QUESTION 1
I've been flashing and reflashing ROMs for a couple of weeks now and am very impressed with Dutty's latest endeavor. In anticipation of the v4 release, I'm hoping someone in the community can tell me if it is possible to backup an over-the-air (OTA) enterprise activation of BB Connect. Currently I'm calling our technical support guys who, sooner than later I'm sure, will start asking why I have to have to get a new OTA activation password (which they change as soon as you use it) every 5-7 days.
So, in short: moving from one ROM to the next and want to back up OTA BBConnect enterprise activation. Possible? If so, how?
QUESTION 2
Any BES administrators out there willing to tell me if my Tilt/Kaiser shows up on the BES (v4) differently than a BlackBerry (like the POS 7280 I'm given by the company). If so, is there a way to "spoof" that since my company will not allow non-blackberry devices.
QUESTION 3
When using the stock AT&T ROM, my Tilt respects the (highly restrictive, Bluetooth disabling, password-enforcing, ridiculous) IT Policy pushed by the BES administrator. When I flashed to Dutty's DualTouch ROM v3 Final, this no longer happened. Now, it just reads "default" for the IT Policy. Is this a fluke or some wonderful reg entry that we need to identify and protect like diamonds?
Thanks, all.
Cheers,
Your Local Village Idiot
VillageIdiot said:
QUESTION 2
Any BES administrators out there willing to tell me if my Tilt/Kaiser shows up on the BES (v4) differently than a BlackBerry (like the POS 7280 I'm given by the company). If so, is there a way to "spoof" that since my company will not allow non-blackberry devices.
Click to expand...
Click to collapse
We run BES here and indeed non-blackberry devices are reported as the phone model when you look up the phones information.
This could probably easily be spoofed to whatever you like. If you hacked the blackberry connect application, or intercepted and modified the data passed over to BES. You could make it say anything you want at that point.
I'd get "in" with your IT guys and that way they can pull a favor for you now and then with the BES server. Other then that, have the company pay for a blackberry phone and carry two phones around, or refuse to carry a company phone and don't use your personal phone for company resources. If they're blocking your productivity by a poorly guided company policy, make it cost them money. Don't inconvenience yourself to keep your productivity as an employee on par.
Really though, it's not feasible to secretly go behind your employers back with your tilt. I think it's ridiculous a company wouldn't let you use your Tilt -- though probably because the corporation is uneducated or ignorant to the fact that the Tilt can be locked down just as well as a blackberry phone. Too bad the employer has a bunch of pointy haired management types running around who don't know what they're doing and out of ignorance banned non-BB devices.
Jon,
Thank you for your prompt reply and clarification on what shows up at the BES. Hacking the BB connect app is beyond my current knowledge set, but I may look into it if I'm unable to find a simpler solution.
Unfortunately, my company has several thousand employees so my productivity concerns are far outweighed by their misinformed security concerns. I've pitched the benefits of BB connect, WM5/6 devices and direct-push Exchange sync, but my pitch falls on deaf ears. They have provided me a BB 7280 and some get newer 8XXX devices, but beyond that we're expected to be happy with what we have. I'm even buying a non-camera Tilt to replace my two week old Tilt because they won't allow personal camera phones (all BB connect issues aside). You'd think I work for MI-6...
Cheers,
T.V.I.
VillageIdiot said:
QUESTION 1
I've been flashing and reflashing ROMs for a couple of weeks now and am very impressed with Dutty's latest endeavor. In anticipation of the v4 release, I'm hoping someone in the community can tell me if it is possible to backup an over-the-air (OTA) enterprise activation of BB Connect. Currently I'm calling our technical support guys who, sooner than later I'm sure, will start asking why I have to have to get a new OTA activation password (which they change as soon as you use it) every 5-7 days.
im soooo it this situation, any ideas?
Click to expand...
Click to collapse
Here's how you do it
you could use the desktop software instead of OTA. this will activate the phone without requiring you to get a new activation code.
Here's how I back up and restore. This has worked often, and not worked a few times.
Try to follow this exactly for best results.
get task manager v2.7 from fdcsoft
tap the blackberry icon on the taskbar and suspend the service under status
start taskmanager, and go to services. stop the two blackberry services, log and security.
open file explorer, and copy the directory RIM in /application data to your storage card
flash your phone with whatever-
copy the RIM folder back to /application data from your storage card
load blackberry connect (this should be the same version you had, otherwise you may have issues)
tap the blackberry icon in settings-system
instead of installing, you should see a window that says "repairing settings"
your old password should be restored, and the phone will lock and ask you to unlock. use your password you had before the backup.
all of your folders and mail should be back.
This works about 90% of the time.
some issues I've had-
multiple blackberry folders- one with emails, one with nothing.
folders missing, a bunch of email in drafts folder.
older messages no longer sync with desktop
good luck!
not sure if any body thought of this what if chefs let users to sign their names addresses and finger print scan in the rom
1st will be thief deterent
2nd good hearted will return it if found
3rda phone will be a personal thing,chefs can leave their name somewhere for the smell and taste fo thier cooking
I'd think Chefs should also put a file in the \windows directory called release_notes with their ROM name and a forum link to their ROM thread.
Can't say how many times I've forgotten who's I've got flashed at any given time.
First, most chef's already put their name in the rom in one or more places, second , if you are using one of Alex's rom's used the kitchen & you can put whatever you want in it. Third, if somebody decent finds the device, your name & etc. is already in device owner info or can be looked up by your carrier with the serial or esn. Finally, if anyone else finds your device , it will take them all of 10 minutes to use Google & figure out how to flash a new rom. You could change the device ID to something nonexistent to make it harder to flash, but that's something better worked out by you & no Chef is gonna want to do that for every single person, not to metion that if he did, the thief would google & figure it out.
There is always ways around things, just ask AT&T, HTC & everybody at XDA
GSLEON3 said:
First, most chef's already put their name in the rom in one or more places, second , if you are using one of Alex's rom's used the kitchen & you can put whatever you want in it. Third, if somebody decent finds the device, your name & etc. is already in device owner info or can be looked up by your carrier with the serial or esn. Finally, if anyone else finds your device , it will take them all of 10 minutes to use Google & figure out how to flash a new rom. You could change the device ID to something nonexistent to make it harder to flash, but that's something better worked out by you & no Chef is gonna want to do that for every single person, not to metion that if he did, the thief would google & figure it out.
There is always ways around things, just ask AT&T, HTC & everybody at XDA
Click to expand...
Click to collapse
1st the whole idea is not about the phone getting lost rather than personlizing it ,to google or change that is why i said chefs should make it possible to ingrave it in the roms thiefs if they know all that they are nottheifs they won't find time to steal they will be cooking for us
actually, for anti-theft, I was thinking of a kit...
1) modified SPL; requires non-standard password and a signed NBH using your own custom certificate
2) OS is locked down with a trusted certificate of your own in the store so SSPL won't run at all... unless you sign it with your certificate
3) program that checks the SIMcard IMSI; if it changes then it sends an SMS to another number.
now... there are a few practical issues with 2) because it makes installing new apps a pain in the arse since they all need to be signed, so maybe a way of buggering up SSPL would be better.
ras said:
1st the whole idea is not about the phone getting lost rather than personlizing it ,to google or change that is why i said chefs should make it possible to ingrave it in the roms thiefs if they know all that they are nottheifs they won't find time to steal they will be cooking for us
Click to expand...
Click to collapse
A Chef that makes ROMs used by thousands is not gonna want to customize or personalize each one for every user. That said, with a donation, there are many that might consider it for you. Of course, you can always use a base ROM & the Kitchen to do it yourself. I do this.
Also, you can use provisioning xml's to customize or personalize them on a basic level using UC. Read Sleuth's thread on UC (User Customization).
@ Olipro, I really like the idea's 1 & 3. I have played a bit with CID locking to an imagined CID & with false Model ID's but of course while you then can't flash a ROM that's not customized to match, you could bypass it with SSPL, making it pointless against anyone half competent.
Your solution 1 & 3 would almost have to go hand in hand, having the password & a way to keep SSPL from jumping the password measures. Something like this, in conjunction with WIMP & UC in ROM, would be a great tool for security. Very Interesting indeed.
Hi there,
This software is an Antitheft and you can use it to track your device when it was lost or stolen. It works catching a formated SMS/EMail sent from any phone/computer and then receiving useful informations back.
You can use it to others objectives, like keep your eye in your child. Use your imagination!
You can set up to four emergengy contacts to receive SMS if the thief change your SIM card and you still can track your device.
The RemoteTracker for Android is an evolution from an old project for Windows Mobile 6 (If you want to see the entire history, please click here).
I'm justing starting this project. There are much more to come.
To send a command to RemoteTracker, send a SMS with the syntax: RT#(command)#(phone or e-mail)#(password). Example: RT#EGP#[email protected]#1234. This version answer the commands below:
help - send to you a list of commands available in Android platform;
ehelp - same as 'HELP', but send the list by e-mail;
fhelp - same as 'HELP', but send the list to your FTP server;
gp - try to get GPS coordinates and send back to cel number passed as parameter;
egp - same as 'GP', but send the list by e-mail;
fgp - same as 'GP', but send a file to your FTP server;
gi - Send informations about your phone: IMSI, IMEI and ICCID;
egi - Same as 'GI' but the answer goes by e-mail;
fgi - Same as 'GI' but the answer goes to your FTP server;
cb - your phone will make a Call Back to you. Just make a call and let the microphone open;
cellid - Retrieve informations (CELLID, LAC, MNC and MCC codes) about the tower your phone are connected. Send to you by SMS;
ecellid - same as 'CELLID', but the answer goes by e-mail;
fcellid - same as 'CELLID', but the answer goes to your FTP server;
secret - if you forget your password you can use this command to receive by SMS your personal secret question;
lostpass - used to receive your password if you forgot it. You must send the answer for your secret question, so, you can use the secret command to help you;
Commands available only in PRO version:
PICSON - Makes RemoteTracker (only PRO version) watch for new photos and send them to Default EMail Address;
PICSOFF - Makes RemoteTracker (only PRO version) stop to watch for new photos;
EPICSON - Same as PICSON, but send an E-Mail back;
EPICSOFF - Same as PICSOFF, but send an E-Mail back;
FPICSON - Same as PICSON, but send the answer to FTP server;
FPICSOFF - Same as PICSOFF, but send the answer to FTP server;
PCALLSON - Makes RemoteTracker (only PRO version) takes a photo on a call is receive or made and send it to Default EMail Address;
PCALLSOFF - Makes RemoteTracker (only PRO version) stop to take photos on calls;
EPCALLSON - Same as PCALLSON, but send an E-Mail back;
EPCALLSOFF - Same as PCALLSOFF, but send an E-Mail back;
FPCALLSON - Same as PCALLSON, but send the answer to FTP server;
FPCALLSOFF - Same as PCALLSOFF, but send the answer to FTP server;
WIPEDATA - This command will return your device to factory default and format your SD Card.
There are another features inside RemoteTracker, like:
- SIM CARD change observer;
- Automatically restore your preferences if you reinstall it. This feature is particular useful if you have a custom ROM with RemoteTracker inside. Once configured, everytime your devices boots up, your preferences will be restored;
- Works as Device Admin, so it can't be uninstalled if you don't know the password;
- And more...
This project can be multi-language. In this version there is only English (sorry about it, my english is very bad because this is not my mother language). If you want to make your own translate, I can tell how. Very simple.
If you decide to try RemoteTracker, I would like to read reviews, comments and suggestions. Remember this is a beta version and may contain bugs. Use at your own risk and with caution.
--> It is a work in progress. In future versions I will make a lot more.
Support this project
You can support this project making a donation clicking here or clicking the banners in the project website: http://remotetracker.sourceforge.net
All the best,
Joubert Vasconcelos
Hello friends!
To test RemoteTracker please download it from here:
http://remotetracker.sourceforge.net/RemoteTracker.apk
Before your tests, please turn on the Debug option. It will make RemoteTracker write the remotetracker.txt file in the root of your memory card.
All the best,
Joubert
I just released the second beta!!!
Now, RemoteTracker can automatically turn on the Mobile and WiFi network to try get location and send EMails!
For older phones RemoteTracker also will automatically turn on the GPS! Unfortunately this is impossible if you are using new Android versions (2.3.x or so).
A few minor bugs was fixed.
All the best,
Joubert
joubertvasc said:
For older phones RemoteTracker also will automatically turn on the GPS! Unfortunately this is impossible if you are using new Android versions (2.3.x or so).
Click to expand...
Click to collapse
GPS can be enabled in 2.3+ - but only if device is rooted. That's what it says in the Cerberus entry in "AppStore" [edit: AndroidMarket].
Hi!
Yes, if you have a rooted device is very easy to enable GPS remotely. But I do not recommend in any way for users to root the phones for security reasons.
I think you are talking about Market, not AppStore We are talking about Android not Apple
All the best,
Joubert
New beta 0.3!!!
Hello again,
I just released version 0.3. Now we got FTP answers back!
In Configurations I added a session to input your FTP server details. The example commands GI and GP now works with FGI and FGP as well.
Once again minor bugs was fixed. If you want to try please download the APK here: http://remotetracker.sourceforge.net/RemoteTracker.apk
As soon as possible I'll make a TODO list and a Road Map.
All the best,
Joubert
Copying my post form the old thread so I can subscribe to this one:
Wow, nice to see this make it to Android.
Some suggestions,
1: Name it something that isn't obvious in the market. Don't want a thief easily finding it in the installed apps list. Going to the market and then buying "my apps" shows you exactly what's installed. So you should name it something totally different that nobody would suspect or want to remove. Like "memory maximizer" or something like that. Probably want to keep it in the middle of the alphabet so it's not at the top or bottom of the list.
2: Maybe make a way to remotely monitor the front/rear camera. Then you could get the thief on video (and also see if it's a crowd, or some huge guy you don't want to mess with, lol).
I'll try to help test when I get another phone and more time. Right now I don't have a lot of time to work out bugs. And more importantly I only have the 1 phone, and I can't afford to have it malfunctioning (I need it for work). I'll buy a used extra phone for testing and then I'll help test.
Thank's!
Be sure I'm worry about the Name I'll post on Market. Not now. I'm trying to make it working and I'll see what I can do later.
About cameras, yes, I think we can control them. At least take pictures and send to an e-mail account. To remotely monitor the cameras, may be I need a server to receive/transmit stream. Of course this is in my todo list
All the best,
Joubert
joubertvasc said:
Thank's!
Be sure I'm worry about the Name I'll post on Market. Not now. I'm trying to make it working and I'll see what I can do later.
About cameras, yes, I think we can control them. At least take pictures and send to an e-mail account. To remotely monitor the cameras, may be I need a server to receive/transmit stream. Of course this is in my todo list
All the best,
Joubert
Click to expand...
Click to collapse
I would rather set up my own server (or even directly stream peer to peer from the device). That way you don't get stuck with hosting fees and the app doesn't die if you decide to stop supporting it someday (not that you would).
There are many possibilities. I'll try all of them.
All the best
Joubert
Another beta
Hi all,
I release another beta. Once again, if you decide to try it, please download from http://remotetracker.sourceforge.net/RemoteTracker.apk.
I edited the first post to add new features. And I have a notice...
I created a free and pro versions. The free version will have the most common commands we had in Windows Mobile. Only specific commands for Windows Mobile I can't write for Android. Pro version will have new features to come (I don't know yet).
But I don't want to charge my friends, so, if you are a beta tester or help me with anything, I'll give the PRO version for free. But it's for future now I'm engaged to finish RemoteTracker free as best as I can do.
All the best,
Joubert
Possible Bugs
Hi Joubert,
Thank you for have been developing so useful application. I believe everyone here is excited about what you are doing.
I tried your better version and here what I have to say:
1) You stated that the command format is RT#EGP#[email protected]#1234, but what if I want to use command to upload that info to FTP? Then,theoretically, I don't need to indicate my email or phone in the command. At the same time commands like "RT#FGP#1234{this is a password}", "RT#FGP##1234{this is a password}" are not recognized as valid RT commands or even failed with fatal exception. How can I upload this info to FTP, what should be the format of the command in this case?Indicating an email inside the command or phone number when sending to FTP seems a kind of redundancy.
2) Once an Fatal error appeared, it started appearing for each further VALID command which were working before. Error states the following:
Fatal error: Call to a member function query() on non-object in /celerra/webstor/root.dev/usr/sms core.php on line 234, most likely there it has some null reference there.
3) In the log file I see that its trying to send messages to invalid address substituting "@" at "?". Does it mean it sends to correct address but it writes to the logs incorrectly or is it really a bug? Because I don't receive any emails at all.For example, when sending RT#EGI#[email protected]#De41Be02AF in the logs I see that it mentioned it sent the message to "test?test.ru" instead of "[email protected]"
This is it for now. I can try to help you out with programming. I have no experience in Android development but have been developing in C# for 7+ years.
Again thanks for you effort.
ser-j said:
Hi Joubert,
Thank you for have been developing so useful application. I believe everyone here is excited about what you are doing.
Click to expand...
Click to collapse
I'm stuck right now. I can not go ahead because I'm not finding some answers. But soon I return to search. Very good to know there are people wainting my work to be done, because there are lots of good programs in Google Market (now Google Play).
ser-j said:
I tried your better version and here what I have to say:
1) You stated that the command format is RT#EGP#[email protected]#1234, but what if I want to use command to upload that info to FTP? Then,theoretically, I don't need to indicate my email or phone in the command. At the same time commands like "RT#FGP#1234{this is a password}", "RT#FGP##1234{this is a password}" are not recognized as valid RT commands or even failed with fatal exception. How can I upload this info to FTP, what should be the format of the command in this case?Indicating an email inside the command or phone number when sending to FTP seems a kind of redundancy.
Click to expand...
Click to collapse
You should use: rt#fgp##1234 The double # are still necessary. I'm working on a simpler syntax to be used in final version.
I'm worried about fatal errors. That's why I released beta versions. Please use Configurations Menu and check the Debug Options. After that you will see in the root of your memory card a file named remotetracker.txt. Send that file to me please.
ser-j said:
2) Once an Fatal error appeared, it started appearing for each further VALID command which were working before. Error states the following:
Fatal error: Call to a member function query() on non-object in /celerra/webstor/root.dev/usr/sms core.php on line 234, most likely there it has some null reference there.
Click to expand...
Click to collapse
I really don't know what is this. Please send the log file to me. I wrote RemoteTracker for Android in Java, not PHP!!!
ser-j said:
3) In the log file I see that its trying to send messages to invalid address substituting "@" at "?". Does it mean it sends to correct address but it writes to the logs incorrectly or is it really a bug? Because I don't receive any emails at all.For example, when sending RT#EGI#[email protected]#De41Be02AF in the logs I see that it mentioned it sent the message to "test?test.ru" instead of "[email protected]"
Click to expand...
Click to collapse
Are you sending the command using another phone, the same phone or using some WEB service (like your carrier website)? There is no code to change '@' to '?'.
ser-j said:
This is it for now. I can try to help you out with programming. I have no experience in Android development but have been developing in C# for 7+ years.
Again thanks for you effort.
Click to expand...
Click to collapse
Thank you very much for your tests. I need that! There are lots of Androids around the world and make something secure for everyone will be a journey.
All the best,
Joubert
Notices
I almost finished writing the commands that existed in RemoteTracker for Windows Mobile (at least the ones Android can execute).
But I'm still trying to make the security of RemoteTracker to be more robust. I had Features in Windows I can't write for Android yet:
- Prompt for password when uninstalling;
- Lock / Unlock the unit with the LOCK / UNLOCK commands;
I'm not able to use the camera without the need to provide a preview to the user. According to the source code of Android that is impossible, but I saw some programs doing that, so there is a way to do that and I'm looking for this information.
If anyone knows how please help me
All the best,
Joubert
Answers to the questions
Hi Joubert,
Sorry for being silent for so long.
joubertvasc said:
Are you sending the command using another phone, the same phone or using some WEB service (like your carrier website)? There is no code to change '@' to '?'.
Click to expand...
Click to collapse
I am using Web service of my sim provider to send SMS. Didn't have a chance to try with sending SMS from the phone.
joubertvasc said:
Thank you very much for your tests. I need that! There are lots of Androids around the world and make something secure for everyone will be a journey.
Click to expand...
Click to collapse
Yes, you are right.
As to the log file I will send it to you shortly.
Thank you. I'll wait for your log to see details. You can send it directly to my e-mail.
All the best,
Joubert
Hide Remote Tracker Application
Hi Joubertvasc:
Are you planing to make a feature to hide the Remote Tracker from the drawer and from any place of the phone. Like with the Theft Aware; you can access the application by dialing from the Phone Dialer. You enter your four code number then hit call. This will open the apllication without calling the number.
Regards;
Willie
Sounds good. I will take a look about how to do that.
Thank you.
Hi!
After a long time I'm back with a new version. This one has lots of bug fixes:
http://remotetracker.sourceforge.net/RemoteTracker.apk
My problem now is Android 3.1 and later, because they don't intercept messages all the time. They need human access the configuration module once to work. Security issue Google said... I'm trying to find an exit.
Best regards,
Joubert
G'day mate.
Long time no see. Great work on this app so far.
I've finally gotten around to installing it and play around with it a little.
I'm testing this on HTC One X with Revolution HD ROM
Here are a few ideas and tips for you to incorporate into your next version.
1. Include an option that allows users to set how many replies to get back from your software.
For Example. If I were to use #RT#GPS#1234, it currently only sends 1 reply. The problem with this is that most GPS units are accurate withing 5 - 10 meters. I tested it on myself where I am and it picks me up as being 2 houses down. If there was an option to send me 3 replies, in 60 second intervals, at least I would get the average GPS location of the phone. If your phone is stolen, it would also be a good idea to have unlimited SMS replies with 60 second intervals so I can get real time minute by minute location on where my phone is. Maybe this might be an idea for your Pro version. Have the option for how many replies to get and also an option for interval time between each reply.
2. Another idea for Pro version. Hide the RemoteTracker Icon from the Apps menu, or disguise it as a useless setting so if a thief were to look in the Apps menu, they wouldn't see it straight away, so wouldn't be forced to reset the ROM. Most thieves aren't smart enough to reset the phone as soon as they steal it, They normally wait till they get home..... but if he saw a tracking program, it would make them either turn the phone off right away, or reset the ROM right away.
3. I dont know much about Android programming, but an idea for capturing the Camera is to embed the photo into an MMS, or as an attachment in an email. Trying to muck around with FTP would be a waste of time because the average user wont have an FTP server, and you dont want to set up a central one because it would give every noob hacker a target to try and get into.
I will keep playing around and get back to you with any other problems or ideas for you.
Keep up the great work.
Loved the software on WinMo and looks like the Android version will be just as great.
Is it possible to somehow use classes from the MS.Internal namespace, things like MS.Internal.TextBoxView which is the type of a sub-object of the ContentControl of a textbox?
I mean use them in a "normal" app on a locked end-user phone, and getting away with it as far as certification is concerned so it can appear normally in the Marketplace?
The Visual Studio debugger is able to display information about such objects somehow, that's where I got the knowledge of the existence of this TextBoxView class in the first place, but of course that does not mean that a normal app can do likewise.
Googling for "WP7 reflection" showed me hits in other places like StackOverflow with info that probably this will just run into security exceptions anyway, because MS does not want devs to use "undocumented APIs", but I am curious whether somebody here has tried to "hack" this and can report first-hand.
rbrunner7 said:
Is it possible to somehow use classes from the MS.Internal namespace, things like MS.Internal.TextBoxView which is the type of a sub-object of the ContentControl of a textbox?
I mean use them in a "normal" app on a locked end-user phone, and getting away with it as far as certification is concerned so it can appear normally in the Marketplace?
The Visual Studio debugger is able to display information about such objects somehow, that's where I got the knowledge of the existence of this TextBoxView class in the first place, but of course that does not mean that a normal app can do likewise.
Googling for "WP7 reflection" showed me hits in other places like StackOverflow with info that probably this will just run into security exceptions anyway, because MS does not want devs to use "undocumented APIs", but I am curious whether somebody here has tried to "hack" this and can report first-hand.
Click to expand...
Click to collapse
I highly doubt.. more towards no for this. Microsoft pretty much will deny anything in the low level APIs from being accepted in the Marketplace. A way to check this is to use the Marketplace Test Kit in VS 2010 (Project -> Open Marketplace Test Kit). It will tell you if something you're using will fail as it does the same type of quick test that happens when you upload a XAP for submission.