Hey guys,
I am wondering, if it is possible to write to the wmappmanifest.xml file within the app.. I searched on the net,but i didnt find some anwer. The only thing i found was how to read this file: http://www.developer.nokia.com/Comm..._Manifest_(WMAppManifest.xml)_file_at_runtime
If it would be possible we could,try to implement the capability INTEROPSERVICES programmatically..
Two problems with that.
First of all, the app's install directory is read-only to the app permissions. You can't create, delete, or modify any file there from within the app (without some sort of "jailbreak" at least).
Second, and possibly more importantly, the permissions sandbox (or "appcontainer") that the phone uses to restrict an app is created at app install. Modifying the manifest is unlikely to have any benefit whatsoever (it certainly didn't help on WP7).
A good idea, though. Always glad to see people checking for such things.
GoodDayToDie said:
Two problems with that.
First of all, the app's install directory is read-only to the app permissions. You can't create, delete, or modify any file there from within the app (without some sort of "jailbreak" at least).
Second, and possibly more importantly, the permissions sandbox (or "appcontainer") that the phone uses to restrict an app is created at app install. Modifying the manifest is unlikely to have any benefit whatsoever (it certainly didn't help on WP7).
A good idea, though. Always glad to see people checking for such things.
Click to expand...
Click to collapse
I searched on the msdn network and saw that artikle:http://msdn.microsoft.com/en-us/lib...?cs-save-lang=1&cs-lang=csharp#code-snippet-2
Examples
Use the file APIs, such as Windows.Storage.StorageFolder.CreateFileAsync | createFileAsync and Windows.Storage.FileIO.WriteTextAsync | writeTextAsync, to create and update a file in the local app data store
Click to expand...
Click to collapse
Requirements
Minimum supported client
Windows 8
Minimum supported server
Windows Server 2012
Minimum supported phone
Windows Phone 8
DLL
Windows.Storage.ApplicationData.dll
Click to expand...
Click to collapse
maybe it would be possible... I tried to implement it to a sample app, but i failed at the system.io stream...
The app data store and the app install location are completely different things. The data store is a per-app read/write location that is initially empty. The install location is a read-only location that contains the contents of the XAP file (including the manifest and executable code). They are located in different parts of the file system (I could tell you the paths if you want), they have different permissions, they are accessed using different APIs, and they are not interchangable.
even in case of root access, I highly doubt WMAppManifest is ever used after app is installed.
ultrashot said:
even in case of root access, I highly doubt WMAppManifest is ever used after app is installed.
Click to expand...
Click to collapse
Yep, I did some experiments a long time ago: WMAppManifest and/or WPInteropManifest are used on deployment only.
gipfelgoas said:
Hey guys,
If it would be possible we could,try to implement the capability INTEROPSERVICES programmatically..
Click to expand...
Click to collapse
And what does this capability give? (useful for)
I did run native api calls from w8 app, but the file system and process restrictions don't allow anything useful to do (like other than own or system32/ files browsing; registry is readable only; also no useful privileges present)
p.s. 2all: is it possible somehow to install original .xap files (taken from Market) via
\Microsoft SDKs\Windows Phone\v8.0\Tools\XAP Deployment\XapDeploy.exe"
or VS (on dev unlocked device)?
ID_CAP_INTEROPSERVICES is a Windows Phone app "capability" flag that tells the OS to allow the app to access (specifically, create handles to) drivers by device name. This is useful because drivers run outside the security context of the OS, so they are not sandboxed, and thus if they offer IOCTLs (on Windows, DeviceIoControl codes) that can do useful things for us, we can use those IOCTLs to our own benefit.
This is the standard way that OEM apps do stuff which would normally not be possible, like controlling the cellular radios or accessing parts of the filesystem that are outside the app sandbox. Each OEM includes one or more drivers in their ROMs which support these operations.
On WP7, this was the way that early homebrew worked. Access to the filesystem (TouchXplorer, Advanced Explorer) and write access to the registry (Advanced Explorer, Registry Editor, Advanced Config, and others) were made possible by OEM-provided COM DLLs which in turn opened device handles and invoked IOCTLs to obtain the required access. Later, WP7 Root Tools worked by directly accessing the drivers and exploiting security vulnerabilities within them that Heathcliff74 had discovered to gain arbitrary code execution in the kernel. That will be harder on WP8 (assuming we even get that far) because of the many exploit mitigations in the NT6.2 kernel, but it's worth a shot. Even if we can't pull that off, though, there's a decent chance we could get something like the Windows RT "jailbreak" to work, and a good chance that we could get something like the old Advanced Explorer to work.
GoodDayToDie said:
ID_CAP_INTEROPSERVICES is a Windows Phone app "capability" flag that tells the OS to allow the app to access (specifically, create handles to) drivers by device name. Each OEM includes one or more drivers in their ROMs which support these operations...
were made possible by OEM-provided COM DLLs .
Click to expand...
Click to collapse
Thanks for explanations!
Basically i don't see any app using ID_CAP_INTEROPSERVICES in 820.ffu/nokia820 image(having in manifest) . Am i missing something?
As far as i understand If we don't have ID_CAP_INTEROPSERVICES we can't load or properly use OEM-provided COM DLLs? (not enough rights) Am i right?
NB: can anybody suggest such COM-DLL (name) to explore? (as example) from wp8? (as i understand there are no such dlls in WP8 x86 emulator from SDK?)
Thanks again!
smx06 said:
Thanks for explanations!
Basically i don't see any app using ID_CAP_INTEROPSERVICES in 820.ffu/nokia820 image(having in manifest) . Am i missing something?
As far as i understand If we don't have ID_CAP_INTEROPSERVICES we can't load or properly use OEM-provided COM DLLs? (not enough rights) Am i right?
NB: can anybody suggest such COM-DLL (name) to explore? (as example) from wp8? (as i understand there are no such dlls in WP8 x86 emulator from SDK?)
Thanks again!
Click to expand...
Click to collapse
If you want to see a OEM app which uses ID_CAP_INTEROPSERVICES look at this: https://rapidshare.com/files/4165178711/825962362f3144b7a1115d0bb6a3935b.xap Its a app from the Nokia RM860 with product code 059r225 in ncs. In this xap file are also used some other caps, with a "normal" developer cant access.
If we don't have this (or other) capabilities, our app runs in a sandbox and cant access to system features, such as file system ...
If you want to see a COM-DLL, download a ffu file, mount it with this and go then in the windows/system32 directory..
gipfelgoas said:
If you want to see a OEM app which uses ID_CAP_INTEROPSERVICES look at this: https://rapidshare.com/files/4165178711/825962362f3144b7a1115d0bb6a3935b.xap
If you want to see a COM-DLL, download a ffu file, mount it with this and go then in the windows/system32 directory..
Click to expand...
Click to collapse
Thanks for the xap! (if You have some researches on it, it could be also great; to start from already explored stuff)
About COM-DLL i mean not ordinary ones (which i can see in /system32/ of wp8 SDK emulator or /system32/ on my phone), but those DLLs (or +drivers?) which are used by ID_CAP_INTEROPSERVICES apps (to do somthing like reg writing; FS access, etc.)
Thanks!
On WP7, COM DLLs were needed to access the drivers (because WP7 apps couldn't use C++ directly and don't have APIs to wrap CreateFile (for getting the driver handle) or DeviceIoControl (to call IOCTLs). On WP8, COM DLLs (or something like them) may or may not be used; I think it's possible to do what needs to be done using the official C++ SDK but I haven't checked.
In any case, the COM DLLs were just wrappers around the driver IOCTLs. The drivers are the ones that do all the heavy lifting, because they're the things that have the required permissions. Also, I guarantee you that there are some high-permission drivers on the Lumias; you can't do an app like the storage checker/cleanup or whatever it is without them. That requires filesystem access well in excess of what an app is normally allowed to have.
GoodDayToDie said:
Also, I guarantee you that there are some high-permission drivers on the Lumias; you can't do an app like the storage checker/cleanup or whatever it is without them. That requires filesystem access well in excess of what an app is normally allowed to have.
Click to expand...
Click to collapse
Ok. The simplest way to check is to search such apps (with interop cap) in the registry (afair all apps are registered there with listed caps)
shall try on my 820. also the registry viewer could be useful to search somth else..
But i doubt they really are (as there were nothing similar inside the image).
p.s. and as i understand there are no chances of finding somth like this (DLL or sys) in wp8 x86 emulator (that could be much easier to review in IDA)
p.p.s. i think all people know that is possible to mount vmdk disk of wp emulator and reverse all system modules (x86).
Related
Hello,
I need beta testers running Mac OS X to test a new application.
This application is for people who are either uncomfortable or unwilling to use Terminal and ./adb for pushing files to their device.
This first beta version is just to test how it works on different computers. It pushes the file to the sdcard of the phone using ./adb. The only input needed from the user is to select the file.
Later releases will let the user choose which folder on the device to copy to, but the next release will probably just involve pushing .apk to the /system/app folder.
Please let me know the results.
http://derekcwilkinson.com/PushFile.zip
Beta 2:
http://derekcwilkinson.com/Push_File_Beta_2.zip
Change Log:
Added option to choose the location that the file is to be pushed to.
Added Recovery application
Added Reboot application.
Planned Updates:
Pull File - Done
Device Backup - Testing (having issues)
Device Backup w/SD - Testing (having issues)
Install .apk - Done
Uninstall .apk
Restore Backup - Needs Device Backup
Restore Backup w/SD - Needs Device Backup
Flash ROM - Need help, PM me
I'll test it Downloading it now.
Works fine, I look forward to seeing it progress. I'll probably just use adb when I need to push something, but I'll keep testing whenever you update.
I've updated the first post with a new beta. This new beta includes:
Push file to specified location.
Reboot device
Reboot device into recovery.
derekwilkinson said:
Hello,
I need beta testers running Mac OS X to test a new application.
This application is for people who are either uncomfortable or unwilling to use Terminal and ./adb for pushing files to their device.
This first beta version is just to test how it works on different computers. It pushes the file to the sdcard of the phone using ./adb. The only input needed from the user is to select the file.
Later releases will let the user choose which folder on the device to copy to, but the next release will probably just involve pushing .apk to the /system/app folder.
Please let me know the results.
http://derekcwilkinson.com/PushFile.zip
Beta 2:
http://derekcwilkinson.com/Push_File_Beta_2.zip
Change Log:
Added option to choose the location that the file is to be pushed to.
Added Recovery application
Added Reboot application.
Planned Updates:
Pull File - Ready
Device Backup - Testing
Device Backup w/SD - Testing
Install .apk
Uninstall .apk
Restore Backup
Restore Backup w/SD
Flash ROM - Need help, PM me
Click to expand...
Click to collapse
nice this looks like it could be the underpinnings of droid explorer for Mac.
gunnyman said:
nice this looks like it could be the underpinnings of droid explorer for Mac.
Click to expand...
Click to collapse
It could be, but I'm going to need someone to help me create the UI for running the scripts. Right now they are all just separate applications
derekwilkinson said:
It could be, but I'm going to need someone to help me create the UI for running the scripts. Right now they are all just separate applications
Click to expand...
Click to collapse
Perhaps, since it's free, you could build the whole thing to run as a Safari extension? I don't know how feasible this is, just spitballing ideas.
Well I just finished the app to install applications. This could be especially useful for newbies who want to install custom applications. All they have to do is select the .apk and it installs.
The .apk installer is now ready for download.
http://derekcwilkinson.com/Derek_Wi...0/6/9_Push_File_for_Android__Install_APK.html
Just downloaded... I'll give it a try, thanks
Something very similar is being developed or Windows and Linux, maybe you can use it or work with the developer to get a working port to MAC. http://forum.xda-developers.com/showthread.php?t=683223
As a Mac user, it's very much appreciated that people like you put an effort to developing for our platform. Resources are very scarce and people new to Android are often discouraged with the more advanced stuff of the OS.
srkmagnus said:
Something very similar is being developed or Windows and Linux, maybe you can use it or work with the developer to get a working port to MAC. http://forum.xda-developers.com/showthread.php?t=683223
As a Mac user, it's very much appreciated that people like you put an effort to developing for our platform. Resources are very scarce and people new to Android are often discouraged with the more advanced stuff of the OS.
Click to expand...
Click to collapse
Great idea, it would be nice to allow users to browse the device for files. Right now, unless an app is being installed, they have to know the name of the file and location
Hey,
I'm working on an application that involves writing files to the private files dir of an application. In the first stage I only had to write to the default files dir so I just used the openFileInput() method from an Activity (Context). Now that I've done that I was about to expand and write files in different directories for different purposes. This resulted in:
"java.lang.IllegalArgumentException: File foo/bar.txt contains a path separator"
This stackoverflow question explains the problem nicely. The suggested solution probably works but I'm wondering how I should implement it. I would like to feature the permissions and anything else that I might require to have robust I/O.
http://stackoverflow.com/questions/...rchy-in-anroids-data-data-pkg-files-directory
Also, in my experience, when API developers prohibit such a feature there's a reason for it. So if anyone has any thoughts on that, by all means enlighten me
Thanks!
bump.....
Any idea's, pointers, voodoo, ... ?
Wolf2000me said:
Hey,
I'm working on an application that involves writing files to the private files dir of an application. In the first stage I only had to write to the default files dir so I just used the openFileInput() method from an Activity (Context). Now that I've done that I was about to expand and write files in different directories for different purposes. This resulted in:
"java.lang.IllegalArgumentException: File foo/bar.txt contains a path separator"
This stackoverflow question explains the problem nicely. The suggested solution probably works but I'm wondering how I should implement it. I would like to feature the permissions and anything else that I might require to have robust I/O.
http://stackoverflow.com/questions/...rchy-in-anroids-data-data-pkg-files-directory
Also, in my experience, when API developers prohibit such a feature there's a reason for it. So if anyone has any thoughts on that, by all means enlighten me
Thanks!
Click to expand...
Click to collapse
i use some of the java.io.File methods (like exists(), mkDir(), delete()) on files & directories below the app 'files' directory, and havent encountered any problems in Android 2.0.1 - 2.3.
- jc
Hi folks!
So, inspired by the discoveries on this thread, I set about creating an app to easily discover and delete space-wasting files. This app is now in Alpha stage, and will be advanced to Beta as soon as it is feature-complete.
Requirements: capability-unlock (interop-unlock plus EnableAllSideloading). In the case of files that can't be deleted normally, the app will attempt to use the Samsung-specific RPC Component to move them to the SD card (and delete them from there). The app will still run on non-Samsung phones, or those without SD cards (although you'll get a warning at launch in either case) provided they meet the other requirements, but some folders won't be cleanable.
Current state: Alpha 0.2.1
History:
Alpha 0.2.1: Files will now be checked for the Read-Only flag, and it will be removed if possible, both before attempting an in-place deletion and after moving to SD. In case of an error, the exception type will now be given in the report. Files with a "Modified" date in the future will now be included by default as well.
Alpha 0.2.0: Added Move-to-SD-and-then-delete as a work-around to permissions issues. Added warnings if Samsung RPCComponent or SD card are not present. Truncated overly-long messageboxes to avoid the app hanging for a few minutes due to an accidental tap. Re-compiled as release build for performance.
Initial release (20 Feb 2014)
Source code is available at https://wp8storagecleanup.codeplex.com/
Please post feedback here!
Known issues:
Many locations that we nominally have access to don't actually grant *delete* access, only read and write/create (yes, NT tracks permissions for Delete separately from Write). Thus, a lot of files that you'd like to delete might not actually go away. (Sadly, this includes the EdmCache\Lib folder mentioned in the thread linked above). I'm working on it!
Should be fixed as of 0.2.0, if you have a Samsung phone and an SD card!
Many locations set the Read-Only flag on their files, making them un-deletable even with move-to-SD.
Should be fixed as of 0.2.1, which removes RO flags either in-place or acter move-to-SD
The app startup is pretty slow. Well, it's actually fairly fast, but it seems slow because the entire structures of all relevant directories are traversed before the UI is shown. I will move that to a background/async thread "soon".
Viewing the files for some locations (like the TIF folders, which often have hundreds or thousands of files) will cause the app to hang for a long time while it tries to format kilobytes of text into a MessageBox.
As of 0.2.0 this problem should no longer occur, as the messages will be truncated before being displayed in the MessageBox.
There's no way to change the list of locations. Well, not short of re-compiling the app, at least. I'll move them to external storage soon.
Features I want to implement:
Filtering (especially for specific folders) to files older than a certain date. This is actually already supported by the app; there's just no UI for it.
Adding additional locations for cleaning out files from, and removing locations too. Ideally, these would persist across runs of the app.
One button to select (or clear) all locations.
Option to hide locations which have no files of interest (just to make the list smaller).
Ability to edit a given location's filters (filtering on filename patterns is already implemented, but again, there's no UI for it). This should persist too.
At some point, the ability to select (or de-select) specific files or folders for deletion, in case the filtering isn't fine-grained enough. This is pretty easy to add; I just hate writing XAML.
While I'm at it, the ability to delete directories might be good. Currently this tool only deletes files.
More detailed errors when deleting a file fails. It's *usually* ERROR_ACCESS_DENIED, but it could be something else (like the file being in use by another program).
An option to move files to the SD card instead of deleting them. This would save space while providing the ability to implement an un-delete. True un-delete would require some kind of log or structure to the moved files.
Speaking of logs, I really should have the app generate one. Again, the basic stuff is already there; in fact, it generates *too much* text, so much so that I had to make it truncate MessageBox contents at about a KB.
Option to report file sizes in units based on powers of 1000 or powers of 1024 (currently it uses powers of 1000).
Internationalization would be good.
Possibly, at some point in the future, the ability to check (and clean out) the storage of other apps. You can clean them by just removing (and re-installing) them, of course, but sometimes that's a pain, and a more specific filter may be good.
Possibly an in-app update notification when new versions come out...
Reserved for OP.
Good work waiting for further versions
Sent from my GT-I8750 using Tapatalk
Hack:
Move "undeletable" files to directory, where you can delete them with RPC and delete.
the RPCComponent doesn't actually change the file ACLs, and may even turn inherited ACLs into file-specific ones when used; I previously tried copying files from unreadable locations to System32, and was still unable to read them even though I could now see them and see their file size. Very irritating.
My work-around for that is to move them to the SD card, which (being a FAT file system) has no ACLs at all. They can then be deleted from there. This works great... if you have an SD card. While I imagine most Ativ S users have installed such a card (it's one of the best features of the Ativ S, the only first-gen WP8 device to both have good specs *and* a microSD card) and they're pretty cheap if not (only needs to be big enough to briefly store the file being moved; 4GB would be more than enough), it's annoying to introduce dependencies like that. Still you've gotta do what you've gotta do...
GoodDayToDie said:
the RPCComponent doesn't actually change the file ACLs, and may even turn inherited ACLs into file-specific ones when used; I previously tried copying files from unreadable locations to System32, and was still unable to read them even though I could now see them and see their file size. Very irritating.
My work-around for that is to move them to the SD card, which (being a FAT file system) has no ACLs at all. They can then be deleted from there. This works great... if you have an SD card. While I imagine most Ativ S users have installed such a card (it's one of the best features of the Ativ S, the only first-gen WP8 device to both have good specs *and* a microSD card) and they're pretty cheap if not (only needs to be big enough to briefly store the file being moved; 4GB would be more than enough), it's annoying to introduce dependencies like that. Still you've gotta do what you've gotta do...
Click to expand...
Click to collapse
Just make it an option
OK, I implemented the Move-to-SD-and-then-delete hack. It's considerably slower that in-place deletion but it works. I also built the app for Release (rather than debug) which improves initial performance somewhat, and truncated long messages so you don't have to watch the phone struggle to display a messagebox with 200KB of text.
installed on my lumia 520 with developer unlocked...Not able to open.
Deployed successfully....but no app icon in Application list....
How to launch it?
tell me?
You need capabilities-unlock, it is not possible yet on Lumias. Only on Ativs
Sent from my GT-I8750 using Tapatalk
Got an error deleting my Internet Explorer Temp Files
edit: same with all other files
trytogetme said:
Got an error deleting my Internet Explorer Temp Files
edit: same with all other files
Click to expand...
Click to collapse
maybe they were currently in use?
-W_O_L_F- said:
Hack:
Move "undeletable" files to directory, where you can delete them with RPC and delete.
Click to expand...
Click to collapse
That´s the best solution atm. For example I move files from the appdata folders with the RPC to the local storage of my app and delete them there using a background worker.
Amirphp said:
installed on my lumia 520 with developer unlocked...Not able to open.
Deployed successfully....but no app icon in Application list....
How to launch it?
tell me?
Click to expand...
Click to collapse
If you actually managed to even get it installed, I'm impressed! It should have reported an error. This app uses both ID_CAP_INTEROPSERVICES and some capabilities that installable apps aren't supposed to have at all. There should have been at least two different errors if you tried to install it on a Lumia...
@trytogetme: Are you using the newer version, and do you have an SD card in the phone (with at least a bit of space; it doesn't need much)?
If so, I'll try to dig deeper into what the problem could be. @error0x0000034 has a good point, though; you may want to try running the app immediately after rebooting the phone.
I have same problem, with little files too
Sent from my GT-I8750 using Tapatalk
GoodDayToDie said:
@trytogetme: Are you using the newer version, and do you have an SD card in the phone (with at least a bit of space; it doesn't need much)?
If so, I'll try to dig deeper into what the problem could be. @error0x0000034 has a good point, though; you may want to try running the app immediately after rebooting the phone.
Click to expand...
Click to collapse
Restarting the phone doesnt help for me.
Still the error. The app doesnt care what folder I want to clear. Got that error every time
Hmm. I'll see if there's something I can do about that. One thing I found is that some files are marked Read-Only. Unlike proper ACLs, that flag persists after the move to microSD. It's easy to remove, though. I'll add code to check for, and remove, that flag.
Can you connect your phone to USB and check the SD card? If there's a folder called "StorageCleanerTemp" on the root of the SD card, that means there were files moved by the PRCComponent but which the app subsequently failed to delete. The most likely reason is that they were flagged as Read Only. (it's worth noting that this would have removed them from the phone's internal storage anyhow...)
I just deleted my Temporary Internet Files using v0.2.0, exactly the same as you can get here. It took something like 10 minutes - I really need to optimize that - but it worked, deleting some 2600 files totaling over 200MB.
GoodDayToDie said:
If you actually managed to even get it installed, I'm impressed! It should have reported an error. This app uses both ID_CAP_INTEROPSERVICES and some capabilities that installable apps aren't supposed to have at all. There should have been at least two different errors if you tried to install it on a Lumia...
Click to expand...
Click to collapse
i used xap Deployer 2.0
And installed without any error...
But No app icon...as i told earlier.
But when i tried to deploy via windows Power Tools...then i got error...
But no error with Xap deployer 2.0.
Are there any other folders or files that could be deleted to regain space from system files?
My system is at 9.59GB, but even the StorageCleanup says I can free up to 215.3MB only, with the Store app package cache holding only 1-2 .zmz files (with about 30MB, the most is in Temporary Internet files, at about 170MB)...
Each time I delete some apps I installed previously (just about 4GB of apps right now), pretty soon that free space gets "eaten up" by the system leaving me with just MB/KBs free?! It's unreal how Microsoft hasn't at least addressed this as a bug yet, maybe it's going to be fixed in 8.1, hopefully developer preview's coming soon...
@GoodDayToDie - I wanted to rebuild the xap myself and see if I could help out myself somehow, but I'm having a problem with deploying the app from VS2013 with the standalone WP8SDK installed, in particular with these capabilities:
<Capability Name="ID_CAP_CHAMBER_PROFILE_DATA_RW" />
<Capability Name="ID_CAP_COMMS_SERVICES" />
<Capability Name="ID_CAP_COMMS_APPLICATIONS" />
<Capability Name="ID_CAP_COMMS_COMMON" />
<Capability Name="ID_CAP_DU_SHARED_DATA" />
<Capability Name="ID_CAP_DUASVC" />
<Capability Name="ID_CAP_EDM_CACHE_WRITE" />
<Capability Name="ID_CAP_ENTERPRISE_SERVICE" />
<Capability Name="ID_CAP_PHONE_INTERNAL" />
<Capability Name="ID_CAP_PUBLIC_FOLDER_FULL" />
<Capability Name="ID_CAP_ZMFSERVICES" />
failing build with these 1 error + 10 warnings:
The 'Name' attribute is invalid - The value 'ID_CAP_CHAMBER_PROFILE_DATA_RW' is invalid according to its datatype 'String' - The Enumeration constraint failed, etc...
How do you get around it please? And is your CRPComponent free to use/distribute? I'd like to use some of its method calls (which I will share afterwards - hope you don't mind that I got it from the xap file - the dll&winmd files)...
I know that during the installation process, xaps are scanned for any "illegal" capabilities in the WMAppManifest.xml file. Does anyone know what purpose this file serves after an xap has been installed on the device?
My thought is this:
Install an app with a non-elevated WMAppMAnifest.xml. Then when you launch the installed app, it updates the xml file with additional capabilities (Interop Services, for example) and exits. Then when the app is relaunched, it will have access to the new capabilities in the xml file?
What do you guys think? Has this been done before? is that xml file only used during installation?
compu829 said:
I know that during the installation process, xaps are scanned for any "illegal" capabilities in the WMAppManifest.xml file. Does anyone know what purpose this file serves after an xap has been installed on the device?
My thought is this:
Install an app with a non-elevated WMAppMAnifest.xml. Then when you launch the installed app, it updates the xml file with additional capabilities (Interop Services, for example) and exits. Then when the app is relaunched, it will have access to the new capabilities in the xml file?
What do you guys think? Has this been done before? is that xml file only used during installation?
Click to expand...
Click to collapse
i think i tried this way and app returned failure error
i'm sure about that any app have to check capabalities during installation but in launch times i don't know that phone check caps again or no.
best work to test is changing this file in an interop unlock full fs phone and see the re-action
Caps are written to package manager database & global account database. WMAppManifest isn't used after installation is finished.
Yeah, this method was tried long, long ago.
Besides, even if it worked and the file was checked later, all that would mean is that you couldn't launch the app anymore. The capabilities-vs.-unlock-level appears to be checked at every startup, not just at install.
@GoodDayToDie @ultrashot I figured as much, thanks for the info.
On a semi-related note, I just received a completely different HTC 8x (T-Mobile branded) back from HTC (5th time in for repair). If this one really works, maybe I can have some fun with my Lumia 521 and/or try to figure out how to unbrand/mod the 8x. I really want to add WiFi calling to the 8x, but I need to add some certs, a missing dll, and some reg keys.
Hi,
I've been able to use vcREG 1.5 on a 950XL to execute any exe file via services.exe, except it's getting stopped by Code Integrity. That's also why putting older NdtkSvc.dll doesn't work on the newer phone (aside from the fact that it has to be in c:\windows). I thought oh maybe any valid arm executable signed by microsoft would be enough, so I copied some executables from the Raspberry Pi Windows 10 IoT image, but I could only get them to run inside the app sandbox because they weren't in the system catalog :'(
Example:
21-March-2016 15:04:08.339601 0x000003D4 0x00000F88 Verbose Microsoft-Windows-CodeIntegrity Code Integrity completed validating file hash. Status 0xC0000428.
21-March-2016 15:04:08.339631 0x000003D4 0x00000F88 Error Microsoft-Windows-CodeIntegrity Code Integrity determined that a process (\Device\HarddiskVolume37\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume39\WPSystem\ftpd.exe that did not meet the Windows signing level requirements.
So now the trick is to find an executable on the system that currently exists, that can be used to gain further access... I've been trying various things like OOBE stuff etc without any luck so far.
Hoping someone else has some ideas... maybe even executing a dll function to import registry from a file or something directly, then we could unlock interop on 950's..
Thanks
Great work
maybe you can MTP your 950/950xl and look for the files in the \windows folder
micheal
Can you tell me how to execute a exe via services.exe ? Thanks?
naiple said:
Can you tell me how to execute a exe via services.exe ? Thanks?
Click to expand...
Click to collapse
use vcREG1.5 to edit HKLM\SYSTEM\ControlSet001\Services\NlpmService\ImagePath
Change it to whatever executable you want, reboot and it will run as LOCAL SYSTEM, provided that it is signed correctly.
NOTE: Changing this will stop your Glance screen from working, so take note of the original value and restore it after you are done if you use glance.
megasounds said:
Great work
maybe you can MTP your 950/950xl and look for the files in the \windows folder
micheal
Click to expand...
Click to collapse
Actually using MTP isn't the best thing for that, because you are missing out on more than half of the available executable files as they are not viewable via MTP on 950/XL due to permissions. It's best to mount the FFU image and look around that way.
I have already looked and tested most of them, thus why I was asking if anyone else had some ideas.
darkfires said:
use vcREG1.5 to edit HKLM\SYSTEM\ControlSet001\Services\NlpmService\ImagePath
Change it to whatever executable you want, reboot and it will run as LOCAL SYSTEM, provided that it is signed correctly.
NOTE: Changing this will stop your Glance screen from working, so take note of the original value and restore it after you are done if you use glance.
Click to expand...
Click to collapse
Thanks! I will try it on my lumia
darkfires said:
use vcREG1.5 to edit HKLM\SYSTEM\ControlSet001\Services\NlpmService\ImagePath
Change it to whatever executable you want, reboot and it will run as LOCAL SYSTEM, provided that it is signed correctly.
NOTE: Changing this will stop your Glance screen from working, so take note of the original value and restore it after you are done if you use glance.
Click to expand...
Click to collapse
I can't find NlpmService because my lumia730 don't have a Glance screen ... is there any way else to run a exe?
naiple said:
I can't find NlpmService because my lumia730 don't have a Glance screen ... is there any way else to run a exe?
Click to expand...
Click to collapse
I only decompiled the NdtkSvc on 950XL, the one on 730 might be different. But to answer your question there is only one other way, and it will kill USB so you won't be able to connect to it via PC at all until you reverse the change. If you post your NdtkSvc.dll I can check it for you.
HKLM\SYSTEM\ControlSet001\Services\NokDeviceHubSvc\ImagePath
darkfires said:
I only decompiled the NdtkSvc on 950XL, the one on 730 might be different. But to answer your question there is only one other way, and it will kill USB so you won't be able to connect to it via PC at all until you reverse the change. If you post your NdtkSvc.dll I can check it for you.
HKLM\SYSTEM\ControlSet001\Services\NokDeviceHubSvc\ImagePath
Click to expand...
Click to collapse
Ahh, i find the Nlpmservice. Don't know why i cant find it yesterday... And if you need any thing(unlocked bootloader, uefi...) from 730 or 540 i can post it, both are prototype and can enter massStorage. Hope i can help you. Thank you for the answer
naiple said:
Ahh, i find the Nlpmservice. Don't know why i cant find it yesterday... And if you need any thing(unlocked bootloader, uefi...) from 730 or 540 i can post it, both are prototype and can enter massStorage. Hope i can help you. Thank you for the answer
Click to expand...
Click to collapse
I'm trying to do something different and I found this topic so if you still have these devices can you extract NlpmService.dll file from System32 and upload it here for me?