Related
Hello fellow XDAers!
I have ported a WinMobile game to Silverlight and I am really desperate for some beta testers – having been immersed in the project now for over 500 hours it's getting hard to see the wood for the trees.
If you're keen, the URL is www.squarepeggame.com
As an (attempt at an) incentive, I will reward useful beta testers with free copies of the game when it's released. Currently, things I would really like to know are:
- Does it load and run on your machine / browser?
- Are you able to create an account, and is your level position saved when you re-start?
- The Level Designer (this'll be the first time anybody has used it, go easy on me) what do you think?
- Comments on useability and interface.
- General bug reports (please be as specific as possible)
- Anyone have access to an Intel-based Mac? Does it run on that?
There are separate forums on the game site to post any questions/bugs, I am of course happy to reply here in this thread too, providing it doesn't get too cluttered.
Thank you in advance!
Carlos
PS: I'll soon be on the look out for paid level designers as well, if this is something that interests you, just sign up in-game as a developer (see the website for more info)
PPS: You might need Silverlight 2, but it only takes 30secs to download & install the plugin
- Does it load and run on your machine / browser?
Yes
- Are you able to create an account,
haven't tried (was not required
and is your level position saved when you re-start?
When I clicked the x i restarted, but when I clicked the x again the screen stayed white, nothing happened
- Comments on useability and interface.
I though the pregame pointers (in training mode) disapeared a bit too quickly
- General bug reports (please be as specific as possible)
see my 2nd comment
Mr_Gee said:
- Does it load and run on your machine / browser?
Yes
Click to expand...
Click to collapse
Hi there
Thanks very much for this, I'm nearly ready to release it - anybody else fancy giving it a go? http://www.squarepeggame.com
What would be very helpful would be if somebody wanted to use the level designer to make their own level for the game - doesn't have to be anything complex - and let me know how you get on?
C
I will try right now
hmm seems like ppc has a new level to achieve ... will try
quite heavy on my memory eats up a lot of ram; was nice to play it and as been said was able to play without using my email address
Frickin' level 7....AAARRRGGGHHH!!!! Now you have done it. I'll be at this for hours.http://forum.xda-developers.com/images/smilies/wink.gif
Runs well on Firefox 3 with Silverlight 2 for me. It allowed me to create an account and login. Haven't tested saving yet. Will do in a moment. Likewise with the level designer. The only thing that could do with altering is that on my 1920 x 1200 monitor (24 inch) the game is as far to the left of the browser as it will go. Would be better in the middle.
Yes, it did save my level when I went back. Just had the signup email. Might be worth obscuring some of the password in it . And volume controls for SFX and music would be good rather than just on or off. Level 9 of the tutorial has a spelling error, Giong instead of Going.
- Does it load and run on your machine / browser?
It runs, I am using my bro's core2duo laptop with firefox 3.0.5
- Are you able to create an account, and is your level position saved when you re-start?
Yes, I used red_hanks also and it says I am logged in with that name. Still waiting for the game to start for 15minutes now, it says "please wait" with a square spinning around. It is not my internet connection because I have a high-speed broadband. Silverlight was installed also and system is up to date with Windows Update.
- The Level Designer (this'll be the first time anybody has used it, go easy on me) what do you think?
Looks clean, like in nurserys... (just the first page where it says START, INSTRUCTIONS...)
- Comments on useability and interface.
None at the moment
- General bug reports (please be as specific as possible)
It is not loading???
Oh it's loading now...Playing it...nice game...hit thr back arrow button and it went back to the first page...playing again...hit the x button and nothin happens..hit it again and everything just went white...
Hmmm... the level editor crashes Firefox for me as soon as I click in the email box. Also happens in IEtab and Internet Explorer 7. My machine is Vista Ultimate with a Core 2 Duo E6600 with 2gb RAM. I've also had it go to a blank screen in the menus but I see this is a listed bug on your forum.
character said:
eats up a lot of ram.. was nice to play it and as been said was able to play without using my email address
Click to expand...
Click to collapse
Thanks, I'll look into any ways of further minimising RAM usage, although could be a browser thing too. Lots of sounds and pics to cache too, but will definitely investigate.
ahuskins said:
Frickin' level 7....AAARRRGGGHHH!!!! Now you have done it. I'll be at this for hours.
Click to expand...
Click to collapse
Level 7, really??! The one on the tutorial is really easy, so maybe you're talking about the actual "first hundred" playlist? Hope you cracked it! Let me know if you can't get there and want me to developer-enable your account so that you can try out the level designer.
Prof. Yaffle said:
The only thing that could do with altering is that on my 1920 x 1200 monitor (24 inch) the game is as far to the left of the browser as it will go. Would be better in the middle.
Click to expand...
Click to collapse
This is an interesting comment - I will try to get it to centre in the browser rather than left-aligning. It's funny as I had just assumed that people would move or resize the window rather than maximising it! But I want it to be as helpful as possible to the user so you're right, it should align to the middle of large browser windows.
Prof. Yaffle said:
Yes, it did save my level when I went back. Just had the signup email. Might be worth obscuring some of the password in it . And volume controls for SFX and music would be good rather than just on or off. Level 9 of the tutorial has a spelling error, Giong instead of Going.
Click to expand...
Click to collapse
These are all excellent suggestions, thank you - and typo now fixed. (the joy of all the levels coming from a SQL server is that this was a relatively trivial thing to do - if you've ever tried deploying and staging an Azure server site you'll know how long it can take...)
The volume controls might not make it into the beta release but will definitely be added later.
red_hanks said:
Hit the x button and nothin happens..hit it again and everything just went white...
Click to expand...
Click to collapse
Thanks for this, red_hanks. Can't replicate the error but could easily have been the webserver being down. Calls to WCF services from Silverlight are a little tricky and I think I need more error handling for when they don't work. I don't think you have tested the level designer by the way, just the game, in answer to your comment.
Thanks everyone! As I said before, if anyone fancies trying to design their own level using the level designer and wants to let me know the name, etc, I'd be interested to (1) play your level and (2) hear how you got on with the level designer!
There's forums over at www.squarepeggame.com too if you need help, tutorials still being made but some are there.
Carlos
Any idea what could cause the level editor to crash in IE7 and Firefox? I've tried Run As Administrator as well but still the same. As soon as I click any of the boxes (including the tickbox) it crashes.
Prof. Yaffle said:
Any idea what could cause the level editor to crash in IE7 and Firefox? I've tried Run As Administrator as well but still the same. As soon as I click any of the boxes (including the tickbox) it crashes.
Click to expand...
Click to collapse
Hmm okay it would certainly be good to get this solved!
When it crashes, does it just white-screen or is there an error message? Can you try (in Firefox), after it's crashed, going to Tools -> Error Console and seeing if there were any error messages?
C
PS: I'm assuming you're running Silverlight v2 and not some earlier beta or something. Perhaps you could try uninstalling and re-installing Silverlight for me as well, making sure of course that all browsers are closed during installation.
Great, but a few issues
It runs along fine with very few issues on my Sony Laptop (Model VGN-CR240E with Windows Vista/7 partitions, 2 gb RAM, 2 gigahertz Centrino Duo, and a 1280x800 LCD screen. I have not actually tried it on Vista, only on Windows 7 and it works wonderfully except when you enter a level and hit the "X" button in the top corner, which crashes IE8 Beta It doesn't crash under those circumstances on FireFox (Windows 7) though. However, these issues could also be attributed to the fact it is a beta OS running a beta Browser. The game seems more stable on FireFox. I will try it on Vista later, and see if that makes a difference using IE7. As for the UI, it's fine but if you added a way to go back to the main menu after you choose the green "Start" button, that would make it even better. Accounts work fine as far as I've used them. And I have not noticed any RAM issues with the game, according to Process Explorer. The game is amazing overall, and you'll have yourself a real winner when this is done. Good luck with the game
Dave
Does it load and run on your machine / browser?
It works fine on my HP laptop. I'm running Windows 7 Beta Build 7000 and using IE 8 Beta 2
Are you able to create an account, and is your level position saved when you re-start?
Yes. I created an account and the level position was saved
The Level Designer (this'll be the first time anybody has used it, go easy on me) what do you think?
I haven't been able to login to it.
Comments on useability and interface.
Nice UI. It's simple and intuitive
General bug reports (please be as specific as possible)
Problem logging into the level designer. It says I need to complete the tutorial though I've finished it.
How did it run on an Intel iMac?
Once I get to my newspaper class 2 days from now, I'll update my post.
Since I couldn't login to the dev portal, I'm just saying: I'm a Silverlight developer and I would be interested in designing levels/improving the code of the game.
Hello,
The game runs well on my Mac Book Pro with Firefox.
I was able to create an account with no issues.
UI is simple. Makes the games easy to learn.
Crashed to a white screen on level 9 of the tutorial after several moves. Was able to restart from the beginning. This was prior to creating a login. After creating a login and then finishing level 8 of the tutorial I got a pleas wait icon. It then crashed to a white screen after about 30 seconds.
Do you want us to post in the squarepeg forum instead of here?
carlosp_uk said:
Hmm okay it would certainly be good to get this solved!
When it crashes, does it just white-screen or is there an error message? Can you try (in Firefox), after it's crashed, going to Tools -> Error Console and seeing if there were any error messages?
C
PS: I'm assuming you're running Silverlight v2 and not some earlier beta or something. Perhaps you could try uninstalling and re-installing Silverlight for me as well, making sure of course that all browsers are closed during installation.
Click to expand...
Click to collapse
When it crashes it actually kills Firefox and I get the Mozilla Crash Reporter asking if I wish to report details of what I was doing. I've tried several times looking in the Error Console and there's nothing other than a couple of dead RSS feeds. If I clear it still nothing at all related. I have V2 of Silverlight installed but have just tried rebooting, removing it, rebooting again, re-installing it and still the same.
Had to d/l silverlight- plays just fine
Created account and didnt have to log in as it remembered me and where I was
Nice game, looks good and is easy to use, though the levels get tough
No bugs that I have found
Using this on my HP 17" laptop running Windows XP
Thanks for this
Everything works perfectly using Silverlight 2 on an (intel) Macbook. The levels are tough, most definitely.
DaveTheTytnIIGuy said:
On Windows 7 and it works wonderfully except when you enter a level and hit the "X" button in the top corner, which crashes IE8
Click to expand...
Click to collapse
Thanks Dave, and also for your kind comments / feeback on the game - all noted. I have not been able to reproduce this bug (IE8 beta 1 or 2?) so I'm going to put it down as a win7/ie8 quirk for now, unless I get multiple reports. How did you get on with Vista?
ND4SPD said:
Problem logging into the level designer. It says I need to complete the tutorial though I've finished it.
Click to expand...
Click to collapse
Thanks this worries me as if the game is not correctly developer-enabling accounts at all times we're in trouble. Did anything happen when you completed the tutorial? Any sort of message at all? I cannot reproduce the error as when I complete the tutorial on my machine a message box appears telling me "Congratulations!..." and my account is upgraded to developer status.
ND4SPD said:
Since I couldn't login to the dev portal, I'm just saying: I'm a Silverlight developer and I would be interested in designing levels/improving the code of the game.
Click to expand...
Click to collapse
Sure, that sounds very interesting, if we can't get this problem sorted quickly let me know and I can manually developer-enable your account so you can have a crack at the level designer. In the next phase of the launch, we (ie me) will be paying out cash for levels as well.
blazingwolf said:
Crashed to a white screen on level 9 of the tutorial after several moves.
Click to expand...
Click to collapse
Thanks for this - this sounds like an error in code rather than comms. Can you remember what moves you made in the level? If you're able to reproduce this error and then (in firefox) go to Tools -> Error Console, hopefully there will be an error message that could help me to fix this bug. The other error you mention is a known comms exception that I'll be looking at.
Prof. Yaffle said:
When it crashes it actually kills Firefox
Click to expand...
Click to collapse
Seriously? Whoa! And this happens when you click anything in the login screen of the level designer, right? (I'm assuming you got the logo and login textboxes appearing with no issues) Does the Mozilla crash reporter give you any additional info that you could send me about the crash?
Thanks so much for re-installing, by the way, sorry this didn't help. This doesn't sound like it's something that's going to be easy to diagnose, in fact I already have a headache just thinking about it. Possibly a silverlight bug, a browser bug, or both. Do you have javascript enabled in Firefox, by the way? And have you tried logging in with Internet Explorer, does that work?
blazingwolf said:
Do you want us to post in the squarepeg forum instead of here?
Click to expand...
Click to collapse
You know people, as we're now discussing multiple issues, and I don't want to abuse the charity of xda-developers for hosting this discussion, it might actually be better to gradually move things to the squarepeg forums. (http://forums.squarepeggame.com) I'll disable email account activation for a few days to make it quicker for you to set up accounts.
Of course if people would prefer to post here, that's understandable, I'll still gladly answer posts in this thread.
On a general note, thanks for all the testing so far (eg stanglifemike) - and I'm really pleased that the general impression of the game itself seems to be a good one... ...oh, and @elazullizard - thanks for the feedback... are the levels really that tough? Are you talking about "The First Hundred" or the tutorial?.. ..if it's the tutorial I'm now worried that I've made it too hard!
Carlos
(sorry about my chinglish )
So here's how:I locked my nexus10 and forgot the password, and I do not see the "Forgotten" button on the screen and also I didn't turn USB debugging mode on, so is there any possibility I can save my data instead of cleaning them up? Thank you (btw, I deleted the original recover files(because I once booted Ubuntu Touch on it) how can I reset it anyway?) Tanks a lot
EX_RIVER said:
(sorry about my chinglish )
So here's how:I locked my nexus10 and forgot the password, and I do not see the "Forgotten" button on the screen and also I didn't turn USB debugging mode on, so is there any possibility I can save my data instead of cleaning them up? Thank you (btw, I deleted the original recover files(because I once booted Ubuntu Touch on it) how can I reset it anyway?) Tanks a lot
Click to expand...
Click to collapse
If you have TWRP (not sure about Clockworkmod), "Factory Reset" will leave personal files on while clearing settings, custom apps, etc. FORTUNATELY, there is no way to bypass, other than resetting the device, the password for security reasons
dibblebill said:
If you have TWRP (not sure about Clockworkmod), "Factory Reset" will leave personal files on while clearing settings, custom apps, etc. FORTUNATELY, there is no way to bypass, other than resetting the device, the password for security reasons
Click to expand...
Click to collapse
Pretty sure that's not true, strictly speaking. Unless OP is talking about encryption, flashing a new ROM over top will preserve most user data saved on /sdcard (much to my annoyance).
Rirere said:
Pretty sure that's not true, strictly speaking. Unless OP is talking about encryption, flashing a new ROM over top will preserve most user data saved on /sdcard (much to my annoyance).
Click to expand...
Click to collapse
You are correct. I forgot that circumstance. TWRP specifically excludes the data/media area
Sent from my Samsung Galaxy Victory via XDA Developers App
dibblebill said:
You are correct. I forgot that circumstance. TWRP specifically excludes the data/media area
Sent from my Samsung Galaxy Victory via XDA Developers App
Click to expand...
Click to collapse
I mean, it's useful because if you flub a flash you can use a backup, but these recoveries are not secure and aren't designed to be.
EX_RIVER said:
(sorry about my chinglish )
So here's how:I locked my nexus10 and forgot the password, and I do not see the "Forgotten" button on the screen and also I didn't turn USB debugging mode on, so is there any possibility I can save my data instead of cleaning them up? Thank you (btw, I deleted the original recover files(because I once booted Ubuntu Touch on it) how can I reset it anyway?) Tanks a lot
Click to expand...
Click to collapse
USB debugging isn't required for ~all~ USB stuff, so you should try it anyways.
Then, as long as you still know your Google password you can install this to your Nexus, via the web (no log on to device actually needed):
http://www.androidlost.com/
I haven't actually tried or used that program, so cant say 100% it will work on N10 - but "in general" it seems like it should!
:good:
bigmatty said:
USB debugging isn't required for ~all~ USB stuff, so you should try it anyways.
Then, as long as you still know your Google password you can install this to your Nexus, via the web (no log on to device actually needed):
http://www.androidlost.com/
I haven't actually tried or used that program, so cant say 100% it will work on N10 - but "in general" it seems like it should!
:good:
Click to expand...
Click to collapse
I don't know if AndroidLost can unlock a device, and he doesn't seem to have lost it either. Unless an app had root/device admin access, I can't imagine that it would have the privileges necessary to remove authentication from a device (since that seems to be the pinnacle of bad security). Secure Settings + Tasker can do it, but you need to set that up beforehand.
Rirere said:
I don't know if AndroidLost can unlock a device, and he doesn't seem to have lost it either. Unless an app had root/device admin access, I can't imagine that it would have the privileges necessary to remove authentication from a device (since that seems to be the pinnacle of bad security). Secure Settings + Tasker can do it, but you need to set that up beforehand.
Click to expand...
Click to collapse
It says it can:
Lock the phone
You can lock and unlock the phone from the web. If you forget your pincode you can simply overwrite it or remove it from the web
bigmatty said:
It says it can:
Lock the phone
You can lock and unlock the phone from the web. If you forget your pincode you can simply overwrite it or remove it from the web
Click to expand...
Click to collapse
I don't think this means what you think it means (and I could be wrong). Many security apps like avast! offer a similar "locking" functionality, where the normal lockscreen (whatever security it is) is covered by a second lockscreen, superimposed over all system UI elements to prevent access. This lockscreen is controlled by the app, but it will not affect any underlying security (basically, think of it as a replacement lockscreen for security reasons, not much unlike HoloLocker or Go Launcher's lockscreen).
Rirere said:
I don't think this means what you think it means (and I could be wrong). Many security apps like avast! offer a similar "locking" functionality, where the normal lockscreen (whatever security it is) is covered by a second lockscreen, superimposed over all system UI elements to prevent access. This lockscreen is controlled by the app, but it will not affect any underlying security (basically, think of it as a replacement lockscreen for security reasons, not much unlike HoloLocker or Go Launcher's lockscreen).
Click to expand...
Click to collapse
I don't know man, and like I said I've never tried it. But its a super popular app, and has been featured in write ups. On their main page it states that text, as the fifth "main feature" which seems pretty straight forward to mean "the main lock screen"...
bigmatty said:
I don't know man, and like I said I've never tried it. But its a super popular app, and has been featured in write ups. On their main page it states that text, as the fifth "main feature" which seems pretty straight forward to mean "the main lock screen"...
Click to expand...
Click to collapse
No good, sorry. You're right on one count-- I just tested it, and it does interact with the stock lockscreen. Unfortunately, as I said earlier, unless the app is granted root/device admin privileges, no Android app can change the stock lockscreen...and since OP can't get into his device, he can't grant it device admin.
Rirere said:
No good, sorry. You're right on one count-- I just tested it, and it does interact with the stock lockscreen. Unfortunately, as I said earlier, unless the app is granted root/device admin privileges, no Android app can change the stock lockscreen...and since OP can't get into his device, he can't grant it device admin.
Click to expand...
Click to collapse
Nice on the testing! Too bad about the unlock. Perhaps he can still use it to offload his content though.
Did you try to "push" it to your device w/out installing it direct? I have wondered if I should pre-load this app on my devices, but "they" tout its remote-install-ablity, so I somewhat feel like I would not have to pre-install. (But then again, Im always apprehensive of claims that make things seem super easy.)
EDIT: Hmmm.... I see it requires "SMS" to install this on a device via Push - so I guess it NEEDS to be pre-loaded on a N10 if one wishes to use it to retrieve a lost N10, or even use it in this context! Now to decide if I install this or not...
bigmatty said:
Nice on the testing! Too bad about the unlock. Perhaps he can still use it to offload his content though.
Did you try to "push" it to your device w/out installing it direct? I have wondered if I should pre-load this app on my devices, but "they" tout its remote-install-ablity, so I somewhat feel like I would not have to pre-install. (But then again, Im always apprehensive of claims that make things seem super easy.)
Click to expand...
Click to collapse
I installed direct. I use Cerberus (and before that, avast! Anti-Theft) to help secure my devices, but these things are all a game of chance. My advice: completely disregard remote-install abilities. If you're going to use this kind of service, it really doesn't make any sense not to install it yourself, where you can change your preferences (such as install to /system or rename the application) to work for you.
The bigger problem is that, obviously, six hundred million things could go wrong. I noticed that AndroidLost noted that they were using Google to push messages, which indicates that they're using C2DM (unlikely, it's deprecated) or GCM push services, which require your phone being connected to a network (itself a big assumption) that will allow Google's ports to send traffic. This excludes no small number of places, particularly corporate networks (and many schools as well). It also looks like one of the wakeup methods if SMS, which is not only noticeable (to a thief), but potentially may be intercepted by other apps on the phone (such as an alternative SMS app).
The idea is that these apps intercept and delete any command SMS before any other app, but in practice this doesn't always happen. So test your setup before something happens!
Rirere said:
I installed direct. I use Cerberus (and before that, avast! Anti-Theft) to help secure my devices, but these things are all a game of chance. My advice: completely disregard remote-install abilities. If you're going to use this kind of service, it really doesn't make any sense not to install it yourself, where you can change your preferences (such as install to /system or rename the application) to work for you.
The bigger problem is that, obviously, six hundred million things could go wrong. I noticed that AndroidLost noted that they were using Google to push messages, which indicates that they're using C2DM (unlikely, it's deprecated) or GCM push services, which require your phone being connected to a network (itself a big assumption) that will allow Google's ports to send traffic. This excludes no small number of places, particularly corporate networks (and many schools as well). It also looks like one of the wakeup methods if SMS, which is not only noticeable (to a thief), but potentially may be intercepted by other apps on the phone (such as an alternative SMS app).
The idea is that these apps intercept and delete any command SMS before any other app, but in practice this doesn't always happen. So test your setup before something happens!
Click to expand...
Click to collapse
Thanks for the info, I will look into Cerberus. I am assuming you would recommend that as you are currently using it? Do you think its better than AndroidLost, even though you haven't spent as much time w/ AndroidLost?
bigmatty said:
Thanks for the info, I will look into Cerberus. I am assuming you would recommend that as you are currently using it? Do you think its better than AndroidLost, even though you haven't spent as much time w/ AndroidLost?
Click to expand...
Click to collapse
I like it a lot more, but I will admit I personally liked avast! better. Its uncertain future (plus a nice promotion) led me to jump ship to Cerberus. I'd have to play around with it a bit more to be sure though.
Rirere said:
No good, sorry. You're right on one count-- I just tested it, and it does interact with the stock lockscreen. Unfortunately, as I said earlier, unless the app is granted root/device admin privileges, no Android app can change the stock lockscreen...and since OP can't get into his device, he can't grant it device admin.
Click to expand...
Click to collapse
Yep, you're right I can't get root under this situation, thanks a lot I'm trying to figure out how to save my data mow
EX_RIVER said:
Yep, you're right I can't get root under this situation, thanks a lot I'm trying to figure out how to save my data mow
Click to expand...
Click to collapse
It's not root you need per se, it's device admin. But root isn't an easy option for you either, because unlocking your bootloader will hose your data. I also think most of the locked-bootloader exploits require the device to be on and unlocked. If you're signed into your Google account, you should have a fair degree of stuff backed up already-- what sorts of data are you trying to save?
Rirere said:
It's not root you need per se, it's device admin. But root isn't an easy option for you either, because unlocking your bootloader will hose your data. I also think most of the locked-bootloader exploits require the device to be on and unlocked. If you're signed into your Google account, you should have a fair degree of stuff backed up already-- what sorts of data are you trying to save?
Click to expand...
Click to collapse
Mostly..........Photos and videos
EX_RIVER said:
Mostly..........Photos and videos
Click to expand...
Click to collapse
...do you have a Google+ account? Slash have you ever opened the app? If so, you might actually be in luck and your data should have been backed up to your Google+ (or PicasaWeb if you prefer).
Possable hack or glitch, that is why I am posting here.
According to a few sites, a glitch has been discovered by setting a proxy, you can make your non-nokia phone be able install apps from Nokia's apps.
Sites for info...
http://www.microsofttranslator.com/...n&a=http://www.wpdang.com/archives/98835.html
http://www.wpdang.com/archives/98835.html
http://www.wpcentral.com/glitch-spotted-windows-phone-store-lumia-apps
Does anyone have clear directions on this so everyone knows how to do it?
Also, I am hoping this would allow us to get to the point of a Marketplace Changer like we used to have for WP7 devices.. I personally would like some HTC apps on my Nokia...and a LG app too.
Figured this would be a great place to start a discussion on this.
The basic "hack" is dead simple, actually. In a way, this is easier than the old Marketplace Switching apps; those worked by changing some configuration files on the phone; this works by editing the communication between the phone and the Marketplace servers *as if* those files had been changed.
It's probably worth the time to write up a small utility to do this yourself, rather than relying on a third party proxy (never a good plan if you don't have to do it). It might even be possible to make the proxy run as an app on the phone itself (it would need to be sideloaded, since there's no way MS would permit such a thing, and you'd probably still need to be on WiFi, but it might be possible).
DavidinCT said:
Possable hack or glitch, that is why I am posting here.
According to a few sites, a glitch has been discovered by setting a proxy, you can make your non-nokia phone be able install apps from Nokia's apps.
Sites for info...
http://www.microsofttranslator.com/...n&a=http://www.wpdang.com/archives/98835.html
http://www.wpdang.com/archives/98835.html
http://www.wpcentral.com/glitch-spotted-windows-phone-store-lumia-apps
Does anyone have clear directions on this so everyone knows how to do it?
Also, I am hoping this would allow us to get to the point of a Marketplace Changer like we used to have for WP7 devices.. I personally would like some HTC apps on my Nokia...and a LG app too.
Figured this would be a great place to start a discussion on this.
Click to expand...
Click to collapse
Guyz, I've tried this on my Huawei W1 but its says, cannot connect,,,,,,,,,, ive also tried changing the region but nothing happens, does anyone tried this already, and successfully installed those nokia exclusive apps?
Thank you,
jakelq said:
Guyz, I've tried this on my Huawei W1 but its says, cannot connect,,,,,,,,,, ive also tried changing the region but nothing happens, does anyone tried this already, and successfully installed those nokia exclusive apps?
Thank you,
Click to expand...
Click to collapse
it is time based. I mean, sometimes it happens. sometime it doesnt. keep trying is all I can say.
GH0ST DR0NE said:
it is time based. I mean, sometimes it happens. sometime it doesnt. keep trying is all I can say.
Click to expand...
Click to collapse
yup, i tried this at home and it worked..
It runs smooth with huawei w1 and i dont experience any missed swipes.
Why does it wasnt released for 512 mb ram?
tnx.
GoodDayToDie said:
The basic "hack" is dead simple, actually. In a way, this is easier than the old Marketplace Switching apps; those worked by changing some configuration files on the phone; this works by editing the communication between the phone and the Marketplace servers *as if* those files had been changed.
It's probably worth the time to write up a small utility to do this yourself, rather than relying on a third party proxy (never a good plan if you don't have to do it). It might even be possible to make the proxy run as an app on the phone itself (it would need to be sideloaded, since there's no way MS would permit such a thing, and you'd probably still need to be on WiFi, but it might be possible).
Click to expand...
Click to collapse
I would gladly test (I am dev unlocked) anything you can come up with here.
Anything that could help progress towards a hack on WP8, even if it's a marketplace changer of some type
aclegg2011 said:
Man, we really need to find a way to dev unlock our phones. :/
Sent from my RM-917_nam_usa_100 using XDA Windows Phone 7 App
Click to expand...
Click to collapse
The same process (dreamspark EDU account, etc) that worked for WP7 works on WP8 but, the limits of 3 apps are still there... So I can sideload 3 apps..
DavidinCT said:
The same process (dreamspark EDU account, etc) that worked for WP7 works on WP8 but, the limits of 3 apps are still there... So I can sideload 3 apps..
Click to expand...
Click to collapse
I have an edu account activated since december 2011. I had on my Omnia W (WP 7.5) only the possibility to sideload 3 apps, but now on my lumia 820 i DONT have this limit of 3 apps..
gipfelgoas said:
I have an edu account activated since december 2011. I had on my Omnia W (WP 7.5) only the possibility to sideload 3 apps, but now on my lumia 820 i dont have this limit of 3 apps..
Click to expand...
Click to collapse
I have a Lumia 928, and I dev unlocked it(got one of those free EDU accounts that was going around, I log in 2 times a year), I put on 3 apps and it gives me an error if I try to add more.
I would like to add more but, No biggie because there is not 3rd party tools or hacks for WP8....YET.
DavidinCT said:
I have a Lumia 928, and I dev unlocked it(got one of those free EDU accounts that was going around, I log in 2 times a year), I put on 3 apps and it gives me an error if I try to add more.
I would like to add more but, No biggie because there is not 3rd party tools or hacks for WP8....YET.
Click to expand...
Click to collapse
I dont mind but it seems that my account has a bug..?!?
GoodDayToDie said:
The basic "hack" is dead simple, actually. In a way, this is easier than the old Marketplace Switching apps; those worked by changing some configuration files on the phone; this works by editing the communication between the phone and the Marketplace servers *as if* those files had been changed.
It's probably worth the time to write up a small utility to do this yourself, rather than relying on a third party proxy (never a good plan if you don't have to do it). It might even be possible to make the proxy run as an app on the phone itself (it would need to be sideloaded, since there's no way MS would permit such a thing, and you'd probably still need to be on WiFi, but it might be possible).
Click to expand...
Click to collapse
Here is a question on this. Is there a list of "proxies" for different carriers/OEMS ? I could not find anything besides this one. Do you know how I can access HTC, Samsung, LG, etc list ?
How does one access the marketplace of another OEM than Nokia ? (I have a Nokia so that is not an issue for me)
It's just a matter of changing the ID string for the phone when it's talking to the Marketplace servers. I'll look into writing a tool to do it.
GoodDayToDie said:
It's just a matter of changing the ID string for the phone when it's talking to the Marketplace servers. I'll look into writing a tool to do it.
Click to expand...
Click to collapse
Awsome, I look forward to something ! Thanks !
GoodDayToDie said:
It's just a matter of changing the ID string for the phone when it's talking to the Marketplace servers. I'll look into writing a tool to do it.
Click to expand...
Click to collapse
Hi ,GoodDayToDie
Try fiddler2 to modify the request send by the phone when talking to the Marketplace servers.
I have made some research and it's intresting.....
@Mattemoller90: Yes, but I can't promise that the app will install correctly afterward. Apps identify, in their manifests, the resolutions they support. If the app requires resolution that the phone doesn't have, the phone will most likely simply refuse to install it.
@GoodDayToDie
How can I cheat the Marketplace with Fiddler2 (for change the resolution) I want try
You are the best
Eh, I'm not going to write a full tutorial right now. Short version is install Fiddler, set it to proxy external connections (will need to be let through your firewall), set your phone to use your PC's IP address and Fiddler's listening port as the proxy, set Fiddler to intercept requests, and then open the Marketplace. You'll see an HTTP GET request from the phone to Microsoft's servers, and the URL will contain a bunch of details about your phone (manufacturer, model, version info, region, etc.) including resolution. Replace the resolution string with the one you want to pretend to have, then have Fiddler "Run to completion".
Note: You'll probably have to do this multiple times. It's OK to not do it for things like partial searches, but you'll of course need to do it for the final search query. It can be scripted, but that's outside the scope of what I'm going to tell you to do here. Look at how @xdevilium does it in his app: http://forum.xda-developers.com/showthread.php?t=2362165
Can fiddler be used for other things? Like seeing where server updates are coming from, and how are phones interacts with developer registration?
Sent from my RM-917_nam_usa_100 using XDA Windows Phone 7 App
In theory, yes it can (or any other HTTP/HTTPS proxy; there are several of them available). However, the functions you describe use HTTPS. To intercept SSL traffic, the proxy needs to forge certificates for the sites you connect to (unless it somehow got ahold of the site's private key). To have your phone trust the forged certificates, the proxy (including Fiddler, if you choose to enable it) can sign the forged certificates using its own private key; if the corresponding public key is trusted by the phone (which can be done just by sending the public key to the phone using email or bluetooth or something, and installing it) then the forged signatures will be trusted.
However, that's only true for the general case. For specific OS functionality, Microsoft (and all the other big mobile vendors) use a technique called "certificate pinning" where the SSL certificate must either exactly match a known certifiacte, or must be signed by an exact match. In this case, it doesn't work to install your proxy's certificate and have it be trusted; a feature using cert pinning doesn't even check the OS's trust store. Therefore, we can't intercept those specific communications.
It's frustrating.
I've never scripted Fiddler, I just re-wrote the requests by hand. It's easy enough; there aren't very many. I could tell you how to do it in a couple other proxy programs.
GoodDayToDie said:
I could tell you how to do it in a couple other proxy programs.
Click to expand...
Click to collapse
I Really Appreciate That
Microsoft just announced today that Windows Phone developers can now unlock their devices for free, with a 2-app sideload limit. Those needing higher limits can grab an account for cheap during the summer ($19 USD).
Just use your Microsoft account with the Windows Phone Developer Registration tool and you should be off and running.
Beginning today we are simplifying the developer phone registration process. Now, any developer can unlock and register 1 phone to load up to 2 apps. Registered developers with Dev Center accounts continue to have the option to unlock up to 3 phones and upload up to 10 apps on each.
Click to expand...
Click to collapse
WithinRafael said:
Microsoft just announced today that Windows Phone developers can now unlock their devices for free, with a 2-app sideload limit. Those needing higher limits can grab an account for cheap during the summer ($19 USD).
Just use your Microsoft account with the Windows Phone Developer Registration tool and you should be off and running.
Click to expand...
Click to collapse
Thats awesome news! That gets rid of the need for Chevron mods for all those WP7 people and that makes it easy to test WP8 apps.
thals1992 said:
thats awesome news! That gets rid of the need for chevron mods for all those wp7 people and that makes it easy to test wp8 apps.
Click to expand...
Click to collapse
this is great news!
This whole thing got me thinking, there might be someway to "abuse" the XAP installer that processes the XAP, since the XAP is downloaded straight from the browser.
Hopefully there's some vulnerabilities in the installer.
IzaacJ said:
This whole thing got me thinking, there might be someway to "abuse" the XAP installer that processes the XAP, since the XAP is downloaded straight from the browser.
Hopefully there's some vulnerabilities in the installer.
Click to expand...
Click to collapse
I think you're on to something here....
Not sure what you mean by "the XAP is downloaded straight from the browser" - Store apps are downloaded over HTTP (HTTPS actually, with cert pinning to boot) but the only apps I've seen actually install if they were downloaded from a web browser (or via email attachment, or sent using Bluetooth) are company / LOB apps, not store apps or unsigned (homebrew/development) apps.
That said, the XAPs do get processed by the installer (and rejected) anyhow. It's possible there's a vulnerability in that check process; is that what you're thinking of? If so, I don't believe it has anything to do with the news in this thread in particular (although it *might* help to have dev-unlock enabled) but it's a worthwhile path of exploration anyhow. The XAP installer is one of the relatively few parts of the system that has fairly high permissions but is easily attackable. Of course, that means MS will have reviewed and fuzz tested the hell out of it, but we can hope...
GoodDayToDie said:
Not sure what you mean by "the XAP is downloaded straight from the browser" - Store apps are downloaded over HTTP (HTTPS actually, with cert pinning to boot) but the only apps I've seen actually install if they were downloaded from a web browser (or via email attachment, or sent using Bluetooth) are company / LOB apps, not store apps or unsigned (homebrew/development) apps.
That said, the XAPs do get processed by the installer (and rejected) anyhow. It's possible there's a vulnerability in that check process; is that what you're thinking of? If so, I don't believe it has anything to do with the news in this thread in particular (although it *might* help to have dev-unlock enabled) but it's a worthwhile path of exploration anyhow. The XAP installer is one of the relatively few parts of the system that has fairly high permissions but is easily attackable. Of course, that means MS will have reviewed and fuzz tested the hell out of it, but we can hope...
Click to expand...
Click to collapse
The XAP's developed in App Studio are downloaded in the browser on the phone, not from the store, which could prove to be a vulnerability, but there might be cert pinning since App Studio apps require you to install a certificate first. Hopefully someone with more knowledge, like you, could look at it. Just prep a simple app in App Studio and go through the process and see what you'll be able to find.
Maybe Fiddler might help to determinate if any cert pinning is done?
Ah sorry, I wasn't looking at App Studio. I will investigate... but unless they're giving us access to the signing key, or raw access to the XAP, it probably won't work for anything *too* exciting. Still, if it's a way to install signed apps that we write ourselves (to any meaningful degree), there's hope...
GoodDayToDie said:
Ah sorry, I wasn't looking at App Studio. I will investigate... but unless they're giving us access to the signing key, or raw access to the XAP, it probably won't work for anything *too* exciting. Still, if it's a way to install signed apps that we write ourselves (to any meaningful degree), there's hope...
Click to expand...
Click to collapse
If I've understood it correctly, there is possibility to do changes to the XAP.
Note this tool is browser driven - no Windows 8 machine required - if you're not going to modify the source code that is. There are plans on the way for more goodies, so keep posted.
Click to expand...
Click to collapse
- Source
Cool. Looks like I need to send a request to get into the beta. I should do that... see what I get back. If the XAPs aren't signed, they probably won't be useful for breaking anything but the interaction with the browser might be interesting. If they are signed...
GoodDayToDie said:
Cool. Looks like I need to send a request to get into the beta. I should do that... see what I get back. If the XAPs aren't signed, they probably won't be useful for breaking anything but the interaction with the browser might be interesting. If they are signed...
Click to expand...
Click to collapse
I didn't have to sign up for the beta, think I could use it right away since I'm a registered dev. Just signed in with my dev account and tried it out right away.
IzaacJ said:
I didn't have to sign up for the beta, think I could use it right away since I'm a registered dev. Just signed in with my dev account and tried it out right away.
Click to expand...
Click to collapse
Awwman! I sent the request more than 24 hours ago and I still haven't received any emails. Also I'm a registered dreamspark dev, but that expired March.
@IzaacJ: Thanks for the tip, I'll try that then.
EDIT: Nope! Still demanding an "invitation code".
How the Windows Phone App Studio deploys
thals1992 said:
Awwman! I sent the request more than 24 hours ago and I still haven't received any emails. Also I'm a registered dreamspark dev, but that expired March.
Click to expand...
Click to collapse
Finally got mine a few hours ago. Haven't got very deep in it yet, but the templates are convenient.
---------- Post added at 10:49 PM ---------- Previous post was at 10:35 PM ----------
IzaacJ said:
The XAP's developed in App Studio are downloaded in the browser on the phone, not from the store, which could prove to be a vulnerability, but there might be cert pinning since App Studio apps require you to install a certificate first. Hopefully someone with more knowledge, like you, could look at it. Just prep a simple app in App Studio and go through the process and see what you'll be able to find.
Maybe Fiddler might help to determinate if any cert pinning is done?
Click to expand...
Click to collapse
Here's the output of an almost empty app.
First things first
Remember you have to install the Certificate we sent you via Email.
Click to expand...
Click to collapse
links to dowappdiagnostics.blob.com/aet/AET.aetx
Code:
<wap-provisioningdoc>
<characteristic type="EnterpriseAppManagement">
<characteristic type="5342258">
<parm datatype="string" name="EnrollmentToken" value="PEFFVD48RW50ZXJwcmlzZUlkIFZhbHVlPSI1MzQyMjU4IiAvPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxEaWdlc3RWYWx1ZT5qbVBocDJSTjAydEoxWkJILzVyS0kzVk9tWjNDTmVHOG02bVVIbCtNNkNvPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5OcXlEQ3Qvb0RUb3JIOFBrYlJHNDZNRFpVcTNreWhod1ZEQW5ocUtoYTYxSzhhcEk3SzNkNEJTcmQ1SXFaQVdraEMvRTFmNThRWWF4QWhRaEtPajRhdUxNNG5RaHowNis2OU96em84Q1RYMERjYUxJNHJWWXh4VGdvdXRWSzBnVkc1bVU4c0trZjQ3VmhGSnd4ZndPRHNwdGp1cmZyODNUVFN6OEJjZDlydW9ORGpZV25QWU9wTU9rRnZuNEFVb3hBdzE5M3BjYWsrZmV5c29udEN0cUw2OUNVRUEwTXhTczBXdGVxVkdLVWphd3JPSlJ5SVE3UkFLV1hxZnl3RDVQUS91M0h0REZBRDBGVXgxRDlkZ2VYWlQyZzZIZUxxZkVmdkxCcXY0cHA2ZjZFVXJ4RDVFNkNIV1lXWE9FZnVSbmZVaUFNS2dwZnIrMTBHMUJRZlphQUE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5U3ViamVjdE5hbWU+Q0E8L1g1MDlTdWJqZWN0TmFtZT48WDUwOUNlcnRpZmljYXRlPk1JSUVTRENDQXpDZ0F3SUJBZ0lRTWYyNzRvTTRBRDkvS09ZV1lCWDB6akFOQmdrcWhraUc5dzBCQVFzRkFEQmtNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhOakEwQmdOVkJBTVRMVk41YldGdWRHVmpJRVZ1ZEdWeWNISnBjMlVnVFc5aWFXeGxJRkp2YjNRZ1ptOXlJRTFwWTNKdmMyOW1kREFlRncweE1qQXpNVFV3TURBd01EQmFGdzB5TnpBek1UUXlNelU1TlRsYU1JR1NNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhMakFzQmdOVkJBc1RKVmRwYm1SdmQzTWdVR2h2Ym1VZ1JXNTBaWEp3Y21selpTQkJjSEJzYVdOaGRHbHZibk14TkRBeUJnTlZCQU1USzFONWJXRnVkR1ZqSUVWdWRHVnljSEpwYzJVZ1RXOWlhV3hsSUVOQklHWnZjaUJOYVdOeWIzTnZablF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lhVWxNM1VLUW1QNnF5RzdwM0g1bjh0MXpnb3BhUUMrMTVlQlhDaUdXZVJQelIzNFlWeHpvODBSWVlpMHJmMEt0TzlmazVlbTk3ZUw0Y3pRT2hVUE1xK3d0OXQwTEREZjBCcFM3OVlXK0N2SFZwazNCaHlEZTZMai9MaUJSSWY2RWMrRUdjMXNhLy84NVE1eUlxT1RkMU5RQWJBY1oxeDlHOTI1a2RYS24zajZUNTdqNWErNXlQQng5elo0SnNCdm0rc0F6SnI0Mzd5Y2hrK2pwd3BONUJMTFdGMkdLbkVGWGxjSllQYmVvSXlJZkZxa3cxYUpQVGd1cmswWEpnVklXWmozVE1IdHcrcms0dEgxMGIwTmVscFJaRndhLzQ4c1ZmTHE1b1BIS2ZpNFNrUjZmcjRiQWZqQ2R1Z0pyOGJ5NHlpL3dxWUVGMm4zVDJiKzJwZGtsQWdNQkFBR2pnY1l3Z2NNd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQkZCZ05WSFI4RVBqQThNRHFnT0tBMmhqUm9kSFJ3T2k4dlkzSnNMbWRsYjNSeWRYTjBMbU52YlM5amNteHpMMjF6Wm5SbGJuUnRiMkpwYkdWeWIyOTBZMkV1WTNKc01CWUdBMVVkSlFRUE1BMEdDMkNHU0FHRytFVUJDRFFCTUE0R0ExVWREd0VCL3dRRUF3SUJCakFkQmdOVkhRNEVGZ1FVWENwa0cxa1NEdXB3Z0NFVU9GS3RDTW5wbG9Bd0h3WURWUjBqQkJnd0ZvQVVUZXpmSmdiY0pCREF0cG4wMXpuSGJ4bjRKaWd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUR4V0dkVTB5dHpOd2ZZbEhmMy8rTDNoYkJNZG1XTnNnNktBS2pDQnY4a2d2SDk3b0xXZTE1c01mSG1RNGo5ZVErMDJpdVpFV1FRU0ZZV0xTd0gxTm5WbHpIK1MzMDV4bFFlTVFEVWxVMWxoZGpOeUpXYlFlR0J0OFZZa09JQ005L1pUdm5yMm1YdVpsVHR4eHE4V2U4WTUyK2VaK0Y1R2QrSjBIYmZkYmF3YVhVYXF4L1FnQ3d6TTM4cW9pQld4d2JQZXRXbk83OHhjMmdlYjdSMzBia3hTUXJMTTRFVGNTanhIb3AwaC9JQVdVZUhIcHh3Y29tWkt5NzV1UEllLzJlTnZtcFZLb0dEb0pJOHB6YlNOaDZDMUxLMUZ5ZDNrYXhiQVZKcGVLcFVJSk9Ka0RubzM0bG9hOStZa1BRc1ZIRjI2TVVLQ1BRMHYxdTdqNGY1V3c0cz08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUVMekNDQXhlZ0F3SUJBZ0lDQWFFd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pJeEN6QUpCZ05WQkFZVEFsVlRNUjB3R3dZRFZRUUtFeFJUZVcxaGJuUmxZeUJEYjNKd2IzSmhkR2x2YmpFdU1Dd0dBMVVFQ3hNbFYybHVaRzkzY3lCUWFHOXVaU0JGYm5SbGNuQnlhWE5sSUVGd2NHeHBZMkYwYVc5dWN6RTBNRElHQTFVRUF4TXJVM2x0WVc1MFpXTWdSVzUwWlhKd2NtbHpaU0JOYjJKcGJHVWdRMEVnWm05eUlFMXBZM0p2YzI5bWREQWVGdzB4TXpBMk1EZ3hOalE1TXpoYUZ3MHhOREEyTVRJd09URTNOVGRhTUZreEhqQWNCZ05WQkFzVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVlTUJ3R0ExVUVBeE1WVFdsamNtOXpiMlowSUVOdmNuQnZjbUYwYVc5dU1SY3dGUVlLQ1pJbWlaUHlMR1FCQVJNSE5UTTBNakkxT0RDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVJ3RG1kQzBkM1lGUXNON2FVZnd3WHA1T2RINGYrYlVmWlJMZHlrS2tUS3MyZVFGTHRRL3pUSElobkxEVlYxR2djbGtNeUNGdXFYNk1qZUVWVXlCNFJxS1JvYkI1MTRxa21ZSGdSdUx6emdLcnRSMFdFSy9wMUFwejZRT1RSb05GMVhGK0Y2aitESjBqRFhaV0xveHl0V1hrTjJ4cUJiVmRjNXVGTEE0d1U2L2dFYWp5ZWJTOWFyaDRuWTBNWThsUHBxRE1KTVlRNVQxNVUwdGprdVk3UWtXTnIvMGhGelZneWRaRFRyb2puY2FpSmd1Wm5kRGhjK2NUS3V1OEdKanlkUW9BcUJ5WGNSbnBIS0s0Y3lYZ2JUNjJFUllqVUtYcVVFWmFURlh0dGdyanR5Y2Q5VTM0L3k0dG5TUTYybS9vanIvUjJLaDE4cnhpSTRCWjY5ZitFQ0F3RUFBYU9CeGpDQnd6QWZCZ05WSFNNRUdEQVdnQlJjS21RYldSSU82bkNBSVJRNFVxMEl5ZW1XZ0RBT0JnTlZIUThCQWY4RUJBTUNCNEF3SUFZRFZSMGxCQmt3RndZSUt3WUJCUVVIQXdNR0MyQ0dTQUdHK0VVQkNEUUJNRUVHQTFVZEh3UTZNRGd3TnFBMG9ES0dNR2gwZEhBNkx5OWpjbXd1WjJWdmRISjFjM1F1WTI5dEwyTnliSE12YlhObWRHVnVkRzF2WW1sc1pXTmhMbU55YkRBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlFKQk1lRmYvdUIxeFZHcTVESTluYm9ZTnE2bXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhRV0dzQmpjcWRoK2F6QjJ0MGxXREJJMWFJRTZVZlQ5cjJUYktBN2pkdjRzdk5KRGIrcy9mTit2ZXMydFJqV25YaDZIS0xacVNkbFpUT3NodzIxV1UxNEE1bUlNNnRMNVdGL1F6dll5aU5HTHAwU1VNa2pSdXpFRDlaT0RrSElkV21Ca0FDS1pGWE92ajQ2TWxPVGZLYVJQdXZPR1NEYktkbGRVY3dWalR3UWpnbHpTY05hUjROL3l0M2FsRUUxQ01jZXJjYUpFZ2xITmpsc0svUFZkMGFTU1YzeHRhNmNvTHBURFlFVlB4bjJ4QnVQd21JeHJ6VHh1QkhUMmNSakN3WDhobC9kRkFxSC94YzBQWFQzbEFVbzZDMDY2b2lEZ3JTQ1gwYUhGcVlTZjROZVNselQ5NFdZTWsrblEwdFBLclVvV2p2N1d1UTlWSUsrMzhmQm5HUT09PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PC9BRVQ+"/>
</characteristic>
</characteristic>
</wap-provisioningdoc>
Link to app
http://bit.ly/19fnUyO
It also offers the source code:
http://apps.windowsstore.com/DashBo...4ab6a18?version=59091.elpplk&resource=sources
The file is named WPAppStudio.xap
THIS JUST ADDS MICROSOFT CORPORATION AS A COMPANY ACCOUNT AND DEPLOYS AN XAP BASED ON IT.
So, this isn't really good news. Back to looking at a company account exploit?
thals1992 said:
Finally got mine a few hours ago. Haven't got very deep in it yet, but the templates are convenient.
---------- Post added at 10:49 PM ---------- Previous post was at 10:35 PM ----------
Here's the output of an almost empty app.
links to dowappdiagnostics.blob.com/aet/AET.aetx
Code:
<wap-provisioningdoc>
<characteristic type="EnterpriseAppManagement">
<characteristic type="5342258">
<parm datatype="string" name="EnrollmentToken" value="PEFFVD48RW50ZXJwcmlzZUlkIFZhbHVlPSI1MzQyMjU4IiAvPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiI+PFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxEaWdlc3RWYWx1ZT5qbVBocDJSTjAydEoxWkJILzVyS0kzVk9tWjNDTmVHOG02bVVIbCtNNkNvPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5OcXlEQ3Qvb0RUb3JIOFBrYlJHNDZNRFpVcTNreWhod1ZEQW5ocUtoYTYxSzhhcEk3SzNkNEJTcmQ1SXFaQVdraEMvRTFmNThRWWF4QWhRaEtPajRhdUxNNG5RaHowNis2OU96em84Q1RYMERjYUxJNHJWWXh4VGdvdXRWSzBnVkc1bVU4c0trZjQ3VmhGSnd4ZndPRHNwdGp1cmZyODNUVFN6OEJjZDlydW9ORGpZV25QWU9wTU9rRnZuNEFVb3hBdzE5M3BjYWsrZmV5c29udEN0cUw2OUNVRUEwTXhTczBXdGVxVkdLVWphd3JPSlJ5SVE3UkFLV1hxZnl3RDVQUS91M0h0REZBRDBGVXgxRDlkZ2VYWlQyZzZIZUxxZkVmdkxCcXY0cHA2ZjZFVXJ4RDVFNkNIV1lXWE9FZnVSbmZVaUFNS2dwZnIrMTBHMUJRZlphQUE9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5U3ViamVjdE5hbWU+Q0E8L1g1MDlTdWJqZWN0TmFtZT48WDUwOUNlcnRpZmljYXRlPk1JSUVTRENDQXpDZ0F3SUJBZ0lRTWYyNzRvTTRBRDkvS09ZV1lCWDB6akFOQmdrcWhraUc5dzBCQVFzRkFEQmtNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhOakEwQmdOVkJBTVRMVk41YldGdWRHVmpJRVZ1ZEdWeWNISnBjMlVnVFc5aWFXeGxJRkp2YjNRZ1ptOXlJRTFwWTNKdmMyOW1kREFlRncweE1qQXpNVFV3TURBd01EQmFGdzB5TnpBek1UUXlNelU1TlRsYU1JR1NNUXN3Q1FZRFZRUUdFd0pWVXpFZE1Cc0dBMVVFQ2hNVVUzbHRZVzUwWldNZ1EyOXljRzl5WVhScGIyNHhMakFzQmdOVkJBc1RKVmRwYm1SdmQzTWdVR2h2Ym1VZ1JXNTBaWEp3Y21selpTQkJjSEJzYVdOaGRHbHZibk14TkRBeUJnTlZCQU1USzFONWJXRnVkR1ZqSUVWdWRHVnljSEpwYzJVZ1RXOWlhV3hsSUVOQklHWnZjaUJOYVdOeWIzTnZablF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lhVWxNM1VLUW1QNnF5RzdwM0g1bjh0MXpnb3BhUUMrMTVlQlhDaUdXZVJQelIzNFlWeHpvODBSWVlpMHJmMEt0TzlmazVlbTk3ZUw0Y3pRT2hVUE1xK3d0OXQwTEREZjBCcFM3OVlXK0N2SFZwazNCaHlEZTZMai9MaUJSSWY2RWMrRUdjMXNhLy84NVE1eUlxT1RkMU5RQWJBY1oxeDlHOTI1a2RYS24zajZUNTdqNWErNXlQQng5elo0SnNCdm0rc0F6SnI0Mzd5Y2hrK2pwd3BONUJMTFdGMkdLbkVGWGxjSllQYmVvSXlJZkZxa3cxYUpQVGd1cmswWEpnVklXWmozVE1IdHcrcms0dEgxMGIwTmVscFJaRndhLzQ4c1ZmTHE1b1BIS2ZpNFNrUjZmcjRiQWZqQ2R1Z0pyOGJ5NHlpL3dxWUVGMm4zVDJiKzJwZGtsQWdNQkFBR2pnY1l3Z2NNd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQkZCZ05WSFI4RVBqQThNRHFnT0tBMmhqUm9kSFJ3T2k4dlkzSnNMbWRsYjNSeWRYTjBMbU52YlM5amNteHpMMjF6Wm5SbGJuUnRiMkpwYkdWeWIyOTBZMkV1WTNKc01CWUdBMVVkSlFRUE1BMEdDMkNHU0FHRytFVUJDRFFCTUE0R0ExVWREd0VCL3dRRUF3SUJCakFkQmdOVkhRNEVGZ1FVWENwa0cxa1NEdXB3Z0NFVU9GS3RDTW5wbG9Bd0h3WURWUjBqQkJnd0ZvQVVUZXpmSmdiY0pCREF0cG4wMXpuSGJ4bjRKaWd3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUR4V0dkVTB5dHpOd2ZZbEhmMy8rTDNoYkJNZG1XTnNnNktBS2pDQnY4a2d2SDk3b0xXZTE1c01mSG1RNGo5ZVErMDJpdVpFV1FRU0ZZV0xTd0gxTm5WbHpIK1MzMDV4bFFlTVFEVWxVMWxoZGpOeUpXYlFlR0J0OFZZa09JQ005L1pUdm5yMm1YdVpsVHR4eHE4V2U4WTUyK2VaK0Y1R2QrSjBIYmZkYmF3YVhVYXF4L1FnQ3d6TTM4cW9pQld4d2JQZXRXbk83OHhjMmdlYjdSMzBia3hTUXJMTTRFVGNTanhIb3AwaC9JQVdVZUhIcHh3Y29tWkt5NzV1UEllLzJlTnZtcFZLb0dEb0pJOHB6YlNOaDZDMUxLMUZ5ZDNrYXhiQVZKcGVLcFVJSk9Ka0RubzM0bG9hOStZa1BRc1ZIRjI2TVVLQ1BRMHYxdTdqNGY1V3c0cz08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUVMekNDQXhlZ0F3SUJBZ0lDQWFFd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pJeEN6QUpCZ05WQkFZVEFsVlRNUjB3R3dZRFZRUUtFeFJUZVcxaGJuUmxZeUJEYjNKd2IzSmhkR2x2YmpFdU1Dd0dBMVVFQ3hNbFYybHVaRzkzY3lCUWFHOXVaU0JGYm5SbGNuQnlhWE5sSUVGd2NHeHBZMkYwYVc5dWN6RTBNRElHQTFVRUF4TXJVM2x0WVc1MFpXTWdSVzUwWlhKd2NtbHpaU0JOYjJKcGJHVWdRMEVnWm05eUlFMXBZM0p2YzI5bWREQWVGdzB4TXpBMk1EZ3hOalE1TXpoYUZ3MHhOREEyTVRJd09URTNOVGRhTUZreEhqQWNCZ05WQkFzVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakVlTUJ3R0ExVUVBeE1WVFdsamNtOXpiMlowSUVOdmNuQnZjbUYwYVc5dU1SY3dGUVlLQ1pJbWlaUHlMR1FCQVJNSE5UTTBNakkxT0RDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVJ3RG1kQzBkM1lGUXNON2FVZnd3WHA1T2RINGYrYlVmWlJMZHlrS2tUS3MyZVFGTHRRL3pUSElobkxEVlYxR2djbGtNeUNGdXFYNk1qZUVWVXlCNFJxS1JvYkI1MTRxa21ZSGdSdUx6emdLcnRSMFdFSy9wMUFwejZRT1RSb05GMVhGK0Y2aitESjBqRFhaV0xveHl0V1hrTjJ4cUJiVmRjNXVGTEE0d1U2L2dFYWp5ZWJTOWFyaDRuWTBNWThsUHBxRE1KTVlRNVQxNVUwdGprdVk3UWtXTnIvMGhGelZneWRaRFRyb2puY2FpSmd1Wm5kRGhjK2NUS3V1OEdKanlkUW9BcUJ5WGNSbnBIS0s0Y3lYZ2JUNjJFUllqVUtYcVVFWmFURlh0dGdyanR5Y2Q5VTM0L3k0dG5TUTYybS9vanIvUjJLaDE4cnhpSTRCWjY5ZitFQ0F3RUFBYU9CeGpDQnd6QWZCZ05WSFNNRUdEQVdnQlJjS21RYldSSU82bkNBSVJRNFVxMEl5ZW1XZ0RBT0JnTlZIUThCQWY4RUJBTUNCNEF3SUFZRFZSMGxCQmt3RndZSUt3WUJCUVVIQXdNR0MyQ0dTQUdHK0VVQkNEUUJNRUVHQTFVZEh3UTZNRGd3TnFBMG9ES0dNR2gwZEhBNkx5OWpjbXd1WjJWdmRISjFjM1F1WTI5dEwyTnliSE12YlhObWRHVnVkRzF2WW1sc1pXTmhMbU55YkRBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVdCQlFKQk1lRmYvdUIxeFZHcTVESTluYm9ZTnE2bXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUhRV0dzQmpjcWRoK2F6QjJ0MGxXREJJMWFJRTZVZlQ5cjJUYktBN2pkdjRzdk5KRGIrcy9mTit2ZXMydFJqV25YaDZIS0xacVNkbFpUT3NodzIxV1UxNEE1bUlNNnRMNVdGL1F6dll5aU5HTHAwU1VNa2pSdXpFRDlaT0RrSElkV21Ca0FDS1pGWE92ajQ2TWxPVGZLYVJQdXZPR1NEYktkbGRVY3dWalR3UWpnbHpTY05hUjROL3l0M2FsRUUxQ01jZXJjYUpFZ2xITmpsc0svUFZkMGFTU1YzeHRhNmNvTHBURFlFVlB4bjJ4QnVQd21JeHJ6VHh1QkhUMmNSakN3WDhobC9kRkFxSC94YzBQWFQzbEFVbzZDMDY2b2lEZ3JTQ1gwYUhGcVlTZjROZVNselQ5NFdZTWsrblEwdFBLclVvV2p2N1d1UTlWSUsrMzhmQm5HUT09PC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PC9BRVQ+"/>
</characteristic>
</characteristic>
</wap-provisioningdoc>
Link to app
http://bit.ly/19fnUyO
It also offers the source code:
http://apps.windowsstore.com/DashBo...4ab6a18?version=59091.elpplk&resource=sources
The file is named WPAppStudio.xap
THIS JUST ADDS MICROSOFT CORPORATION AS A COMPANY ACCOUNT AND DEPLOYS AN XAP BASED ON IT.
So, this isn't really good news. Back to looking at a company account exploit?
Click to expand...
Click to collapse
It might be possible to find an exploit in the XAP installer that installs the XAPs from the browser, and use that to install an app with higher privileges, and accessing the filesystem and/or the registry with full access?
Actually, that's pretty good. Company apps have lower restrictions, and are easier to install. Also, that's a provxml document... we should see if we can modify it and get it to do anything else interesting for us!
@GoodDayToDie, I was thinking the same thing of the provxml document. That would be EPIC if we could modify it to change registry...
@GoodDayToDie, @snickler I'm gonna try to use fiddler to redirect that request to my own server with an edited file and see what happens. Going to start with setting the MaxUnsignedApp value. Wish me luck
IzaacJ said:
@GoodDayToDie, @snickler I'm gonna try to use fiddler to redirect that request to my own server with an edited file and see what happens. Going to start with setting the MaxUnsignedApp value. Wish me luck
Click to expand...
Click to collapse
Ohhh please tell me how this works out! I wanted to do the same thing, but I have to wait for MS to get back with my invitation code.
Best of luck!
@snickler No matter how I do, it ends up showing the AET.aetx as a text file. Doesn't matter if it's the original one or the edited one.
Original one is available at: http://www.izz0.eu/AET.aetx
Edited one is available at: http://www.izz0.eu/AET2.aetx
Feel free to try on your own.
@GoodDayToDie, you've got any ideas? You're like a walking knowledgebase ;D
Is there a way to do this? Thanks ,
I have seen software which "claims" to do it with desktop software. Dont think any of them work with tiles though sadly.
Is creating a new user account with less installed applications not an option?
SixSixSevenSeven said:
Is creating a new user account with less installed applications not an option?
Click to expand...
Click to collapse
Thanks. No this isn't a good option for a tablet..
Switching users is *really* easy on Win8/ Windows RT, but OK...
There's no practical way to do exactly what you want without putting some OS-enforced security boundary between you and the other user. The most obvious, and by far the easiest, is to create a second user account. However, if that doesn't cut it for you...
In decreasing order of security:
* Create an NT driver that intercepts requests to open a specific program, and demands a password first.
* Create or find a user program that will encrypt a program so it can't be run, then demand that anybody trying to open that program supply the password first. (Note: this is way weaker than it probably sounds to you, and also way more complicated.)
* Remove the shortcuts to the app, replace them with a script that demands a password, then launches the app itself if the PW is correct. (Note: this is trivially insecure, and still bloody complicated to do "right".)
There are various other options, such as hiding the app, making the user do something (like alter its permissions) before running it, or similar. None of them are what you're asking for, though, and most of them are insecure, hideously complex, or both).
GoodDayToDie said:
* Remove the shortcuts to the app, replace them with a script that demands a password, then launches the app itself if the PW is correct. (Note: this is trivially insecure, and still bloody complicated to do "right".)
Click to expand...
Click to collapse
This was also my idea of doing it.. It is probably easy to do a skript with autoit http://www.autoitscript.com/site/autoit/ to do this.. Altgough i have years to program with it..
But things like this are easy in android.. I believe that microsoft should copy some things from it..
Thanks again,
Sent from my Nexus 7 using xda premium
sosimple said:
This was also my idea of doing it.. It is probably easy to do a skript with autoit http://www.autoitscript.com/site/autoit/ to do this.. Altgough i have years to program with it..
But things like this are easy in android.. I believe that microsoft should copy some things from it..
Thanks again,
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
Oh you mean how android actually copied microsoft?
You are just messing around with this. Having a separate user is much easier and much better in every respect when you want to restrict access to some app.