Stupid Simple Interop Unlock? - Windows Phone 8 Development and Hacking

While I was writing and testing a WP 8 web app, I had it connected via wifi to Fiddler2. When I plugged my Dev Unlocked HTC 8x into my computer, the phone "dialed out" to h ttps://developerservices.windowsphone.com/Services/WindowsPhoneRegistration.svc/01/2010/DeviceStatus?deviceId=deviceid&fulldDeviceId=fulldeviceid The response is an XML packet that tells the phone how many days are left of being DeveloperUnlocked as well as the number of apps that are allowed!
this request/response sequence happens EVERY time I plug my developer unlocked Windows Phone 8 into the USB port of my Dev PC and PIN unlock it.
Keep in mind I installed the root cert that Fiddler generated for my PC a while back, so it can decrypt HTTPS traffic to/from my phone.
If anyone knows what the integer equivalent of "that magic DWORD value" is, I will craft a custom response packet and see if it changes anything.
Please see the attached screenshot for proof!
Edit:
So I did try GoodDayToDie's xaps and it looks like increasing the value from 10 to 2147483647 (I think its the integer equivalent to 0x7FFFFFFF) didn't have any effect that I could see. The InteropCapNoOem xap fails to deploy with error code 0x81030120. This error code normally means you are NOT interop unlocked back in the WP7 days. The OemCapsNoInterop.xap file generates an error telling me to "fix the Capabilities in [the] WMAppMAnifest.xml file.
I wonder if I can sideload more than 10 apps now though?
Maybe we can figure out what app is generating this "call home" and see if there are any other funky things we can stick in the xml tree?

Whoa. I could have sworn they were using cert pinning for that. I'll investigate, though...
EDIT: Couldn't get that connection request even showing up on my work computer. Will try from home.

Here is the service operations page:
https://developerservices.windowsphone.com/Services/WindowsPhoneRegistration.svc/help and (according to API) DeviceStatus call don't have fullDeviceId={FULLDEVICEID} parameter.
BTW, compu829, what is the fullDeviceId parameter, how it looks like?

Wait... You could change the value on the phone? That's a huge improvement. I'm stuck with only 3 apps (stupid dreamspark) and desperately need more!

This is a great find! I, unfortunately have never seen this happen though. Do you happen to know if you had the WP Device Registration program or the Application Deployment program running at the time?
EDIT: I've been debugging multiple apps with Fiddler up and proxy on my phone and I haven't noticed this. I see it now. I feel stupid lol Time to play around
EDIT 2: Microsoft does NOT like when you have fiddler intercepting on Registration. It returns a success result, but the developer registration tool gives an error indicating that it cannot connect to the phone. Grrr and after I went through the work of changing the response value for the number of apps that can be sideloaded. I bet this is a timing thing... I'll see what I can do.

I don't think it's timing. Even if I left the request completely unmodified and just ran it through the proxy to watch the process, the tool said that there was a problem, and the phone did not get unlocked. They're either testing for the presence of a proxy somehow, or there's some side channel that *is* using cert pinning, and is therefore unable to connect through Fiddler.

Also, editing the a:AppsAllowed element doesn't seem to work. The phone doesn't complain or anything, but the registry value doesn't change.

On my phone, I noticed it AFTER I had developer unlocked it. More concrete steps on what I did to reproduce:
1. On test PC, Installed Fiddler.
2. On test PC, exported trusted root certificate that Fiddler installed.
3. Emailed certificate to my phone and installed it.
4. Now enable the proxy on the phone. Things like email, Windows Phone Updates, etc will now work normally!
5. Plug phone in to Visual Studio Development PC, and wait for the PC to detect the device.
6. You will see the phone "dial out".
Without installing the fiddler trusted root certificate, you will see the handshake, but the phone doesn't know what do do with the packet because the certificate generated by fiddler is untrusted.
Using this same technique, you can have some serious fun with Windows Updates

GoodDayToDie said:
Also, editing the a:AppsAllowed element doesn't seem to work. The phone doesn't complain or anything, but the registry value doesn't change.
Click to expand...
Click to collapse
see last post Are you guys installing the trusted root certificate on your phone?

compu829 said:
see last post Are you guys installing the trusted root certificate on your phone?
Click to expand...
Click to collapse
It would be nice if Fiddler's cert was trusted :/. I'm able to see all HTTPS requests, etc but it just hates it when dev unlocking the phone. Which other trust root cert are you speaking about?

more detailed instructions
snickler said:
It would be nice if Fiddler's cert was trusted :/. I'm able to see all HTTPS requests, etc but it just hates it when dev unlocking the phone. Which other trust root cert are you speaking about?
Click to expand...
Click to collapse
this is what I did:
On Development PC:
1. Click Start, click Start Search, type mmc, and then press ENTER.
2. On the File menu, click Add/Remove Snap-in.
3. Under Available snap-ins, click Certificates, click Add, select current user, and then click Finish.
4. click ok to close the add/remove snap-in dialog
5. In the left-hand pane navigate to "Trusted Root Certification Authorities" --> "Certificates"
6. in the right-hand pane, look for the certificates labeled "DO_NOT_TRUST_FiddlerRoot" (I have two for some reason, you may only have 1)
7. Right-click on the certificate and go to "All Tasks" --> "Export".
8. Run through the certificate export wizard, leaving everything as the defaults.
9. Once you have exported your certificates, email them as attachments to your Windows phone.
10. Open the email on your WIndows Phone. Click on the certificate file and wait for it to process. Then when prompted, install it.
11. After that, any https traffic that you intercept/edit will go through as trusted to your Windows phone, provided that the application isn't expecting a specific certificate.
Things this made work:
1. all App communications over https
2. Windows Updates
3. all email accounts.
4. App Store communications (except for actually downloading apps, IIRC).
Things that didn't work:
1. Anything that requires certificate pinning as the certificate is embedded within the app. Therefore it doesn't make a call into the trusted root certificate store. I believe this includes running the actual "Developer Unlock" app.
if you place the following code in the "OnBeforeResponse" section of the CustomRules.js file, you should be able to install more than 3 or 10 apps, provided the program that is "phoning home" isn't using certificate pinning.
Code:
oSession.utilDecodeResponse();
oSession.utilReplaceInResponse("AppsAllowed>10</","AppsAllowed>400</");

... These are steps that have already been taken. You actually did even more steps then necessary. All you have to do is point to your computer's IP address and port that Fiddler is running on within IE Mobile (Make sure Remote IP access in Fiddler is enabled), click on the certificate and it will install on the phone. You'll be able to see the requests from the phone. Everything you listed above is what I've been able to do. Nothing different from what I was saying .

@compu829: Yes, of course I am. If I weren't, it wouldn't be possible to edit that value at all; I wouldn't even see it because the TLS handshake would fail... (FWIW, I work with proxies all the time, usually Burp Suite not Fiddler, but in any case I'm quite familiar with setting up the MitM certs). I do wonder whether there's something changed here (GDR2 change, maybe?) because I could have sworn that intercepting the phone's traffic during unlock didn't work at all before (presumably due to cert pinning). I may be mistaken, though.
In any case, it still doesn't *actually* work. I guess I could try invisible proxying - use ARP spoofing or a custom routing rule on the router to send the data through my PC, and capture/modify it there, without revealing the presence of a proxy - but I don't know if that's the issue or if it's something else entirely.
EDIT: Your steps are way more complex than needed. For example, you can export the root cert from Fiddler by going to Tools menu (in Fiddler) -> Fiddler Options -> HTTPS.

whoops lol. Oh well. I didn't realize it was so easy to export/Import!
Anyways, All I know is that I could pretty much do nothing on my phone when I connected it to the proxy until I emailed myself the root cert. Once I did that, email started flowing, apps started working, and WIndows Updates stopped erroring out.
It is entirely possible that whatever is generating the call is silently rejecting the response packet. I was just shocked when I plugged my phone in to see that packet show up.
I know that Windows Updates lets me modify the requests and responses without complaining, so maybe that is another way in? I assume that must be running elevated lol. Maybe we can get it to launch a background app that is already on the phone.

The way I see it, this will only work temporarily. Next time phone dials home without you running the Fiddler it will reset the AppsAllowed value. Am I right?

@amaric: If you'd actually read the thread, you'd see that it doesn't appear to work at all...
But yes, it would probably reset itself too. We don't have the ability (right now) to edit the registry keys which control that phone-home behavior. However, it might be / have been possible to do that if we had interop-unlock...

on the phone there is the file "PhoneReg.exe", which works with this data, and it check certificate Common Name (must be Microsoft...) and Thumbprint to hardcoded data

Didn't the ChevronWP7 work exactly like this until MS fixed the bug in NoDo?

@snickler, @GoodDayToDie
There is something I can't get out of my head...after the Ativ S devices are interop unlocked, they'd "reset" after a while until we made them stop phoning home...This means that somehow Microsoft is associating the phone's device ID with your interop level...is this something done purely server side, or is there a way to maybe send this info TO Microsoft's servers so they can send the info back to our phones? Just a thought....

That's an interesting research question; we can set the URLs which are used to make those "phone home" checks to a site we control, possibly use HTTP instead of HTTPS, and see if they work. Worst case, cert pinning will cause the connection attempt to fail and we're right where we are now; best case, it's... umm, well it's interesting, but I don't see any likelihood of actually getting *additional* permissions out of this. Still, I've been wrong about things like that before. Somebody want to set up a transparent HTTP -> HTTPS proxy to listen for the request, forward it, record the response and forward it?

Related

80072fd Push with SBS2003

My IT guys have been trying to get this push email thing working and it seems to be one difficulty after another and is not as simple as pressing "push email" in the connection icon....
Our latest error appears on my device with the above error code stating
"the security certificate on teh server is invalid. contact your exchange server administrator or ISP to install a valid certificate to the server".
I have read that I need to buy a public certificate from a public authority (CA) or similar such as Verizon or Thawte. Is this the case, or is there a simpler way to get this push email working using the existing configuration and setup of the server?
We use exchange SP2, with outlook 2003 all around. Internet based webmail works correctly with full access, and activesync via PC works perfectly, but push email encounters the above error.
Any suggestions.
are you sure it's 80072fd or 80072efd ?
I don't have a solution, but the problem is described in M$ knowledgebase article: 915438 - see attached Acrobat .PDF.
I had already tried the suggestion in KB915840 to import the certificate from my sbs2k3-domain, but this had failed with "cannot access the certificate" - even with them on the device. However, certificates from my clients' servers, both sbs2k and sbs2k3, import without problems. This happened both before and after o2's AKU2 ROM update - so AKU2 is not the problem. In addition, I spent Easter *totally* reinstalling sbs2k3 and tested it immediately afterwards. All the sbs2k3/Exch2k3-Sp2 boxes are fully patched. The certificate itself is correct/working, since it works for Outlook Web Access via the web with laptops and even the Exec (Universal).
Whilst sync'ing from the workstation via ActiveStink/USB, if you turn off the SSL requirement the sync suceeeds, but that's obviously not a working solution via the 'Net.
Update:
Just had a thought, and checked the various certificates in a hex-editor. The one from my sbs2k3 box is a completely different format. :? I'll see what I can find out.....
maybe not related, but here's a list of all ActiveSync Server Error Codes: http://blogs.flaphead.dns2go.com/archive/2005/11/21/3202.aspx
80072f0d
Sorry, the correct code is 80072f0d.
I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.
But I do find it painful and frustrating that microsoft do not adequately support their own platforms and systems dont integrate as they should and as they are promoted.
M$ sks.
Re: 80072f0d
simon_darley said:
....I know your pains astage, but there is no way we are pulling the box down and putting it back up again, our server hosts 30 + staff simultaneously and I cant take it down just to fix my one desire to have push email.....
Click to expand...
Click to collapse
I'm not sure if it was clear from my reply - too tired - but rebuilding the server did not help at all.
Yeh, the pains of rebuilding SBS and having it all configured and running correctly when the staff arrive in the morning is not something I do willingly - hence the use of the holiday. It was done only as a last ditch attempt to solve this and another problem that had Micro$oft totally stumped - not related.
There is a difference in the certificate formats, so that's where I'm concentrating my efforts now. Will let you know what I find.
80072f0d error - the fix!
Just spent the past hour kicking and calling myself an £$%&* idiot.:x
Anyway, to cut the story short, the problem *is* indeed the damn format of the SSL certificate exported by sbs2k3. For the WM5 device to import it, it needs to be in DER X509 format.
If you have imported it into your PC/laptop for OWA/OMA/RWW, then you can easily export it from IE's Internet Options into DER format.
From Internet Options:
- go to Content-tab
- click Certificates-button
- find and highlight your certificate - I had imported mine into Trusted Root Authorities
- click Export-button
- click Next on wizard page
- enable the "DER encoded binary X.509 (.CER)" radio-button, and click Next
- enter a suitable path & filename, e.g.: "myserver.cer"
- click Next, click Finish, click Ok.
- Now copy the certificate to your PDA via ActiveSync.
- Open File Explorer on the PDA,
- Find the certificate file and launch it.
- click Yes to import it and you're done!
I think the reason why my sbs2000 certificates worked was that I had installed Certificate Services on those boxes and exported those certificate from there. I don't understand why some of my client's sbs2003 certificates were in DER-format, and others weren't, but we are talking about Microsoft software, so what else should I expect......
msfp and 80072f0d
After testing a few different certificate variations, the engineers that maintain our servers was able to send me two alternative certificates, one or bother of them appear to ahve worked effective.
So it imported, and now my active sync works for receiving these emails, now I need to look at these heartbeat pings and find out how I set the periodic checking.
Just wondering, normally if you dial a gprs/3g connection, you pay once, and stay connected all day. Does this now mean that it connects, downloads, disconnects, then 5 minutes later reconnects, downloads, and disconnects, thus paying a much larger reconnect fee everytime?
I am playing with this as a new toy, but I can see the costs are going to go ballistic....
and... perhaps for all those that are already experienced here, how does one send an email that remote wipes the device?
is there a command, or a key word or something that makes the system realise the remote wipe command....
sorry, I know this is off the topic of my original post, but thought you might know.
if not, I can start a new topic....!!!
The certificates that I was given was a server.cer and a root.cer.
If anybody needs to know, I can ask the engineers how they did what they gave me to get it to work.
The remote wipe is done from the sbs2k3 box - or rather the box running Exchange2k3Sp2. Your admin needs to install a small tool that he (Domain Administrator credentials needed) then accesses via IE.
Microsoft has published a new white paper (Feb 2006) that describes the whole procedure - just a shame they missed the need for the certificate to be in DER format. The white paper is: "Deploying Windows Mobile 5.0 with Windows Small Business Server 2003".

ActiveSync config for Exchange

Trying to set up ActiveSync on my Telus P4000 (Titan), although the issue should be the same with an WM6.1 phone...
I can't for the life of my figure the right server settings to enter in the Configure Server section, and I have yet to find a definitive "this is how you do it" procedure for it. As near as I've been able to glean, for the "Server address" section, you give it JUST the domain name of the Exchange server, without an http:// or a /exchange or /oma or anything... correct so far? But the catch in my particular instance is that Exchange web access is on port 8080, rather than 80 or 433.
I've tried adding a :8080 to the server address, I've tried adding the http:// and/or https://, I've tried adding the /oma and /exchange to the end, and all combinations of the above, with no luck... when I go back into the settings, it's reverted to JUST the domain name. Is there somewhere else I can tell it to use a non-standard port? Registry key, maybe?
I'm not sure it works with other ports than 80 (HTTP) and 443 (HTTPS).
You just need to put your external A record in the server value.
Try using standard ports first to be sure everything is working, then switch.
Okay, well I managed to get rid of the "Cannot reach server" messages by switching back to "require SLL", and as it turns out, the server wasn't set up for SSL (it is now). So now I'm connecting, but getting certificate errors. At least I've found plenty of info about solving that issue, so on to the next step...
Soundy106 said:
Okay, well I managed to get rid of the "Cannot reach server" messages by switching back to "require SLL", and as it turns out, the server wasn't set up for SSL (it is now). So now I'm connecting, but getting certificate errors. At least I've found plenty of info about solving that issue, so on to the next step...
Click to expand...
Click to collapse
You will probabby have to install a certificate on the phone to be able to communicate with the exchange server. At least i had to...
playerkiller said:
I'm not sure it works with other ports than 80 (HTTP) and 443 (HTTPS).
You just need to put your external A record in the server value.
Try using standard ports first to be sure everything is working, then switch.
Click to expand...
Click to collapse
I've searched everywhere for info on using non-standard ports for activesync, and I haven't found anything, and I couldn't get it to work.
jeen said:
You will probabby have to install a certificate on the phone to be able to communicate with the exchange server. At least i had to...
Click to expand...
Click to collapse
Yeah, did that... still not helping
Go to first new post ActiveSync config for Exchange
Exchange ActiveSync cannot access the server if SSL is set to be required. For
information about how to correctly configure Exchange virtual directory
jeen is right. Unless the certificate is issued form a Trusted Certificate Authority, you will need to import the issuing CA in the Root Certification Authority store of your Phone.
If it's a self signed cert, just export it from exchange server (without Private key) and copy it to your phone. Then, double click it from File Manager. This should be enough.
^Yeah, I did that right off the top (see my reply to jeen). Still no joy.
Perhaps Tendulkar can finish his thought...
To disable SSL requirements for Activesync service is very easy:
Win2003 (IIS6.0)
Open IIS on your cas, expand the Default Website (or the website where ASVritualDir resides) right click on Microsoft-Server-ActiveSync and choose properties.
Go to the tab Directory Security, choose EDIT under Secure Communication.
Remove flag from Require Secure Channel.
Obvsiulsy Click ok.
Win2008 (IIS7)
Open IISManager.
Navigate through site, default website, hilight Microsoft-Server-ActiveSync.
Make sure you have the features view selected (should be by default).
Choose SSL Settings.
Unflag "Remove SSL".
Obviusly click Accept.
playerkiller said:
To disable SSL requirements for Activesync service is very easy:
Win2003 (IIS6.0)
Open IIS on your cas, expand the Default Website (or the website where ASVritualDir resides) right click on Microsoft-Server-ActiveSync and choose properties.
Go to the tab Directory Security, choose EDIT under Secure Communication.
Remove flag from Require Secure Channel.
Obvsiulsy Click ok.
Click to expand...
Click to collapse
Hmmm... "require SSL" was already un-checked. I've re-checked it, let's see what happens with that.
OK lemme know.
make sure you have the same root certificate installed also. you have to trust the same certificate authority as the certificate that you have on your exchange server.
Did anyone find solution
I am having same problem. Certificate installed and tried all connection settings that can find on internet. Cannot get ActiveSync to syn with my server (same certificate error, but hosting company states tested with WM6.1 that all is working fine on their end) and also cannot get Windows Live Messenger to work, states there's a connectivity problem. Funny thing is MMS, surfing net with IE, and Google Maps with GPRS work fine. Only Microsoft network products are not working. My phone is Palm Treo Pro with WM6.1 Professional. Vodaphone version but bought in China and have since added A4 Chinese text editor, which I think could be problem, but need to hard reset phone to check. Any ideas? Better yet, any solutions?
One tip for getting this working in my case (same certificate errors) was that I had to get the certificate off the internally facing OWA server, rather than the externally facing version. Although they're both the same server, the external one goes through an IAS box which seems to be presenting its own certificate rather than the one on the exchange server. Don't ask me - I don't run the system.
As soon as I add the Internal version of the cert, Exchange, OTA Sync and ActiveSync spring into life.

HTC HD2 the network requires a personal certificate

Hi all,
I have bought HD2 yesterday and today when I try to connect to wifi of my office it asks me to "the network requires a personal certificate to identify you", while I have done some research and followed below threads, but there seems to be no clear solution. Please can somebody help with a patch to disable network certificate check.
Thanks
followed threads
http://forum.xda-developers.com/showthread.php?t=344087
http://forum.xda-developers.com/showthread.php?t=264781:confused:
I have been struggeling with this also for quite a while.
The suggestion you mention is probably not worth while investigating.
The certificate is required by the access point so you should change it there is you do not want to cahnge the phone.
My solution was the following.
The HD2 comes with a base set of certificates and our corporate network requires one that is not in there.
I managed to find out which certificate I needed and was able to Google it.
Then just copy it to the phone, run the cert file and you're done!
watnuweer said:
I have been struggeling with this also for quite a while.
The suggestion you mention is probably not worth while investigating.
The certificate is required by the access point so you should change it there is you do not want to cahnge the phone.
My solution was the following.
The HD2 comes with a base set of certificates and our corporate network requires one that is not in there.
I managed to find out which certificate I needed and was able to Google it.
Then just copy it to the phone, run the cert file and you're done!
Click to expand...
Click to collapse
I could not get one for my corporate network is there any patch to disable it, i had tattoo and iphone which never required such certificate
neitin said:
I could not get one for my corporate network is there any patch to disable it, i had tattoo and iphone which never required such certificate
Click to expand...
Click to collapse
You cannot patch your device to disable this.
It is a requirement of YOUR network.
You need to find out which base certificate it is you need and then install to your phone.
Hi. Sorry to bring up an oldie, but I'm having this issue as well with the exception that my network doesn't require a certificate. I've confirmed this with my IT department. Any ideas as to how this can be disabled? It only seems to happen when I connect my phone to my PC (which is only done to install software, not sync with exchange; that's done wirelessly).
GrandAdmiral said:
Hi. Sorry to bring up an oldie, but I'm having this issue as well with the exception that my network doesn't require a certificate. I've confirmed this with my IT department. Any ideas as to how this can be disabled? It only seems to happen when I connect my phone to my PC (which is only done to install software, not sync with exchange; that's done wirelessly).
Click to expand...
Click to collapse
The only thing you have to do is to add a DWORD Regestry Entry under HKEY_LOCAL_MAICHNE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off"
I have personally tried this and works like a charm, please let me know if doesn't
Greetings from India
PS: remember to reboot your device once you have added the registry
neitin said:
The only thing you have to do is to add a DWORD Regestry Entry under HKEY_LOCAL_MAICHNE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off"
I have personally tried this and works like a charm, please let me know if doesn't
Greetings from India
PS: remember to reboot your device once you have added the registry
Click to expand...
Click to collapse
Nice!!!! Thanks for the information . I will give this a try as my work wireless network presents the same problem.
It may be tied into the following info I found out there on the web, problem as described by someone else with the same or similar issue:
"the wireless controller was sending out EAP-Identity-Request packet very quickly (1 per second), so the time I typed my pass on the PDA, it has already received 5+ EAP-Requests and when I pressed OK, it was sending my Identity with Request-ID=1 and was rejected because the controller was already expecting a greater Request-Id.
I adjusted the timeout and voilà !!! Here is the command line for Cisco Wireless Controller 4402 (the value was set to 1s !) :
"
This info relates to WM EAP and Cisco's implementation of EAP.
I will try the regedit and see if this fixes things for me.
i tried doing this by entering a dword via regedit but i am still facing the same issue...please help

Can't access wifi hotspots because of Certificate Authority

I have searched high.. and I have searched LOW... and I can find no solution for this problem:
}{Alienz}{ said:
Well the thing is I tried several browsers.
1. The default one that comes with Android
2. Opera mini
3. DolphinHD
All same thing. I'm now going to test with a beta build of Firefox for android (fennero was it called I forget) but its SUCH a stupid thing to not work. Every other device WORKS. Blackberries, Iphones, tablets, laptops....everything.
EDIT: The EXACT error I get is:
"There is a problem with the security certificate for this site. This certificate is not from a trusted authority." I get this AS it attempts to load the redirect login page (both university and at work now). Same issue. It's browser/certificate related. And its ANNOYING as hell.
EDIT 2: Found the problem. It's that stupid certificate.
"This is a result of your corporation using an in house Certificate Authority to provide SSL encryption on your mail server and clients.
Basically....the computer that issued the certificate isn't trusted by the android phone. I'm new to android so I'm not sure if you can add a trusted CA (I haven't seen any options for it).
I don't know about future updates like the above poster mentioned.
Most companies will purchase a certificate from one of the major Certificate Authorities on the internet, which are pre-programed into most operating systems to be trusted. Internal CA's are trusted by the domain environment at your work, but not by anyone else. External (Internet) CA's are trusted by everyone.
if you want an example, open up IE (gross I know) and go to your options. Click the content tab, then there should be a button label certificates. inside the certificates window select Trusted Root Certification Authorities.
That is a list of all the builtin trusted CA's provided by Microsoft and the companies that govern the internet. "
I STILL have no idea how to fix it and to make the phone accept the certificate though.
EDIT 3: Fennec (Mozilla Firefox for Android beta) managed to pull up the login page for my work network. Not sure if it will work for the university yet.
Click to expand...
Click to collapse
I can't use firefox because the Galaxy 3 isn't supported. (Hence, why I'm asking in the Galaxy 3 section.)
But there MUST be a way to accept a simple TOS.
Maybe an AP? Or a script that can be written?
I've rooted my phone... Maybe I can find a way to add the McDonald's certificate?
HELP!
Oh come now..
Sixty views, somebody could at least take a JAB at it.
TeamRainless said:
Oh come now..
Sixty views, somebody could at least take a JAB at it.
Click to expand...
Click to collapse
Alright the hell with it... I'LL take a jab at it:
I can't load the McDonald's site because Android doesn't like their certificate. So all I should have to do is add the McDonald's certificate to the list of sites that Android accepts and it should be sugar in the gas tank right?
So where is this list held?

[Guide] LePorte Windows 8 Hack

Hi Guy's/Gal's,
As you may be familiar with my OLD Windows 8 Hack (Blog + Video), and that really wasn't too hard to figure out (since then the last windows release now actually doesn't fix it but makes it obvious how to do it, making it no longer a real hack... However, I have now figured out another one... This one exploits the security in Windows 8 to view a Folders contents and technically edit/open the contents without ever modifying ANY security settings.
You can read a bit more on my Blog (also has a How to video on the TechMeShow on YouTube) or just watch the Video.
Question is, why do I bother with these specific bypasses or point out what may not be useful to some? As a developer, I.T. Prof., and security expert and someone who gets paid to work in Enterprise, this is alarming and is NOT good for the future of Windows 8. They don't take my calls or emails and this information should be open until it gets fixed, plus they don't pay me but I do have other and worse hacks for Windows 8 but I hope I won't have to publicly release them cause I will have to uninstall Windows 8.
Thanks,
Lance
lseidman said:
Hi Guy's/Gal's,
As you may be familiar with my OLD Windows 8 Hack (Blog + Video), and that really wasn't too hard to figure out (since then the last windows release now actually doesn't fix it but makes it obvious how to do it, making it no longer a real hack... However, I have now figured out another one... This one exploits the security in Windows 8 to view a Folders contents and technically edit/open the contents without ever modifying ANY security settings.
You can read a bit more on my Blog (also has a How to video on the TechMeShow on YouTube) or just watch the Video.
Question is, why do I bother with these specific bypasses or point out what may not be useful to some? As a developer, I.T. Prof., and security expert and someone who gets paid to work in Enterprise, this is alarming and is NOT good for the future of Windows 8. They don't take my calls or emails and this information should be open until it gets fixed, plus they don't pay me but I do have other and worse hacks for Windows 8 but I hope I won't have to publicly release them cause I will have to uninstall Windows 8.
Thanks,
Lance
Click to expand...
Click to collapse
Dude, you started MMC as Administrator (1:52-1:53)... you didn't bypass anything. :silly:
Since you allowed the program to run as Administrator it can access anything, for example: it also works when you start cmd as admin.
Yeah and in the video the kid gives his other account admin rights. To be secure you don't run as local admin... same in server / client environment. This isn't a hack.
Maybe you should watch from 1:50... No admin command prompt is loaded but say it was for argument sake. You couldn't view or edit the contents via Explorer but Security Template under the same account, it was accessible (couldn't view folder contents or perform any tasks in explorer).
So, if it was an admin account or in the admin user group, it shouldn't have been permitted either way as that's not how folder security is supposed to work or security in general. You have to provide explicit permission to the folder to let a specific user account (even with an account being in the Admin user group) have viewable access or any access, in this examples it plainly shows the flaw in that.
Donny1987 said:
Dude, you started MMC as Administrator (1:52-1:53)... you didn't bypass anything. :silly:
Since you allowed the program to run as Administrator it can access anything, for example: it also works when you start cmd as admin.
Click to expand...
Click to collapse
What part of the video was this done? Also they're not strictly local, they're associated with LIVE Accounts and logged in via remote desktop (not that that matters at all). This means, I use my LIVE password and email to login to the machine.
ROCOAFZ said:
Yeah and in the video the kid gives his other account admin rights. To be secure you don't run as local admin... same in server / client environment. This isn't a hack.
Click to expand...
Click to collapse
that was painful to watch
I see what your saying about folder access, if it doesn't work as admin in explorer then why should it on via the MMC.
but the simple fact remains, unless you have access to admin, you cant access MMC.
if you have access to admin then there is literally nothing I couldn't do to gain access to the correct folders anyway, that is very simple and ive yet to come across any folder I haven't been able to get in to AS ADMIN
Its not a major fail, a slight glitch at best, but only a fail if you the user allows access to your computer with admin rights.
as to accessing app isolated storage data, yes you could manipulate the app via the XMLs, we've been able to do that for years, theres no difference in that respect then analysing a process, and changing settings, memory calls or even injecting DLLs. So im not sure what the story is here, sorry.
lseidman said:
Maybe you should watch from 1:50... No admin command prompt is loaded but say it was for argument sake. You couldn't view or edit the contents via Explorer but Security Template under the same account, it was accessible (couldn't view folder contents or perform any tasks in explorer).
So, if it was an admin account or in the admin user group, it shouldn't have been permitted either way as that's not how folder security is supposed to work or security in general. You have to provide explicit permission to the folder to let a specific user account (even with an account being in the Admin user group) have viewable access or any access, in this examples it plainly shows the flaw in that.
Click to expand...
Click to collapse
I've watched the complete clip... you're just not getting it.
You logged on with an admin account, you allowed MMC to make changes to the computer by clicking on Yes.
Therefore you can expand the WindowsApps folder and browse.
When you start Windows Explorer, even when you are logged on with an admin account, it still requires your permission before you can change anything (Just like you clicked on Yes for MMC).
I have just created a new local user on my virtual Windows 8 machine without admin rights and opened MMC, it did not ask me to allow the program to make changes.
I then went to the Security Templates stuff like you did, and voila... I can't expand the folder.
It's not a 'hack' or 'flaw', this behavior is completely normal when you start a program as admin.
I've attached some screen shots so you hopefully understand.
Do me a favor then...
Load up a command prompt, but first you'll need to enable the Administrator account which is disabled on the system. To re-enable obviously go in to MMC and add the snap-in for user account management. Once the admin account is active (remember need to set a password).
Now, in the prompt please type:
%windir%\system32\runas.exe /noprofile /user:administrator "explorer.exe C:\"\Program Files"\WindowsApps"
Once you hit enter, the Windows Explorer will be loaded as "Administrator". Are you able to now view the folder contents logged in and under the authenticated Administrative account? No, unfortunately you can't, it requires you to go through the process with the security tab to provide full control. With MMC it bypassed that whole process, even as Admin (literally).
Maybe my point is a little more clear now, I hope? It doesn't matter if you're authenticated as Administrator or given Administrator privilege in MMC. Explorer still prevents you from viewing the folder contents or edit the folder contents.
Donny1987 said:
I've watched the complete clip... you're just not getting it.
You logged on with an admin account, you allowed MMC to make changes to the computer by clicking on Yes.
Therefore you can expand the WindowsApps folder and browse.
When you start Windows Explorer, even when you are logged on with an admin account, it still requires your permission before you can change anything (Just like you clicked on Yes for MMC).
I have just created a new local user on my virtual Windows 8 machine without admin rights and opened MMC, it did not ask me to allow the program to make changes.
I then went to the Security Templates stuff like you did, and voila... I can't expand the folder.
It's not a 'hack' or 'flaw', this behavior is completely normal when you start a program as admin.
I've attached some screen shots so you hopefully understand.
Click to expand...
Click to collapse
ok, let me put this another way
get access to that folder without giving yourself any admin rights.
If you do that then its a security risk, if you cant then your just highlighting one of the biggest USER fails of all time, a fail that's so epic that it single handily helps turn 10,000s of computers in to bots and that is running their default desktop account as an admin.
lseidman said:
Do me a favor then...
Load up a command prompt, but first you'll need to enable the Administrator account which is disabled on the system. To re-enable obviously go in to MMC and add the snap-in for user account management. Once the admin account is active (remember need to set a password).
Now, in the prompt please type:
%windir%\system32\runas.exe /noprofile /user:administrator "explorer.exe C:\"\Program Files"\WindowsApps"
Once you hit enter, the Windows Explorer will be loaded as "Administrator". Are you able to now view the folder contents logged in and under the authenticated Administrative account? No, unfortunately you can't, it requires you to go through the process with the security tab to provide full control. With MMC it bypassed that whole process, even as Admin (literally).
Maybe my point is a little more clear now, I hope? It doesn't matter if you're authenticated as Administrator or given Administrator privilege in MMC. Explorer still prevents you from viewing the folder contents or edit the folder contents.
Click to expand...
Click to collapse
As far as I know you cannot start Explorer anymore as administrator, since Windows 7 (maybe even Vista, but I never used it).
In Windows XP when you started a command prompt as admin and then 'explorer.exe /separate' then the explorer was really started as admin, this is no longer working... gotta be new security that Microsoft is using since Vista/7
As dazza9075 said, do the same without being an admin on your machine and then we'll start to use the words 'LePorte hack'

Categories

Resources