Related
I was wondering if you can spoof the device id on android devices....
A firewall is blocking all devices except for BlackBerry devices. I want to spoof my device ID to appear as a BlackBerry so I can access the exchange server remotely.
If there is no way to spoof does anyone know of any different workarounds?
Please help!!!
jdlumley said:
I was wondering if you can spoof the device id on android devices....
A firewall is blocking all devices except for BlackBerry devices. I want to spoof my device ID to appear as a BlackBerry so I can access the exchange server remotely.
If there is no way to spoof does anyone know of any different workarounds?
Please help!!!
Click to expand...
Click to collapse
There is an exchange server that is blocking all devices besides Blackberries? Never heard of one like that. What happens when you try to set up the account using HTC Mail?
It is already setup with HTC mail. It works when i'm on my work wifi because i'm already past the firewall that is blocking devices from the exchange server. When I try to access remotely, I get denied. It works fine with all blackberries. I know this because I tried with a blackberry and it worked fine. They only allow blackberries because that is he only kind of device they issue.
bump - someone help me on this please.....
Flipz?
It works with blackberries because BB uses BIS an email server that is proprietary to BB, and it bypasses your company's exchange server.. Unless you are set up for a BES exchange server, which is an additional monthly fee, and if that is the case, there is no way to make an HTC device connect to BES because it is a BB service..
Also, as of yesterday, any cellular "spoofing", be it caller id or anything else, is now a federal offense.
jdlumley said:
Flipz?
Click to expand...
Click to collapse
Really?
tooshort
azyouthinkeyeiz said:
It works with blackberries because BB uses BIS an email server that is proprietary to BB, and it bypasses your company's exchange server.. Unless you are set up for a BES exchange server, which is an additional monthly fee, and if that is the case, there is no way to make an HTC device connect to BES because it is a BB service..
Also, as of yesterday, any cellular "spoofing", be it caller id or anything else, is now a federal offense.
Click to expand...
Click to collapse
Thanks for the info but we use BES which then connects to the exchange server. The only reason it works is because the firewall allows BB device IDs. If I could spoof to appear to be a BBC I would be fine.
Also regarding your statement about spoofing, the bill is specific to spoofing caller ID and not specific to cell phones. Also, isn't law yet; requires further approval.
jdlumley said:
The only reason it works is because the firewall allows BB device IDs.
Click to expand...
Click to collapse
There is no such thing..
The blackberry connects to BES by your BB PIN... If you don't have a BB.. There is no way to "spoof".
The phone would have to be registered by BB on their server as a BB device by the PIN, which there is no way to "spoof" unless you find some way to hack into RIM.. Good luck with that approach.
Also, regarding your statement about the "Truth in Caller ID Act of 2010" which was passed by *CONGRESS* and immediately ratified, does not require any further approval. And is now effectively a law..
It also does not have any clarification between "spoofing" and "spoofing caller id".. The only clarification is that any attempt to "spoof" the originating call location. (I.e. phone number or location, and the only exception to that is you are still allowed to block that information. "Spoofing would lead the call receiver, in this case BB, to not have accurate call originating information, which in turn, is spoofing and a federal offense....
azyouthinkeyeiz said:
There is no such thing..
The blackberry connects to BES by your BB PIN... If you don't have a BB.. There is no way to "spoof".
The phone would have to be registered by BB on their server as a BB device by the PIN, which there is no way to "spoof" unless you find some way to hack into RIM.. Good luck with that approach.
Also, regarding your statement about the "Truth in Caller ID Act of 2010" which was passed by *CONGRESS* and immediately ratified, does not require any further approval. And is now effectively a law..
It also does not have any clarification between "spoofing" and "spoofing caller id".. The only clarification is that any attempt to "spoof" the originating call location. (I.e. phone number or location, and the only exception to that is you are still allowed to block that information. "Spoofing would lead the call receiver, in this case BB, to not have accurate call originating information, which in turn, is spoofing and a federal offense....
Click to expand...
Click to collapse
First off, you obviously don't know much about Exchange and the way ANY device interacts with it. BES is esentially a tunnel to get you from your BB to the exchange server. The BES still needs to get through the firewall to get to the exchange server. The firewall can be configured in many different ways. The most common are A) allow the entire BES access or B) allow specific device IDs access. Are you starting to understand?
Secondly, you're a f*cking idiot. Congress is not the final approver of this bill. Obama has not signed off on it, which means it is not law yet. And it is specific to Caller ID. If you had even processed the title of the bill correctly in your peanut-sized brain, you would know this. Please check your facts before you post and make yourself look like a douchebag.
http://news.yahoo.com/s/ytech_wguy/20100415/tc_ytech_wguy/ytech_wguy_tc1637
Now if there are any devs out there that can shed some light on where the device ID is stored or even how to spoof it, please respond!
Not worth it...
PS.. Take a guess as to what your "DEVICE ID" is..
Wow.... I already know what my device ID is. I asked how to change or spoof it.
My device ID is: HTCAnd444430*
Ya know.... they should really make you pass a test to be able to post on forums. Then I would have to deal with idiots like azyouthinkeyeiz.
Um....wouldn't common sense dictate that any sort of spoofing be ethically challenging? Well I would like to think that some things are just better not left to chance. I am not trying to be all goody goody and claim I don't do anything that isn't entirely lawful......but with how nutty the FCC can be, trying to spoof your device ID is akin to MAC spoofing to bypass security measures even if it is not for malicious intent. It can't and won't end well.
Just my two cents....
Off topic... but I wonder what that bill means, if anything, for those of us using Google Voice configured to display our GV number instead of our 'real' number.
Although not the answer you are looking for, you can do this using Nitro Touchdown Exchange.
Sent from my HERO200 using the XDA mobile application powered by Tapatalk
Ok. The question was not what your device id is, its a question of what your device id should be, which is a bb pin. (*which might I add since you keep saying Device ID, has no relevance to anything in your HTC HERO Phone, it is just a entry field label on BES for entering your BB PIN #)
Good luck trying to get it to work. Lol.. You're trying to tell a Network Admin and Sprint Tech (me) that I know nothing of, something I use everyday...
Now that I am at work not on my phone... You can use your HTC Device ID all you want.. But it means nothing.. Obviously, since it doesn't work as of now, does it? You need to have the BB "device ID" , which is if you had any sense to you at all, very apparent, as I've told you a thousand times already that it is the BB PIN.. Those are on a whitelist and to access BES your device has to be on that list, and activated through a carrier, with the attached SOC code for the BES plan..
You can access from your work, not because it passes some *firewall*, but because it bypasses BES because you are logging directly into the Exchange Server, through the local network, and that is nothing new, any business with BES is set up exactly the same.. To access your Exchange Server from home, your company uses the BES Gateway, and to use that, you have to have access to BES. And without the SOC code from your service, a BB PIN registered on the Blackberry Network, and the correct settings for your exchange server, you cannot access your email.
So next time, before you start throwing insults and acting like you know anything, at least have the key terms down... Just because the IT guy at work threw some terms around at you, doesn't mean you know anything..
You ask for help with something you obviously know nothing about, and then act like you have answers. And two people even told you, that whatever you think you are dealing with, they have never heard of before.. (a firewall that blocks anything but blackberries??? I mean really?)
You sir are an incompetent clown.
*edit.. I have also been looking all morning for anything that would even suggest that you have any idea of what you are talking about, and there are 4 HTC WinMO devices(TOUCH's and the TYTNII) that you can download a program that allows access for those specific HTC models.. Nothing else..
Ok, lets stop the name calling.
To the OP: Am I correct in assuming you've asked the Exchange Admins to add the Hero device ID and they denied the request? If so, then don't mind me. It seemed like the logical first step.
I haven't read the bill which passed (yet) but I will... Just a few notes.
The Bill has passed both Senate and House versions, it is NOT law yet, but probably will be soon. I see some issues though with the terms being somewhat Vague. Yes, it will be nice that telemarketers and such will no longer being able to hide, but INTENT is a big glaring need which has to be addressed. I mean, come on... There are PERFECTLY legitimate reasons for not wanting to give your number to someone or to give the impression you are calling from a number, i.e., masking your location.
(Honey, I'm at my friend John's house playing cards, be home late tonight)... Lmao...
To make this type of instance a Federal Crime is just "out of this world ridiculous". Big Brother on Steroids... Or what one Judge said recently, that "those who seek anonymity are only doing so for Illegal purposes". NOT!!!... So I wonder then is Ghost writers can be arrested and pseudonyms result in a 10 year stint... Come on... What next? E-mails must be your name? How about that Federal Registry/I.D. #, hell, why don't we just use our Social Security number for everything??? Forget Credit cards, bank accounts, etc...
But anyway, welcome to the New U.S. of A... where all you get to do is breathe without it being tracked, watched, cataloged, traced, recorded, stored, etc., all without your knowledge, permission or ability to resist.
Who was it that said: "Just because I'm paranoid - doesn't mean they aren't watching me!"...
azyouthinkeyeiz said:
Ok. The question was not what your device id is, its a question of what your device id should be, which is a bb pin. (*which might I add since you keep saying Device ID, has no relevance to anything in your HTC HERO Phone, it is just a entry field label on BES for entering your BB PIN #)
Good luck trying to get it to work. Lol.. You're trying to tell a Network Admin and Sprint Tech (me) that I know nothing of, something I use everyday...
Now that I am at work not on my phone... You can use your HTC Device ID all you want.. But it means nothing.. Obviously, since it doesn't work as of now, does it? You need to have the BB "device ID" , which is if you had any sense to you at all, very apparent, as I've told you a thousand times already that it is the BB PIN.. Those are on a whitelist and to access BES your device has to be on that list, and activated through a carrier, with the attached SOC code for the BES plan..
You can access from your work, not because it passes some *firewall*, but because it bypasses BES because you are logging directly into the Exchange Server, through the local network, and that is nothing new, any business with BES is set up exactly the same.. To access your Exchange Server from home, your company uses the BES Gateway, and to use that, you have to have access to BES. And without the SOC code from your service, a BB PIN registered on the Blackberry Network, and the correct settings for your exchange server, you cannot access your email.
So next time, before you start throwing insults and acting like you know anything, at least have the key terms down... Just because the IT guy at work threw some terms around at you, doesn't mean you know anything..
You ask for help with something you obviously know nothing about, and then act like you have answers. And two people even told you, that whatever you think you are dealing with, they have never heard of before.. (a firewall that blocks anything but blackberries??? I mean really?)
You sir are an incompetent clown.
*edit.. I have also been looking all morning for anything that would even suggest that you have any idea of what you are talking about, and there are 4 HTC WinMO devices(TOUCH's and the TYTNII) that you can download a program that allows access for those specific HTC models.. Nothing else..
Click to expand...
Click to collapse
You obviously do not know squat about exchange servers, corporate networks, etc... if you have not heard of ISA. ISA is a popular firewall, which my company uses with the exchange server. ISA can and is configured to manage access to certain phone models based off Device ID. All of the allowed devices IDs are BlackBerry IDs. I know for a fact my problem has nothing to do with BlackBerries using a BES. Remember, I have access on wifi, just not remotely and my friends on the exchange team confirmed this for me.
I work in IT but do not manage the exchange/ISA servers. Even if I did, our environment would require a change control for a change like this. We have asked to have our device IDs added to access the exchange server but the change committee has not decided yet if they will grant it. Again you would know nothing about these things as you are a Sprint techie.
I'm not on these boards with the intention of being rude and name calling as you are. I am sorry I lowered my standards and insulted you; I just can't stand ignorant people that think they know everything when really most everything they say/type is false. I simply created this topic in search of a way to change my device ID. I do not care if it is unlawful, wrong, yadda, yadda, yadda. If you or anyone else that reads this knows how to do this, please respond.
To the fellow that suggested Nitro Touchdown. I tried this software but it only allows you to spoof your client agent ID. ISA is configured by Device ID. Thanks for the suggestion but no luck there.
I never said I had never heard of ISA.. I said there's not a firewall that only blocks non-blackberries.. You can block whatever you want with firewalls, its not a feature that it blocks blackberries..
I am telling you the answer, even with ISA, the problem you are having is, the option on the admin side of ISA, is to allow all devices, to allow all devices from BES, or to allow user privileges. There is no button for blackberry/HTC/Apple.. You cannot access the server because you cannot pass through BES without a PIN..
I did no name calling, read back, you stooped there yourself pretty harshly, and I am still helping you... [mirror]
LISTEN- You can connect on your work's wifi, because it is directly accessing the server from an IP on the LOCAL NETWORK.. When you connect to the server on your phone through the mobile network, you are accessing from the PUBLIC DOMAIN.. Which from your explanations, indicates that they allow access only through BES... Since "it only allows blackberries"...
Changing your device ID (if even possible) is going to create more problems than it solves. You basically have 2 options for the device ID:
1 - Change the stored device ID in the handset. This will break all kinds of functionality as every single call the OS makes to getDeviceID() will return an invalid value. My guess is that no applications are coded to respond correctly to a BB device.
2 - Only use a different device ID in the email software. This would require you to write a custom application to get Exchange support.
If you can connect with a desktop PC via VPN, you might want to take a look at RoadSync -- it provides Exchange access over VPN via a proxy server. I believe the current version only has support through 1.6, so if you're running 2.1 you may have to roll back your rom to install it.
Has anyone found an RSA SecurID App or something similar to provide the same function under Android?
Good question. I look for one too but could not find an Android version yet. There is only 1 for iPhone .
The RSA SecurID Token for the Java ME Platform runs perfectly well on my HTC Desire (Android 2.1) phone.
(Sorry I am a new user so can't post the URL)
Got to RSA's web site.
Click Products on the menu
RSA SecureID
Product Family
Software Authenticators
Java Smartphones
You will need to convert your tokenseed to work with the app, but it is worth it.
woffys said:
The RSA SecurID Token for the Java ME Platform runs perfectly well on my HTC Desire (Android 2.1) phone.
(Sorry I am a new user so can't post the URL)
Got to RSA's web site.
Click Products on the menu
RSA SecureID
Product Family
Software Authenticators
Java Smartphones
You will need to convert your tokenseed to work with the app, but it is worth it.
Click to expand...
Click to collapse
Yup, confirmed. I have RSA running on my Hero (CM6), here's what I did.
Download J2ME app as per woffy's instructions above
Go to http://www.netmite.com/android/ and download the andme runner APK, and install
Go to http://www.netmite.com/android/srv/2.0/getapk.php and upload the JAD and JAR files from the RSA app you downloaded. An APK should be generated, load it onto your phone any way you want.
Get the token converted from the RSA website as well, and get your token file from the appropriate source. Then run tokenconverter.exe <filename>.sdtid -f. You should get a long numeric string.
Click import token in the RSA app, and enter the code from above
If all goes well, you should be able to enter your PIN and get a token.
Hope this helps someone, several of my coworkers and I have been waiting for this for months - we all got tired of carrying either fobs or our blackberries just to be able to remote in. One phone to rule them all!
what about the hardware securid
Is there a software for the hardware securid version?
magickarle said:
Is there a software for the hardware securid version?
Click to expand...
Click to collapse
This is what this thread is about.
But you need a special file to initialize the software, from the team of your company that manages the SecurID server and the hardware tokens.
snark_be said:
This is what this thread is about.
But you need a special file to initialize the software, from the team of your company that manages the SecurID server and the hardware tokens.
Click to expand...
Click to collapse
Ho. I though there were 2 different products.
What would be the "technical term" for this file.
I don't want to sound stupid when I'll explain them this.
Thanks
According to this page, you need:
AES (128-bit) token seeds
Click to expand...
Click to collapse
magickarle said:
Ho. I though there were 2 different products.
What would be the "technical term" for this file.
I don't want to sound stupid when I'll explain them this.
Thanks
Click to expand...
Click to collapse
Your security dept will need to have available soft tokens. Tell them to generate a Windows Mobile 128bit AES token file for you. You should receive a file with a .sdtid extension. Use that file with the token converter as described by whoiswes.
@wolfys: Nice find!
@whoiswes: Nice step by step writeup!
confirmed working on my DX...
edit:
You cannot use the sdtid file from an existing WM soft token btw. TokenConverter will blow up on a schema parsing error if there's a WM deviceID statement (generally the case when WM softtokens are assigned). Make sure the security dept. generates the WM token with a blank deviceID. Generally that means that they will have to unassign your existing soft token then re-assign it to you.
There is RSA SecurID beta app on the Market now http://www.appbrain.com/app/rsa-securid-software-token/com.rsa.securid
Hello,
I had my HTC Tilt successfully unlocked with HTC unlocking code. Now I have a pop-up message stating: "The server certificate is not valid. Continue anyway?" (I was able to make a test phone call just before this happened). What exactly does this mean - does it have anything to do with unlocking process?
Thanks,
Mike - smartphone newbie
I suspect this is an email issue - you are, I would guess, connecting to a work Exchange server or something similar, possibly using SSL?
It is possible that, because of the unlocking, your device has 'changed' slightly and you may need to do something with the certificate from the mail server. Do a Google search on
"The server certificate is not valid. Continue anyway?"
Click to expand...
Click to collapse
with the quotes and you will get plenty of hits - have a look at them and work out which applies to you.
Hi
Does anyone know how to import the wireless authentication certificate from Win7 (for a WPA-Enterprise Wifi Nework - most corporate wifi networks), and install it on Android ?
Use case: I have a laptop that connects to my work wifi using a stored certificate and would like my phone to connect to the corporate wifi as well.
Also, the company does not 'officially' support Android phones. Only BB and iPhone allowed.
imarvind said:
Hi
Does anyone know how to import the wireless authentication certificate from Win7 (for a WPA-Enterprise Wifi Nework - most corporate wifi networks), and install it on Android ?
Use case: I have a laptop that connects to my work wifi using a stored certificate and would like my phone to connect to the corporate wifi as well.
Also, the company does not 'officially' support Android phones. Only BB and iPhone allowed.
Click to expand...
Click to collapse
Your IT let you connect BB and Iphones on the Corporate Network?
Look, as an IT administrator I'm going to say this... if your IT department wanted you to connect your Android device to the corporate network, they would provision it for you. If they are not provisioning it for you, you're probably breaking company policy. Even if it were possible, there's no way I'd help you do this.
rootSU said:
Your IT let you connect BB and Iphones on the Corporate Network?
Look, as an IT administrator I'm going to say this... if your IT department wanted you to connect your Android device to the corporate network, they would provision it for you. If they are not provisioning it for you, you're probably breaking company policy. Even if it were possible, there's no way I'd help you do this.
Click to expand...
Click to collapse
I see. Well that's like saying - 'If Samsung wanted you to have KitKat on their older models, they'd provision it for you. I will not help you install kangs'.
Thanks anyway. I'll look elsewhere
imarvind said:
I see. Well that's like saying - 'If Samsung wanted you to have KitKat on their older models, they'd provision it for you. I will not help you install kangs'.
Click to expand...
Click to collapse
Not really, no. Installing a Kang is not affecting someone's corporate network, putting it at risk and putting your job at risk and potentially causing massive problems for your IT department.
It's more akin to saying "My company doesn't want me to have a corporate credit card. They've given me the numbers for online purchases but I want to use it in a physical shop. Can you help me print the details to a blank card"
anyway, I said "even if it was possible", meaning in other words "it's not possible"
rootSU said:
Not really, no. Installing a Kang is not affecting someone's corporate network, putting it at risk and putting your job at risk and potentially causing massive problems for your IT department.
It's more akin to saying "My company doesn't want me to have a corporate credit card. They've given me the numbers for online purchases but I want to use it in a physical shop. Can you help me print the details to a blank card"
anyway, I said "even if it was possible", meaning in other words "it's not possible"
Click to expand...
Click to collapse
I full quote.
Anyway, on serious networks the are always port-security enabled and several checks at access and distributions layers. Say that, @imarvind, even if you can import your certificate, this is does not mean that you can reach connectivity
Highlights
Convenient lock screen and home screen widgets provide instant tokencodes without navigating to an app.
Optionally save your PIN.
Supports SDTID files, importing http://127.0.0.1/... tokens from email, and QR tokens.
100% open source (GPLv2+)
Click to expand...
Click to collapse
Requirements
A token seed file from your system administrator
JB 4.1+
Click to expand...
Click to collapse
Downloads
Binaries are attached to this post and available from Google Play.
Source code: https://github.com/cernekee/EasyToken
Click to expand...
Click to collapse
Changelog
Code:
v0.91 - 2014/12/20
- Use more specific MIME type matches so that Easy Token associations don't
show up in Contacts.
- Update libstoken to v0.81 and switch from tomcrypt to nettle. Most of
the changes in v0.8/v0.81 won't matter on Android, but it is now possible
to import hard token seed files if desired.
Older changelogs:
Code:
v0.90 - 2014/07/26
- Rework handling of bound device IDs during token import. Try to guess
it based on the current (unique) device ID and all known class GUIDs.
Allow the user to override it, in case of a collision.
- Limit import string to 64kB to avoid OutOfMemoryError crashes on invalid
tokens.
v0.81 - 2014/07/06
- Fix bug in lock screen widget where it would "bounce" between the tokencode
display and the clock display for no apparent reason
- Show the "confirm import" screen unconditionally, so there is a clear
indication that email import succeeded
v0.80 - 2014/07/05
- Initial public release
Click to expand...
Click to collapse
XDA:DevDB Information
Easy Token, App for all devices (see above for details)
Contributors
cernekee
Source Code: https://github.com/cernekee/EasyToken
Version Information
Status: Beta
Created 2014-07-05
Last Updated 2014-12-21
Attaching a couple of randomly generated tokens, in case it is necessary to test Easy Token without a real seed file. These were created with:
Code:
qrencode -l H `stoken export --random --android` -o v2.png
qrencode -l H `stoken export --file pinless.sdtid --v3` -o v3.png
stoken export --random --sdtid > token.sdtid
The rightmost (denser, v3) QR code is a 6-digit PINless token. You may need to zoom in to scan it.
Verrr niice..
Thanks for making this, it works great and looks much better than the official RSA one. One thing, though, what is the network access permission for?
phigan said:
Thanks for making this, it works great and looks much better than the official RSA one. One thing, though, what is the network access permission for?
Click to expand...
Click to collapse
It isn't currently used, but future uses could include:
Internet token provisioning via CTKIP
NTP clock sync, so that if multiple devices use the same seed, they all read back the same tokencode at the same time
Better problem reporting; currently ACRA is set up to use email but there are some limitations associated with that approach. All problem reporting in this app is user-initiated.
Reported via email as well, but here's the problem I'm having:
Trying to import a token given via an http 127.0.0.1] url in an email:
USER_COMMENT=importing new key via (http link omitted, because xda forums don't like it) failed, with chrome saying "connection refused"
ANDROID_VERSION=4.4.4
APP_VERSION_NAME=0.90
BRAND=oneplus
PHONE_MODEL=A0001
CUSTOM_DATA=
STACK_TRACE=java.lang.Exception: Report requested by developer
at org.acra.ErrorReporter.handleException(ErrorReporter.java:626)
at org.acra.ErrorReporter.handleException(ErrorReporter.java:583)
at app.easytoken.MainActivity.sendProblemReport(MainActivity.java:121)
at app.easytoken.MainActivity.onOptionsItemSelected(MainActivity.java:139)
at android.app.Activity.onMenuItemSelected(Activity.java:2600)
at com.android.internal.policy.impl.PhoneWindow.onMenuItemSelected(PhoneWindow.java:1065)
at com.android.internal.view.menu.MenuBuilder.dispatchMenuItemSelected(MenuBuilder.java:741)
at com.android.internal.view.menu.MenuItemImpl.invoke(MenuItemImpl.java:152)
at com.android.internal.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:884)
at com.android.internal.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:874)
at com.android.internal.view.menu.MenuPopupHelper.onItemClick(MenuPopupHelper.java:177)
at android.widget.AdapterView.performItemClick(AdapterView.java:298)
at android.widget.AbsListView.performItemClick(AbsListView.java:1113)
at android.widget.AbsListView$PerformClick.run(AbsListView.java:2911)
at android.widget.AbsListView$3.run(AbsListView.java:3645)
at android.os.Handler.handleCallback(Handler.java:733)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:136)
at android.app.ActivityThread.main(ActivityThread.java:5146)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:796)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:612)
at dalvik.system.NativeStart.main(Native Method)
Screenshot of Chrome attached.
gehrehmee said:
Trying to import a token given via an http 127.0.0.1] url in an email:
Screenshot of Chrome attached.
Click to expand...
Click to collapse
When you clicked on the email link, did it send you straight to Chrome? Android should notice that the URL matches a pattern that can be handled by two different apps, and let you choose whether to open the link with Chrome (incorrect) or Easy Token (correct).
If this doesn't happen, you may need to clear the default association for Chrome.
If you still can't convince it to pop up the app chooser, another option is to copy the URL to the clipboard (long-press may do it), navigate to Easy Token, then choose Manual Entry.
cernekee said:
When you clicked on the email link, did it send you straight to Chrome? Android should notice that the URL matches a pattern that can be handled by two different apps, and let you choose whether to open the link with Chrome (incorrect) or Easy Token (correct).
If this doesn't happen, you may need to clear the default association for Chrome.
If you still can't convince it to pop up the app chooser, another option is to copy the URL to the clipboard (long-press may do it), navigate to Easy Token, then choose Manual Entry.
Click to expand...
Click to collapse
Interesting:
I installed the official app as well as EasyToken now, and I do get the "choose application" dialog -- but EasyToken isn't in the list.
I copied the URL into the "manual" entry, and it didn't un-grey the "Next" button.
The URL is in the form:
http (noise added to stop xda forum from rejecting post) ://127.0.0.1/securid/ctkip?scheme=https&url=hostname.company.com:443/ctkip/services/CtkipService
gehrehmee said:
The URL is in the form:
http (noise added to stop xda forum from rejecting post) ://127.0.0.1/securid/ctkip?scheme=https&url=hostname.company.com:443/ctkip/services/CtkipService
Click to expand...
Click to collapse
Unfortunately CTKIP is not currently supported. CTKIP URLs do not actually contain the token seed. Instead, they direct the client to handshake with a remote server to securely exchange information. I have not figured out how to implement this scheme yet.
Easy Token normally expects a URL that uses the "compressed token format" (ctf), such as:
Code:
http://127.0.0.1/securid/ctf?ctfData=219561515777421437245254320241301611451327661056547012064173126400766246671676001
The ctf string is entirely self-contained (it doesn't need to talk to a remote server).
Change Device ID
Would it be possible to let users change the device ID? The default one is calculated differently from the official RSA app, so I can't install the same token on both or migrate from one to the other without having a new token issued to me.
pfcrow said:
Would it be possible to let users change the device ID? The default one is calculated differently from the official RSA app, so I can't install the same token on both or migrate from one to the other without having a new token issued to me.
Click to expand...
Click to collapse
If the app is unable to successfully decrypt the token using the default device ID, it should prompt you to enter a different ID (see attached screenshot). You can copy the device ID from the official RSA app if your token is bound to that installation.
Are you getting an error instead?
cernekee said:
If the app is unable to successfully decrypt the token using the default device ID, it should prompt you to enter a different ID (see attached screenshot). You can copy the device ID from the official RSA app if your token is bound to that installation.
Are you getting an error instead?
Click to expand...
Click to collapse
That's awesome! Thanks. I'm also stuck on the CTKIP issue that others discussed above. I suspect I'm not going to have any luck getting the other app to cough up the token once I download it, though.
pfcrow said:
I'm also stuck on the CTKIP issue that others discussed above. I suspect I'm not going to have any luck getting the other app to cough up the token once I download it, though.
Click to expand...
Click to collapse
That's correct - it is stored in a different format, and obfuscated.
I wonder how much demand there would be for an Xposed Framework module that exports stored tokens from the official RSA app?
cernekee said:
That's correct - it is stored in a different format, and obfuscated.
I wonder how much demand there would be for an Xposed Framework module that exports stored tokens from the official RSA app?
Click to expand...
Click to collapse
A lot - my employer will only issue tokens in CTKIP format, and if I can't copy the RSA app's token out I'm stuck with the default app. And what's worse, I'm stuck with using it on just that one phone - this is the whole reason I found your app in the first place, because I have 2 phones and want to clone the token onto both.
If you figure out a way to read the token from the RSA app, I'd happily PayPal you $20 for the effort
Edit: Even better would be an app to extract the RSA token from a Titanium backup.
I am using this on Android and it works great. Today I tried to install this to chrome using ARC. It worked. I was able to import tokens and all seemed well except the tokens are generating the wrong numbers. They should match the android device but they do not. I verified the serial# and dates are the same but the digits after the same PIN numbers are entered are different. I realize ARC is new but figured i'd give it a go.
cernekee said:
That's correct - it is stored in a different format, and obfuscated.
I wonder how much demand there would be for an Xposed Framework module that exports stored tokens from the official RSA app?
Click to expand...
Click to collapse
Was this solved?
I'd love to get more info and give it a go!
It seems a fun challenge. :cyclops:
I gotta tell you - I love this app. I can easily move my token from phone to phone without getting a new token from my sysadmins. That is huge! I wish you a also had a Mac OS X app
Tasker/KLWP
This app is brilliant - so much better than RSA's!
But could you tell me is it possible to get a code from Easy Token into KLWP or Tasker? Using intents?
Cheers!
Great work, loving it !
The token in the official Android app is stored in a sqlite database. If your phone is rooted, it's easy to copy it out and dump the database. You can probably dump it out of any backup program. The problem is that the critical fields are obfuscated. They appear to be 256-bit numbers in hex, and I don't know how they translate into the fields used by stoken (the token program that powers the app we're discussing here).
A dump of the table shows:
Code:
CREATE TABLE tokens (
SERIALNUMBER text primary key not null,
NICKNAME text not null,
EXPIRATIONDATE text not null,
PINTYPE integer not null,
PRNPERIOD integer not null,
PRNLENGTH integer not null,
ROOTSEED blob not null,
OTPMODE integer not null,
DEVICEBINDINGDATA text not null,
ALGORITHM integer not null,
BIRTHDATE integer not null,
MAXTXCOUNT integer not null,
SIGNATURECOUNT integer not null,
LASTTXTIME integer not null,
TOKENHASH blob not null);
The ROOTSEED and TOKENHASH fields are both 64-character (256-bit) hex codes. I think everything else is either zero or reasonably obvious.
My two thoughts are to either make sense of all this data to create a converter, or to investigate the Windows token storage format (which might use the same fields) and see if the official token converter can extract it.
Is any results with CT-KIP? Or any workaround?