Hi people...
For a while now, the Test certificate seems to have become somewhat popular for the purposes of signing crap etc etc, however, it's due to expire next year... and what with a few advancements I've made, it's now my plan to upgrade Hard-SPL right across the board with a new one that still requires signed NBH files... except... we can sign them with our own certificate... I like this tack since it minimizes stupidity, and there's no reason not to since ROM cookers can just use my new NBH tool.
Also, it would be nice if the public component of the certificate be integrated into ROMs since it would of course be good to sign crap with this certificate.
the PFX part you can install to your PC, there's no password on it, if you use my NBH tool, and untick the "default key" box, you can then use this certificate to sign your NBH files... I suggest you do this as I roll-out the series of updates.
signtool.exe will let you sign executables with the certificate after you import it to your PC's cert store.
anyone who wants the .pem can get it off me, but surely those who do know how to convert the PFX.
Cheers.
Related
QUESTION 1
I've been flashing and reflashing ROMs for a couple of weeks now and am very impressed with Dutty's latest endeavor. In anticipation of the v4 release, I'm hoping someone in the community can tell me if it is possible to backup an over-the-air (OTA) enterprise activation of BB Connect. Currently I'm calling our technical support guys who, sooner than later I'm sure, will start asking why I have to have to get a new OTA activation password (which they change as soon as you use it) every 5-7 days.
So, in short: moving from one ROM to the next and want to back up OTA BBConnect enterprise activation. Possible? If so, how?
QUESTION 2
Any BES administrators out there willing to tell me if my Tilt/Kaiser shows up on the BES (v4) differently than a BlackBerry (like the POS 7280 I'm given by the company). If so, is there a way to "spoof" that since my company will not allow non-blackberry devices.
QUESTION 3
When using the stock AT&T ROM, my Tilt respects the (highly restrictive, Bluetooth disabling, password-enforcing, ridiculous) IT Policy pushed by the BES administrator. When I flashed to Dutty's DualTouch ROM v3 Final, this no longer happened. Now, it just reads "default" for the IT Policy. Is this a fluke or some wonderful reg entry that we need to identify and protect like diamonds?
Thanks, all.
Cheers,
Your Local Village Idiot
VillageIdiot said:
QUESTION 2
Any BES administrators out there willing to tell me if my Tilt/Kaiser shows up on the BES (v4) differently than a BlackBerry (like the POS 7280 I'm given by the company). If so, is there a way to "spoof" that since my company will not allow non-blackberry devices.
Click to expand...
Click to collapse
We run BES here and indeed non-blackberry devices are reported as the phone model when you look up the phones information.
This could probably easily be spoofed to whatever you like. If you hacked the blackberry connect application, or intercepted and modified the data passed over to BES. You could make it say anything you want at that point.
I'd get "in" with your IT guys and that way they can pull a favor for you now and then with the BES server. Other then that, have the company pay for a blackberry phone and carry two phones around, or refuse to carry a company phone and don't use your personal phone for company resources. If they're blocking your productivity by a poorly guided company policy, make it cost them money. Don't inconvenience yourself to keep your productivity as an employee on par.
Really though, it's not feasible to secretly go behind your employers back with your tilt. I think it's ridiculous a company wouldn't let you use your Tilt -- though probably because the corporation is uneducated or ignorant to the fact that the Tilt can be locked down just as well as a blackberry phone. Too bad the employer has a bunch of pointy haired management types running around who don't know what they're doing and out of ignorance banned non-BB devices.
Jon,
Thank you for your prompt reply and clarification on what shows up at the BES. Hacking the BB connect app is beyond my current knowledge set, but I may look into it if I'm unable to find a simpler solution.
Unfortunately, my company has several thousand employees so my productivity concerns are far outweighed by their misinformed security concerns. I've pitched the benefits of BB connect, WM5/6 devices and direct-push Exchange sync, but my pitch falls on deaf ears. They have provided me a BB 7280 and some get newer 8XXX devices, but beyond that we're expected to be happy with what we have. I'm even buying a non-camera Tilt to replace my two week old Tilt because they won't allow personal camera phones (all BB connect issues aside). You'd think I work for MI-6...
Cheers,
T.V.I.
VillageIdiot said:
QUESTION 1
I've been flashing and reflashing ROMs for a couple of weeks now and am very impressed with Dutty's latest endeavor. In anticipation of the v4 release, I'm hoping someone in the community can tell me if it is possible to backup an over-the-air (OTA) enterprise activation of BB Connect. Currently I'm calling our technical support guys who, sooner than later I'm sure, will start asking why I have to have to get a new OTA activation password (which they change as soon as you use it) every 5-7 days.
im soooo it this situation, any ideas?
Click to expand...
Click to collapse
Here's how you do it
you could use the desktop software instead of OTA. this will activate the phone without requiring you to get a new activation code.
Here's how I back up and restore. This has worked often, and not worked a few times.
Try to follow this exactly for best results.
get task manager v2.7 from fdcsoft
tap the blackberry icon on the taskbar and suspend the service under status
start taskmanager, and go to services. stop the two blackberry services, log and security.
open file explorer, and copy the directory RIM in /application data to your storage card
flash your phone with whatever-
copy the RIM folder back to /application data from your storage card
load blackberry connect (this should be the same version you had, otherwise you may have issues)
tap the blackberry icon in settings-system
instead of installing, you should see a window that says "repairing settings"
your old password should be restored, and the phone will lock and ask you to unlock. use your password you had before the backup.
all of your folders and mail should be back.
This works about 90% of the time.
some issues I've had-
multiple blackberry folders- one with emails, one with nothing.
folders missing, a bunch of email in drafts folder.
older messages no longer sync with desktop
good luck!
It finally happened. I've been on a never-ending quest to find a decent stock market application...so far that I've tried to sell the brokerage company I use that the idea of such an app would be beneficial to clients on the go and be an incredible marketing utility for prospective clients. Anyways, the latest app I'm HOPING to try out is Pocket Investor by Acquasys. I don't own any part of nor am I affiliated with the company in any way, other than the fact I've emailed them with the error message I get when trying to run their software. The error I've received is the following:
“An unexpected error has occurred in PocketInvestor.exe.
Select Quit and then restart this program, or select Details
for more information.
File or assembly name
‘System.Data.SqlServerCe, Version=3.0.3600.0,
Culture=neutral, PublicKeyToken=3BE235DF1C8D2AD3’,
or one of its dependencies, was not found.”
The SQL is the only thing I can think of that I can control so I've already cooked up an identical ROM to the one I'm using now, except I've downgraded both .NET and SQL CE to the previous versions. I'm not sure if the .NET downgrade was needed, but figured why not. I'm waiting on my battery to charge so I can put the new ROM on for testing (KaiserCustomRUU won't even think about burning it with less than 50% battery for those of you who haven't tried yet). In the mean time, have any of you guys seen or experienced anything like this?
Oh yeah, I realized earlier my sig is not current.
Hi, I recently bought an Omnia and decided I would have a go at writting my own JavaME applications for it.
The application that I have in mind requires access to the file system and, in the future, the ability to make HTTP connections. Since these parts of the API are restricted I added file read and write privilages to the JAD file and copied the JAD and JAR to my phone. When I tried to install the application it gave me the error message "error 910: application authorization failed".
I guessed the error was due to the fact that the code wasn't signed. I don't want to have to go to the expense of getting a real trusted certificate for a piece of code I will probably never release so I've set up my own root CA and installed the CA certificate on the phone. I then created my own code signing certificate and signed my applicaiton with it*. I now get the error message:
"The authentication of certificate is failed. Contact your application provider to correct this situation"
when I try to install my application. I think, therefore, that the code is signed but for some reason the trust chain isn't working. I can't tell if my code signing certificate is the problem or whether the phone isn't recognizing my CA certificate. The CA certificate shows up fine in the Certificates application (Settings > System > Certificates).
Is what I am trying to do even possible on the Omnia or is is too locked down? I have to assume it is possible as I can't believe that every devopler that wants to test their MIDlet idea is buying a certificate. Out of interest does anyone know what KVM the Omnia is using?
One option I haven't tried yet is installing JBed as described in this post (http://forum.vodafone.co.uk/index.php?showtopic=8896). I'm not exactly thrilled by this idea though as I have a nicely working (recently flashed to the latest version) phone at the moment.
Any help greatly appreciated (and if I get it working I'll write it up so others can use the information).
* Personal CA Setup Etc...
http://browndrf.blogspot.com/
http://www.mobilefish.com/tutorials/java/j...de_keytool.html
http://www.mobilefish.com/developer/openss...gn_request.html
As a follow up. Perhaps it's not possible to install a MIDlet using a self signed certificate but what about the posibility of turning the security checking off for the MIDlet manager on the Omnia.
There is a menu option for java settings which doesn't provide any useful settings (just something about the backlight) but there is also an appilcation menu which has an entry called permissions. The permissions options is always greyed out though. I wonder if this could be turned on via the registry or somthing?
Not sure whether it works in your case (haven't tested this on the Omnia): see my related bible: http://forum.xda-developers.com/showthread.php?t=339579
Cheers Menneisyys, great article btw, I had a read of it before posting. From what I've read most phones seem have some way of getting unsigned MIDlets running fairly eaisly. Looks like this phone is the exception to the rule.
I think I'll have to just give up and install JBed unless someone can come up with any ideas. Your article seems to imply it's a pretty simple and painless process to have more than one MIDlet manager running on the same phone (before reading the article I assumed you could only have one on a phone).
I've been a Java developer for years (server side) but this is my first foray into JavaME, I should have guessed that the security system would make it more trouble that it was worth!
This was taken from: openssl.org/docs/HOWTO/certificates.txt
1. Introduction
How you handle certificates depend a great deal on what your role is.
Your role can be one or several of:
- User of some client software
- User of some server software
- Certificate authority
This file is for users who wish to get a certificate of their own.
Certificate authorities should read ca.txt.
In all the cases shown below, the standard configuration file, as
compiled into openssl, will be used. You may find it in /etc/,
/usr/local/ssl/ or somewhere else. The name is openssl.cnf, and
is better described in another HOWTO <config.txt?>. If you want to
use a different configuration file, use the argument '-config {file}'
with the command shown below.
2. Relationship with keys
Certificates are related to public key cryptography by containing a
public key. To be useful, there must be a corresponding private key
somewhere. With OpenSSL, public keys are easily derived from private
keys, so before you create a certificate or a certificate request, you
need to create a private key.
Private keys are generated with 'openssl genrsa' if you want a RSA
private key, or 'openssl gendsa' if you want a DSA private key.
Further information on how to create private keys can be found in
another HOWTO <keys.txt?>. The rest of this text assumes you have
a private key in the file privkey.pem.
3. Creating a certificate request
To create a certificate, you need to start with a certificate
request (or, as some certificate authorities like to put
it, "certificate signing request", since that's exactly what they do,
they sign it and give you the result back, thus making it authentic
according to their policies). A certificate request can then be sent
to a certificate authority to get it signed into a certificate, or if
you have your own certificate authority, you may sign it yourself, or
if you need a self-signed certificate (because you just want a test
certificate or because you are setting up your own CA).
The certificate request is created like this:
openssl req -new -key privkey.pem -out cert.csr
Now, cert.csr can be sent to the certificate authority, if they can
handle files in PEM format. If not, use the extra argument '-outform'
followed by the keyword for the format to use (see another HOWTO
<formats.txt?>). In some cases, that isn't sufficient and you will
have to be more creative.
When the certificate authority has then done the checks the need to
do (and probably gotten payment from you), they will hand over your
new certificate to you.
Section 5 will tell you more on how to handle the certificate you
received.
4. Creating a self-signed test certificate
If you don't want to deal with another certificate authority, or just
want to create a test certificate for yourself. This is similar to
creating a certificate request, but creates a certificate instead of
a certificate request. This is NOT the recommended way to create a
CA certificate, see ca.txt.
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
5. What to do with the certificate
If you created everything yourself, or if the certificate authority
was kind enough, your certificate is a raw DER thing in PEM format.
Your key most definitely is if you have followed the examples above.
However, some (most?) certificate authorities will encode them with
things like PKCS7 or PKCS12, or something else. Depending on your
applications, this may be perfectly OK, it all depends on what they
know how to decode. If not, There are a number of OpenSSL tools to
convert between some (most?) formats.
So, depending on your application, you may have to convert your
certificate and your key to various formats, most often also putting
them together into one file. The ways to do this is described in
another HOWTO <formats.txt?>, I will just mention the simplest case.
In the case of a raw DER thing in PEM format, and assuming that's all
right for yor applications, simply concatenating the certificate and
the key into a new file and using that one should be enough. With
some applications, you don't even have to do that.
By now, you have your cetificate and your private key and can start
using the software that depend on it.
--
Richard Levitte
Hello XDA,
I have some questions about the sidekick Development Keys. I actually used to have one of my own in 2008. Here is what I am looking for.
An actual copy of a dev-key file.
The HTCONSOLE command for uploading a dev-key file to the phone.
I am looking for these things because I am interested in reversing the Dev-Key algorithm. I am planning on using JTAG to dump the firmware and do an investigation. These things all lead up to restoring internet capabilities to the phone. As we know, the phone is a bit crippled because of hard-coded operations to use Danger's servers for networking. But, there is internet access, just need to find a way to circumvent Danger's servers. I thought that getting a dev-key so that I could upload my own programs would be a good first step. However, since I cannot get another from Danger, I figured reversing would be the next best step. However, without the dev-key file format and HTCONSOLE command syntax for uploading the key. I am in the dark.
Thanks in advance
bazzinator said:
Hello XDA,
I have some questions about the sidekick Development Keys. I actually used to have one of my own in 2008. Here is what I am looking for.
An actual copy of a dev-key file.
The HTCONSOLE command for uploading a dev-key file to the phone.
I am looking for these things because I am interested in reversing the Dev-Key algorithm. I am planning on using JTAG to dump the firmware and do an investigation. These things all lead up to restoring internet capabilities to the phone. As we know, the phone is a bit crippled because of hard-coded operations to use Danger's servers for networking. But, there is internet access, just need to find a way to circumvent Danger's servers. I thought that getting a dev-key so that I could upload my own programs would be a good first step. However, since I cannot get another from Danger, I figured reversing would be the next best step. However, without the dev-key file format and HTCONSOLE command syntax for uploading the key. I am in the dark.
Thanks in advance
Click to expand...
Click to collapse
Hi!
I had the same problem, is at least 3 years that I try to bring back into operation a old Sidekick2 found in the trash.
I was able to operator-unlock it with a key combination (here in Italy sidekick mobile phones have never been marketed and therefore are virtually unknown!).
Then I search SDK everywhere, for years, all in vain (all danger's site are dead, and archive.org is unuseful)
BUT Today (literally) I found this site: The Holy Grail (w w w .cs.umb.edu / ~bazz / learn /sidekick2/ )! I'm very excited! :victory:
Now I need my devkey but is obvious impossible to obtain it, so I was thinking to automate a brute force process (autoit? a small c++ program? who know..) to get it, but if you can obtain an algoritm via reverse engineering is better.
Another alternative would be try to contact former employees of Danger Inc, but I would not know how to do because english isn't my native language.
so please KEPP US UPDATED! :fingers-crossed: