Related
Hi All,
I've produced a web form for one of my clients. This is a simple fill in the details and press 'submit' type of affair written in PHP, but is a HTM document hosted on our server.
This works fine on my Touch, but the 'submit' button does not work on the clients Orange m3100. I know that the m3100 is WM5 and the Touch is WM6 but i never knew PIE was different.
Is this a security issue with PIE or do I need to update it? If so, how do I do this without changing the ROM?
BTW my client is miles away, so I can't get my hands on the handset.
Help?!
Steve
Surely it can't be the broswer as PHP is a server-side script??
When you say "Is an HTML file" - is it actually a .html ? Maybe it would work if the file was .php ? I still wouldn't have thought it though, surely the web server should parse the HTML file for any server side script first though?
gumballsteve said:
Hi All,
This works fine on my Touch, but the 'submit' button does not work on the clients Orange m3100.
Click to expand...
Click to collapse
In what way doesn't it work? The outgoing HTTP request to the server isn't happening (probably caused by unhandled HTML/javascript in PIE)? Or an unexpected/no response (probably caused by a broken PHP script)?
How about posting the relevant section of the generated HTML that PIE sees in this thread.
If your button is using javascript, rather than a plain FORM submit button, that could cause problems, as different versions of PIE have varying levels of javascript support.
arghness said:
In what way doesn't it work? The outgoing HTTP request to the server isn't happening (probably caused by unhandled HTML/javascript in PIE)? Or an unexpected/no response (probably caused by a broken PHP script)?
How about posting the relevant section of the generated HTML that PIE sees in this thread.
If your button is using javascript, rather than a plain FORM submit button, that could cause problems, as different versions of PIE have varying levels of javascript support.
Click to expand...
Click to collapse
Yes, the form uses javascript to submit and make sure certain feilds are completed.
Can I update the PIE to a newer version or add the extra support?
gumballsteve said:
Hi All,
I've produced a web form for one of my clients. This is a simple fill in the details and press 'submit' type of affair written in PHP, but is a HTM document hosted on our server.
This works fine on my Touch, but the 'submit' button does not work on the clients Orange m3100. I know that the m3100 is WM5 and the Touch is WM6 but i never knew PIE was different.
Click to expand...
Click to collapse
PIE in WM6 is supposed to have better JS support.
gumballsteve said:
Can I update the PIE to a newer version or add the extra support?
Click to expand...
Click to collapse
Nope, only by flashing to WM6.
Get a browser with better scripting support - Opera Mobile, for example.
Menneisyys said:
Nope, only by flashing to WM6.
Get a browser with better scripting support - Opera Mobile, for example.
Click to expand...
Click to collapse
I'm not much good with this mobile ROM stuff, but is it possible to remove the PIE part from a WM6 ROM and make it into a CAB file that would update a earlier device?
gumballsteve said:
Hi All,
I've produced a web form for one of my clients. This is a simple fill in the details and press 'submit' type of affair written in PHP, but is a HTM document hosted on our server.
This works fine on my Touch, but the 'submit' button does not work on the clients Orange m3100. I know that the m3100 is WM5 and the Touch is WM6 but i never knew PIE was different.
Is this a security issue with PIE or do I need to update it? If so, how do I do this without changing the ROM?
BTW my client is miles away, so I can't get my hands on the handset.
Help?!
Steve
Click to expand...
Click to collapse
IMHO,
It is perhaps fine, to request the customer to upgrade his/her mobile-device/browser to support your php/client-side-javascript document.
But my suggestion is to provide an alternative document, without any javascript, that does all validation on the server-side instead.
Well, an expensive solution will be air-delivering your most compatible mobile-device onto the customer's hand.
~My 2 cents~
mangokun said:
IMHO,
..
But my suggestion is to provide an alternative document, without any javascript, that does all validation on the server-side instead.
..
~My 2 cents~
Click to expand...
Click to collapse
I'm with mango' on this, as you will get better functionality by doing validation server-side, plus anyone who knows about htmlview.dll will tell you that it's not the most forward/backward compatible library that MS have ever written (wm6 htmlview.dll has had several html tag attribute changes/removals).
Other than checking the actual html you're outputting for "wellformedness", you could investigate using the PHP to deliver different html depending upon the version of WM that is calling the PHP. Remember if you do, wm6 shows up as version 5, subversion 2 - and not version 6, subversion x.
So much for MS marketing picking the name Windows Mobile 5 because it bound it together with the CE version.
Dsc.
My company uses Cisco VPN client with RSA authentication. required to connect is:
-host name
-group name
-password
-and of course the RSA token #.
my Sprint EVO is rooted using simpleroot.
does anyone have a clear set of instructions on how to make this work?
i know you can do this on the iPhone......
VPN tokens
dconnest said:
My company uses Cisco VPN client with RSA authentication. required to connect is:
-host name
-group name
-password
-and of course the RSA token #.
my Sprint EVO is rooted using simpleroot.
does anyone have a clear set of instructions on how to make this work?
i know you can do this on the iPhone......
Click to expand...
Click to collapse
Does your company issue you a physical token (OTP Token) or are they installing a soft token on the IPhone.
Coreburner said:
Does your company issue you a physical token (OTP Token) or are they installing a soft token on the IPhone.
Click to expand...
Click to collapse
i have the same question... my company uses a physical token/pin combo...
No RSA for Android
Short Answer wont work yet, RSA token are the original OTP's but they are all the most complicated and antiquated OTP tech out their right now. It not easy to integrate their Soft token into a mobile client. It took them years to get it to work with IPhone. Their are a few well known company that have soft tokens for Android phone most notably opentrust, active identity and gemalto. Your only alternative would be to implement a SMS otp token system but these are vulnerable to man in the middle attacks.
****You may want to move this out of the DEV section before someone starts throwing a fit.
any luck on this? I have the same needs.
Hi all!
I let out another small application for Android, please love and favor!
Forgot your password from XLSX or DOCX document's?
Just choose file and wait a second!
Office Document Unlocker - can unlock password protected MS Office document in one click!
Application unlock any password-protected XLSX or DOCX file's. Encrypted files are not supported yet!
Source code will be realeased soon.
!! IMPORTANT: Do not attempt to gain access to protected files that you do not belong! This is illegal!
---
Cute icon from "IconFinder" - http://www.iconfinder.net
0.3 version release, available soon in market
-New cute file manager
0.4
some ui updates.
Zorge.R said:
0.4
some ui updates.
Click to expand...
Click to collapse
Just wanted to test your app, but the link goes to the paid version on market. You need to provide a free version according to xda rules to post your app on here.
http://forum.xda-developers.com/showthread.php?t=1203141
will be added in first post.
Office Document Unlocker now available for FREE - https://play.google.com/store/apps/details?id=com.zlab.officepasswordrecovery
play.google.com need some time to update application information.
http://www.recoveryexcelpassword.com
If you want to open excel file then you can free download Excel password recovery software which Recover lost Excel password and unlock Excel file. This software quickly open password protected XLS and XLSX file password…
Smart Excel password breaker for breaking and recovering Excel
Just download best application of Excel file password cracker that helps to remove and recover password from Workbook, Word file and Access file too. This solution of XLSX file password unlocker works on all versions Excel file including xlsx, xls, xlsb, xla, xlam, xltm and xlsm
esofttools.com/excel-password-recovery.html
what is apk downloader
Atom TechSoft Excel Password Recovery Software
Now easy to recover lost Excel password with Atom TechSoft Excel recovery software that is very fast process to re-gain lost Excel file password and unlock locked Excel workbook password and unlock locked Excel file on all supported versions.
atomtechsoft.com/excel-password-recovery.html
@Zorge.R Project dead? Would be a shame, it seems quite interesting to me but it doesn't appear to have received any updates since Nov 2013 and Play Store reviews are generally bad. Any plans to revive this?
Timmmmaaahh said:
@Zorge.R Project dead? Would be a shame, it seems quite interesting to me but it doesn't appear to have received any updates since Nov 2013 and Play Store reviews are generally bad. Any plans to revive this?
Click to expand...
Click to collapse
Is it actual?
Zorge.R said:
Is it actual?
Click to expand...
Click to collapse
I was wondering the same thing ^-^
Anyway, you're alive! That's nice
Timmmmaaahh said:
I was wondering the same thing ^-^
Anyway, you're alive! That's nice
Click to expand...
Click to collapse
Thanks!
I still have the source code. What would you like to update in the application? Just update the appearance or some more serious changes?
Office document unlocker (DOCX, XLSX)
You can use Dux Excel Password Recovery Software if you unlock your office document file (DOCX, XLSX) because you can easily affordable this program and helpful for you. Quickly unlock your XLSX file password and all version support: 97, 98, 2000, 2003, 2007, 2010, 2013, 2016 and 2019.
more information:***
Search in google .....Dux data recovery password software
Recover lost or forgotten Excel (.xls, .xlsx, .xlsm, .xlsb, .xla, .xlam, .xltm) file password with the use of Brute Force attack, Mask attack, & Dictionary attack by eSoftTools Excel Unlocker Software. With this tool, user can easily unlock MS Excel, Word & Access file password with supported all Excel versions up to 2019 and Windows versions up to 10 (32-bit, & 64-bit). It gives a FREE DEMO VERSION to recover Excel Password and show the first three character as a preview.
Visit Here to Know More About eSoftTools Excel Password Recovery Software
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
:good:
solcam said:
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
Click to expand...
Click to collapse
---------- Post added at 04:36 PM ---------- Previous post was at 03:44 PM ----------
:good:
solcam said:
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
Click to expand...
Click to collapse
Ummmm...Yeah. If you say so.
solcam said:
Ummmm...Yeah. If you say so.
Click to expand...
Click to collapse
Anyone managed to download this?
No. It says that it belongs to an unvalidated account. I know that 418 is now out too if anyone might have this one.
cezar1 said:
This file infected by troyan. Thanks a lot
Click to expand...
Click to collapse
I had no issues with it... and still use it. I will look into it. I did not upload it, I just posted the link.
---------- Post added at 10:56 PM ---------- Previous post was at 10:32 PM ----------
cezar1 said:
This file infected by troyan. Thanks a lot
Click to expand...
Click to collapse
I did some checking and a few people DID have issues with this. Thank you for bringing it to my attention...
If you install this via "setup.exe" it will put a backdoor on your system. It lives at "C:\Users\Admin\AppData\Roaming\Qualcomm". It will also add itself to the "HKCU/Software/Microsoft/Windows/Current Version/Run" key in the registry. There is no virus in the MSI file.
You should be able to detect it, remove it and use build 422. Again, I am using it without issue.
rekamyenom said:
I had no issues with it... and still use it. I will look into it. I did not upload it, I just posted the link.
Click to expand...
Click to collapse
Hello, fellow QPST users.
QPST 2.7 Build 4.2.2 is a fake version with keylogger.
Some a$$hole downloaded latest public QPST build (4.0.2) and decompiled MSI installer package, then edited all "4.0.2" to "4.2.2", added "fake changelog", added keylogger (qualcomm.exe), then repackaged and spread around web!
Everyone who downloaded QPST build "4.2.2" should change all his passwords.
More info about malware from fake 4.2.2 build (QPST.2.7.422.msi)
MSI package (QPST.2.7.422.msi) was embedded/tampered with qualcomm.exe which is a .NET based malware that logs your keystrokes and sends it to attacker's server.
How to delete the actual malware from your system?
Look at the startup from msconfig or CCleaner, there should be a file called qualcomm.exe thats set to start everytime system starts. Delete both registry and file.
If you wanted to see what data thief was stolen from you. Just open the .dc file (in "dclogs" folder) with Notepad and see for yourself.
In XP, dc file is located here!
C:\Documents and Settings\Administrator\Application Data\dclogs
there should be a file called "201X-XX-XX-X.dc
if you open that DC files with Notepad, you'll see all your keystrokes.
Here is mine. I've intentionally entered paypal site with fake info.
:: Run (3:01:51 AM)
Script kiddie. NET Based malware, huh?[ESC]
:: Program Manager (3:02:14 AM)
e
:: Firefox (3:02:18 AM)
www.paypal.com
[email protected][TAB]
mypaypalpass
[ENTER]
:: Documents and Settings (3:02:19 AM)
[UP]
:: Administrator (3:02:28 AM)
[DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN]
[DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN]
d
:: (3:02:34 AM)
:: Administrator (3:02:34 AM)
d
:: (3:03:11 AM)
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
:: [Release] QPST 2.7 BUILD 422 - Download Here - Enjoy - Mozilla Firefox (3:03:57 AM)
crap
How to delete?d
:: Clipboard Change : size = 16 Bytes (3:03:57 AM)
QPST.2.7.422.msi
:: (3:04:23 AM)
cccccc
Click to expand...
Click to collapse
Keylogger sends the logs from keylogger to "qpst.hopto.me"
So please report about this incident where and when you encounter QPST 4.2.2 somewhere (forums, posts, sharing-sites, etc)
Copy my whole post and paste it where you see 4.2.2 mentioned.
Bonus: Fake Changelog
If you've installed this 422 build, then open the Readme.txt in C:\Program Files\Qualcomm\QPST\Documents
Scroll down and see the "6/12/13 QPST 2.7.422 changelog"
6/12/13 QPST 2.7.422
1) EFS Hello commands will not be sent unless the device is in a compatible mode. Sending this command when the
device is in download mode can cause a "server busy" message for a few seconds because of command retries.
2) Support for the Sahara device protocol (see 80-N1008-1 or equivalent) is now built in to the QPST server process.
This protocol is only supported by USB Serial ports, not TCP/IP connections. In QPST Configuration a device in
this mode will display as "Q/QCP-XXX (Sahara Download)". This mode can only be detected (1) when the QPST server
process starts or a COM port in this mode added to QPST, or (2) when a device enters Sahara mode on a port assigned
to QPST. This is because the device only sends its Hello message once, as soon as the COM port is opened.
Click to expand...
Click to collapse
Changelog above is actually cloned from QPST 2.7.394 Just scroll down and see Build 2.7.394 changelog. Its same!
So forget about Build 422. It doesn't exist.
Use QPST 2.7 Build 402. It's the latest public build
Sorry about my english
Best Regards
AnycallMongolia
can somebody give proper qpst latest version.
pl provide dropbox link
madroamer said:
can somebody give proper qpst latest version.
pl provide dropbox link
Click to expand...
Click to collapse
Okey, someone (HuaweiDevices.ru) leaked QPST v2.7.411 to the public. I've installed it myself and confirmed that its legit build.
Here is original link of the leak..
Here is my link.
http://d-h.st/qAy
Thread cleaned, potentially unsafe file and posts are gone. All members are to be reminded that whenever you flash anything, regardless of what it is, you take chances.
Thanks for the report, and thanks for not being disrespectful regarding the matter.
Now, back to development.
Thanks for your sharing this.
solcam said:
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
Click to expand...
Click to collapse
anycallmongolia said:
Okey, someone (HuaweiDevices.ru) leaked QPST v2.7.411 to the public. I've installed it myself and confirmed that its legit build.
Here is original link of the leak..
Here is my link.
http://d-h.st/qAy
Click to expand...
Click to collapse
Link works. Thank you.
Hello guys, i have a LG G2 with 3g issue , it works just in 2g, somebody can upload his QCN file so i try to replace mine with it? Thank you so much
!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!
!!! TROJAN AGAIN !!!
Some time ago in Feb 2014 man named anycallmongolia posted a link to QPST 2.7 build 411
Link points to the site HuaweiDevices.ru
h_t_t_p_://_huaweidevices._ru/ROMS/QPST_2.7.411.rar
Later I'd personally downloaded this version from this topic a few times in 2014 and this was normal non fake QPST which i'd installed on a few PC's. (Can't remember particular link now). Today I would like to install QPST to a new NB PC, so assumed this topic as the best source. Being a recovery/data structures expert I always inspect code (mostly by viewing in text/hex). As most of members I've very high trust level to xda (certainly it's much higher then one related to the "famous and respectable" corps like Google/MS/Apple/etc, who aren't on my side, I'm sure).
I've installed QPST got from this topic a few times, so I'd almost pressed Enter (I use FAR most of time and advice you to do the same) over the DL'd file "qpst 2 7 411.exe".... What??? - EXE??? And it's just about 500Kb long... But QPST installer occupies about 16Mb.
I've explored body - I's typical malware with slightly "encoded" (to prevent direct reading) data inside. QXDM offered on the neighbor page is the same malware of the same size.
If you'll try to dl QPST from above link you'll got 404 error in the center of normal html page with site menu etc... What normal man would think in this case? He'll think page/product have moved (e.g. due to overload protection) and what he'll do next? He'll try to find where page have moved and... will got link in menu just at the bottom of 404 page. It's just trivial (but very good working!) "social engineering" - publish real app in trusted place and when it will pass checks replace it with malware. (Or may be domain was sold to the criminals as it often occures in Russia for a few latest years). Even if you will check DL url in the status bar it will show link to the .RAR archive, but ASAY click the link it will be redirected to .exe!
PLEASE PUBLISH BIG WARNING on TOPIC START and remove links to HUAWEIDEVICES.RU!!!
Furthermore. Situation is much worse because huaweidevices shows 1ST position in search request "QPST 2.7.411" by Yandex.ru (#1 search engine in Russia) and 2ND position in Google results with the same request!!! It's VERY DANGEROUS situation! Thousands if not millions of peoples are at risk of infection.
I'm going to write abuses to Google and Yandex NOW!
Please spread info on such a new attack manner/technique around your friends, collegues and internet.!
Always check what you run!!!
QPST 2.7 build 425 (The REAL Thing!)
It is so irritating to see all of the jerks who are trying to spread viruses and malware nowadays.
Here is the REAL build 425:
http://www.mediafire.com/download/neeapht51ub2333/QPST.WIN.2.7_Installer-00425.1.zip
drkcobra said:
It is so irritating to see all of the jerks who are trying to spread viruses and malware nowadays.
Here is the REAL build 425:
h_t_t_p_://_w_w_w.mediafire.com/download/neeapht51ub2333/QPST.WIN.2.7_Installer-00425.1.zip
Click to expand...
Click to collapse
Very very very BIG Thank you!!!
That's really new one and it contains new very promising QFIL util. Didn't explored much yet!
God bless on you man!
BTW does anybody know how to descramble (decrypt)/scramble (encrypt) back EFS/NVRAM partitions (in most cases modemst*). I'd like to be able to patch/change every byte in EFS (not just locks etc bull****, my phones are always free of any contracts). Full modem FW reversing seems too difficult to me (i'm 'not so strong' in ARM assembly and there is too much code in modem FW). I'm sure for a such long period (over decade) of EFS life there should be methods around to manipulate it independently of mfr/commercial products, but I can't find them for a long time. Trust me, it's fully idiotic situation I'm (you're) not able to do with my (yours) computer (PDA is computer, not the "phone") all I want to do being "restricted" to access only data some f...n mfr "allowed" me to access. It's my device, I'd paid for it and I will decide what me to do with it.
Furthermore, modern public licenses don't allow to hide parts of object (device) code, where GNU/GPL code is the main part. Is anybody here who think that Linux/Unix value in ALL there f...n "modern" Android devices less than 90%? Most router mfrs have already forced by requirements GNU/GPL to publish full compilable code of their firmware. I shouldn't have clue what all they want to hide related to their "commercial" and manipulating interests. Using 30years of thousands people's free labor in their commercial products , they're obligated to publish full sources and should DO IT.
Apple is today wealthiest corp on this planet, but If you'll look into the Apple's internals you'll find tons of MODERN Linux code (protected by modern GNU/GPL) simply stolen from open source depositories, then adopted to MacOS/iOS then closed and sold as commercial product . Is it fair game?
TheDrive said:
Very very very BIG Thank you!!!
That's really new one and it contains new very promising QFIL util. Didn't explored much yet!
God bless on you man!
BTW does anybody know how to descramble (decrypt)/scramble (encrypt) back EFS/NVRAM partitions (in most cases modemst*). I'd like to be able to patch/change every byte in EFS (not just locks etc ...................
Click to expand...
Click to collapse
I use EFS Pro for BackUp and Restore.... Sadly its windows only, but works great with VirtualBox on Linux Mint Cinnamon/MATE 17.1 x64.
Hosted on the wonderful XDA:
http://forum.xda-developers.com/gal...ol-updated-09-06-14-efs-professional-t1308546
FWIW
I hear you about Apple, used to be a hardcore fan, when they were nearly bankrupt. I still swear by OS X, but not the iTard line of devices. I tell my nieces and nephews to get an Android cause they are not ignorant! lol There should be more of an effort to make people understand that Apple is using allot of *BSD (Linux) source. The GUI is closed, but some of the other source is available in the dev program site they host.
unimatrix725 said:
I use EFS Pro for BackUp and Restore.... Sadly its windows only, but works great with VirtualBox on Linux Mint Cinnamon/MATE 17.1 x64.
Hosted on the wonderful XDA:
http://forum.xda-developers.com/gal...ol-updated-09-06-14-efs-professional-t1308546
Click to expand...
Click to collapse
Thank you! Certainly I know this good product. It can manipulate NVRAM through COM-port, just the way QPST does it communicating w/modem FW. Is has many advanced options but seems not to be reliable enough (too many OEM customizations around, it's difficult to reverse all) As you stated it can also backup some partitions (like EFS). but you can do this yourself just by simple ADB/Unix shell commands (e.g. "dd if=/dev/block/mmcblk0p?? of=/sdcard/mmcblk0p??.img")
You can write simple scripts and perform such backups directly from device (to SD). Furthermore, you can customize CWM/TWRP for your device to perform such backups from recovery.
To do it you should know which partition numbers to backup/restore (to backup/restore what data you want).
There are methods/commands available to get needed info to build full device partition map (e.g. some devices contains "folders" named "by-names" deeper in /dev/block/... (where partitions are named), but in some cases (e.g. some 2013 MSM7227 based Samsung phones like GT-S756x) there is no names associated with particular proprietary partitions in the device, (at all) so the only way to find what data reside there is to backup and look (hex) with your own "experienced" eyes what these data seems to be (or search what others found on the theme). EFSPro "from the box" also knows only a few device's partition maps so, in most cases you should build configuration for your device manually with full knowledge of it.
There is no problem to locate and backup encrypted modem data partitions (modemst*/efs/etc...) if your device is rooted. Moreover, if your device has standard Qualcomm bootloader (not OEM's cut) you can switch device to the standard Qualcom DM (download mode) when all your eMMC contents will be exposed to USB bus as mass storage device (just like UFD or SDCard) and you can backup/restore whole drive contents or particular partitions just like PC's own partitions (try some "chnese" stuff (made of quality parts) instead of "branded" ones and you'll see superiority of the "open world".
But main question is how to decrypt modem data to explore and change them as I want at any time. Mfrs (i.e. Qualcomm and OEMs hide serials, locks etc BS there, but there is a lot of other interesting stuff related to modem configuration which is also closed and encrypted. This drives me wild because it's my device and my serials/locks and other stuff too, so it's my option to do with is what I want and no one else. I'm definitely know and sure modem FW/config and even mask ROM (which we most probably never will be able to explore) contains many hidden features that may lead to remotely force device to collect info about user and perform actions without his knowledge and consent. I have no matter what all these sec... services planned to do with all these exploits they forced OEMs/chipmakers to implement., but (sic!) they allowed information about these exploits to leak wild! So some "generic" engineers who simply have job and low level access to cellular provider's equipment (which able to broadcast custom service packets) to make "what they want with user's phones (e.g. switch it on or request GPS data) just "for fun". F them all, but most idiotic is fact that being an 25y experienced "lowest level" service engineer I can't get access and control over my own devices (i.e. computers). It's incorrect. It would be difficult but we should pay more attention to explore internals and get clue what goes on.
unimatrix725 said:
FWIW
I hear you about Apple, used to be a hardcore fan, when they were nearly bankrupt. I still swear by OS X, but not the iTard line of devices. I tell my nieces and nephews to get an Android cause they are not ignorant! lol There should be more of an effort to make people understand that Apple is using allot of *BSD (Linux) source. The GUI is closed, but some of the other source is available in the dev program site they host.
Click to expand...
Click to collapse
I've personally explored OSX files and partitions and seen much modern Linux code inside. They even don't hide "copyrights". Nobody will explore anyway and nobody cares. Old 80x-90x versions of public licenses allowed to do "anything" with free open sources (including to make changes, then close sources and sell product). After some smartasses like Apple used this hole to sell free labor of thousands of peoples, public license had changed. Modern licenses allows you to sell derived product, but obligate you to open sources (with same license) so anyone else can use them to and sell too. You can't close your part of sources if free code is most valuable part of your product. E.g. router mfr can't close part his own sources to make firmware sources "uncompilable" because Linux definitely is most valuable part of router FW. This warrant later development of free open source programs and free community n whole. Apple stated that they used only old 80x code in their OS'es and then developed it separately and thus they are not obligated to open sources to everyone. They would be right unless they didn''t used a lot of modern code protected by modern public license's requirements. I didn't explored deeply. May be they publish all derived code for free. Today we can't say accurately if some modern Linux components they adopt for Mac/iOS are most valuable part of their systems or not. We should explore all the code to make decision. but anyway it's not fair to use a lot of thousand's people's free labor just to make money. Google's position here is not ideal but much more fair. They publish most of sources and support open source community. They don't try to make system "unbreakable" and they don't force you to use their accounts too much. I've NO Google "phone" account AT ALL. I've no need in any "markets", "clouds" ect BS., which lead absolutely no problem to me to effectively use Android devices. There are lots of free APK's around
It practice, I have 2-3 old iPhones just for experiments. Yes we have Jailbreaks and some other stuff, but even if you break and get access to your device it's very uncomfortable to work with it at low level. On my sight just one ADB interface costs more then all "jingles and bells" of iOS's GUI. All these "tethered-untethered", "unbreakable" bootloaders in Mask ROM, lack of normal tools to explore and manage data on any level, total control and extraction of my data by mfr via strongly encrypted obfuscated protocols and hidden services make these devices useless for me in practice.
Windows Phone is even far more closed OS then iOS. You have no control over your data at all. You can't do a thing with WP device unless you sign up with MS account. You can't get access to your own data (except MM files) unless you sync it with MS cloud, i.e. you will be forced to send all your private data to MS and MS will decide whether to give piece of it back to you or not. Matrix in action. I've absolutely no clue what thought MS bosses when they decided to close ALL in OS that have had less than 1% of market. Their 1st goal was to attract developers to write apps for their OS and there was no better way to kick them than "close All". There is no matter does it perform GUI actions good or not when devs and users have no effective way to collect and use "useful" results of device's work.
drkcobra said:
It is so irritating to see all of the jerks who are trying to spread viruses and malware nowadays.
Here is the REAL build 425:
http://www.mediafire.com/download/neeapht51ub2333/QPST.WIN.2.7_Installer-00425.1.zip
Click to expand...
Click to collapse
The new versions got rid of QXDM and RF NV Manager.
Build 415
etirkca said:
The new versions got rid of QXDM and RF NV Manager.
Click to expand...
Click to collapse
I have not used this version, so do not know if it has been removed from this one or not, but here is a legitimate copy of build 415:
http://www.mediafire.com/download/ac6yh57yye363mx/QPSTWIN2700415.rar
Highlights
Convenient lock screen and home screen widgets provide instant tokencodes without navigating to an app.
Optionally save your PIN.
Supports SDTID files, importing http://127.0.0.1/... tokens from email, and QR tokens.
100% open source (GPLv2+)
Click to expand...
Click to collapse
Requirements
A token seed file from your system administrator
JB 4.1+
Click to expand...
Click to collapse
Downloads
Binaries are attached to this post and available from Google Play.
Source code: https://github.com/cernekee/EasyToken
Click to expand...
Click to collapse
Changelog
Code:
v0.91 - 2014/12/20
- Use more specific MIME type matches so that Easy Token associations don't
show up in Contacts.
- Update libstoken to v0.81 and switch from tomcrypt to nettle. Most of
the changes in v0.8/v0.81 won't matter on Android, but it is now possible
to import hard token seed files if desired.
Older changelogs:
Code:
v0.90 - 2014/07/26
- Rework handling of bound device IDs during token import. Try to guess
it based on the current (unique) device ID and all known class GUIDs.
Allow the user to override it, in case of a collision.
- Limit import string to 64kB to avoid OutOfMemoryError crashes on invalid
tokens.
v0.81 - 2014/07/06
- Fix bug in lock screen widget where it would "bounce" between the tokencode
display and the clock display for no apparent reason
- Show the "confirm import" screen unconditionally, so there is a clear
indication that email import succeeded
v0.80 - 2014/07/05
- Initial public release
Click to expand...
Click to collapse
XDA:DevDB Information
Easy Token, App for all devices (see above for details)
Contributors
cernekee
Source Code: https://github.com/cernekee/EasyToken
Version Information
Status: Beta
Created 2014-07-05
Last Updated 2014-12-21
Attaching a couple of randomly generated tokens, in case it is necessary to test Easy Token without a real seed file. These were created with:
Code:
qrencode -l H `stoken export --random --android` -o v2.png
qrencode -l H `stoken export --file pinless.sdtid --v3` -o v3.png
stoken export --random --sdtid > token.sdtid
The rightmost (denser, v3) QR code is a 6-digit PINless token. You may need to zoom in to scan it.
Verrr niice..
Thanks for making this, it works great and looks much better than the official RSA one. One thing, though, what is the network access permission for?
phigan said:
Thanks for making this, it works great and looks much better than the official RSA one. One thing, though, what is the network access permission for?
Click to expand...
Click to collapse
It isn't currently used, but future uses could include:
Internet token provisioning via CTKIP
NTP clock sync, so that if multiple devices use the same seed, they all read back the same tokencode at the same time
Better problem reporting; currently ACRA is set up to use email but there are some limitations associated with that approach. All problem reporting in this app is user-initiated.
Reported via email as well, but here's the problem I'm having:
Trying to import a token given via an http 127.0.0.1] url in an email:
USER_COMMENT=importing new key via (http link omitted, because xda forums don't like it) failed, with chrome saying "connection refused"
ANDROID_VERSION=4.4.4
APP_VERSION_NAME=0.90
BRAND=oneplus
PHONE_MODEL=A0001
CUSTOM_DATA=
STACK_TRACE=java.lang.Exception: Report requested by developer
at org.acra.ErrorReporter.handleException(ErrorReporter.java:626)
at org.acra.ErrorReporter.handleException(ErrorReporter.java:583)
at app.easytoken.MainActivity.sendProblemReport(MainActivity.java:121)
at app.easytoken.MainActivity.onOptionsItemSelected(MainActivity.java:139)
at android.app.Activity.onMenuItemSelected(Activity.java:2600)
at com.android.internal.policy.impl.PhoneWindow.onMenuItemSelected(PhoneWindow.java:1065)
at com.android.internal.view.menu.MenuBuilder.dispatchMenuItemSelected(MenuBuilder.java:741)
at com.android.internal.view.menu.MenuItemImpl.invoke(MenuItemImpl.java:152)
at com.android.internal.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:884)
at com.android.internal.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:874)
at com.android.internal.view.menu.MenuPopupHelper.onItemClick(MenuPopupHelper.java:177)
at android.widget.AdapterView.performItemClick(AdapterView.java:298)
at android.widget.AbsListView.performItemClick(AbsListView.java:1113)
at android.widget.AbsListView$PerformClick.run(AbsListView.java:2911)
at android.widget.AbsListView$3.run(AbsListView.java:3645)
at android.os.Handler.handleCallback(Handler.java:733)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:136)
at android.app.ActivityThread.main(ActivityThread.java:5146)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:796)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:612)
at dalvik.system.NativeStart.main(Native Method)
Screenshot of Chrome attached.
gehrehmee said:
Trying to import a token given via an http 127.0.0.1] url in an email:
Screenshot of Chrome attached.
Click to expand...
Click to collapse
When you clicked on the email link, did it send you straight to Chrome? Android should notice that the URL matches a pattern that can be handled by two different apps, and let you choose whether to open the link with Chrome (incorrect) or Easy Token (correct).
If this doesn't happen, you may need to clear the default association for Chrome.
If you still can't convince it to pop up the app chooser, another option is to copy the URL to the clipboard (long-press may do it), navigate to Easy Token, then choose Manual Entry.
cernekee said:
When you clicked on the email link, did it send you straight to Chrome? Android should notice that the URL matches a pattern that can be handled by two different apps, and let you choose whether to open the link with Chrome (incorrect) or Easy Token (correct).
If this doesn't happen, you may need to clear the default association for Chrome.
If you still can't convince it to pop up the app chooser, another option is to copy the URL to the clipboard (long-press may do it), navigate to Easy Token, then choose Manual Entry.
Click to expand...
Click to collapse
Interesting:
I installed the official app as well as EasyToken now, and I do get the "choose application" dialog -- but EasyToken isn't in the list.
I copied the URL into the "manual" entry, and it didn't un-grey the "Next" button.
The URL is in the form:
http (noise added to stop xda forum from rejecting post) ://127.0.0.1/securid/ctkip?scheme=https&url=hostname.company.com:443/ctkip/services/CtkipService
gehrehmee said:
The URL is in the form:
http (noise added to stop xda forum from rejecting post) ://127.0.0.1/securid/ctkip?scheme=https&url=hostname.company.com:443/ctkip/services/CtkipService
Click to expand...
Click to collapse
Unfortunately CTKIP is not currently supported. CTKIP URLs do not actually contain the token seed. Instead, they direct the client to handshake with a remote server to securely exchange information. I have not figured out how to implement this scheme yet.
Easy Token normally expects a URL that uses the "compressed token format" (ctf), such as:
Code:
http://127.0.0.1/securid/ctf?ctfData=219561515777421437245254320241301611451327661056547012064173126400766246671676001
The ctf string is entirely self-contained (it doesn't need to talk to a remote server).
Change Device ID
Would it be possible to let users change the device ID? The default one is calculated differently from the official RSA app, so I can't install the same token on both or migrate from one to the other without having a new token issued to me.
pfcrow said:
Would it be possible to let users change the device ID? The default one is calculated differently from the official RSA app, so I can't install the same token on both or migrate from one to the other without having a new token issued to me.
Click to expand...
Click to collapse
If the app is unable to successfully decrypt the token using the default device ID, it should prompt you to enter a different ID (see attached screenshot). You can copy the device ID from the official RSA app if your token is bound to that installation.
Are you getting an error instead?
cernekee said:
If the app is unable to successfully decrypt the token using the default device ID, it should prompt you to enter a different ID (see attached screenshot). You can copy the device ID from the official RSA app if your token is bound to that installation.
Are you getting an error instead?
Click to expand...
Click to collapse
That's awesome! Thanks. I'm also stuck on the CTKIP issue that others discussed above. I suspect I'm not going to have any luck getting the other app to cough up the token once I download it, though.
pfcrow said:
I'm also stuck on the CTKIP issue that others discussed above. I suspect I'm not going to have any luck getting the other app to cough up the token once I download it, though.
Click to expand...
Click to collapse
That's correct - it is stored in a different format, and obfuscated.
I wonder how much demand there would be for an Xposed Framework module that exports stored tokens from the official RSA app?
cernekee said:
That's correct - it is stored in a different format, and obfuscated.
I wonder how much demand there would be for an Xposed Framework module that exports stored tokens from the official RSA app?
Click to expand...
Click to collapse
A lot - my employer will only issue tokens in CTKIP format, and if I can't copy the RSA app's token out I'm stuck with the default app. And what's worse, I'm stuck with using it on just that one phone - this is the whole reason I found your app in the first place, because I have 2 phones and want to clone the token onto both.
If you figure out a way to read the token from the RSA app, I'd happily PayPal you $20 for the effort
Edit: Even better would be an app to extract the RSA token from a Titanium backup.
I am using this on Android and it works great. Today I tried to install this to chrome using ARC. It worked. I was able to import tokens and all seemed well except the tokens are generating the wrong numbers. They should match the android device but they do not. I verified the serial# and dates are the same but the digits after the same PIN numbers are entered are different. I realize ARC is new but figured i'd give it a go.
cernekee said:
That's correct - it is stored in a different format, and obfuscated.
I wonder how much demand there would be for an Xposed Framework module that exports stored tokens from the official RSA app?
Click to expand...
Click to collapse
Was this solved?
I'd love to get more info and give it a go!
It seems a fun challenge. :cyclops:
I gotta tell you - I love this app. I can easily move my token from phone to phone without getting a new token from my sysadmins. That is huge! I wish you a also had a Mac OS X app
Tasker/KLWP
This app is brilliant - so much better than RSA's!
But could you tell me is it possible to get a code from Easy Token into KLWP or Tasker? Using intents?
Cheers!
Great work, loving it !
The token in the official Android app is stored in a sqlite database. If your phone is rooted, it's easy to copy it out and dump the database. You can probably dump it out of any backup program. The problem is that the critical fields are obfuscated. They appear to be 256-bit numbers in hex, and I don't know how they translate into the fields used by stoken (the token program that powers the app we're discussing here).
A dump of the table shows:
Code:
CREATE TABLE tokens (
SERIALNUMBER text primary key not null,
NICKNAME text not null,
EXPIRATIONDATE text not null,
PINTYPE integer not null,
PRNPERIOD integer not null,
PRNLENGTH integer not null,
ROOTSEED blob not null,
OTPMODE integer not null,
DEVICEBINDINGDATA text not null,
ALGORITHM integer not null,
BIRTHDATE integer not null,
MAXTXCOUNT integer not null,
SIGNATURECOUNT integer not null,
LASTTXTIME integer not null,
TOKENHASH blob not null);
The ROOTSEED and TOKENHASH fields are both 64-character (256-bit) hex codes. I think everything else is either zero or reasonably obvious.
My two thoughts are to either make sense of all this data to create a converter, or to investigate the Windows token storage format (which might use the same fields) and see if the official token converter can extract it.
Is any results with CT-KIP? Or any workaround?