expand...
Click to collapse
WithinRafael said:
Microsoft just announced today that Windows Phone developers can now unlock their devices for free, with a 2-app sideload limit. Those needing higher limits can grab an account for cheap during the summer ($19 USD).
Just use your Microsoft account with the Windows Phone Developer Registration tool and you should be off and running.
Click to expand...
Click to collapse
Thats awesome news! That gets rid of the need for Chevron mods for all those WP7 people and that makes it easy to test WP8 apps.
thals1992 said:
thats awesome news! That gets rid of the need for chevron mods for all those wp7 people and that makes it easy to test wp8 apps.
Click to expand...
Click to collapse
this is great news!
This whole thing got me thinking, there might be someway to "abuse" the XAP installer that processes the XAP, since the XAP is downloaded straight from the browser.
Hopefully there's some vulnerabilities in the installer.
IzaacJ said:
This whole thing got me thinking, there might be someway to "abuse" the XAP installer that processes the XAP, since the XAP is downloaded straight from the browser.
Hopefully there's some vulnerabilities in the installer.
Click to expand...
Click to collapse
I think you're on to something here....
Not sure what you mean by "the XAP is downloaded straight from the browser" - Store apps are downloaded over HTTP (HTTPS actually, with cert pinning to boot) but the only apps I've seen actually install if they were downloaded from a web browser (or via email attachment, or sent using Bluetooth) are company / LOB apps, not store apps or unsigned (homebrew/development) apps.
That said, the XAPs do get processed by the installer (and rejected) anyhow. It's possible there's a vulnerability in that check process; is that what you're thinking of? If so, I don't believe it has anything to do with the news in this thread in particular (although it *might* help to have dev-unlock enabled) but it's a worthwhile path of exploration anyhow. The XAP installer is one of the relatively few parts of the system that has fairly high permissions but is easily attackable. Of course, that means MS will have reviewed and fuzz tested the hell out of it, but we can hope...
GoodDayToDie said:
Not sure what you mean by "the XAP is downloaded straight from the browser" - Store apps are downloaded over HTTP (HTTPS actually, with cert pinning to boot) but the only apps I've seen actually install if they were downloaded from a web browser (or via email attachment, or sent using Bluetooth) are company / LOB apps, not store apps or unsigned (homebrew/development) apps.
That said, the XAPs do get processed by the installer (and rejected) anyhow. It's possible there's a vulnerability in that check process; is that what you're thinking of? If so, I don't believe it has anything to do with the news in this thread in particular (although it *might* help to have dev-unlock enabled) but it's a worthwhile path of exploration anyhow. The XAP installer is one of the relatively few parts of the system that has fairly high permissions but is easily attackable. Of course, that means MS will have reviewed and fuzz tested the hell out of it, but we can hope...
Click to expand...
Click to collapse
The XAP's developed in App Studio are downloaded in the browser on the phone, not from the store, which could prove to be a vulnerability, but there might be cert pinning since App Studio apps require you to install a certificate first. Hopefully someone with more knowledge, like you, could look at it. Just prep a simple app in App Studio and go through the process and see what you'll be able to find.
Maybe Fiddler might help to determinate if any cert pinning is done?
Ah sorry, I wasn't looking at App Studio. I will investigate... but unless they're giving us access to the signing key, or raw access to the XAP, it probably won't work for anything *too* exciting. Still, if it's a way to install signed apps that we write ourselves (to any meaningful degree), there's hope...
GoodDayToDie said:
Ah sorry, I wasn't looking at App Studio. I will investigate... but unless they're giving us access to the signing key, or raw access to the XAP, it probably won't work for anything *too* exciting. Still, if it's a way to install signed apps that we write ourselves (to any meaningful degree), there's hope...
Click to expand...
Click to collapse
If I've understood it correctly, there is possibility to do changes to the XAP.
Note this tool is browser driven - no Windows 8 machine required - if you're not going to modify the source code that is. There are plans on the way for more goodies, so keep posted.
Click to expand...
Click to collapse
- Source
Cool. Looks like I need to send a request to get into the beta. I should do that... see what I get back. If the XAPs aren't signed, they probably won't be useful for breaking anything but the interaction with the browser might be interesting. If they are signed...
GoodDayToDie said:
Cool. Looks like I need to send a request to get into the beta. I should do that... see what I get back. If the XAPs aren't signed, they probably won't be useful for breaking anything but the interaction with the browser might be interesting. If they are signed...
Click to expand...
Click to collapse
I didn't have to sign up for the beta, think I could use it right away since I'm a registered dev. Just signed in with my dev account and tried it out right away.
IzaacJ said:
I didn't have to sign up for the beta, think I could use it right away since I'm a registered dev. Just signed in with my dev account and tried it out right away.
Click to expand...
Click to collapse
Awwman! I sent the request more than 24 hours ago and I still haven't received any emails. Also I'm a registered dreamspark dev, but that expired March.
@IzaacJ: Thanks for the tip, I'll try that then.
EDIT: Nope! Still demanding an "invitation code".
How the Windows Phone App Studio deploys
thals1992 said:
Awwman! I sent the request more than 24 hours ago and I still haven't received any emails. Also I'm a registered dreamspark dev, but that expired March.
Click to expand...
Click to collapse
Finally got mine a few hours ago. Haven't got very deep in it yet, but the templates are convenient.
---------- Post added at 10:49 PM ---------- Previous post was at 10:35 PM ----------
IzaacJ said:
The XAP's developed in App Studio are downloaded in the browser on the phone, not from the store, which could prove to be a vulnerability, but there might be cert pinning since App Studio apps require you to install a certificate first. Hopefully someone with more knowledge, like you, could look at it. Just prep a simple app in App Studio and go through the process and see what you'll be able to find.
Maybe Fiddler might help to determinate if any cert pinning is done?
Click to expand...
Click to collapse
Here's the output of an almost empty app.
First things first
Remember you have to install the Certificate we sent you via Email.
Click to expand...
Click to collapse
links to dowappdiagnostics.blob.com/aet/AET.aetx
Code:
<wap-provisioningdoc>
<characteristic type="EnterpriseAppManagement">
<characteristic type="5342258">
<parm datatype="string" name="EnrollmentToken" value="PEFFVD48RW50ZXJwcmlzZUlkIFZhbHVlPSI1MzQyMjU4IiAvPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxEaWdlc3RWYWx1ZT5qbVBocDJSTjAydEoxWkJILzVyS0kzVk9tWjNDTmVHOG02bVVIbCtNNkNvPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5OcXlEQ3Qvb0RUb3JIOFBrYlJHNDZNRFpVcTNreWhod1ZEQW5ocUtoYTYxSzhhcEk3SzNkNEJTcmQ1SXFaQVdraEMvRTFmNThRWWF4QWhRaEtPajRhdUxNNG5RaHowNis2OU96em84Q1RYMERjYUxJNHJWWXh4VGdvdXRWSzBnVkc1bVU4c0trZjQ3VmhGSnd4ZndPRHNwdGp1cmZyODNUVFN6OEJjZDlydW9ORGpZV25QWU9wTU9rRnZuNEFVb3hBdzE5M3BjYWsrZmV5c29udEN0cUw2OUNVRUEwTXhTczBXdGVxVkdLVWphd3JPSlJ5SVE3UkFLV1hxZnl3RDVQUS91M0h0REZBRDBGVXgxRDlkZ2VYWlQyZzZIZUxxZkVmdkxCcXY0cHA2ZjZFVXJ4RDVFNkNIV1lXWE9FZnVSbmZVaUFNS2dwZnIrMTBHMUJRZlphQUE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5U3ViamVjdE5hbWU+Q0E8L1g1MDlTdWJqZWN0TmFtZT48WDUwOUNlcnRpZmljYXRlPk1JSUVTRENDQXpDZ0F3SUJBZ0lRTWYyNzRvTTRBRDkvS09ZV1lCWDB6akFOQmdrcWhraUc5dzBCQVFzRkFEQmtNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhOakEwQmdOVkJBTVRMVk41YldGdWRHVmpJRVZ1ZEdWeWNISnBjMlVnVFc5aWFXeGxJRkp2YjNRZ1ptOXlJRTFwWTNKdmMyOW1kREFlRncweE1qQXpNVFV3TURBd01EQmFGdzB5TnpBek1UUXlNelU1TlRsYU1JR1NNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhMakFzQmdOVkJBc1RKVmRwYm1SdmQzTWdVR2h2Ym1VZ1JXNTBaWEp3Y21selpTQkJjSEJzYVdOaGRHbHZibk14TkRBeUJnTlZCQU1USzFONWJXRnVkR1ZqSUVWdWRHVnljSEpwYzJVZ1RXOWlhV3hsSUVOQklHWnZjaUJOYVdOeWIzTnZablF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lhVWxNM1VLUW1QNnF5RzdwM0g1bjh0MXpnb3BhUUMrMTVlQlhDaUdXZVJQelIzNFlWeHpvODBSWVlpMHJmMEt0TzlmazVlbTk3ZUw0Y3pRT2hVUE1xK3d0OXQwTEREZjBCcFM3OVlXK0N2SFZwazNCaHlEZTZMai9MaUJSSWY2RWMrRUdjMXNhLy84NVE1eUlxT1RkMU5RQWJBY1oxeDlHOTI1a2RYS24zajZUNTdqNWErNXlQQng5elo0SnNCdm0rc0F6SnI0Mzd5Y2hrK2pwd3BONUJMTFdGMkdLbkVGWGxjSllQYmVvSXlJZkZxa3cxYUpQVGd1cmswWEpnVklXWmozVE1IdHcrcms0dEgxMGIwTmVscFJaRndhLzQ4c1ZmTHE1b1BIS2ZpNFNrUjZmcjRiQWZqQ2R1Z0pyOGJ5NHlpL3dxWUVGMm4zVDJiKzJwZGtsQWdNQkFBR2pnY1l3Z2NNd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQkZCZ05WSFI4RVBqQThNRHFnT0tBMmhqUm9kSFJ3T2k4dlkzSnNMbWRsYjNSeWRYTjBMbU52YlM5amNteHpMMjF6Wm5SbGJuUnRiMkpwYkdWeWIyOTBZMkV1WTNKc01CWUdBMVVkSlFRUE1BMEdDMkNHU0FHRytFVUJDRFFCTUE0R0ExVWREd0VCL3dRRUF3SUJCakFkQmdOVkhRNEVGZ1FVWENwa0cxa1NEdXB3Z0NFVU9GS3RDTW5wbG9Bd0h3WURWUjBqQkJnd0ZvQVVUZXpmSmdiY0pCREF0cG4wMXpuSGJ4bjRKaWd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUR4V0dkVTB5dHpOd2ZZbEhmMy8rTDNoYkJNZG1XTnNnNktBS2pDQnY4a2d2SDk3b0xXZTE1c01mSG1RNGo5ZVErMDJpdVpFV1FRU0ZZV0xTd0gxTm5WbHpIK1MzMDV4bFFlTVFEVWxVMWxoZGpOeUpXYlFlR0J0OFZZa09JQ005L1pUdm5yMm1YdVpsVHR4eHE4V2U4WTUyK2VaK0Y1R2QrSjBIYmZkYmF3YVhVYXF4L1FnQ3d6TTM4cW9pQld4d2JQZXRXbk83OHhjMmdlYjdSMzBia3hTUXJMTTRFVGNTanhIb3AwaC9JQVdVZUhIcHh3Y29tWkt5NzV1UEllLzJlTnZtcFZLb0dEb0pJOHB6YlNOaDZDMUxLMUZ5ZDNrYXhiQVZKcGVLcFVJSk9Ka0RubzM0bG9hOStZa1BRc1ZIRjI2TVVLQ1BRMHYxdTdqNGY1V3c0cz08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUVMekNDQXhlZ0F3SUJBZ0lDQWFFd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pJeEN6QUpCZ05WQkFZVEFsVlRNUjB3R3dZRFZRUUtFeFJUZVcxaGJuUmxZeUJEYjNKd2IzSmhkR2x2YmpFdU1Dd0dBMVVFQ3hNbFYybHVaRzkzY3lCUWFHOXVaU0JGYm5SbGNuQnlhWE5sSUVGd2NHeHBZMkYwYVc5dWN6RTBNRElHQTFVRUF4TXJVM2x0WVc1MFpXTWdSVzUwWlhKd2NtbHpaU0JOYjJKcGJHVWdRMEVnWm05eUlFMXBZM0p2YzI5bWREQWVGdzB4TXpBMk1EZ3hOalE1TXpoYUZ3MHhOREEyTVRJd09URTNOVGRhTUZreEhqQWNCZ05WQkFzVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVlTUJ3R0ExVUVBeE1WVFdsamNtOXpiMlowSUVOdmNuQnZjbUYwYVc5dU1SY3dGUVlLQ1pJbWlaUHlMR1FCQVJNSE5UTTBNakkxT0RDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVJ3RG1kQzBkM1lGUXNON2FVZnd3WHA1T2RINGYrYlVmWlJMZHlrS2tUS3MyZVFGTHRRL3pUSElobkxEVlYxR2djbGtNeUNGdXFYNk1qZUVWVXlCNFJxS1JvYkI1MTRxa21ZSGdSdUx6emdLcnRSMFdFSy9wMUFwejZRT1RSb05GMVhGK0Y2aitESjBqRFhaV0xveHl0V1hrTjJ4cUJiVmRjNXVGTEE0d1U2L2dFYWp5ZWJTOWFyaDRuWTBNWThsUHBxRE1KTVlRNVQxNVUwdGprdVk3UWtXTnIvMGhGelZneWRaRFRyb2puY2FpSmd1Wm5kRGhjK2NUS3V1OEdKanlkUW9BcUJ5WGNSbnBIS0s0Y3lYZ2JUNjJFUllqVUtYcVVFWmFURlh0dGdyanR5Y2Q5VTM0L3k0dG5TUTYybS9vanIvUjJLaDE4cnhpSTRCWjY5ZitFQ0F3RUFBYU9CeGpDQnd6QWZCZ05WSFNNRUdEQVdnQlJjS21RYldSSU82bkNBSVJRNFVxMEl5ZW1XZ0RBT0JnTlZIUThCQWY4RUJBTUNCNEF3SUFZRFZSMGxCQmt3RndZSUt3WUJCUVVIQXdNR0MyQ0dTQUdHK0VVQkNEUUJNRUVHQTFVZEh3UTZNRGd3TnFBMG9ES0dNR2gwZEhBNkx5OWpjbXd1WjJWdmRISjFjM1F1WTI5dEwyTnliSE12YlhObWRHVnVkRzF2WW1sc1pXTmhMbU55YkRBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlFKQk1lRmYvdUIxeFZHcTVESTluYm9ZTnE2bXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhRV0dzQmpjcWRoK2F6QjJ0MGxXREJJMWFJRTZVZlQ5cjJUYktBN2pkdjRzdk5KRGIrcy9mTit2ZXMydFJqV25YaDZIS0xacVNkbFpUT3NodzIxV1UxNEE1bUlNNnRMNVdGL1F6dll5aU5HTHAwU1VNa2pSdXpFRDlaT0RrSElkV21Ca0FDS1pGWE92ajQ2TWxPVGZLYVJQdXZPR1NEYktkbGRVY3dWalR3UWpnbHpTY05hUjROL3l0M2FsRUUxQ01jZXJjYUpFZ2xITmpsc0svUFZkMGFTU1YzeHRhNmNvTHBURFlFVlB4bjJ4QnVQd21JeHJ6VHh1QkhUMmNSakN3WDhobC9kRkFxSC94YzBQWFQzbEFVbzZDMDY2b2lEZ3JTQ1gwYUhGcVlTZjROZVNselQ5NFdZTWsrblEwdFBLclVvV2p2N1d1UTlWSUsrMzhmQm5HUT09PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PC9BRVQ+"/>
</characteristic>
</characteristic>
</wap-provisioningdoc>
Link to app
http://bit.ly/19fnUyO
It also offers the source code:
http://apps.windowsstore.com/DashBo...4ab6a18?version=59091.elpplk&resource=sources
The file is named WPAppStudio.xap
THIS JUST ADDS MICROSOFT CORPORATION AS A COMPANY ACCOUNT AND DEPLOYS AN XAP BASED ON IT.
So, this isn't really good news. Back to looking at a company account exploit?
thals1992 said:
Finally got mine a few hours ago. Haven't got very deep in it yet, but the templates are convenient.
---------- Post added at 10:49 PM ---------- Previous post was at 10:35 PM ----------
Here's the output of an almost empty app.
links to dowappdiagnostics.blob.com/aet/AET.aetx
Code:
<wap-provisioningdoc>
<characteristic type="EnterpriseAppManagement">
<characteristic type="5342258">
<parm datatype="string" name="EnrollmentToken" value="PEFFVD48RW50ZXJwcmlzZUlkIFZhbHVlPSI1MzQyMjU4IiAvPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxEaWdlc3RWYWx1ZT5qbVBocDJSTjAydEoxWkJILzVyS0kzVk9tWjNDTmVHOG02bVVIbCtNNkNvPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5OcXlEQ3Qvb0RUb3JIOFBrYlJHNDZNRFpVcTNreWhod1ZEQW5ocUtoYTYxSzhhcEk3SzNkNEJTcmQ1SXFaQVdraEMvRTFmNThRWWF4QWhRaEtPajRhdUxNNG5RaHowNis2OU96em84Q1RYMERjYUxJNHJWWXh4VGdvdXRWSzBnVkc1bVU4c0trZjQ3VmhGSnd4ZndPRHNwdGp1cmZyODNUVFN6OEJjZDlydW9ORGpZV25QWU9wTU9rRnZuNEFVb3hBdzE5M3BjYWsrZmV5c29udEN0cUw2OUNVRUEwTXhTczBXdGVxVkdLVWphd3JPSlJ5SVE3UkFLV1hxZnl3RDVQUS91M0h0REZBRDBGVXgxRDlkZ2VYWlQyZzZIZUxxZkVmdkxCcXY0cHA2ZjZFVXJ4RDVFNkNIV1lXWE9FZnVSbmZVaUFNS2dwZnIrMTBHMUJRZlphQUE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5U3ViamVjdE5hbWU+Q0E8L1g1MDlTdWJqZWN0TmFtZT48WDUwOUNlcnRpZmljYXRlPk1JSUVTRENDQXpDZ0F3SUJBZ0lRTWYyNzRvTTRBRDkvS09ZV1lCWDB6akFOQmdrcWhraUc5dzBCQVFzRkFEQmtNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhOakEwQmdOVkJBTVRMVk41YldGdWRHVmpJRVZ1ZEdWeWNISnBjMlVnVFc5aWFXeGxJRkp2YjNRZ1ptOXlJRTFwWTNKdmMyOW1kREFlRncweE1qQXpNVFV3TURBd01EQmFGdzB5TnpBek1UUXlNelU1TlRsYU1JR1NNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhMakFzQmdOVkJBc1RKVmRwYm1SdmQzTWdVR2h2Ym1VZ1JXNTBaWEp3Y21selpTQkJjSEJzYVdOaGRHbHZibk14TkRBeUJnTlZCQU1USzFONWJXRnVkR1ZqSUVWdWRHVnljSEpwYzJVZ1RXOWlhV3hsSUVOQklHWnZjaUJOYVdOeWIzTnZablF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lhVWxNM1VLUW1QNnF5RzdwM0g1bjh0MXpnb3BhUUMrMTVlQlhDaUdXZVJQelIzNFlWeHpvODBSWVlpMHJmMEt0TzlmazVlbTk3ZUw0Y3pRT2hVUE1xK3d0OXQwTEREZjBCcFM3OVlXK0N2SFZwazNCaHlEZTZMai9MaUJSSWY2RWMrRUdjMXNhLy84NVE1eUlxT1RkMU5RQWJBY1oxeDlHOTI1a2RYS24zajZUNTdqNWErNXlQQng5elo0SnNCdm0rc0F6SnI0Mzd5Y2hrK2pwd3BONUJMTFdGMkdLbkVGWGxjSllQYmVvSXlJZkZxa3cxYUpQVGd1cmswWEpnVklXWmozVE1IdHcrcms0dEgxMGIwTmVscFJaRndhLzQ4c1ZmTHE1b1BIS2ZpNFNrUjZmcjRiQWZqQ2R1Z0pyOGJ5NHlpL3dxWUVGMm4zVDJiKzJwZGtsQWdNQkFBR2pnY1l3Z2NNd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQkZCZ05WSFI4RVBqQThNRHFnT0tBMmhqUm9kSFJ3T2k4dlkzSnNMbWRsYjNSeWRYTjBMbU52YlM5amNteHpMMjF6Wm5SbGJuUnRiMkpwYkdWeWIyOTBZMkV1WTNKc01CWUdBMVVkSlFRUE1BMEdDMkNHU0FHRytFVUJDRFFCTUE0R0ExVWREd0VCL3dRRUF3SUJCakFkQmdOVkhRNEVGZ1FVWENwa0cxa1NEdXB3Z0NFVU9GS3RDTW5wbG9Bd0h3WURWUjBqQkJnd0ZvQVVUZXpmSmdiY0pCREF0cG4wMXpuSGJ4bjRKaWd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUR4V0dkVTB5dHpOd2ZZbEhmMy8rTDNoYkJNZG1XTnNnNktBS2pDQnY4a2d2SDk3b0xXZTE1c01mSG1RNGo5ZVErMDJpdVpFV1FRU0ZZV0xTd0gxTm5WbHpIK1MzMDV4bFFlTVFEVWxVMWxoZGpOeUpXYlFlR0J0OFZZa09JQ005L1pUdm5yMm1YdVpsVHR4eHE4V2U4WTUyK2VaK0Y1R2QrSjBIYmZkYmF3YVhVYXF4L1FnQ3d6TTM4cW9pQld4d2JQZXRXbk83OHhjMmdlYjdSMzBia3hTUXJMTTRFVGNTanhIb3AwaC9JQVdVZUhIcHh3Y29tWkt5NzV1UEllLzJlTnZtcFZLb0dEb0pJOHB6YlNOaDZDMUxLMUZ5ZDNrYXhiQVZKcGVLcFVJSk9Ka0RubzM0bG9hOStZa1BRc1ZIRjI2TVVLQ1BRMHYxdTdqNGY1V3c0cz08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUVMekNDQXhlZ0F3SUJBZ0lDQWFFd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pJeEN6QUpCZ05WQkFZVEFsVlRNUjB3R3dZRFZRUUtFeFJUZVcxaGJuUmxZeUJEYjNKd2IzSmhkR2x2YmpFdU1Dd0dBMVVFQ3hNbFYybHVaRzkzY3lCUWFHOXVaU0JGYm5SbGNuQnlhWE5sSUVGd2NHeHBZMkYwYVc5dWN6RTBNRElHQTFVRUF4TXJVM2x0WVc1MFpXTWdSVzUwWlhKd2NtbHpaU0JOYjJKcGJHVWdRMEVnWm05eUlFMXBZM0p2YzI5bWREQWVGdzB4TXpBMk1EZ3hOalE1TXpoYUZ3MHhOREEyTVRJd09URTNOVGRhTUZreEhqQWNCZ05WQkFzVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVlTUJ3R0ExVUVBeE1WVFdsamNtOXpiMlowSUVOdmNuQnZjbUYwYVc5dU1SY3dGUVlLQ1pJbWlaUHlMR1FCQVJNSE5UTTBNakkxT0RDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVJ3RG1kQzBkM1lGUXNON2FVZnd3WHA1T2RINGYrYlVmWlJMZHlrS2tUS3MyZVFGTHRRL3pUSElobkxEVlYxR2djbGtNeUNGdXFYNk1qZUVWVXlCNFJxS1JvYkI1MTRxa21ZSGdSdUx6emdLcnRSMFdFSy9wMUFwejZRT1RSb05GMVhGK0Y2aitESjBqRFhaV0xveHl0V1hrTjJ4cUJiVmRjNXVGTEE0d1U2L2dFYWp5ZWJTOWFyaDRuWTBNWThsUHBxRE1KTVlRNVQxNVUwdGprdVk3UWtXTnIvMGhGelZneWRaRFRyb2puY2FpSmd1Wm5kRGhjK2NUS3V1OEdKanlkUW9BcUJ5WGNSbnBIS0s0Y3lYZ2JUNjJFUllqVUtYcVVFWmFURlh0dGdyanR5Y2Q5VTM0L3k0dG5TUTYybS9vanIvUjJLaDE4cnhpSTRCWjY5ZitFQ0F3RUFBYU9CeGpDQnd6QWZCZ05WSFNNRUdEQVdnQlJjS21RYldSSU82bkNBSVJRNFVxMEl5ZW1XZ0RBT0JnTlZIUThCQWY4RUJBTUNCNEF3SUFZRFZSMGxCQmt3RndZSUt3WUJCUVVIQXdNR0MyQ0dTQUdHK0VVQkNEUUJNRUVHQTFVZEh3UTZNRGd3TnFBMG9ES0dNR2gwZEhBNkx5OWpjbXd1WjJWdmRISjFjM1F1WTI5dEwyTnliSE12YlhObWRHVnVkRzF2WW1sc1pXTmhMbU55YkRBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlFKQk1lRmYvdUIxeFZHcTVESTluYm9ZTnE2bXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhRV0dzQmpjcWRoK2F6QjJ0MGxXREJJMWFJRTZVZlQ5cjJUYktBN2pkdjRzdk5KRGIrcy9mTit2ZXMydFJqV25YaDZIS0xacVNkbFpUT3NodzIxV1UxNEE1bUlNNnRMNVdGL1F6dll5aU5HTHAwU1VNa2pSdXpFRDlaT0RrSElkV21Ca0FDS1pGWE92ajQ2TWxPVGZLYVJQdXZPR1NEYktkbGRVY3dWalR3UWpnbHpTY05hUjROL3l0M2FsRUUxQ01jZXJjYUpFZ2xITmpsc0svUFZkMGFTU1YzeHRhNmNvTHBURFlFVlB4bjJ4QnVQd21JeHJ6VHh1QkhUMmNSakN3WDhobC9kRkFxSC94YzBQWFQzbEFVbzZDMDY2b2lEZ3JTQ1gwYUhGcVlTZjROZVNselQ5NFdZTWsrblEwdFBLclVvV2p2N1d1UTlWSUsrMzhmQm5HUT09PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PC9BRVQ+"/>
</characteristic>
</characteristic>
</wap-provisioningdoc>
Link to app
http://bit.ly/19fnUyO
It also offers the source code:
http://apps.windowsstore.com/DashBo...4ab6a18?version=59091.elpplk&resource=sources
The file is named WPAppStudio.xap
THIS JUST ADDS MICROSOFT CORPORATION AS A COMPANY ACCOUNT AND DEPLOYS AN XAP BASED ON IT.
So, this isn't really good news. Back to looking at a company account exploit?
Click to expand...
Click to collapse
It might be possible to find an exploit in the XAP installer that installs the XAPs from the browser, and use that to install an app with higher privileges, and accessing the filesystem and/or the registry with full access?
Actually, that's pretty good. Company apps have lower restrictions, and are easier to install. Also, that's a provxml document... we should see if we can modify it and get it to do anything else interesting for us!
@GoodDayToDie, I was thinking the same thing of the provxml document. That would be EPIC if we could modify it to change registry...
@GoodDayToDie, @snickler I'm gonna try to use fiddler to redirect that request to my own server with an edited file and see what happens. Going to start with setting the MaxUnsignedApp value. Wish me luck
IzaacJ said:
@GoodDayToDie, @snickler I'm gonna try to use fiddler to redirect that request to my own server with an edited file and see what happens. Going to start with setting the MaxUnsignedApp value. Wish me luck
Click to expand...
Click to collapse
Ohhh please tell me how this works out! I wanted to do the same thing, but I have to wait for MS to get back with my invitation code.
Best of luck!
@snickler No matter how I do, it ends up showing the AET.aetx as a text file. Doesn't matter if it's the original one or the edited one.
Original one is available at: http://www.izz0.eu/AET.aetx
Edited one is available at: http://www.izz0.eu/AET2.aetx
Feel free to try on your own.
@GoodDayToDie, you've got any ideas? You're like a walking knowledgebase ;D