This is a new thread created in order to clean up most of the Hacking and Development forums. Several hardworking developers and myself (I can't exactly call my self a developer, but I still can contribute in some way) have been plugging hours into this and it needs its own thread in order to help understand what Interop was for WP7, how it worked then, and how we work for finding it in WP8. For most of this, I can't say I'm a definitive source for this type of knowledge. I'm just another WP8 user who wishes for more tweaks .
Anyways, I have a few PMs to send and this and the next few posts will be updated with the relevant information.
EDIT: This first post will be about the process to getting close edit things required for InteropUnlock on WP8 devices as of now, as it hasn't been achieved yet.
At the moment the complete process requires installation of WP SDK and/or installing Windows Phone Power Tools, downloading and deploying @snickler 's Lumia Registry Editor.
snickler said:
I did find THIS.
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=dword:7FFFFFFF"
That translates to the value of InteropUnlock by default which means we should be able to sideload more than 10 apps at a time.
I also found these within policy xml files.
Code:
Microsoft.BaseOS.SecurityModel.policy.xml
<Capability ElementID="2EF45E94A01864DE3387212D6E73AEA885E709AD0F24FB97FE2E84728CB09D14" AttributeHash="49B8EC80A54998B68D7F65A44A340FD28B535494B7A41D650FD94851E38A6B6B" Id="ID_CAP_DEVELOPERUNLOCK" AppCapSID="S-1-15-3-1024-2489250862-3731101856-757172019-2830005102-2903107461-2549818383-1921265406-345878668" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1443" FriendlyName="Enable bearing chamber to load unsigned modules" Visibility="Internal" />
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>
Click to expand...
Click to collapse
How Interop works
I'll start by adding this from a different thread
GoodDayToDie said:
It's a valid point. Interop-unlock loosened a lot of restrictions on WP7, and was presumably used by OEMs and MOs who needed easy ability to install ID_CAP_INTEROPSERVICES apps to test their high-privilege apps.
However, in WP8, things are different. What capabilities can be installed is now controlled via the policy engine, or whatever it's WP8 equivalent is called. Policy "classes" are indicated via key usage identifiers in the certificates used to sign XAPs. ID_CAP_INTEROPSERVICES (and nearly all other interesting capabilities) requires the class intended for use by OEMs. If we can't get our hands on such a signing key, or find some way to spoof it, we may be in a pickle with regard to a jailbreak via this approach.
It's possible that interop-unlock will function much as before too, though; freeing the limitations on app capabilities for all apps, even unsigned ones. It's worth a shot. Somebody might want to decompile the relevant code and investigate, though.
Click to expand...
Click to collapse
Reserved Post 2 - What Interop's purpose served, ect
ssoo I can't read...
Check out the thread I just started/please merge the other thread with this one (If it belongs here). Hopefully my find will be useful! http://forum.xda-developers.com/showthread.php?t=2407441
compu829 said:
Check out the thread I just started/please merge the other thread with this one (If it belongs here). Hopefully my find will be useful! http://forum.xda-developers.com/showthread.php?t=2407441
Click to expand...
Click to collapse
Yes, please move your post. I'd do it voluntary before mods start having to clean this board.
Related
I searched and got nothing in the forum about homebrew, so i figured i'd ask about it. Is it possible for us with this phone to do any of the homebrew stuff out there? I have been without my laptop so cannot really try anything yet, but I see articles about little apps and aesthetic changes people are doing to their Samsung and HTC wp7 phones and i want in on it too.
I loved that homebrew community when i had my Palm Pre back in the day and had it hacked to my liking. I really hope we can do this with our phones too. I have looked into it a little but, but i don't think the guys who have done the unlocking and developing for wp7 have used, tried or have access to our phone. I really hope I'm wrong and just haven't had any luck searching for answers, but so far i haven't really found anything specifically stating whether anything works on the DVP yet.
If they have, could someone point me in the right direction and i'll continue learning on my own? If not, then i hope we can some day.
Thanks for any help y'all can provide.
I'm looking to attack this problem from the other end. I'm the developer of one of those "little apps" you mentioned; specifically the one that lets you change the Search function in IE (when you hit the Search button or mis-type a URL).
I'm working with a homebrew library that more-or-less handles HTC, Samsung, and LG, but completely doesn't support Dell. I'd like to get it working with Dell so that
A) You all can use my app
B) More homebrew apps can be written for the DVP
Some questions that I have (answers to any are appreciated):
How can I programmatically identify a Dell phone? (On an HTC, you can check for HKLM\Software\HTC in the registry.)
Does anybody have ProvisionXML working on the Venue Pro yet? (This is a really handy way to make changes to the OS.)
Does anybody have a way to get access to the file system, even read-only, on the Venue Pro?
Thanks a bunch. In the meantime (and possibly helpful to this cause) there's a homebrew project called "Functional Webserver" in the WP7 Hacking forum. It should work on Dell phones (I think) and means you should have at least Socket (networking) APIs. It also gives (read-only) access to the \Windows directory, which may be very useful for getting other stuff...
GoodDayToDie said:
I'm looking to attack this problem from the other end. I'm the developer of one of those "little apps" you mentioned; specifically the one that lets you change the Search function in IE (when you hit the Search button or mis-type a URL).
I'm working with a homebrew library that more-or-less handles HTC, Samsung, and LG, but completely doesn't support Dell. I'd like to get it working with Dell so that
A) You all can use my app
B) More homebrew apps can be written for the DVP
Some questions that I have (answers to any are appreciated):
How can I programmatically identify a Dell phone? (On an HTC, you can check for HKLM\Software\HTC in the registry.)
Does anybody have ProvisionXML working on the Venue Pro yet? (This is a really handy way to make changes to the OS.)
Does anybody have a way to get access to the file system, even read-only, on the Venue Pro?
Thanks a bunch. In the meantime (and possibly helpful to this cause) there's a homebrew project called "Functional Webserver" in the WP7 Hacking forum. It should work on Dell phones (I think) and means you should have at least Socket (networking) APIs. It also gives (read-only) access to the \Windows directory, which may be very useful for getting other stuff...
Click to expand...
Click to collapse
I would like to submit my services to help you get that information... However, I'm not really sure how to get that to you. If you'd be happy to lay out directions so I can get you that information, I'll happily do it on my Dell Venue Pro.
Thanks for the help!
@nabiscuit Thanks for the offer. The first step is making sure your phone is developer-unlocked, so you can side-load (install directly, not from Marketplace) XAP application packages. All homebrew apps are distributed in this way. The official way to do this is to have a Microsoft developer account (http://create.msdn.com/) although for the next few weeks ChevronWP7 should also work.
For the first question, try installing a Registry Viewer or Registry Editor app - there are a number of them available, both on this site and on TouchXperience (I like the TouchXperience one a lot). Go poke around for anything that looks like a distinctive registry key or value. The most likely place is under HKLM. You could also just do a registry search (the better apps have at least some capability for such searches) for "Dell" as *anything* with that string is probably distinctive.
For the second, it will take access to native code. Using the "Functional Webserver" app you can download some file from the phone's /Windows directory. Checking them for useful COM exports would be helpful, although I'm not the person to ask about doing that - I can do NT drivers and I can do managed code, but COM is not my thing. Try asking for help with this in the general Windows Phone 7 Development and Hacking forum (http://forum.xda-developers.com/forumdisplay.php?f=606).
For the third question, I could actually whip up a small app that *might* work already. You could also try Advanced Explorer (XDA) or TouchXplorer (TouchXperience) although I don't think either is guaranteed to work outside of HTC phones. If you're willing to try running an app that will check for read and write in a number of harmless parts of the file system, I can code one up for you to run and report results back.
Thanks again!
I'd love to get some homebrew development going, is there anything I can do to help?
Try getting in touch with notebookgrail (http://forum.xda-developers.com/member.php?u=3174632) as he seems to be pulling apart the DVP native libraries and finding lots of cool stuff to do with their COM interfaces. I don't know if he has registry write yet - one of the core functions that a lot of homebrew apps want - but if so I can work on getting it integrated into a nice cross-device library for writing apps which (should... grrr Samsung) work on any phone.
GoodDayToDie said:
Try getting in touch with jessej (http://forum.xda-developers.com/member.php?u=3220709) as he seems to be pulling apart the DVP native libraries and finding lots of cool stuff to do with their COM interfaces. I don't know if he has registry write yet - one of the core functions that a lot of homebrew apps want - but if so I can work on getting it integrated into a nice cross-device library for writing apps which (should... grrr Samsung) work on any phone.
Click to expand...
Click to collapse
Did u mean to point it to me as i was the one who did pull apart the native libs.?
If not, sorry for the intrusion.
Yes, send your request to notebookgrail. I am not on his level for development purposes. But I do appreciate the comment.
Whoops, sorry about that notebookgrail! I must have looked at a response instead of the OP by accident. I've fixed my post above. Thanks a bunch for the work you've done. Any word on registry writing?
any progress?
Rebranded to WP8 Registry Tools from Lumia Registry Modifier
This is a basic registry viewer/editor demonstration using Registry dlls pulled from Nokia xaps within the latest FFUs.
First, a few things to note.
1) This only retrieves values from HKEY_LOCAL_MACHINE
2) It CAN read DWORD values now, but can't write. (Hell you probably won't be able to write ANYWHERE, but the code is there)
Instructions are quite simple.
To Read Values:
1) Put the Registry key in the first box (ex. SOFTWARE\Classes\MIME\Database\Codepage\1254
2) Put the Registry Value in the second box (ex. 1254)
3) Press Get Value.
To Set Values:
1) Put the Registry key in the first box (ex. SOFTWARE\Classes\MIME\Database\Codepage\1254
2) Put the Registry Value in the second box (ex. 1254)
3) Put the new registry value result in the Set Value box.
4) Press Set Value.
This is very very basic, but I wanted to just show off something using what Nokia has provided us.
We can't write dword values unfortunately so hopes of using this to change the MaxUnsignedApp value are lost. This MAY be possible with @GoodDayToDie 's WP8NativeAccess library, but with this it isn't.
In case everyone wondered what that key is... SOFTWARE\Microsoft\DeviceReg\Install
Side load away
Hmm... I get Access Denied in my library on most keys that I've tried to write. If you can write the codepage, that's interesting (generally speaking, HKLM has stronger protections). I'll double-check whether I can write there myself. If not, but you can, then we have an elevated privilege attack vector...
Also, we should see whether the app runs on non-Nokia devices. I suspect that it will, if it works the way I think it does, but in that case it also won't have much in the way of permissions.
Getting DWORDs to work is a good project, I'm sure it's possible (works fine in NativeAccess, incidentally).
EDIT: Any chance you could include the source?
snickler said:
This is a basic registry viewer/editor demonstration using Nokia's Native Registry dll pulled from one of their apps.
First, a few things to note.
1) This only retrieves values from HKEY_LOCAL_MACHINE
2) DWord values aren't supported.
Instructions are quite simple.
To Read Values:
1) Put the Registry key in the first box (ex. SOFTWARE\Classes\MIME\Database\Codepage\1254
2) Put the Registry Value in the second box (ex. 1254)
3) Press Get Value.
To Set Values:
1) Put the Registry key in the first box (ex. SOFTWARE\Classes\MIME\Database\Codepage\1254
2) Put the Registry Value in the second box (ex. 1254)
3) Put the new registry value result in the Set Value box.
4) Press Set Value.
This is very very basic, but I wanted to just show off something using what Nokia has provided us.
This doesn't seem to work with dword values unfortunately so hopes of using this to change the MaxUnsignedApp value are lost. This MAY be possible with @GoodDayToDie 's WP8NativeAccess library, but with this it isn't.
In case everyone wondered what that key is... SOFTWARE\Microsoft\DeviceReg\Install
Side load away
Click to expand...
Click to collapse
atleast its a start.
GoodDayToDie said:
Hmm... I get Access Denied in my library on most keys that I've tried to write. If you can write the codepage, that's interesting (generally speaking, HKLM has stronger protections). I'll double-check whether I can write there myself. If not, but you can, then we have an elevated privilege attack vector...
Also, we should see whether the app runs on non-Nokia devices. I suspect that it will, if it works the way I think it does, but in that case it also won't have much in the way of permissions.
Getting DWORDs to work is a good project, I'm sure it's possible (works fine in NativeAccess, incidentally).
EDIT: Any chance you could include the source?
Click to expand...
Click to collapse
ah yes, sorry about that. Let me load up my laptop
EDIT: Source added.
Hi I found the Registry item
(File path : <ffu>\Windows\Packages\RegistryFiles\SOFTWARE.REG)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
where we can set extensions and their types.so is it possible to add a new extension so that it will also be supported and visible in sdcard ?
vivekkalady said:
Hi I found the Registry item
(File path : <ffu>\Windows\Packages\RegistryFiles\SOFTWARE.REG)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap
where we can set extensions and their types.so is it possible to add a new extension so that it will also be supported and visible in sdcard ?
Click to expand...
Click to collapse
It doesn't support creating new key values, only modifying existing ones. If the data is within one key value and it's able to be read, then it should be able to have things added to it.
EDIT: From what I've seen, what you're trying to do won't be possible with this. Each extension has a different key value.
We may need to start an "interesting registry values" thread here, similar to the one for WP7. Of course, it'll be more interesting if we can actually change any of them.
Oh, and the app works on my ATIV S, just by the way. Need to find some interesting paths to test it on, though.
EDIT: Have you been able to write to *any* values using this? It fails for me every time, but I haven't tried that many yet.
GoodDayToDie said:
We may need to start an "interesting registry values" thread here, similar to the one for WP7. Of course, it'll be more interesting if we can actually change any of them.
Oh, and the app works on my ATIV S, just by the way. Need to find some interesting paths to test it on, though.
EDIT: Have you been able to write to *any* values using this? It fails for me every time, but I haven't tried that many yet.
Click to expand...
Click to collapse
it has failed for me also. The only values I could write to were the ones that corresponded to Nokia. I'll look through the code again and make another update. I'm going to also rebrand it since it works for non Lumia phones.
Interesting about the Nokia paths working. That could be some characteristic of the DLL you use having better permissions or something specific to OEM stuff, but I actually suspect it's just that Nokia didn't bother to lock down the ACLs on their parts of the registry. You can easily adapt the app to my NativeRegistry class to test this, if you want.
Hmm that's a good idea. I just rebranded it to WP8 Registry Modifier. I'll add in your NativeRegistry class to work along with the RegistryRT class to see what comes about.
DWORD support
For DWORD support, take a look at the Nokia.SilentInstaller.Runtime.wim... The "CSilentInstallerRuntime" class contains multiple methods to interact with the registry including:
CreateKey
GetRegDWORDValue
GetRegSZValue
GetRegSZValueL
IsRegistryDWORDValueExists
IsRegistryKeyExists
IsRegistryREGSZValueExists
SetRegDWORDValue
SetRegSZValue
A bit off topic, I found a way to launch any URI... Literally, ANY URI (app:// http:// or anything). I can launch any application (using the GUID - so it must be a registered application but doesn't have to be one that you see in your programs list) and go to a specific page within that application. I can also pass any kind of query string that could unlock some hidden features in an application (such as the Extras+Info application - I can launch it using any dial string even though my ROM has that particular dial string disabled). I do so by launching a Toast message which allows me specify a launch uri and once it pops up, I click it. If anyone's interested, I can post a code sample for that...
@GoodDayToDie I'm able to read DWORDs with your NativeRegistry framework. I haven't been able to write though (I've only looked at the MaxUnsignedApp reg value).
What I think I'm going to do is possibly scrap the RegistryRT framework and just use yours. I can then make an even more robust app.
cpuguy said:
For DWORD support, take a look at the Nokia.SilentInstaller.Runtime.wim... The "CSilentInstallerRuntime" class contains multiple methods to interact with the registry including:
CreateKey
GetRegDWORDValue
GetRegSZValue
GetRegSZValueL
IsRegistryDWORDValueExists
IsRegistryKeyExists
IsRegistryREGSZValueExists
SetRegDWORDValue
SetRegSZValue
A bit off topic, I found a way to launch any URI... Literally, ANY URI (app:// http:// or anything). I can launch any application (using the GUID - so it must be a registered application but doesn't have to be one that you see in your programs list) and go to a specific page within that application. I can also pass any kind of query string that could unlock some hidden features in an application (such as the Extras+Info application - I can launch it using any dial string even though my ROM has that particular dial string disabled). I do so by launching a Toast message which allows me specify a launch uri and once it pops up, I click it. If anyone's interested, I can post a code sample for that...
Click to expand...
Click to collapse
I was actually looking at the SilentInstaller not long ago. I got sidetracked by the fact that I could use the NativeRegistry read DWORD values. I'll check that out and upload a new build in a few
GoodDayToDie said:
We may need to start an "interesting registry values" thread here, similar to the one for WP7. Of course, it'll be more interesting if we can actually change any of them..
Click to expand...
Click to collapse
I can write one up later. I have several registry keys that I'd like to bring attention to.
NOTE: I don't see anything editable yet, at least I can read it to compare it to the files in the ffu.
Launching a URI should be possible more directly than that, using ShellExecute, or similar, but that way is cool (and doesn't require importing unofficial native functionality).
Just a word of warning: NativeRegistry is under heavy modification. I hope to have the next Alpha release done soon, which brings a ton of changes, but in the meantime you might want to follow the changes on CodePlex; while I test every build that I push, I don't always publish the binaries.
There will be two ways to use the registry through NativeAccess soon: one is to use fairly thin wrappers around the native functions (that's mostly what's implemented now, but it will be expanded to include key and value enumeration, key creation, etc.), and the other is to use a class more akin to a .NET RegistryKey class, offering the ability to interact in a more object-oriented manner (where the object itself represents an open key).
Something I did notice when I tried to compile the NativeRegistry source (I just ended up using the binary you had for my testing) is that it kept blowing up on the include for WinReg.h. I don't have that anywhere. Am I missing something?
snickler said:
Something I did notice when I tried to compile the NativeRegistry source (I just ended up using the binary you had for my testing) is that it kept blowing up on the include for WinReg.h. I don't have that anywhere. Am I missing something?
Click to expand...
Click to collapse
I'm not sure how GoodDayToDie did it himself (probably same approach I take it) but I compiled it using the "WinReg.h" from the Windows 8 SDK and removing the desktop-only compiler "if" instruction (lines 49 and 1446). And like he mentioned, you also have to create the KERNALBASE.LIB with the required registry export functions for the linker.
cpuguy said:
I'm not sure how GoodDayToDie did it himself (probably same approach I take it) but I compiled it using the "WinReg.h" from the Windows 8 SDK and removing the desktop-only compiler "if" instruction (lines 49 and 1446). And like he mentioned, you also have to create the KERNALBASE.LIB with the required registry export functions for the linker.
Click to expand...
Click to collapse
Ah ok, thanks!
cpuguy said:
A bit off topic, I found a way to launch any URI... Literally, ANY URI (app:// http:// or anything). I can launch any application (using the GUID - so it must be a registered application but doesn't have to be one that you see in your programs list) and go to a specific page within that application. I can also pass any kind of query string that could unlock some hidden features in an application (such as the Extras+Info application - I can launch it using any dial string even though my ROM has that particular dial string disabled). I do so by launching a Toast message which allows me specify a launch uri and once it pops up, I click it. If anyone's interested, I can post a code sample for that...
Click to expand...
Click to collapse
Yes, please post your code and give yourself your own thread (at least keep it here in development ). There are a lot of underlying dialer codes that Nokia disabled when flashing the 928s. Also this could mean we could have a custom app launcher, if you wanted to customize it that way. Most of the work we have done on WP8 has occurred in the past few months; we are finally getting so close to the first InteropUnlock for Nokia/WP8.
Sent from my RM-860 (Lumia 928) using the OFFICIAL Tapatalk app.
I'm trying to figure out the correct method prototype (since this is a method that appears to be WinPhone only and isn't part of the SDK so, no details on it whatsoever)... I stumbled upon this toast functionality in "NokiaFrameworkOBAWinPRT.dll" under the "DevPropHelper" class. The method to call is "InvokeToast". This method ends up calling "Shell_PostMessageToast" in "ShellChromeAPI.dll" (this is what I'm trying to invoke directly without going through the Nokia dll).
Add a reference in your project to "NokiaFrameworkOBAWinPRT.winmd" (you can find this in newer versions of the Extras+Info app)
Add the necessary <InProcessServer> tag (to allow the "NokiaFrameworkOBAWinPRT.DevPropHelper" class) in the <ActivatableClasses> section of you WMAppManifest.xml file
In the code... Create an instance of "NokiaFrameworkOBAWinPRT.DevPropHelper"
In the code... Call the "InvokeToast" method (of the previously created object) passing it:
Application GUID (can be your local app's GUID - doesn't seem to matter)
URI to launch in string format
Toast title (can be anything)
Toast content(can be anything)
When the Toast notification pops up, click on it and that's it.
I'll try to put this as simple as possible.
PLEASE tell me if I have missed anything or need to add any more information
First, you have Developer Unlock, which put simply, when you submit an app to the store, it gets "signed" with a digital signature. Windows Phone devices will only run applications with that signature. Since if you are developing an app, it is not "signed" so with a Developer Unlock, you are able to run applications without a "signature" on any Windows Phone device but there are limits.
That's where Interop-Unlock comes in. A developer-unlocked device can sideload an app but the app is not able to access the Windows Phone system and Registry. Every app, whether sideloaded or installed from the Windows Phone Store, MUST declare what functions the apps needs to use to function properly. To access certain parts of the system and registry, it needs to declare "ID_CAP_INTEROPSERVICES" in the WMAppManifest.xml. A normal app, for example "Doodle Jump" declares these functions:
Code:
<Capability Name="ID_CAP_NETWORKING" />
<Capability Name="ID_CAP_SENSORS" />
<Capability Name="ID_CAP_MEDIALIB" />
<Capability Name="ID_CAP_GAMERSERVICES" />
<Capability Name="ID_CAP_IDENTITY_DEVICE" />
Which is basically the app telling the phone "Hey man, I need to be able to access the internet (ID_CAP_NETWORKING), access your motion sensor (ID_CAP_SENSORS), media library, Xbox Live and your device's identity.
Those declared functions are allowed by the Store and to be sideloaded. However to edit the registry, the app needs the ID_CAP_INTEROPSERVICES declaration in the WMAppManifest.xml. The Store does not allow apps with this declaration to be uploaded by 3rd-party developers. Nor does the device allow the app to deploy with that declaration.
Here's where the problem is. In order to allow the app with the INTEROPSERVICES cap to be deployed, you need to override an entry in the Registry (setting the maximum allowed apps to be deployed to over 300 overrides the INTEROPSERVICES cap.). But in order to override the entry, you need the INTEROPSERVICES cap to edit the registry (chicken-and-egg, anyone?).
This restriction was introduced in the Windows Phone 7.5 update but thankfully, 1st-party and 2nd-party developers are able to upload apps with the INTEROPSERVICES cap declared (1st-party, namely Microsoft and 2nd-party being OEMs). So what we do is find a weakness, or exploit in the app to be able to edit the Registry.
How this was done for Samsung Windows Phone 8 devices was that the Samsung Diagnosis app that was hidden, had a registry editor hidden somewhere within the app. @GoodDayToDie and -W_O_L_F- found the editor and managed to Interop-Unlock the Samsung ATIV S, which was found to work on other Samsung Windows Phone 8 devices. This does NOT work on other devices as Samsung uses a method to edit the registry that is not found on other devices.
What we are doing now in the Development & Hacking Sub-forum is trying to find exploits in those 1st-party and 2nd-party applications on Windows Phone. We hope to find a way to Interop-Unlock other devices as soon as possible, but only time will tell...
redacted
So from what i understand, apps which Microsoft/Nokia release have the special ability to change the registry and changing the registry can interop unlock your phone. So you find how the app does that and use it to change the registry. Am i right?
hashmiakbar said:
So from what i understand, apps which Microsoft/Nokia release have the special ability to change the registry and changing the registry can interop unlock your phone. So you find how the app does that and use it to change the registry. Am i right?
Click to expand...
Click to collapse
They have permissions to change the registry settings for their own apps, but that is all.
Use snickler's registry app to see it in action.
Sent from my Lumia 928 (RM-860) using Tapatalk
Because my GSM network's automatic time is somehow set wrong, the set automatic time+date doesn't work for me, so this is a quite useful app for me, it can get various NTP server times and synchronize the phone's time and date to it.
It can currently sync with multiple NTP servers, I tried to add as many as I could find, although the default Russian NTP server one works fine most of the time.
Since another person did most of the programming, and not me, it will be updated if needed, but that update might not be immediate...please add any comments bellow...second post is reserved for change log descriptions. Feel free to add your insight, along with any comments, they're all valuable.
TIA
p.s.
As of yet this can't be published to windows phone store because it uses INTEROPSERVICES capability (among other things), if anything about that changes you will be notified immediately with the store link, also you'll be notified if this ever starts working on other manufacturer's phones....until then please make sure your phone is developer unlocked to deploy/sideload it...and that it is interopunlocked to work.
p.p.s.
Last, but not least, thanks to GDTD and dimoniche.
post rsrvd
wow
I was somehow expecting some ugly but functional UI, but this certainly is awesome, and it works flawless!!
and the UI is well done!!
Any chance you can post the source? There's a capability (not INTEROPSERVICES) that specifically enables setting the time; it might be better to use that instead.
GoodDayToDie said:
Any chance you can post the source? There's a capability (not INTEROPSERVICES) that specifically enables setting the time; it might be better to use that instead.
Click to expand...
Click to collapse
Could you please provide this capability (for setting time)? I've tried to use kernel's SetSystemTime (with GetProcAddress trick) but it always returns 0 (i.e. BOOL FALSE).
You probably want ID_CAP_BUILTIN_SETTIME. Will probably require capability-unlock, but should let you use the Win32 APIs.
By the way, no need to mess with GetProcAddress. You can get the function prototype (from MSDN or from the header files) and link against the relevant library directly (may need to use DLL2LIB to extract the link library from the DLL).
GoodDayToDie said:
You probably want ID_CAP_BUILTIN_SETTIME. Will probably require capability-unlock, but should let you use the Win32 APIs.
Click to expand...
Click to collapse
I've got a build error: Error 1 The 'Name' attribute is invalid - The value 'ID_CAP_BUILTIN_SETTIME' is invalid according to its datatype 'String' - The Enumeration constraint failed.
GoodDayToDie said:
By the way, no need to mess with GetProcAddress. You can get the function prototype (from MSDN or from the header files) and link against the relevant library directly (may need to use DLL2LIB to extract the link library from the DLL).
Click to expand...
Click to collapse
App build by this way will never pass marketplace certification.
Well, not any more than a third-party app using ID_CAP_INTEROPSERVICES (or, probably, ID_CAP_BUILTIN_SETTIME) would, no... Unless you have a reason to try and be sneaky about what the app is doing, I find my approach to be more readable and straightforward. However, it's true that if you're trying to pull a fast one, it probably won't work because the import will appear in the PE data and that's easy to find.
GoodDayToDie said:
However, it's true that if you're trying to pull a fast one, it probably won't work because the import will appear in the PE data and that's easy to find.
Click to expand...
Click to collapse
Hmm... I believe we've already discussed how that stuff works (as far as I remember, I've sent you a source code). There is no imported function names in the import section, everything loaded dynamically (except one call). And - "yes" - it works perfect for store certification (just check current number of "volume controllers" at the store)
HI all
i was analysing some XAP files from my Nokia 937 rom (1028.3562.1402.0001 ).
i found f8cfb72ef3b442e58508fbee6d4e5567.xap (??? nokia maps ???) with some interesting files in it.
NokiaRegistryUtils.dll
i played with the NativeToastLauncher but can not find the app://xxx path to start this dll
the WMAppManifest.xml also contains :
<Capability Name="ID_CAP_INTEROPSERVICES" />
i uploaded this complete pack to : http://www5.zippyshare.com/v/9853721/file.html
can someone please analyse these files ??? can we use these file(s) for unlocking ?
Thanks in advance
M
p.s. I only want to help you all with (interop)unlocking the nokia lumias !
1) Question threads don't belong in this sub-forum, really...
2) NativeToastLauncher launches pages (usually XAML) in an app, not DLLs (although the XAML will usually be *in* a DLL, in which case the DLL's name is in the launch path).
3) We've known about those libraries for months.
4) We can't use them for unlocks unless we find a way to specify an arbitrary registry key and registry value; something like a mapping app is highly unlikely to have any such mechanism... (it just saves and reads data for its own use).
GoodDayToDie said:
1) Question threads don't belong in this sub-forum, really...
2) NativeToastLauncher launches pages (usually XAML) in an app, not DLLs (although the XAML will usually be *in* a DLL, in which case the DLL's name is in the launch path).
3) We've known about those libraries for months.
4) We can't use them for unlocks unless we find a way to specify an arbitrary registry key and registry value; something like a mapping app is highly unlikely to have any such mechanism... (it just saves and reads data for its own use).
Click to expand...
Click to collapse
OK OK ! thanks for the info
as i said ...i just want to help you all to find the "hole" to unlock these Nokia lumias !
megasounds said:
OK OK ! thanks for the info
as i said ...i just want to help you all to find the "hole" to unlock these Nokia lumias !
Click to expand...
Click to collapse
be sure there's no way in Nokia Xaps .
I searched in them many times , NO Way
ngame said:
be sure there's no way in Nokia Xaps .
I searched in them many times , NO Way
Click to expand...
Click to collapse
I'm 100% sure Nokia developers are monitoring xda forums since Nokia decided to manufacture Windows Phones. And 99.9% sure they already knows about all successful hacks for WP (actually most of these hacks based on the manufacturers bugs).
sensboston said:
I'm 100% sure Nokia developers are monitoring xda forums since Nokia decided to manufacture Windows Phones. And 99.9% sure they already knows about all successful hacks for WP (actually most of these hacks based on the manufacturers bugs).
Click to expand...
Click to collapse
Yes exactly .
Nokia hack is very hard and also want a long way to be success (If we can )
sensboston said:
I'm 100% sure Nokia developers are monitoring xda forums since Nokia decided to manufacture Windows Phones. And 99.9% sure they already knows about all successful hacks for WP (actually most of these hacks based on the manufacturers bugs).
Click to expand...
Click to collapse
It doesn't matter if you can downgrade FW.
1) Downgrade
2) Unlock
3) Update
But. Nobody unlocked even old FW.