[Q] Anyone know that the "Lexicon Update" is? - Windows Phone 8 Development and Hacking

While browsing the registry, I found a key referencing a "Lexicon Update". It is a packed .SDC file, and therefore impossible to open (They are used internally by MS and are encryped strongly). This raises suspicion that this is something MS does not want us to see, as otherwise it would not use the .SDC format, only used for encrypting unreleased software (For example, this was used for pre-release windows 7. I highly doubt this is pre-release software, as it is installed as a registry key, but if we could open this file somehow, it might come of some kind of interest.
You can download it from here:, or you can find the key yourself at:
DOWNLOAD:
https://go.microsoft.com/fwlink/?LinkID=254910&clcid=0x804
KEY LOCATION:
SOFTWARE\MICROSOFT\LEXICONUPDATE

Wrong thread. This should be moved to the Windows Phone 8 Q&A, Help & Troubleshooting area.

Related

A guide to tweaking your X2.

Disclaimer: I am not knowledgeable about phones. I do not code and nor do I usually do what I describe in this post. The contents herein was put together by me in order to avoid confusion for people with the same interest as myself, making my X2 work better/faster or just plain customized. Because of this, I've made a few assumptions and also only described the way that worked for me.
This guide is based on the collective work of forum users, I take no credit or responsibility for its accuracy other than the fact that it worked for me.
This is only the installation steps, they are not specific to my knowledge. There are other guides out there for changing your language and doing more advanced thing, but this is just the basics. At least they are to me. Let us begin.
-----------------
Hello and welcome, this post is meant to guide you through the process of customizing the installation of your Xperia X2. My hope is that it will make your phone more responsive, but more importantly give you the option of deciding what you want installed.
The first thing we're going to be doing is to get ahold of the right files to install on your X2. Thankfully these files have been made availiable to us by PavelX1 in his post "NEW ORIGINAL X2 ROMS + Extracted CABs update 14.6.2010"*
Don't let the number and letter jumble intimidate you, on your own X2 the information you need to find the right package is found at Settings -> System -> Unit Information**. Here you'll find a bunch of numbers and letter combinations, if you look closely some of these will correspond to the names of the files availiable by PavelX1. Find the one that corresponds to your unit.
In my case it said that the following:
Software ID: 1230-2397
Software Version: R3AA035
Customization ID: 1231-4911
Customization version : R20A
Language Region: GENERIC_SE
I therefore searched for the following file which matched my information :X2_1230-2397_GENERIC_SE_R3AA035_CDF1231-4911_R20A.rar. Below that file was the file we're interested in for this particular guide. The GENERIC_*your language*_*version*_CABS.rar which in my case was named GENERIC_SE_R3AA035_CABS.
Now what we're going to do is get your computer prepared. Please download the Sony Ericsson Update Service (SEUS) available at their website.
If this is the first time connecting your X2 to your computer it might want to install some drivers in order for your computer to communicate with your phone, this is irrelevant to this guide but I mention it in order to let you know that this is normal and you have done nothing wrong.
Once we can connect to our phone and use its memorycard (which I assume you have) we will open the GENERIC_*your language*_*version*_CABS.rar and extract its contents into it. It has been suggested that you throw in an extra file together with the others availiable in the post "Want a fix for the X2? Only us can do it." on page 3.
We may now move on.
If you already have SEUS installed it was suggested by royalbloodvi in his thread "[TESTED 100% WORKING] Quickest way to get MR2 for those of you who can't get it!" that you remove the following folder C:\Program Files\Sony Ericsson\Update Service\db from your computer. I haven't tried any other way so I'll leave that bit of info as is.
Now we can begin the install process, this will take a little while so don't be in a hurry. It's important that you do not do this on a phone with an empty battery as it may interrupt the install process and cause problems, charge it before you do this. You may also want to backup any files important to you on the phone as they will be removed in this step. As an extra precaution you may want to remove the sim card as well.
Now that we're ready, go to Settings -> System -> Clear phone memory and press it. You'll have reset your phone to its original, empty, state. Connect your phone to your computer, if you haven't already, and begin the update process. SEUS might tell you that your phone is already up to date, this may be true, but we don't WANT it to be up to date, we want to decide what it is updated WITH so click update anyway.
Your phone will reboot. Disconnect your phone from your computer and open the backside of your phone by sliding the lock switch and removing the cover. Remove the stylus and you will see a small depression at the top left that was shidden by it. This is the hard-reset button for your phone which we will be using in a moment. Untill then you wait. Your phone will ask you to calibrate it after the sony logo has shown up. Calibrate the screen and your phone will start installing .cab files. quickly go to the hard-reset we mentioned a moment ago and press the tip of the stylus to it. A click was heard on my X2 when I pressed it and I assume the same is true for yours.
Now your phone will reboot, you will notice that it looks markedly different from what it did before this procedure. Don't worry, we can fix that if you like, but first we must address the window that has popped up and asked if you wish to try the install again. No, no we don't. Click no.
We are now freed from the shakles of oppression that is preinstalled and unremoveable software and may begin installing the files we WANT.
GO to the file explorer and select Storage Card and you will see all of the files we extracted to it previously. In order for you to know which ones you want I suggest that you go to the second page in the thread "Want a fix for the X2? Only us can do it." to get an overview of what the individual files do. Installing them is as simple as clicking them and selecting to what part of the phone you want them installed, I choose to install all of these files to my phone and not my memory card.
Now, to get your phone looking like it did before you did this (assuming you didn't use a panel but a standard theme) you will spot three theme files called X2_Saturn.cab (which is the one I use that looks like the stock one) X2_Saturn_Light.cab (which I don't know what the difference is) and X2_Titan.cab (which I also don't know what it looks like).
And that's that, you're done and hopefully your phone is more to your likeing.
--------------
Here is a shorter step by step guide without the filling, unceremoniously "borrowed" from royalbloodvi and slightly reformatted. Please read the full guide and use this only as a quick procedure guide.
1) Reset your phone.
2) Unpack the GENERIC_*your language*_*version*_CABS.rar to your phones memory card and add the multifix.cab found on this site.
3) Open SEUS, start a new update. Even if it says you have the latest version you want to do it update anyway.
4) Once your phone reboots the calibrations screen will appear. After calibration it will start applying .cab files. Now push the reset button that is hidden behind your stylus and battery cover and it will reboot again.
5) You may now find the files you wish to install on your phones memory card in the file explorer.
*I, as I am a new member, am not allowed to post links, thus the name of the forums from which this information is gleaned is named instead of a direct link.
**If this informations isn't named exactly the same as I have described it, but is merely similar, it could be because I've done a literal translation from Swedish to English.
Edit: I just noticed a very similar guide is available on the General section, which I overlooked. I feel like an ass now. This thread may removed at moderators leisure.

[tool] BreakIt - Enable Sideloading on Windows 8 Pro / Standard

Many of you may have thought if it is possible to Metro Apps on Windows 8 - Well it is, at least on Windows 8 Enterprise.
Tough after some research, I have found out that it is possible on other Edtitions of Windows 8 aswell.
You may ask why you would want this - simple reason: you develop your app for lets say your company and do not want to put it in the store. You can deploy it to the stationary PCs running Windows 8 Enterprise - but what about the Tablets your employees bring to work? Right - this tool is the solution and enables sideloading for them aswell.
It will be released within the next few days - I will also add a small description on how to prepare the application packages to sideload them.
DISCLAIMER: This tool is made for IT Administrators that have to work with a mix of Windows 8 Enterprise and Windows 8 Pro / Standard devices and want to deploy Company internal applications like an Intranet App, a Company Blackboard or any similar app to their employees PCs but NOT for Sideloading cracked apps.
More Infos will follow soon.
This thread is pointless. You haven't actually posted anything of useful information. Why don't you start a thread when you've got something to post?
lukyjay said:
This thread is pointless. You haven't actually posted anything of useful information. Why don't you start a thread when you've got something to post?
Click to expand...
Click to collapse
Its not pointless he is letting us know of is project and that the issue of sideloading will not be a problem if you would pref to go say Pro over Enterprise esp as Pro has media center. maybe in your world it was pointless MS showing of the surface before it went on sale.
I for one thank you for working on this and look forward to hearing any updates.
lumpaywk said:
Its not pointless he is letting us know of is project and that the issue of sideloading will not be a problem if you would pref to go say Pro over Enterprise esp as Pro has media center. maybe in your world it was pointless MS showing of the surface before it went on sale.
I for one thank you for working on this and look forward to hearing any updates.
Click to expand...
Click to collapse
There is nothing to thank for yet
as far as I know sideloading is completely possible even without hacks - just create deployment package on other PC and deploy it on another PC using prepared Powershell script.
N3croman said:
as far as I know sideloading is completely possible even without hacks - just create deployment package on other PC and deploy it on another PC using prepared Powershell script.
Click to expand...
Click to collapse
If you read the OP, or any MS sources, sideloading is only officially possible on Enterprise.
I agree with topicstarter: without an ability of installing apps omitting appmarket (even with some lacks in security) w8 has no chances. This tool seems to be highly useful.
snuk182 said:
This tool seems to be highly useful.
Click to expand...
Click to collapse
Could you show me where am I can download it?
FYI: You can side-load App's as follows (w/Dev License ASAP):
1). Run PowerShell as Administrator (Find PowerShell, Right-Click, Left-Click Run As Administrator (bottom left).
Note: You may need to run: Show-WindowsDeveloperLicenseRegistration
2). In PS Type: Set-ExecutionPolicy unrestricted
3). Run the "Add-AppDevPackage.ps1" by simply typing the file path to the Directory where the package is (e.g. C:\path-to-file\Add-AppDevPackage.ps1).
You'll be prompted to allow the install of the package.
What if you only have the MyProduct.appxupload? Rename it to a .ZIP and extract the APPX File.
Side loading in Win 8 is easy as pie. When you are building your application for the store, you create 2 package groups, one is the "*.apxupload" file for loading into the store which is a complete package file. Second group is a folder of files that you can deploy for testing on other Win 8 computers. In the second "test" folder, there is a file named "Add-AppDevPackage.ps1" which is a PowerShell script. Just right click on it and "Run with PowerShell". It will prompt for some security privilages. Also you will require an MS account to acquire a simple developer license. Just keep accepting everything till it loads.
I've tried this with both Windows RT and Windows 8 Pro and Windows 8 Enterprise versions, so you definitely don't need Enterprise version for sideloading.
If you have more questions, I would be glad to help.
DeviantSun said:
Also you will require an MS account to acquire a simple developer license.
Click to expand...
Click to collapse
Here's where all this type of sideloading stucks.
1. You still need to kindly ask microsoft whether they let you rule the device you recently bought in the way you (not them) wish, or not.
2. The dev license had to be renewed each month -> you should backup your sideloaded apps' data beforehand, as new dev license may make the newly signed app think the existing data is dangerous.

Fiddlin with WIndows Updates

So after reading about all the App Store hacks that have developed around Fiddler2, I decided to give it a go myself. After setting up the proxy, I noticed that most SSL-based transactions were failing to connect on my device (Windows Updates, Email, etc).
I exported the SSL cert that fiddler 2 installed on my development PC, emailed it to myself, and installed it on my Windows Phone device. LO and Behold, Most of my SSL issues went away! (App store still woudn't auth). More Interestingly, Windows Updates started checking for updates successfully. These transactions are done with SOAP calls.
The basic process is as follows:
1. Phone initiates a connection to the windows update server
2. a series of cab files are downloaded containing certificate and base URL info of the update server
3. the phone connects to the update server with a list of all updates it has installed as well as a unique device identifier.
4. the server responds with a list of updates that it wants the phone to evaluate.
5. If the phone decides it needs the update, it sends a request to the server for instructions to deter
6. the server responds with a specially crafted packet that contains a link to where the microsoft cab can be downloaded from as well as a checksum of the cab file and evaluation instructions to determine if the update is needed. (checking registry keys, etc the SOAP commands contain things like RegRead32)
7. the phone then downloads and installs the update, if needed.
Fiddling around with fiddler, I was able to remove the "filter" GUID from the phones request to the server. As a result, it evaluated and installed any update it could get its hands on. The Hardware Test app still shows that my last update was 5/1/2013, but the number of updated packages included in that update jumped from 83 to 200!
I have some more experiments I would like to try (such as trying to blindly write a reg key instead of just reading it...anyone know of a good one?). I am also wondering if I can somehow package a Microsoft cab file, and tell the update mechanism to download and install it. Depending on how it evaluates the cabs, I might be able to get away with signing the cab with the private key from the Fiddler certificate I installed.
Just thought I'd pass along
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Not that i seriously looked into that, but you may probably consider these entries as interesting
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=DWORD:A
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppLicenseCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppSignatureCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppProvisioning"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\.NETCompactFramework\Managed Debugger]
"Enabled"=dword:0
"AttachEnabled"=dword:1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\Debugger]
"WaitForAttach"=dword:1
Some of those might get obsolete already, though.
Though, the most interesting thing one can do with registry is enabling KD.
For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now.
Click to expand...
Click to collapse
Yeah
I've never really looked at the fact: which certificate is used by actual cabs? look at *.cat file
GoodDayToDie said:
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Click to expand...
Click to collapse
Will do! Here is where it gets interesting...The attached screenshots are of a SOAP request from my phone to the update server (I disabled filtering, so the GUID isn't present) and then it's response for "missing" updates to evaluate.
the section labeled "xml" contains the instructions on how to evaluate if the update is needed.
here is a cleaned up, friendly dump of what is in the "XML" section it needs to parse to determine if an update is applicable:
Code:
<UpdateIdentity UpdateID="f092f820-8161-410b-ab11-c7a6d36b7837" RevisionNumber="101" />
<Properties UpdateType="Software" />
<Relationships>
<Prerequisites>
<UpdateIdentity UpdateID="eb644fbf-5e6e-4719-b97c-485ffb9e867f" />
<AtLeastOne>
<UpdateIdentity UpdateID="450b8808-d056-4c18-a383-2db11e463eb0" />
</AtLeastOne>
</Prerequisites>
</Relationships>
<ApplicabilityRules>
<IsInstalled>
<CspQuery LocUri="./DevDetail/SwV" Comparison="GreaterThanOrEqualTo" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
</IsInstalled>
<IsSuperseded />
<IsInstallable>
<And xmlns="http://schemas.microsoft.com/msus/2002/12/LogicalApplicabilityRules">
<CspQuery LocUri="./DevDetail/SwV" Comparison="LessThan" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
<b.RegSz Key="HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Windows\CurrentVersion\DeviceUpdate\Agent\Protocol" Value="TestTarget" Comparison="EqualTo" Data="72c5dc6d-00a9-412f-9d13-f4f483f2ed7f" xmlns="http://schemas.microsoft.com/msus/2002/12/BaseApplicabilityRules" />
</And>
</IsInstallable>
</ApplicabilityRules>
an interesting URL with info from someone else that was looking into this for Win7...
http://withinwindows.com/2011/03/06/notes-on-windows-phone-7-update-process-thus-far/
I wonder if we can figure out what "updates" are actually required if we can trick the server into giving us more OOB updates/othercarrier updates/updates we aren't "supposed" to have..
Found some info on the "Evaluate" action:
Action: The action that clients in the specified target group will perform on this revision: Install, Uninstall, PreDeploymentCheck (which means that clients will not offer the update, just report back on the status), Block (which means that the update will not be deployed, and is used to override another deployment), Evaluate (which means that clients will not offer the update and will not report back on the status), or Bundle (which means that clients will not offer the update for install; it is only deployed because it is bundled by some other explicitly deployed update).
Click to expand...
Click to collapse
source:
http://msdn.microsoft.com/en-us/library/cc251980.aspx
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
If either that DLL or any of those certificates are not signed (highly unlikely, but worth checking), or if the DLL doesn't enforce the signature check (extremely unlikely), or if any of the certs include the private key or use a weak hash algorithm or a short key... maybe. I checked the certs, though; they at least are clean. Nothing useful that I saw.
Reverse engineering the DLL may be useful, but it's probably native code and therefore a pain to decompile.
aclegg2011 said:
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
Click to expand...
Click to collapse
Those are the first steps in the update process. Basically, it gets the certs that it will use for validation and server communication. then the CAB file contains the info on what servers are used for Windows Update communications. It then logs that a request has been made to the tracking server. After that, it gets a list of updates from the v6 address. If there are no updates, Once the update process is complete, it logs the result to the tracking server.
Do you guys think I could use this to fix the problems I seem to have when trying to stream or download music from Xbox Music? I get a lot of errors, or this song can't be played on your device and some times the app crashes. I have had this problem since I switch from my Windows Phone 7 device to my Nokia Lumia 920, and I am on my 4th 920. I think for some reason the Music store is getting botched certificates or something.
Kind of on the same subject. anyways i extracted around 140 Certificated from a HTC 8x Ruu. then installed them to my pc. Which is windows 7. The cool part was i was able to install windows phone sdk 8 and 8.1 with emulators and visual studio 2013. which i though all of these were not possible to run on windows 7. all because of certificates from a rom.

WP8 SYSTEM registry files from FFU

I found where the system registry files are stored inside the ffus. This is from my Lumia 928 factory ffu.
Code:
\Windows\System32\config - DEFAULT, DRIVERS, FP, ProvisionStore, SAM, SECURITY, SOFTWARE, SYSTEM
\Windows\System32\config\MOUNTMGR - SYSTEM
\Windows\System32\config\unmodified - BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
\EFIESP(Different Partition)\Windows\System32\config\unmodified - BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
All of these files contain regf as the first few characters in hex. Beyond that, the files are mostly garbage looking at them in Notepad++.
I haven't been able to find any registry editors yet that can edit them, including ones built for Windows CE/Mobile or even Win7/8.
Anyone know of something that can display it in a normal fashion? (without needing a WP8 device to attempt to edit it on.)
EDIT: The files from \Windows\System32\config have been zipped for simplicity reasons (for those of you who don't have a ffu handy)
EDIT2 (August 22): The files from the GDR2/Amber update from my phone's rom have been added.
WalkingCat said:
OK, this is a reply to this thread, but apparently I can't post in that forum yet.
So, you've found registry file inside \Windows\System32\config, and this is the way to open and edit it.
No third-party tools needed, just use regedit.exe in your Windows system
1. Run regedit.exe
2. Click on any root key, like HKEY_LOCAL_MACHINE
3. Open File menu, select Load Hive
4. Select a file in your mounted ROM \Windows\System32\config, like SOFTWARE or SYSTEM, open it
5. In the dialog asking for a name, input any text, like WP8Software
6. Registry is now loaded under HKEY_LOCAL_MACHINE\WP8Software, you can edit it.
7. Open File menu, select Unload Hive, then its written back to disk.
reference: http://technet.microsoft.com/en-us/library/cc732157.aspx
Click to expand...
Click to collapse
Check this post : http://forum.xda-developers.com/showpost.php?p=44312736&postcount=41
I used 7zip to extract the file
vivekkalady said:
Check this post : http://forum.xda-developers.com/showpost.php?p=44312736&postcount=41
I used 7zip to extract the file
Click to expand...
Click to collapse
That works fine for .wim or a .zip, but these files are the complete registry store that's same format that Windows 2000, XP, Vista, ect. uses to store the settings for hardware/drivers, windows itself, and other apps that have that kind of access (e.x. Tier3 Applications)
If it's same format as XP/Vista type it should be easy openable, look for the application on the internet.
GodlikePL said:
If it's same format as XP/Vista type it should be easy openable, look for the application on the internet.
Click to expand...
Click to collapse
Apparently it isn't. I used RegistryEditorPE, that's supposed to work with offline registries for 2000 to 7, but it kept erroring out.
Sent from my RM-860 (Lumia 928) using the OFFICIAL Tapatalk app.
This is good stuff to know. Something that should be good to note is that while I decompiled the .NET for a few of the Verizon Xaps from the 928 ROM, I discovered some Nokia-specific COM Interop that interfaces with the registry. I'm hoping I can try something out and put up a test program within the next few days and make some registry changes.
Hi
I found a registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Office Mobile\SPMC\Action\doc]
"Application"=dword:00000005
"ApplicationCommand"="app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/Default?CmdLine=-url %s"
"Action"=dword:00000003
this is for Microsoft office Word
I think we can open word using the link i guess (app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/)
so is this part useful?
can external commands executable through this part (CmdLine=-url %s) ??
something like this
http://dotnet.dzone.com/articles/windows-phone-7-tip-day-know
@snickler: Let me know if you succeed with that. I managed to sideload an app using one of those libraries (after removing nearly all the interesting capabilities...), but immediately got an error about the component not being registered. I didn't try running regsvr or anything, though...
GoodDayToDie said:
@snickler: Let me know if you succeed with that. I managed to sideload an app using one of those libraries (after removing nearly all the interesting capabilities...), but immediately got an error about the component not being registered. I didn't try running regsvr or anything, though...
Click to expand...
Click to collapse
Hmmm, which phone do you have?
Edit: I tried to deploy just a sample app with one of the .winmds referenced, and got the 0x81030120 error
Holy fuzzle.. ANOTHER EDIT: I was able to do it. I had to remove all the damn Capabilities that I added from the Nokia Maps xap though.
I referenced the NokiaRegistryUtils.winmd and just ran this sample code
MessageBox.Show(NokiaRegistryUtils.Registry.IsChinaFirmware().ToString());
It returned "false" as expected.
I'm going to try something else now.
Something to note, in the WMAppManifest.xml, the following needs added after the <Tokens> declaration
<ActivatableClasses>
<InProcessServer>
<Path>NokiaRegistryUtils.dll</Path> <-- or whatever dll you're adding
<ActivatableClass ActivatableClassId="NokiaRegistryUtils.Registry" ThreadingModel="both" />
</InProcessServer>
</ActivatableClasses>
vivekkalady said:
Hi
I found a registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Office Mobile\SPMC\Action\doc]
"Application"=dword:00000005
"ApplicationCommand"="app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/Default?CmdLine=-url %s"
"Action"=dword:00000003
this is for Microsoft office Word
I think we can open word using the link i guess (app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/)
so is this part useful?
can external commands executable through this part (CmdLine=-url %s) ??
something like this
http://dotnet.dzone.com/articles/windows-phone-7-tip-day-know
Click to expand...
Click to collapse
Where did you find that key?
in ffu file
location <ffu mount>\Windows\Packages\RegistryFiles\Microsoft.Office.Word.reg
Perfect. That's what I'm doing now, but just from my 920 ROM dump. I can access the registry sections that Nokia provides in their app, but I can't from the one you provided me. I'm going to do more tests to see if this is using HKCU rather than HKLM. It could also be that the registry keys have permissions placed on them.
Hmm,
I'm able to get the value of SOFTWARE\Classes\MIME\Database\Codepage\1254 -> BodyCharset
I may write a simple app that reads registry from Lumia devices... I think that's going to happen today.
found these things dont know it is of any use
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3]
"DefaultId"="{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
Click to expand...
Click to collapse
http://support.microsoft.com/kb/287547
vivekkalady said:
found these things dont know it is of any use
http://support.microsoft.com/kb/287547
Click to expand...
Click to collapse
I did find THIS..
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=dword:7FFFFFFF"
That translates to the value of InterOp unlock by default which means we should be able to sideload more than 10 apps at a time.
I also found these within policy xml files
Code:
Microsoft.BaseOS.SecurityModel.policy.xml
<Capability ElementID="2EF45E94A01864DE3387212D6E73AEA885E709AD0F24FB97FE2E84728CB09D14" AttributeHash="49B8EC80A54998B68D7F65A44A340FD28B535494B7A41D650FD94851E38A6B6B" Id="ID_CAP_DEVELOPERUNLOCK" AppCapSID="S-1-15-3-1024-2489250862-3731101856-757172019-2830005102-2903107461-2549818383-1921265406-345878668" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1443" FriendlyName="Enable bearing chamber to load unsigned modules" Visibility="Internal" />
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>
Need a Nokia Device?
snickler said:
I may write a simple app that reads registry from Lumia devices... I think that's going to happen today.
Click to expand...
Click to collapse
Thats great! If anyone needs a Nokia device to test on, Nokia has Remote Device Access to those who need it. Its a free service to anyone who has a Nokia DEVELOPER account, which is separate but free as well. The devices they mostly have are Lumia 820s, but the have a few others (620, 720, 920 and the 928.) The great thing about them, you can deploy an xap and run the apps. Some of those phones have sims in them and some of them have a "Nokia On-Device Diagnostic Tool". The only drawback, is that the connection can be SLOW.
Huh, you had to add the InProcServer manually? That may be the problem, then. I'm not sure why they're using COM - it works just fine to simply use the native Win32 APIs (add references to ADVAPI32LEGACY.LIB and/or KERNELBASE.LIB; that's what my NativeAccess library does and it works fine) - but it's good to know that COM is, in fact, usable.
Yeah, I already found those policy files. As I've said in other posts, if you can find a way to sideload an app that uses them, we can do a lot more than is currently possible - the internal and private capabilities (and some of the so-called public ones, most of which still won't install) have all kinds of cool potential.
One advantage of the WP8 app model, as opposed to the WP7 model that used ID_CAP_INTEROPSERVICES for everything, is that an app like you're making may well work on other devices. The fact that you got the interop-lock error means that the app did have ID_CAP_INTEROPSERVICES specified, so it may use it for some things, but the registry access is probably not one of them.
GoodDayToDie said:
Yeah, I already found those policy files. As I've said in other posts, if you can find a way to sideload an app that uses them, we can do a lot more than is currently possible - the internal and private capabilities (and some of the so-called public ones, most of which still won't install) have all kinds of cool potential.
One advantage of the WP8 app model, as opposed to the WP7 model that used ID_CAP_INTEROPSERVICES for everything, is that an app like you're making may well work on other devices. The fact that you got the interop-lock error means that the app did have ID_CAP_INTEROPSERVICES specified, so it may use it for some things, but the registry access is probably not one of them.
Click to expand...
Click to collapse
The best part is that the Nokia CityLens uses ID_CAP_INTEROPSERVICES, but I can't find anything that references it.
The winmds use System.Runtime.InteropServices though.
The Nokia app I got the RegistryRT from didn't use the INTEROP Capability at all, but I did notice that I had to add that extra stuff in the AppManifest.

Huawei e5776s-32 Custom firmware

Hi,
I am going to add notes relating to investigations into the possibility of customising the firmware on this MiFi device.
Observations:
As seen elsewhere there is a link to some firmware on the German Huawei site. By running the installer and then inspecting the contents of the temp dir (I did this under wine) one finds .wine/drive_c/users/dan/Temp/<random name>
Within a sub-folder in there is a 60ish Meg .exe named UpdateWizard.exe, within this lots if strings relating to the flashed firmware can be seen, including the html for the web admin page etc.
Both the firmware and nmap will show the kernel 2.6.35, and the firmware reveals its an android build, running on ARM.
So, any good company should be honouring the GPL, a quick search "huawei gpl source", sure enough turns up a link, though this forum wont let me post it
From here a .rar of the kernel drivers, (though wifi seems omitted ?), wpa_supplicant source etc. can be found.
As yet I am still looking for an easy "way in" to the device, it would be convenient if dropbear/telnetd could be launched if loaded onto an inserted microSD. Some exploit or hidden functions in the webserver binary would seem like an obvious place to start.
What does this AT command do?
AT^SDLOAD - looks like it may load factory defaults.
busybox was built with telnetd, it just needs starting somehow.

Categories

Resources