Related
LMAO - No need to say it. I know my iPAQ rx3115 is a dinosaur, but so am I.
However, the damn thing refuses to die and has been a good, faithful workhorse for a loooong time. To me, that speaks to the quality of the hardware. The rx3115 just seems to be built solidly. Sad to say the PocketPC Pro 2003 (SE) operating system is at the bottom rung of the support ladder from M$ and we all know that means it will be phased out soon...
I just can't give up on my trusty rx3115. Hell, even the original battery is still holding a charge really well. And believe me, it hasn't spent a lot of time forgotten and idle despite the constant rotation of new toys that might pass through my hands. It's been used a lot and just keeps on ticking.
So, even though it continues running just fine, I'm now willing to experiment and try to make it more up-to date. Why not tinker with it since all support is fading fast? LOL if I break it now it hardly matters after all these years and I have plenty of other devices to rely on.
So yeah, I'm a bit of a noob (despite being a dinosaur ) who is willing to learn...
First step was to search the Google-sphere. Seems there are a lot more questions than answers out there for rx3115. How to upgrade the OS to WM5 or even WM6.1 Classic? I saw that asked over and over, but very few answers. Most who did reply said, "Try Universal Bootloader and a ROM image for another device..." OK, so that seemed the way to go, but is it?
There are a LOT of dead links for a Universal iPAQ Bootloader out there. I did manage to find a copy @ http://sourceforge.net/projects/ubl/files/ubl/Binaries/ where I selected the GUI version which came as an executable. Double clicking it creates a folder which UBL runs out of.
Caution: My system flagged it as having a Worm in the Vista Driver folders (2... Vista and Vista x64) and the Vista Drivers.exe application.
Who wants Wormy drivers? For that matter, who wants Vista?
I'm not qualified to judge if it is a false positive to some of the developers legitimate code. Maybe someone more savvy might want to take a look at it and make a ruling...
So I sanitized UBL by quarantining and deleting the offenders. Next, I asked Windows 7 to run it under compatibility mode for XP service pack 2. (It looks like it was always an XP box utility anyway.)
Here's a sanitized version of UBL for download. http://www.mediafire.com/file/7anraar1tkc3lz1/BootLoader.rar This is a rar of the extracted file folder (minus the Wormy bits). Just expand it and run "Bootloader.exe" right inside the folder. Maybe someone else will have more luck playing with it than I did.
I could in no way make it communicate with my rx3115 under Windows 7. Mtty always fails to open the port. I tried following the advice of UBL's readme and making a settings.ini file to direct mtty to the right port, but with no luck. IDK - I never wrote an .ini file before. Maybe I messed it up. I tried a few variations (settings/bootloader settings/mtty settings for file names) all with no success.
Then I used a friend's XP system and got closer... UBL gets past the mtty stage and opens the com with my rx3115, but then the ROM flash just hangs at 0%. I tried several times with no further success. And without the ROM being cooked for my specific device, flashing from the SD card is out.
I was hoping to force flash the Kitchen WM6.1 Classic ROM for rx1950 I got from this xda thread by Victory144 and Guifort: http://forum.xda-developers.com/showthread.php?t=510764 The ROM size is perfect for rx3115!!!
Heck, I even tried looking at the RUU's from valid rx3115 and rx1950 ROM updates and seeing if I could puzzle out how to cobble something with a Hex Editor. But I'm not really qualified for that.
It's been a lot of years and no one has cooked an upgrade ROM for rx3115 yet. At least as far as I can tell. But even recently I've seen rx3115 owners posting to forums and asking for an upgrade. I know I'm not alone in this desire and that's why I started this thread. Maybe some other rx3115 owners will join this discussion. We might just figure something out.
Something else I've begun looking into is installing Linux on my rx3115. It seems possible and there are a few reports of it being done, but little in the way of tutorials for the challenged. More on that later...
Or... maybe I'm crazy... Doesn't the Samsung s3c2440 CPU meet the minimum system requirements (@ 300mhz) for XP Tablet? CPU's can be overclocked anyway and the s3c2440 should be capable of sustained 400mhz efforts. It is set at that speed in some other PDAs The RAM is right at the bottom edge of requirements as well, IF all 64mb can be freed up for the user. Is there a way to boot XP Tablet off an SD card? Could the RAM/ROM chipsets be instructed to act as two RAM slots for that purpose creating 96mb RAM? Am I just a fool?
I welcome any advice, questions, derisive laughter... whatever...
I'll be checking the thread and updating the reports of my efforts.
Thanx for stopping in.
Maybe I'm missing a step...
If I press Mobile Media (button 1) + iTask (button 4) + Power + Reset
I get a blank white screen with the HP logo in the center and the revision #'s on the top...
From here (Bootloader screen - right???) rx3115 will try to flash ROM from an SD card if one is inserted that has a ROM image. Unfortunately I don't have a valid image except the 1.01.11 ROM of WM 2003 that I want to upgrade away from.
However - and this may be where I'm missing a step - without an SD card inserted I can't get bootloader to show USB connection. I've tried every button and combo of buttons I can to try and get USB to show up on the bootloader screen.
I feel like I'm missing something and that next step will allow Universal Bootloader to force flash a WM6.1 ROM under XP.
Any help? Anyone? How to get USB connection for bootloader with rx3115?
Handhelds.org continues to be down for maintenance. They are the distribution and support site for Familiar Linux, an alternative iPAQ OS. They were supposed to be reopened last week...
Angstrom Linux has shown itself capable of running on iPAQ and I found a very in depth tutorial - LOL - but it's in Spanish. I'm sorry to say me Spanish es no bueno. There's even a video on YouTube of Angstrom on an iPAQ rx3115 - so I know it can be done. Again though, it's in Spanish.
Today I'm checking out a "Live RAMdisk" version of Angstrom. It's like a LiveBoot CD Linux. You can boot and run Linux from storage (SD card) without installing. Instead of "try before you buy," it allows you to test before you install. At least I will get a chance to see how the Angstrom OS handles without having to flash my ROM and then reflash if I want to revert to WM 2003.
They have LiveRAMdisk and install versions supported for iPAQ h2200, h3900, h4000 and hx4700. The h5000 series is still in testing. More information is @ angstrom-distribution.org/taxonomy/term/6
I'm going to try the LiveRAMdisk version for the h2200 series as it's closest to rx3115. Same RAM and ROM, but the h2200 uses an Intel Xscale CPU rather than the Samsung... Still, it's the closest hardware match to the rx3115 out of all the supported models.
I'll post back about how AngPAQ handles.
HandHelds.org is still down. A shame since my research indicates Familiar Linux associates closely with PDAs...
Seems Ubuntu had a project they've abandoned or moved beyond (depending on your perspective), but the hardware requirements are way beyond iPAQ. They do have some stables for anyone interested. Google Ubuntu Mobile or Ubuntu MDI. Might be a nice alternative for some earlier tablet users...
Like they say..... BACKUP your data before any major changes!!!
I did try the LiveRAMdisk version of Angstrom Linux for h2200...
The LiveRAMdisk is a 23mb self executing file that you open from the root of your SD card. It was a non-starter. After booting from my SD card the iPAQ froze. I did a hard reset and freed up as much memory as I could from WM 2003 before trying again. Same result.
No worries, restored from backup and all is OK with my rx3115.
Just to be sure I tried with another method called a Loopback Image. I downloaded an Angstrom/Opie (full PDA style GUI) image and a bootloader from the Angstrom repository as another method of running Angstrom from my SD card. You use 7zip to extract the downloaded .bz2 and it inflates into a robust sized image (96mb in the case of h2200). Add the image and the bootloader to the same location on your SD card (preferably root). Execute the bootloader and run Angstrom off of your SD card. This too failed to run after several attempts...
LOL - another hard reset and restore from back up after each try.
I'm convinced it's a hardware incompatibility due to the difference in processors between h2200 and rx3115. But, darn it, if you look at development boards you find that they use Angstrom on boards with the same Samsung s3c2440 CPU that rx3115 has.
Next step is to try and find some of the Angstrom versions used on those development boards... And hope I get more than a bare-bones, command line only GUI.
If you have one of the supported iPAQs (h2200, h3900, h4000, h5000 or hx4700) it may well be worth your while to try running a Loopback Image from your SD or CF card. A full Linux emvironment when you want and you can always hard reset and restore to get back to Windows Mobile. More information can be found @:
(www) linuxtogo.org/gowiki/WinCeQuickInstall
Well, the Angstrom online builder won't give me Opie in a build for a mini2440 board.
I did find a .tar.bz2 that someone built up from Angstrom and marked as "Angstrom-opie-image-glibc-test-20070620-rx3000.rootfs.tar.bz2" (Thanx whynot). If I can convert the extracted .tar to .img I could try a Loopback Image with it from my SD card... Meanwhile, I suppose I have to start learning how to build up the bootloader myself. *sigh* Did I mention that I'm more of a hardware guy?
Handhelds.org still down.
Despite all the Linux talk I'm still trying to get a higher version of WinCE to install on rx3115... Options are good if you can manage to have them.
Ongoing Questions/Help Sought:
1) Anyone have a cooked ROM (or want to cook one) for iPAQ rx3115 that would flash WM5 or WM6.1 Classic to the rx3115?
2) Any help or suggestions with UBL (Universal BootLoader)?
a) Is the UBL I found @ sourceforge really infected with a worm?
(Note that it is marked as uploaded by the original UBL developer chrismrulz)
b) Am I better off leaving out the suspect Vista Drivers and just using an XP box to run UBL anyway?
3) Why can't I get rx3115 to acknowledge USB under the iPAQ bootloader screen?
4) Could someone go over to HandHelds.org to knock on their door and tell them to get their site back up already?
5) Anyone know how to. or can suggest software to, Convert .tar to .img?
6) Any other Linux Distros I should be looking at as suitable for iPAQ rx3115?
7) Will anyone else post to this thread or am I just Blogging here?
a) Am I boring all the fine xda members?
b) Or are my bungling attempts at least providing a good laugh?
Yesterday I checked out NetBSD (Unix). They have prepared distributions for a wide array of PCs and Devices... I took a chance and tried one for Strong ARM iPAQs (even though rx3115 is Friendly ARM). Another no go... But I will say that they have the nicest bootloader of all the options I've worked with so far.
Now that I have my minimum posts in, thanx to Blogging in this thread and trying to help some seemingly lost first time posters, I can finally post outside links to the forum. HUZZAH!!!!
There are a few things I've got for download by anyone interested.
Here's the Universal BootLoader with GUI for iPAQ from chrismrulz, without the suspect Vista Drivers. So (I believe) it only works on XP boxes.
http://www.mediafire.com/file/7anraar1tkc3lz1/BootLoader.rar
I had tried a few overclock programs recently... ClockWizard, Pocket Hack Master and XCPUscalar.
ClockWizard is freeware and worth exactly that IMHO. I found it buggy to run...
Pocket Hack Master supports a lot of processors including the s3c2440. I got a version from somewhere with a working serial#. Again, I didn't care for it despite rave reviews elsewhere for other devices.
XCPUscalar worked the best for me, even though there is no official support for Friendly ARM. I found a version which is a free install cab of this $ware. There are a few tricks for some to get the scaling feature to work and that helped me get her configured... I included a .txt of the advice.
All 3 overclocks in one .rar file are here:
http://www.mediafire.com/file/636a5cl8ofzaa2z/OverClock.rar
As a "best of" I broke out XCPUscalar separately.
http://www.mediafire.com/file/z593cqhbnvegpg9/XCPUScalar.arm.CAB
Along with the advice .txt.
http://www.mediafire.com/file/igoragriu8lc2ha/XCPU tricks.txt
Here's the LiveRAMdisk of Angstrom Linux for iPAQ h2200.
http://www.mediafire.com/file/i61956852696grp/Angstrom-x11-image-liveramdisk-2007.12-h2200.exe
Just load it on your SD card and execute it from there to boot into Angstrom. Check out their guide to installing Angstrom under WindowsCE.
http://www.linuxtogo.org/gowiki/WinCeQuickInstall
Of the two methods (LiveRAMdisc or Loopback Image), I think Loopback Image seems more promising...
Check their Repository to see which machines are supported by stable releases.
http://www.angstrom-distribution.org/releases/2007.12/images/
Or visit http://www.angstrom-distribution.org/ for more information. They are heavily into embedded.
Here's the NetBSD files I grabbed all in one .rar file. This executable will boot NetBSD for the following devices: IPAQ h3100, h3600, h3660, h3900, Jornado 720(US/Many Europe/Japan) & Jornado 820(US/Japan).
http://www.mediafire.com/file/ync2ltv3l7oo4si/NetBSD.rar
Inside the folder are the 3 files you need to boot NetBSD under WindowsCE (hpcboot.exe, netbsd-IPAQ.gz and netbsd-IPAQ.symbols.gz) Put all three files on the root of your memory card and execute bootloader to boot into NetBSD.
Also in the .rar is a list of the md5 checksums for each file.
NetBSD has a lot of support for older hardware. Look them up: http://netbsd.org/
Or check out their long list of supported machines.
http://netbsd.org/ports/
If anyone needs a widget for verifying md5 checksums under Windows OS, here's an outstanding one from Jem Berkes. I've used this freeware many times (On XP and Win7). A nice, small footprint program that just works great.
http://www.mediafire.com/file/bhebw4ozo6dz767/md5sum checker.rar
rx3115
I have an rx3115 also. I have tried angstrom, with no luck. I am following your progress.
Thanks for the reply, kati. Now I don't feel so lonely.
And I added a Thanks to your meter for your post in this thread:
http://forum.xda-developers.com/showthread.php?t=472643
It seems like your post there got a cook interested in our device. I posted some links and PMed him some info. I'm keeping my fingers crossed. Maybe he can port over the WM 6.1 Classic ROM that was among the links I sent him. (Thanks tomcug)
Meanwhile...
Handhelds.org is still down.
Angstrom has added a new release (2011.03), but the online builder still won't include Opie in the .tar for mini2440 boards (my best hope for a working Angstrom straight from the source).
I'm still holding out hope for the "Angstrom-opie-image-glibc-test-20070620-rx3000.rootfs.tar.bz2" that I found.
http://www.mediafire.com/file/f2fsd...age-glibc-test-20070620-rx3000.rootfs.tar.bz2
I just need to find the right kernel and HaRet bootloader for it to run from SD card...
I'm basing that work on this document for installing a Loopback Image which I got translated from Portuguese (Thanx Rubberman).
http://www.mediafire.com/file/ci92vshhpojbyb8/AngPAQ rx3115.pdf
And I'm following the progress of whynot on another board where he documents his efforts to port Angstrom onto rx3115.
Here's a couple more things available for download...
The last official WM 2003 update (1.01.11) with installer
http://www.mediafire.com/file/i6k0935chhkgzlh/iPAQ rx3115 ROM 1_01_11.exe
The cooked ROM of WM 6.1 Classic designed for the rx1950. (.nbf file only)
http://www.mediafire.com/file/iu9p815w3yjpy6h/CEOS.nbf
In case any other cooks want to look at it. At 27.82mb it would just fit on rx3115 and may benefit from being trimmed down. Or someone might have more luck flashing it with the UBL mentioned above.
Here's the whole kitchen package from Victory144 and Guifort
http://www.mediafire.com/file/nna2yo92q2beiik/Flasher_Hp_Ipaq_rx1950_ENG_WM6.1.rar
It includes the installer and the .cab for the appropriate version of Mobile Office.
And just the Office cab for any WM 6.x users who may need it
http://www.mediafire.com/file/nmz3sbyuxan7c4e/office_wpc_WM6.CAB
LOL it seems rx3115s are popping up out of retirement (at least from what I see in the Googlesphere). In case any resurrected machines need it, here's the Daylight Savings Time patch for the new DST schedule.
http://www.mediafire.com/file/i51hkr3c8ep8t5e/Daylight Savings Fix.exe
Stay tuned... I'm still working on Linux booting from an SD card.
rx3115 user whynot has been having some luck getting Angstrom to boot from an SD card. I'm trying to get the proper kernel and HaRet from him. Here's his thread:
http://www.linuxforums.org/forum/mobile-devices/175821-ipaq-hp-rx3115.html
Today I uploaded ActiveSync 3.7.1 in an attempt to help xda member Orangekid sync an old device under Windows XP. If anyone else wants this fossil it can be downloaded from here:
http://www.mediafire.com/file/88xr4pjl14x7883/ACTSYNC_3_7_1.rar
A couple more things I uploaded to help others...
Uedit32 Hex Editor:
http://www.mediafire.com/file/6r8ffn1fq3bh9mu/uedit32.exe
mtty11a a command console for sending commands to iPAQ.
http://www.mediafire.com/file/7srppxvnr728ime/mtty11a.exe
A tutorial on How to install a different language ROM in your PDA I grabbed from another site and turned into a PDF:
http://www.mediafire.com/file/5e48n571jg1adqb/How to install a different language ROM in you PDA.pdf
LOL helping him has helped me... I hope. I may have a better idea of how to use a Hex Editor to change the WM 6.1 ROM and make it installable for rx3115.
I've also learned how to use mtty to make a backup of the ROM image on iPAQ to an SD card. I'll post details here later IF anyone posts that they are interested. I'd rather get back to work on my projects than spend time blogging right now.
LMAO - Handhelds.org is still down. They are one month overdue for coming back online.
I tried a few new ways to get the Kitchen ROM for rx1950 to flash to rx3115. No luck again.
tomcug has apparently given up on cooking a WM6.1 ROM for rx3115...
whynot finally replied to my query with a few tips and hints... I'll be making another run at getting Angstrom Linux to boot from SD card soon...
RumoredNow said:
LMAO - Handhelds.org is still down. They are one month overdue for coming back online.
I tried a few new ways to get the Kitchen ROM for rx1950 to flash to rx3115. No luck again.
tomcug has apparently given up on cooking a WM6.1 ROM for rx3115...
whynot finally replied to my query with a few tips and hints... I'll be making another run at getting Angstrom Linux to boot from SD card soon...
Click to expand...
Click to collapse
I'm still following ya I may not have an rx1950 but I think it's cool to see what other people on here can do. I'm rooting for you!
Great thread! I just recently started searching for Linux options for the two H3835's I have gathering dust. I retired them long ago for more modern hardware.
Now my kids (8 and 6) have taken over my (and my wife's), Android phones to play games on every time we get in the car. So I thought I'd see what I could do with the old iPaqs to make gaming devices for the kids. But before I can try to get any games running, I have to get an OS on them.
Anybody out there having any luck with the H3835? It appears from the Angstrom Forums that the "lightning fast" 206mhz StrongArm processor isn't up to the task of running Angstrom.
Handhelds.org is still down, so I can't try Familiar yet. I read somewhere else that the delay in bringing the site back up is due to the developers & site admins being adversely impacted by Nokia's recent decision to cease development on Maemo/Meego in favor of Windows Mobile 7. If that's the case, maybe it will be down permanently?
Sadly, I'm a compulsive tinkerer with old hardware and I may not be able to rest until I get it working or brick the silly things.
Thanks for joining my thread Markedswan.
Yeah, Handhelds.org is still down... Interesting rumor - I think I read on a wiki page that there is a split among the developers over some code. The server owner may have frozen access pending legal clarifications. LMAO - It's supposed to be Open Source.
I too am a relentless tinkerer. I understand the upgrade or brick it mentality.
First thing I did was look up the h3835 specs on www.pdadb.net That Intel StrongARM SA-1110 CPU looked familiar from my research so I double checked...
NetBSD (Unix) supports lots of old hardware. Your CPU is in their Tier I support group (the highest level of support). http://netbsd.org/ports/#ports-tier1 (The hpcarm listing.) Clicking that link shows that your processor is supported. http://netbsd.org/ports/hpcarm/#processors
h3835 is not listed specifically, but your system architecture is the same as the h3600 series. The only difference is you have twice the ROM. The NetBSD package that I tried should boot on h3835 from the SD card.
http://www.mediafire.com/file/ync2ltv3l7oo4si/NetBSD.rar
or if you prefer to get it from the source
http://ftp.netbsd.org/pub/NetBSD/NetBSD-5.1/hpcarm/
Don't forget the MD5sum checker if you need it. A list of the MD5 sums for each file is in the NetBSD folder.
http://www.mediafire.com/file/bhebw4ozo6dz767/md5sum checker.rar
Good luck and be sure to go to http://netbsd.org/ for documentation and support help.
Interesting
Interesting work going on here. Have you tried Android 0.8? It seems to be the most light-weight and flexible choice of Android out there.
Hmmm... That's a thought. I'll definitely look into it. I'm still trying to block out some time to get Angstrom to boot up. I finally got a working (or so my source says) HaRet. I just need the right Linux image.
But I'll give Android 0.8 a try for sure.
I've read that Android was too much for these devices. Memory on Android devices is in the Gigibytes (my phone has 10 GB on board I believe) while the iPaqs have less than 100mb typically (mine has 96mb between the RAM and ROM). I have no idea if that is truly the case though. Maybe with a decent size CF or SD card on board?
Rumorednow: NetBSD looks promising from what I've read on the website. Do you know off hand what window manager options will work with the handhelds? I wasn't seeing anything in the packages specifically for handhelds, maybe I missed something. I'll dig deeper, but thought I'd ask in case you knew.
I have the Compact Flash jacket for my 3835, so was thinking about trying Debian (which I'm more comfortable with) & can boot off a 1 GB Compact Flash card. Debian's site says the ARM version was designed with XScale processors and some of the custom router processors in mind, but the instruction set is specficially called out as being V4 for maximum compatability (the StrongARM in my iPaq uses the V4 instruction set) rather than the V5 native to the XScale series which came after StrongARM was introduced. So maybe it will work? I believe OPIE works with Debian as a window manager and that seems pretty slick and well supported.
I'll be living out of a suitcase for work pretty much all of May, so I'll have some time to tinker on this more in the evenings then. But, maybe someone will have it all figured out by then though?
Markedwsan said:
I've read that Android was too much for these devices. Memory on Android devices is in the Gigibytes (my phone has 10 GB on board I believe) while the iPaqs have less than 100mb typically (mine has 96mb between the RAM and ROM). I have no idea if that is truly the case though. Maybe with a decent size CF or SD card on board?
Rumorednow: NetBSD looks promising from what I've read on the website. Do you know off hand what window manager options will work with the handhelds? I wasn't seeing anything in the packages specifically for handhelds, maybe I missed something. I'll dig deeper, but thought I'd ask in case you knew.
I have the Compact Flash jacket for my 3835, so was thinking about trying Debian (which I'm more comfortable with) & can boot off a 1 GB Compact Flash card. Debian's site says the ARM version was designed with XScale processors and some of the custom router processors in mind, but the instruction set is specficially called out as being V4 for maximum compatability (the StrongARM in my iPaq uses the V4 instruction set) rather than the V5 native to the XScale series which came after StrongARM was introduced. So maybe it will work? I believe OPIE works with Debian as a window manager and that seems pretty slick and well supported.
I'll be living out of a suitcase for work pretty much all of May, so I'll have some time to tinker on this more in the evenings then. But, maybe someone will have it all figured out by then though?
Click to expand...
Click to collapse
The packed android kernel is only 30 or 40 mb if i'm not mistaken. You would have the whole thing from there.
Hi I'm new and registered specifically because of this thread. I gotta agree with you, waaay too little support for the rx3115. I love this iPaq, have 2 of them and I use them for everything (especially with the nifty universal remote feature, I run around and turn things on and off and annoy my girlfriend a lot). As great as I think it is, it really needs some updating in any way possible really.
Great job on pushing forward with all the different options. Anything you need a second tester on just give me a shout, my 2nd one can be used as a guinea pig
Also... What happened to handhelds.org? I check in every day wishing for a shinning ray of hope that they'll be up and running again soon
So after reading about all the App Store hacks that have developed around Fiddler2, I decided to give it a go myself. After setting up the proxy, I noticed that most SSL-based transactions were failing to connect on my device (Windows Updates, Email, etc).
I exported the SSL cert that fiddler 2 installed on my development PC, emailed it to myself, and installed it on my Windows Phone device. LO and Behold, Most of my SSL issues went away! (App store still woudn't auth). More Interestingly, Windows Updates started checking for updates successfully. These transactions are done with SOAP calls.
The basic process is as follows:
1. Phone initiates a connection to the windows update server
2. a series of cab files are downloaded containing certificate and base URL info of the update server
3. the phone connects to the update server with a list of all updates it has installed as well as a unique device identifier.
4. the server responds with a list of updates that it wants the phone to evaluate.
5. If the phone decides it needs the update, it sends a request to the server for instructions to deter
6. the server responds with a specially crafted packet that contains a link to where the microsoft cab can be downloaded from as well as a checksum of the cab file and evaluation instructions to determine if the update is needed. (checking registry keys, etc the SOAP commands contain things like RegRead32)
7. the phone then downloads and installs the update, if needed.
Fiddling around with fiddler, I was able to remove the "filter" GUID from the phones request to the server. As a result, it evaluated and installed any update it could get its hands on. The Hardware Test app still shows that my last update was 5/1/2013, but the number of updated packages included in that update jumped from 83 to 200!
I have some more experiments I would like to try (such as trying to blindly write a reg key instead of just reading it...anyone know of a good one?). I am also wondering if I can somehow package a Microsoft cab file, and tell the update mechanism to download and install it. Depending on how it evaluates the cabs, I might be able to get away with signing the cab with the private key from the Fiddler certificate I installed.
Just thought I'd pass along
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Not that i seriously looked into that, but you may probably consider these entries as interesting
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=DWORD:A
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppLicenseCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppSignatureCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppProvisioning"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\.NETCompactFramework\Managed Debugger]
"Enabled"=dword:0
"AttachEnabled"=dword:1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\Debugger]
"WaitForAttach"=dword:1
Some of those might get obsolete already, though.
Though, the most interesting thing one can do with registry is enabling KD.
For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now.
Click to expand...
Click to collapse
Yeah
I've never really looked at the fact: which certificate is used by actual cabs? look at *.cat file
GoodDayToDie said:
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Click to expand...
Click to collapse
Will do! Here is where it gets interesting...The attached screenshots are of a SOAP request from my phone to the update server (I disabled filtering, so the GUID isn't present) and then it's response for "missing" updates to evaluate.
the section labeled "xml" contains the instructions on how to evaluate if the update is needed.
here is a cleaned up, friendly dump of what is in the "XML" section it needs to parse to determine if an update is applicable:
Code:
<UpdateIdentity UpdateID="f092f820-8161-410b-ab11-c7a6d36b7837" RevisionNumber="101" />
<Properties UpdateType="Software" />
<Relationships>
<Prerequisites>
<UpdateIdentity UpdateID="eb644fbf-5e6e-4719-b97c-485ffb9e867f" />
<AtLeastOne>
<UpdateIdentity UpdateID="450b8808-d056-4c18-a383-2db11e463eb0" />
</AtLeastOne>
</Prerequisites>
</Relationships>
<ApplicabilityRules>
<IsInstalled>
<CspQuery LocUri="./DevDetail/SwV" Comparison="GreaterThanOrEqualTo" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
</IsInstalled>
<IsSuperseded />
<IsInstallable>
<And xmlns="http://schemas.microsoft.com/msus/2002/12/LogicalApplicabilityRules">
<CspQuery LocUri="./DevDetail/SwV" Comparison="LessThan" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
<b.RegSz Key="HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Windows\CurrentVersion\DeviceUpdate\Agent\Protocol" Value="TestTarget" Comparison="EqualTo" Data="72c5dc6d-00a9-412f-9d13-f4f483f2ed7f" xmlns="http://schemas.microsoft.com/msus/2002/12/BaseApplicabilityRules" />
</And>
</IsInstallable>
</ApplicabilityRules>
an interesting URL with info from someone else that was looking into this for Win7...
http://withinwindows.com/2011/03/06/notes-on-windows-phone-7-update-process-thus-far/
I wonder if we can figure out what "updates" are actually required if we can trick the server into giving us more OOB updates/othercarrier updates/updates we aren't "supposed" to have..
Found some info on the "Evaluate" action:
Action: The action that clients in the specified target group will perform on this revision: Install, Uninstall, PreDeploymentCheck (which means that clients will not offer the update, just report back on the status), Block (which means that the update will not be deployed, and is used to override another deployment), Evaluate (which means that clients will not offer the update and will not report back on the status), or Bundle (which means that clients will not offer the update for install; it is only deployed because it is bundled by some other explicitly deployed update).
Click to expand...
Click to collapse
source:
http://msdn.microsoft.com/en-us/library/cc251980.aspx
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
If either that DLL or any of those certificates are not signed (highly unlikely, but worth checking), or if the DLL doesn't enforce the signature check (extremely unlikely), or if any of the certs include the private key or use a weak hash algorithm or a short key... maybe. I checked the certs, though; they at least are clean. Nothing useful that I saw.
Reverse engineering the DLL may be useful, but it's probably native code and therefore a pain to decompile.
aclegg2011 said:
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
Click to expand...
Click to collapse
Those are the first steps in the update process. Basically, it gets the certs that it will use for validation and server communication. then the CAB file contains the info on what servers are used for Windows Update communications. It then logs that a request has been made to the tracking server. After that, it gets a list of updates from the v6 address. If there are no updates, Once the update process is complete, it logs the result to the tracking server.
Do you guys think I could use this to fix the problems I seem to have when trying to stream or download music from Xbox Music? I get a lot of errors, or this song can't be played on your device and some times the app crashes. I have had this problem since I switch from my Windows Phone 7 device to my Nokia Lumia 920, and I am on my 4th 920. I think for some reason the Music store is getting botched certificates or something.
Kind of on the same subject. anyways i extracted around 140 Certificated from a HTC 8x Ruu. then installed them to my pc. Which is windows 7. The cool part was i was able to install windows phone sdk 8 and 8.1 with emulators and visual studio 2013. which i though all of these were not possible to run on windows 7. all because of certificates from a rom.
I found where the system registry files are stored inside the ffus. This is from my Lumia 928 factory ffu.
Code:
\Windows\System32\config - DEFAULT, DRIVERS, FP, ProvisionStore, SAM, SECURITY, SOFTWARE, SYSTEM
\Windows\System32\config\MOUNTMGR - SYSTEM
\Windows\System32\config\unmodified - BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
\EFIESP(Different Partition)\Windows\System32\config\unmodified - BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
All of these files contain regf as the first few characters in hex. Beyond that, the files are mostly garbage looking at them in Notepad++.
I haven't been able to find any registry editors yet that can edit them, including ones built for Windows CE/Mobile or even Win7/8.
Anyone know of something that can display it in a normal fashion? (without needing a WP8 device to attempt to edit it on.)
EDIT: The files from \Windows\System32\config have been zipped for simplicity reasons (for those of you who don't have a ffu handy)
EDIT2 (August 22): The files from the GDR2/Amber update from my phone's rom have been added.
WalkingCat said:
OK, this is a reply to this thread, but apparently I can't post in that forum yet.
So, you've found registry file inside \Windows\System32\config, and this is the way to open and edit it.
No third-party tools needed, just use regedit.exe in your Windows system
1. Run regedit.exe
2. Click on any root key, like HKEY_LOCAL_MACHINE
3. Open File menu, select Load Hive
4. Select a file in your mounted ROM \Windows\System32\config, like SOFTWARE or SYSTEM, open it
5. In the dialog asking for a name, input any text, like WP8Software
6. Registry is now loaded under HKEY_LOCAL_MACHINE\WP8Software, you can edit it.
7. Open File menu, select Unload Hive, then its written back to disk.
reference: http://technet.microsoft.com/en-us/library/cc732157.aspx
Click to expand...
Click to collapse
Check this post : http://forum.xda-developers.com/showpost.php?p=44312736&postcount=41
I used 7zip to extract the file
vivekkalady said:
Check this post : http://forum.xda-developers.com/showpost.php?p=44312736&postcount=41
I used 7zip to extract the file
Click to expand...
Click to collapse
That works fine for .wim or a .zip, but these files are the complete registry store that's same format that Windows 2000, XP, Vista, ect. uses to store the settings for hardware/drivers, windows itself, and other apps that have that kind of access (e.x. Tier3 Applications)
If it's same format as XP/Vista type it should be easy openable, look for the application on the internet.
GodlikePL said:
If it's same format as XP/Vista type it should be easy openable, look for the application on the internet.
Click to expand...
Click to collapse
Apparently it isn't. I used RegistryEditorPE, that's supposed to work with offline registries for 2000 to 7, but it kept erroring out.
Sent from my RM-860 (Lumia 928) using the OFFICIAL Tapatalk app.
This is good stuff to know. Something that should be good to note is that while I decompiled the .NET for a few of the Verizon Xaps from the 928 ROM, I discovered some Nokia-specific COM Interop that interfaces with the registry. I'm hoping I can try something out and put up a test program within the next few days and make some registry changes.
Hi
I found a registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Office Mobile\SPMC\Action\doc]
"Application"=dword:00000005
"ApplicationCommand"="app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/Default?CmdLine=-url %s"
"Action"=dword:00000003
this is for Microsoft office Word
I think we can open word using the link i guess (app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/)
so is this part useful?
can external commands executable through this part (CmdLine=-url %s) ??
something like this
http://dotnet.dzone.com/articles/windows-phone-7-tip-day-know
@snickler: Let me know if you succeed with that. I managed to sideload an app using one of those libraries (after removing nearly all the interesting capabilities...), but immediately got an error about the component not being registered. I didn't try running regsvr or anything, though...
GoodDayToDie said:
@snickler: Let me know if you succeed with that. I managed to sideload an app using one of those libraries (after removing nearly all the interesting capabilities...), but immediately got an error about the component not being registered. I didn't try running regsvr or anything, though...
Click to expand...
Click to collapse
Hmmm, which phone do you have?
Edit: I tried to deploy just a sample app with one of the .winmds referenced, and got the 0x81030120 error
Holy fuzzle.. ANOTHER EDIT: I was able to do it. I had to remove all the damn Capabilities that I added from the Nokia Maps xap though.
I referenced the NokiaRegistryUtils.winmd and just ran this sample code
MessageBox.Show(NokiaRegistryUtils.Registry.IsChinaFirmware().ToString());
It returned "false" as expected.
I'm going to try something else now.
Something to note, in the WMAppManifest.xml, the following needs added after the <Tokens> declaration
<ActivatableClasses>
<InProcessServer>
<Path>NokiaRegistryUtils.dll</Path> <-- or whatever dll you're adding
<ActivatableClass ActivatableClassId="NokiaRegistryUtils.Registry" ThreadingModel="both" />
</InProcessServer>
</ActivatableClasses>
vivekkalady said:
Hi
I found a registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Office Mobile\SPMC\Action\doc]
"Application"=dword:00000005
"ApplicationCommand"="app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/Default?CmdLine=-url %s"
"Action"=dword:00000003
this is for Microsoft office Word
I think we can open word using the link i guess (app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/)
so is this part useful?
can external commands executable through this part (CmdLine=-url %s) ??
something like this
http://dotnet.dzone.com/articles/windows-phone-7-tip-day-know
Click to expand...
Click to collapse
Where did you find that key?
in ffu file
location <ffu mount>\Windows\Packages\RegistryFiles\Microsoft.Office.Word.reg
Perfect. That's what I'm doing now, but just from my 920 ROM dump. I can access the registry sections that Nokia provides in their app, but I can't from the one you provided me. I'm going to do more tests to see if this is using HKCU rather than HKLM. It could also be that the registry keys have permissions placed on them.
Hmm,
I'm able to get the value of SOFTWARE\Classes\MIME\Database\Codepage\1254 -> BodyCharset
I may write a simple app that reads registry from Lumia devices... I think that's going to happen today.
found these things dont know it is of any use
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3]
"DefaultId"="{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
Click to expand...
Click to collapse
http://support.microsoft.com/kb/287547
vivekkalady said:
found these things dont know it is of any use
http://support.microsoft.com/kb/287547
Click to expand...
Click to collapse
I did find THIS..
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=dword:7FFFFFFF"
That translates to the value of InterOp unlock by default which means we should be able to sideload more than 10 apps at a time.
I also found these within policy xml files
Code:
Microsoft.BaseOS.SecurityModel.policy.xml
<Capability ElementID="2EF45E94A01864DE3387212D6E73AEA885E709AD0F24FB97FE2E84728CB09D14" AttributeHash="49B8EC80A54998B68D7F65A44A340FD28B535494B7A41D650FD94851E38A6B6B" Id="ID_CAP_DEVELOPERUNLOCK" AppCapSID="S-1-15-3-1024-2489250862-3731101856-757172019-2830005102-2903107461-2549818383-1921265406-345878668" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1443" FriendlyName="Enable bearing chamber to load unsigned modules" Visibility="Internal" />
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>
Need a Nokia Device?
snickler said:
I may write a simple app that reads registry from Lumia devices... I think that's going to happen today.
Click to expand...
Click to collapse
Thats great! If anyone needs a Nokia device to test on, Nokia has Remote Device Access to those who need it. Its a free service to anyone who has a Nokia DEVELOPER account, which is separate but free as well. The devices they mostly have are Lumia 820s, but the have a few others (620, 720, 920 and the 928.) The great thing about them, you can deploy an xap and run the apps. Some of those phones have sims in them and some of them have a "Nokia On-Device Diagnostic Tool". The only drawback, is that the connection can be SLOW.
Huh, you had to add the InProcServer manually? That may be the problem, then. I'm not sure why they're using COM - it works just fine to simply use the native Win32 APIs (add references to ADVAPI32LEGACY.LIB and/or KERNELBASE.LIB; that's what my NativeAccess library does and it works fine) - but it's good to know that COM is, in fact, usable.
Yeah, I already found those policy files. As I've said in other posts, if you can find a way to sideload an app that uses them, we can do a lot more than is currently possible - the internal and private capabilities (and some of the so-called public ones, most of which still won't install) have all kinds of cool potential.
One advantage of the WP8 app model, as opposed to the WP7 model that used ID_CAP_INTEROPSERVICES for everything, is that an app like you're making may well work on other devices. The fact that you got the interop-lock error means that the app did have ID_CAP_INTEROPSERVICES specified, so it may use it for some things, but the registry access is probably not one of them.
GoodDayToDie said:
Yeah, I already found those policy files. As I've said in other posts, if you can find a way to sideload an app that uses them, we can do a lot more than is currently possible - the internal and private capabilities (and some of the so-called public ones, most of which still won't install) have all kinds of cool potential.
One advantage of the WP8 app model, as opposed to the WP7 model that used ID_CAP_INTEROPSERVICES for everything, is that an app like you're making may well work on other devices. The fact that you got the interop-lock error means that the app did have ID_CAP_INTEROPSERVICES specified, so it may use it for some things, but the registry access is probably not one of them.
Click to expand...
Click to collapse
The best part is that the Nokia CityLens uses ID_CAP_INTEROPSERVICES, but I can't find anything that references it.
The winmds use System.Runtime.InteropServices though.
The Nokia app I got the RegistryRT from didn't use the INTEROP Capability at all, but I did notice that I had to add that extra stuff in the AppManifest.
Hi guys,
I tried to implement good old method to block unwanted ads by adding advertising sites to the HOSTS file, on the Sammy ATIV Odyssey (full FS unlock) and it works perfectly But I'm still unsure ('cause I'm developer and do have some ad-based apps in store) - should I post this info? BTW, we do have mods, lets give 'em the rights to decide, delete this thread or not...
So, this method is pretty simple (he-he, same as my very-very first WP7 hack):
1) You muist have an interop-unlocked handset with full FS access
1) Download the latest "blocking" hosts file, for example, from here
2) Rename your download from hosts.txt to HOSTS
3) Connect your handset to PC, navigate to \Windows\system32\drivers\etc folder
4) Paste downloaded HOSTS file, choose "replace" in the copiyng dialog.
5) That's all folks!
You don't need to reboot (like on Android phone with AdAway app) - now your handset is ads-free...
If you wanna revert back, just delete \Windows\system32\drivers\etc\HOSTS file.
Nice! I will try it! ?
Sent from my Ativ S with Tapatalk 2
@sensboston:
Am I right in assuming that there's no way to interop-unlock a WP8.1 phone like the Lumia 930? At least I couldn't find one...
After some years I did the 2nd attempt to adopt to WP. The first one lasted for a day or so. Now, after some days of using the Lumia 930, I really really love it. Not only the device, but also WP8.1. But the fact that there is no way to block ads in browsers is really really annoying. I have no problems with ads in apps, because if I like an app, I purchase it anyway. But I can't "buy away" ads in browsers, and lots of sites get more or less unusable in mobile view and without ads being blocked.
Unfortunately there's not even an alternative browser for WP that would have the capability to block ads...
Worked on Lumia
I did this on my Lumia 1520 without Interop unlock
Works fine, thanks
I did this AGES ago on my 8X. Didn't think it was post-worth lol.
djamol said:
I did this on my Lumia 1520 without Interop unlock
Click to expand...
Click to collapse
How exactly did you do that? My assumption was that you need interop-unlock in order to access the file system, including the hosts file. If you are not interop-unlocked, I would assume you have some other kind of unlock. Developer-unlock?
compu829 said:
I did this AGES ago on my 8X. Didn't think it was post-worth lol.
Click to expand...
Click to collapse
You know, right after my first "hack" for WP7 (also it was my first post here ), a lot of websites and forums are announced this hack without reference to me or xda. But (he-he ) , just AFTER my post...
This hack (from the user experience) is one of the most useful hacks for WP. But as a developer with ads-based apps, I was in a quandary - should I post it here or not...
BigBlue007 said:
How exactly did you do that? My assumption was that you need interop-unlock in order to access the file system, including the hosts file. If you are not interop-unlocked, I would assume you have some other kind of unlock. Developer-unlock?
Click to expand...
Click to collapse
No Interop Unlock, nor developer unlock, I used my own "Root Tool" app from windows store. Which is capable of all second party capabilities.
My pleasure.
djamol said:
No Interop Unlock, nor developer unlock, I used my own "Root Tool" app from windows store. Which is capable of all second party capabilities.
My pleasure.
Click to expand...
Click to collapse
Is there a way you can walk me through the process to use your app
Oh, I've got your "Root Tool" - still no luck for handsets without SD-card
P.S. He-he, I believe, I'll get WP10 Lumia-940 before someone will release hack for the Lumias without sd-card...
@djamol: I'm curious, how'd you manage to replace the HOSTS file on a non-Samsung phone? Root Tool doesn't allow moving files out of Windows directory, or copying or moving files in, unless you're using the Samsung CRPComponent.
Similarly, while you can get read access to the Windows directory via MTP when using Root Tool, you can't get full FS access; most of the file system (like the Windows dir) will be read-only or even totally unavailable.
I edited the HOSTS file on my Samsung - in fact, I wrote an app to do it, because I had to do it for work sometimes - but that was using CRPComponent or Full FS Access via MTP, neither of which are currently possible on a Lumia using any public hack I know of...
GoodDayToDie said:
@djamol: I'm curious, how'd you manage to replace the HOSTS file on a non-Samsung phone? Root Tool doesn't allow moving files out of Windows directory, or copying or moving files in, unless you're using the Samsung CRPComponent.
Similarly, while you can get read access to the Windows directory via MTP when using Root Tool, you can't get full FS access; most of the file system (like the Windows dir) will be read-only or even totally unavailable.
I edited the HOSTS file on my Samsung - in fact, I wrote an app to do it, because I had to do it for work sometimes - but that was using CRPComponent or Full FS Access via MTP, neither of which are currently possible on a Lumia using any public hack I know of...
Click to expand...
Click to collapse
He used this http://www.windowsphone.com/en-in/store/app/root-tool/f4acc009-ea1e-4063-9bab-fec50195aa1e
GoodDayToDie said:
@djamol: I'm curious, how'd you manage to replace the HOSTS file on a non-Samsung phone? Root Tool doesn't allow moving files out of Windows directory, or copying or moving files in, unless you're using the Samsung CRPComponent.
Similarly, while you can get read access to the Windows directory via MTP when using Root Tool, you can't get full FS access; most of the file system (like the Windows dir) will be read-only or even totally unavailable.
I edited the HOSTS file on my Samsung - in fact, I wrote an app to do it, because I had to do it for work sometimes - but that was using CRPComponent or Full FS Access via MTP, neither of which are currently possible on a Lumia using any public hack I know of...
Click to expand...
Click to collapse
So what i told you before a many times. I've mentioned you a lots of time in my posts.
http://forum.xda-developers.com/showthread.php?t=3014867
http://forum.xda-developers.com/showpost.php?p=58925177&postcount=7
On Lumia device there is a lots of some pretty well arbitrary resources that can allow us to access the "SYSTEM" resources.
I think we had a big miss-understanding about the RPCComponent. because of RPCComponent uses "DeviceIOControl" for registry access and not the RPC functionality. (forgive me if i wrong in my knowledge. I'm a student and new to WP/.Net Platform)
On Lumia Device there is .winmd component known as "Nokia.SilentInstaller.Runtime.winmd" uses "DeviceIOControl" API.
For the "FileSystem" API it works fine without any restrictions which is implemented in "Nokia.SilentInstaller.Runtime.winmd"
But registry access could not getting a well token privileges. we need to find some unlocking trick for registry access (like NonProductionErrors.txt) for that .winmd component to handle the "CreateFileW" function for "DeviceIOControl" API.
About the "Root Tool" App.
There is no update for "Root Tool" app. It is still on the FIRST Release.
Currently I'm working for the "Root Tool Beta" update and I've implemented such resources in my "BETA" build.
I can't do a fast development because of my less/poor Programming knowledge and due to my college busy scheduled.
Thanks.
Can someone make a tutorial how to make it work on lumia 735 please ? i'm new on WP and doesn't understand everything for now
@djamol: My apologies, I somehow missed that you'd managed to get file access working. That's great!
Looking at the APIs that NdtkClient.dll imports, I'm pretty sure it's using RPC, not DeviceIoControl (IOCTL). That's not really important, though; both require INTEROPSERVICES. It's just easier to write our own code using IOCTLs than using RPC, but since we already have a client library, hopefully that won't be needed...
@GoodDayToDie, @djamol: guys, could you please be a little bit more specific? Do you have a .winmd for this dll or function prototypes (not just exports)? NdtkClient.dll library is already on \Windows\system32? Or it should be ingested to the app package? (in this case, the app will be banned on automatic certification process).
As for the "Root Tool" (published in store), it's not using NdtkClient.dll (as far as I know). The file access via FileSystem.winmd/FileSystem.dll to system areas is read-only...
Could you share your finds to general public here or (at least) in private mail? Thanks!
@GoodDayToDie
Yes, Both requires ID_CAP_INTEROPSERVICES.
Can you send me FileSystem's code which is you developed base on the RPCComponent ?
I'll try to port it for lumia using NtdkSvc as possible.
I hope you can port it also for lumia in minutes but I'll try though.
@sensboston
There is no .winmd file for "NtdkClient.dll". You will find that .dll in extras+info app.
and "NtdkSvc.dll" in this path "C:\Windows\System32\NdtkSvc.dll".
There is a very simple trick to bypass the Store Submission process including with kernel libs.
sensboston said:
FileSystem.winmd/FileSystem.dll to system areas is read-only...
Click to expand...
Click to collapse
Even those cap's cant write here until using any System Resources.
"C:\Data\Users\PUBLIC"
But can write here.
"C:\Data\SharedData\OEM\Public"
"C:\PROGRAMS\CommonFiles\OEM\Public"
FileMoveEdit alpha-ish thing
Here you go. It's not been updated in ages, aside from some really minor tweaks I made just now. It's a WP8.0 app; it'll run on a sufficiently-unlocked 8.1 phone, but uses no 8.1 APIs. It also has some known bugs that I really ought to fix, though I'm working on other stuff at the moment.
You can probably get at least some of its tricks working on Lumias, though you may need to drop the symlink functionality as that both requires full capability-unlock and requires editing the NTFS configuration settings in the registry (the same key that, on desktop Windows, is edited by the "fsutil" program).
@GoodDayToDie
Sad thing happened for me. My device screen got broken
So I'm opening a new thread for "Root Tool" app public development.
It would be great for everyone.
Can anyone suggest me for which is best method for public development or any github/codeplex useful ?
@djamol, github is allright.
This is in a similar vein to the samsung and lumia ones. I just reversed a bunch of LG VW820 stuff, having come across the files on my travels, and there's a hidden "diagnostic" app, that contains a native COM DLL and WinMD, that talks to a service lgdevicesvc.exe
The exposed methods allow among other things for read/write to any string or DWORD value in HKLM with privileges.
This can obviously be used for interop unlock and bootstrapping Myria's exploit etc.
There are actually a few xaps preinstalled with CAP_INTEROP_SERVICES, not sure if the SD Card trick can be done on WP8.1 on one of these phones. On WM10 it'd be easy of course, just enable developer mode and sideload the app.
Anyway, I don't have one of these LG phones, and i'm not sure if others too have this service but they probably do.
I would code my own app for this but i've never devved a WP app before and I'm not installing the whole of visual studio, when SharpDevelop can do.
Besides, this would be a nice addition to Root Tools.
Since Microsoft just updated Windows Device Recovery Tool to support the VW820 I just happen to have a newly unbricked VW820 that I'm not using sitting here. Already replaced it with a L735. Just dumped the ffu. A quick look at rdata after unpacking lgdevicesvc.exe shows quite a lot going on. How to access?
Link to ffu, vhd, and dumped partitions...
https://onedrive.live.com/redir?resid=1EF905E4DA386676!280632&authkey=!APVdiCsfeK95lms&ithint=file%2cffu
Here's the dll and winmd...
Wack0Distractor said:
Here's the dll and winmd...
Click to expand...
Click to collapse
this Component I think has enough access to RPC and Registry .
if you could please upload xap files with ID_CAP_INTEROPSERVICES capability maybe we can create an app to replace the original one and get some unlocks .
I think if we can't use RPC functions to set interop unlock reg values maybe we can enable test signing mode and use cab files to do Interop Unlock .
Here's all the OEM xaps with ID_CAP_INTEROPSERVICES
tonbonz said:
Since Microsoft just updated Windows Device Recovery Tool to support the VW820 I just happen to have a newly unbricked VW820 that I'm not using sitting here. Already replaced it with a L735. Just dumped the ffu. A quick look at rdata after unpacking lgdevicesvc.exe shows quite a lot going on. How to access?
Link to ffu, vhd, and dumped partitions...
https://onedrive.live.com/redir?resid=1EF905E4DA386676!280632&authkey=!APVdiCsfeK95lms&ithint=file%2cffu
Click to expand...
Click to collapse
The link dead. Do you have another copy? I am interested in those drivers for MSM8916.
LG Service codes
Code:
3845* = LG Hidden Menu
2945* = SIM Unlock App
468 = IOT Menu
5473784236368 = LG Hidden Menu
228378 = All Auto Test
33284 = Debug
7764726 = Program
3328873 = Feature
Here is first version of Interop Unlocker for LG.
Works on Win10 only.
Since I don't have device no one really knows what will happen!
imbushuo said:
The link dead. Do you have another copy? I am interested in those drivers for MSM8916.
Click to expand...
Click to collapse
https://mega.nz/#F!L01gjazB!y9HQveR1FV0j-NI1xQll1A
-W_O_L_F- said:
LG Service codes
Click to expand...
Click to collapse
Helo. How to activate this codes?