Related
Being a fan of Linux, and an Ubuntu user, I guess I thought Android was going to be a lot more openly tweakable, but from looking over these threads it looks like it's actually not that easy to do things that I would have assumed would be easily accessible tweaks... like theme/appearance/fonts/icons, etc... In fact it looks like some pretty intense hacking is going on with slow progress in bypassing , etc...
Maybe I'm not understanding correctly. I don't have the G1, but my girlfriend does and I've been enjoying it from over her shoulder... I guess I just expected something more 'open' along the lines of what I've become used to with Ubuntu.
I kind thought Android would be to iPhone, what Linux OS is to Apple OS, but it definitely doesn't seem like that's the case. It seems like Android is just as locked down as iPhone but with fewer apps and not-as-slick interface for the same price as an iPhone.
I had been thinking about getting this phone... maybe I just need to wait for more apps to come out?
Any thoughts?
As of right now we do have a little more opensource than anything else. And like all new software it will take time to learn what to do. Obviously people didn't get Mac OS 3 and immediatly know how to hack it so they could do things they weren't meant to do. And of course same goes with mobile phones. When WM5 came out they had to learn about the new OS and it takes awhile.
So far the freedom we have already surpasses that of any other. We have internet sharing (for those with root) that is far better than the old USB or BluetoothPAN method(which btw is going to be a new profile, it is in the source)
I am willing to bet that as soon as it hits 1.0 that we will see it go entirely open with the ability to flash the rom and all.
That makes sense... I just have to be patient Thanks for the reply!
Open source != open system.
Open source means just that... you can see the source code. That's it. It doesn't imply or confer any other right of access, and with most open source licenses the licensor (Google & HTC) is free to build closed systems just as locked down as one based on proprietary code. Many commercial systems (Android included) are underpinned by open source code for cost savings or stability/security reasons.
Edit:
what Linux OS is to Apple OS
Click to expand...
Click to collapse
That's comparing apples to oranges. Linux is not an operating system; it is an open source kernel on which an operating system can be built.
Fact of the matter is, OS X's Mach kernel is partially descendant from BSD, so you could say the center of OS X is open source as well. More info at wikipedia's Darwin entry. For being a "fan of Linux" you don't seem to understand some of the core principles.
If I am not mistaken Mac's are unix based right? many the kernel is similar to linux... which is why the filesystem structure is similar as well.
But you are correct open source means you can see the source... but usually when someone can see the source they find a way to get around security holes that lock down the system.
With open source and developers an open system is possible. And we already know we can do it because we have modified the updates that are sent which change the system files. so all you need to do is put a new boot.img and a new recovery.img and replace the root system directory... before you know it you can have this running any version of android and/or anything else that will run on an ARM6 device.
Don't make it so complex. It's meaningless to play the words game.
To make it simple:
As a developer, on G1, we are not able to do what we can do on a linux PC, and that was my understanding about the open source smartphone OS.
To be practical, for the same project I ported for Android, Windows Mobile and iPhone, I would say: Windows Mobile is the most open one (friendly) for developer. You can even make your own driver on it. So I would say Windows Mobile = smart version of Windows Desktop. But I cannot say Android = smart version of linux.
I really hope Google can push a little bit to the carriers to open the root for us. Android really needs to be more developer friendly. Otherwise, it is hard to compete with iPhone, since the key part of Andorid was "openess".
jashsu said:
Open source != open system.
Open source means just that... you can see the source code. That's it. It doesn't imply or confer any other right of access, and with most open source licenses the licensor (Google & HTC) is free to build closed systems just as locked down as one based on proprietary code. Many commercial systems (Android included) are underpinned by open source code for cost savings or stability/security reasons.
Edit: That's comparing apples to oranges. Linux is not an operating system; it is an open source kernel on which an operating system can be built.
Fact of the matter is, OS X's Mach kernel is partially descendant from BSD, so you could say the center of OS X is open source as well. More info at wikipedia's Darwin entry. For being a "fan of Linux" you don't seem to understand some of the core principles.
Click to expand...
Click to collapse
As a developer, on G1, we are not able to do what we can do on a linux PC, and that was my understanding about the open source smartphone OS.
Click to expand...
Click to collapse
It's like you've never even heard of embedded linux before. Show me where on the G1 advertising or packaging it claims to be a Linux PC.
To be practical, for the same project I ported for Android, Windows Mobile and iPhone, I would say: Windows Mobile is the most open one (friendly) for developer. You can even make your own driver on it. So I would say Windows Mobile = smart version of Windows Desktop. But I cannot say Android = smart version of linux.
Click to expand...
Click to collapse
WM gives the developer deeper system access. That's awesome for developers maybe, but calling it a "smart" is probably going a bit too far.
I really hope Google can push a little bit to the carriers to open the root for us. Android really needs to be more developer friendly. Otherwise, it is hard to compete with iPhone, since the key part of Andorid was "openess".
Click to expand...
Click to collapse
Android's security framework design is solely Google's responsibility. Tmo doesn't even remotely factor into it. If you don't like the default Android system lockdown then download the codebase and compile it yourself without the security settings. Security is there to prevent neophytes from opening shell and f__king their phones up.
jashsu said:
Android's security framework design is solely Google's responsibility. Tmo doesn't even remotely factor into it. If you don't like the default Android system lockdown then download the codebase and compile it yourself without the security settings. Security is there to prevent neophytes from opening shell and f__king their phones up.
Click to expand...
Click to collapse
And run it, how?
From my understanding, the only way to get a firmware onto the phone ATM is from the recovery menu, which will only install signed updates from Google. Yes, we've got a way around that for now, but it requires root access.
How would you install a self compiled version of Android onto the G1 on the official RC30?
Gary13579 said:
And run it, how?
From my understanding, the only way to get a firmware onto the phone ATM is from the recovery menu, which will only install signed updates from Google. Yes, we've got a way around that for now, but it requires root access.
How would you install a self compiled version of Android onto the G1 on the official RC30?
Click to expand...
Click to collapse
No clue. I'd probably do it with a Freerunner or something that is specifically designed as an open system. The recovery menu is not the only way to write to internal memory; i'm sure the HTC bootloader has some provision for usb access.
You have all of the Android operating system at your disposal in the form of source code (provided you agree to the license). If you want to write/port low level drivers for it go right ahead. You just can't run it on the G1. They chose to lock down the Android implementation on G1 and you're dissatisfied with that. That's like being dissatisfied that a house has locks on it when the architect gave away the blueprints and floor plans for free.
jashsu said:
That's like being dissatisfied that a house has locks on it when the architect gave away the blueprints and floor plans for free.
Click to expand...
Click to collapse
Except when you buy a house, they generally give you the keys.
Gary13579 said:
Except when you buy a house, they generally give you the keys.
Click to expand...
Click to collapse
Yeah I know, it's a flawed analogy.
If you want to have free reign over your Android, I suggest you get a Neo Freerunner to play with. I say play because the open source portion of Android is missing a lot of closed source Google added value apps (Maps, Gmail, etc) that define the G1. Also the porting process is still ongoing.
Android's security framework design is solely Google's responsibility. Tmo doesn't even remotely factor into it. If you don't like the default Android system lockdown then download the codebase and compile it yourself without the security settings. Security is there to prevent neophytes from opening shell and f__king their phones up.[/QUOTE said:
Stop playing the work game and understand the simple Thing that Developers want full Access to device in order to build Software Beyond Generalised Application, like bluetooth drivers, codecs, themes, different home shell the way we do in Windows Mobile
You said take OpenSource and Customise the OS by bypassing some security for shell access. Now Lets understand 98 % device get automatically f**ked with RC30 and there is no Reversal!!! If you can build any Customised Android Package which can bypasss Security for shell access and also Bypass Signature checking just do it for me so i can Revert to Shell Access from f**king RC30.
Click to expand...
Click to collapse
hetaldp said:
Stop playing the work game and understand the simple Thing that Developers want full Access to device in order to build Software Beyond Generalised Application, like bluetooth drivers, codecs, themes, different home shell the way we do in Windows Mobile
You said take OpenSource and Customise the OS by bypassing some security for shell access. Now Lets understand 98 % device get automatically f**ked with RC30 and there is no Reversal!!! If you can build any Customised Android Package which can bypasss Security for shell access and also Bypass Signature checking just do it for me so i can Revert to Shell Access from f**king RC30.
Click to expand...
Click to collapse
98% of G1s might get derooted with RC30, but guess what? 99% of users don't need root or don't care. Tmo and HTC didn't build the G1 as a device for devs to hack and play with. That's why its a subsidized $179 phone and your unlimited dataplan is $25.
99% Percent people dont want it but if we develop some Application which is beyond the SDK thing we must have to have root access to all device in order to Install it.
Adobe is releasing Flash Plugins for Browser lets see they can do it by just releasing APK Package in Market or a Pushed OTA Update. If Adobe requires OTA Update then Smaller Company and Developers see hard time to develop such Extension without Googles Permission.
Just make your Science clear before commenting it
hetaldp said:
99% Percent people dont want it but if we develop some Application which is beyond the SDK thing we must have to have root access to all device in order to Install it.
Click to expand...
Click to collapse
Of course. I am just saying that there is a sense among some people that they are entitled to root access simply because G1 is built on Linux. You are not entitled to anything of the sort. If root is important to you then sell your G1 to someone who doesn't care about root (there are a lot of these people) and buy a Freerunner.
Every OpenMoko phone I have seen looks like they are competing for ugliest phone ever. I know the G1 isn't that pretty, but oh my god, I would be embarassed to carry that in my pocket.
I already own more then 6 Smartphone. And i don't use G1 also becuase of Microsoft Exchange things. I dont have any Complaint for Exchange Connectivity.
Here the Question is how can i develop some more powerful Application / extension / core Part and Distribute it across all G1 users the way we do it in Windows.
This means my core Application can run in free Runner (OpenMoko) but it will not be available in G1 user group. There will be handfull user who may use free Runner but its not my Market. I require bigger community to sell the Software buddy.
Here the Question is how can i develop some more powerful Application / extension / core Part and Distribute it across all G1 users the way we do it in Windows.
Click to expand...
Click to collapse
If you need to get below the VM on stock ota G1 then most likely your product will need to become a part of the Android platform (meaning open sourcing). The integrity of the os and user data is one of the main reasons the Android sdk only supports the VM.
I'll be interested to see how Adobe's flash implementation for G1 works. Flash is closed source, and Google has explicitly stated that the entire Android platform is open source. My guess is they will patch the Browser to accept signed binary plugins. Perhaps Google's signature will require a peek at the source. I'm only speculating though...
Yeah using SDK we can only Develop Application which run itself in the Sandbox cna they can communication with other Application using intents, you can share Data using content Provider, share the Setting using Preference. We can develop some services in apps to handle Asynchronous process.
We we ca not do is recompile the Whole Modded Source, replace or test drivers, codec, low level binaries.
The SDK is fairly powerful out off the Box for Standalone things. !
Thats why i have made a different demand to google in this thread
http://forum.xda-developers.com/showthread.php?t=444893
The only thing tmobile is worried is tethering, as they give unlock code after every 90% day Subsidized Handset unlocking is not a big worry for them.
Just think If you want to develop On Screen keyboard it require more powerful access to core system and its beyond Google Sandbox approach.
jashsu said:
It's like you've never even heard of embedded linux before. Show me where on the G1 advertising or packaging it claims to be a Linux PC..
Click to expand...
Click to collapse
Show me where did I say Android = a linux pc. Same, I didn't say Windows Mobile = Windows XP/Vista.
I hate to play the word game.
jashsu said:
WM gives the developer deeper system access. That's awesome for developers maybe, but calling it a "smart" is probably going a bit too far..
Click to expand...
Click to collapse
That's why I thought very high with Android. But the limited development access makes it worse than WM.
jashsu said:
Android's security framework design is solely Google's responsibility. Tmo doesn't even remotely factor into it. If you don't like the default Android system lockdown then download the codebase and compile it yourself without the security settings. Security is there to prevent neophytes from opening shell and f__king their phones up.
Click to expand...
Click to collapse
Could you please show us how to get the root from the f__king rc30?
Do you rebuild the whole linux on your pc if you just want to make a simple application?
We have iOS and Android devices being cracked left right and centre, but when it comes to WP7 it seems like there is no real progress being made.
Within months of the original iPhone, people had cracked it to run native code. What exactly is preventing people from doing so on WP7? Is WP7 really the most secure OS on the market that a group of knowlegable crackers from XDA cannot break?
Community is smaller.. and who said you cannot run unsigned code?
You just have to chevron at 7004/7008 and your safe all the way to mango beta =)
I was talking about native code. And it looks like when Mango comes out, the sideloading will be removed as well.
lugi93 said:
You just have to chevron at 7004/7008 and your safe all the way to mango beta =)
Click to expand...
Click to collapse
Not for native code. Mango only allows OEM native DLLs.
digger1985 said:
I was talking about native code. And it looks like when Mango comes out, the sideloading will be removed as well.
Click to expand...
Click to collapse
Even with the interop, that is not full native code access. We should be allowed to run full native executables.
Sideloading works fine for me, but the final version of Mango might not.
Microsoft should have an option to enable native code if we accept an agreement that the warranty is voided and if we screw up our phones, it is our fault and it is too bad for us.
'Tis not Android, sir.
Do you think it's possible to unlock mango via oem.cab file ?
I know one can rollback, unlock and reupgrade but this cab way would be easier
Sent from my OMNIA7 using Board Express
Can't. Unless you could sign the cab with Microsoft's certificates.
Unless for some reason they made an official cab to do this for manufacturers that got leaked.
Xboxmod cabs only work if the certs are cooked into a rom... And if your flashing custom roms you wouldn't need to do this anyway.
Sent from my HD7 T9292 using XDA Windows Phone 7 App
Incorrect. xboxmod has created a WP7 Cab Builder that you can create your own WP7 Cab Updates. I'm 95% complete. I just need to find a way on the tool to set the password for my MIcrosoft Windows Mobile Firmware Installation PCA.pfx which I will do soon. Once signed, it should be able to be sent to all devices. Providing Interop unlock for ALL devices, regardless of generation. Keep your eyes open. I MAY complete it this month or July. I'll need help from xboxmod and Heathcliff74.
AlvinPhilemon said:
I just need to find a way on the tool to set the password for my MIcrosoft Windows Mobile Firmware Installation PCA.pfx which I will do soon. Once signed, it should be able to be sent to all devices.
Click to expand...
Click to collapse
Well, that will be the problem. You don't have the necessary password, so you can't sign it. And all devices will just reject the cab. (just like reeg420 said) Sry, but the odds are against you.
AlvinPhilemon said:
Incorrect. xboxmod has created a WP7 Cab Builder that you can create your own WP7 Cab Updates. I'm 95% complete. I just need to find a way on the tool to set the password for my MIcrosoft Windows Mobile Firmware Installation PCA.pfx which I will do soon. Once signed, it should be able to be sent to all devices. Providing Interop unlock for ALL devices, regardless of generation. Keep your eyes open. I MAY complete it this month or July. I'll need help from xboxmod and Heathcliff74.
Click to expand...
Click to collapse
You asked me for help. I replied to you, but you didn't get back to me. I am reticent about this, but I always keep an open mind. Tell me what you need and I hope I can help.
Ciao,
Heathcliff74
I just need to find a way on the tool to set the password for my MIcrosoft Windows Mobile Firmware Installation PCA.pfx which I will do soon.
Click to expand...
Click to collapse
This tool is called SignTool.exe, but... Do you know the Microsoft master password for MS certificate??? How come? Do you own a 10 millions PC botnet working two years, brute-forcing MS cert?..
P.S. Seems like you don't understand what are you talking about...
So... I actually had a silly little thought about this. Not sure if it'll work for CABs, but it might work for other areas where we need a MS cert.
Anybody read about how the Flame malware was able to spoof a Windows Update package for PCs? It used a cert produced by a Microsoft tool. The tool is supposed to produce certs used for allowing PCs to connect to a Remote Desktop server, but for some reason the certs were also marked to allow code signing and other useful things. These certs also chain back to the Microsoft root certificate (meaning they are trusted as though issued by MS itself).
Now, for WP7 CABs, I don't know that this will work, because the CABs may need to be signed with a *specific* cert, not just one that chains to the same root. However, it's possibly worth checking...
GoodDayToDie said:
So... I actually had a silly little thought about this. Not sure if it'll work for CABs, but it might work for other areas where we need a MS cert.
Anybody read about how the Flame malware was able to spoof a Windows Update package for PCs? It used a cert produced by a Microsoft tool. The tool is supposed to produce certs used for allowing PCs to connect to a Remote Desktop server, but for some reason the certs were also marked to allow code signing and other useful things. These certs also chain back to the Microsoft root certificate (meaning they are trusted as though issued by MS itself).
Now, for WP7 CABs, I don't know that this will work, because the CABs may need to be signed with a *specific* cert, not just one that chains to the same root. However, it's possibly worth checking...
Click to expand...
Click to collapse
Don't you think that microsoft has learnt its lesson after Flame? Would be reat though
GoodDayToDie said:
Anybody read about how the Flame malware was able to spoof a Windows Update package for PCs?
Click to expand...
Click to collapse
Actually (according to Kaspersky Lab report), Flame malware isn't a simple worm/malware by black-hats but kinda "cyber-weapon" written by professionals from some kind of intelligence/security service (with unknown origin). And of course, some of (by unknown origin ) intelligence/security services have enough computer/human power to obtain a MS certs (by brute force attack with supercomputers or by traditional spy methods - I believe these methods are much more effective than computer-based attack).
I don't think this AlvinPhilemon is genius enough to overcome all mathematicians and security experts in the world. Probably he just has no idea what he's talking about (may be he's just discovered ability to push provisioning file via .cab files on the full unlocked handsets ).
Bah... this is why, even though I actually work in the computer security world, I don't like to even mention Flame; it's been hyped through the roof and seems to trigger some kind of "go crazy" circuit in people. Government-created malware has existed for decades, at least. No need to get all excited about it. In security terms, it is infact just a malicious worm written by blackhats (the "malicious" and "blackhat" parts are redundent; malice is how you define a blackhat). They might be "good guy" blackhats, but they're blackhats all the same.
Getting back on topic, did you actually read the rest of what I wrote? It's possible to get Microsoft-trusted certs, ready for code signing, out of a MS tool. On the PC, MS has pushed a patch that breaks the authorization chain those certs were using, so that it no longer looks like things signed by it are signed by MS itself. However, WP7 has received no such update yet. It's a long-shot, but it's a possibility.
EDIT: Agreed that trying to either brute-force the private key or find a hash collision (which apparently the Flame developers did, but they probably used massive computations resources to do it) is impractical for any individual on this forum.
Hi,
exist or someone developing homebrew app for sending files over Bluetooth ?
Thanks.
not at the moment
that's shame
I think it will come only if MS decides to bring this feature to WP. Search this forum there are links where you can vote for it.
Actually, it *might* be possible to implement it using homebrew - there are standard WinCE APIs for BlueTooth. If they are available on WP7 as well as WinMo and Windows Embedded, and aren't security-restricted, then it could be done.
I'd volunteer to take a look but I'm working hard on something else (and far more promising, IMO).
GoodDayToDie said:
Actually, it *might* be possible to implement it using homebrew - there are standard WinCE APIs for BlueTooth. If they are available on WP7 as well as WinMo and Windows Embedded, and aren't security-restricted, then it could be done.
I'd volunteer to take a look but I'm working hard on something else (and far more promising, IMO).
Click to expand...
Click to collapse
Would be great if you tried once. What are you working on right now?
btw, your OEM marketplace xaps were great. Keep up the good work
Right now, I'm working on the HtcRoot project, and various offshoots of it. Essentially, I want to add the advantages of a custom ROM into stock ROMs and, where possible, without forcing people to reset their phones. Part of this process involves writing tools for my own use, some of which I also publish. For example, the HtcRoot Webserver has essentially replaced TouchXplorer for me, though TX used to be a standard part of my toolset.
Considering the existence of the Contacts Transfer app in the Nokia store, which uses Bluetooth to transfer contacts from other phones and appears to run on non-Nokia phones (yep, I used my own OEM Marketplace XAPs to get it), I'm pretty sure at least some level of access to Bluetooth is possible from a WP7 app (using native code, of course).
GoodDayToDie said:
Actually, it *might* be possible to implement it using homebrew - there are standard WinCE APIs for BlueTooth. If they are available on WP7 as well as WinMo and Windows Embedded, and aren't security-restricted, then it could be done.
I'd volunteer to take a look but I'm working hard on something else (and far more promising, IMO).
Click to expand...
Click to collapse
Wow, that's a thrilling news
I'm not sure if you know but there are a lot of users who badly need this.
See here
GoodDayToDie said:
Right now, I'm working on the HtcRoot project, and various offshoots of it. Essentially, I want to add the advantages of a custom ROM into stock ROMs and, where possible, without forcing people to reset their phones. Part of this process involves writing tools for my own use, some of which I also publish. For example, the HtcRoot Webserver has essentially replaced TouchXplorer for me, though TX used to be a standard part of my toolset.
Considering the existence of the Contacts Transfer app in the Nokia store, which uses Bluetooth to transfer contacts from other phones and appears to run on non-Nokia phones (yep, I used my own OEM Marketplace XAPs to get it), I'm pretty sure at least some level of access to Bluetooth is possible from a WP7 app (using native code, of course).
Click to expand...
Click to collapse
yes, lot of people miss sending the files via Bluetooth,
So if you can add it as first priority it will be very helpfull
for all of us "geegs" which want to use WP7 platform
as geeg platform.
Will you be able to convert Junos Pulse client for winmo
to convert WP7 to run it in native mode?
Thanks for info.
GoodDayToDie said:
Right now, I'm working on the HtcRoot project, and various offshoots of it. Essentially, I want to add the advantages of a custom ROM into stock ROMs and, where possible, without forcing people to reset their phones. Part of this process involves writing tools for my own use, some of which I also publish. For example, the HtcRoot Webserver has essentially replaced TouchXplorer for me, though TX used to be a standard part of my toolset.
Considering the existence of the Contacts Transfer app in the Nokia store, which uses Bluetooth to transfer contacts from other phones and appears to run on non-Nokia phones (yep, I used my own OEM Marketplace XAPs to get it), I'm pretty sure at least some level of access to Bluetooth is possible from a WP7 app (using native code, of course).
Click to expand...
Click to collapse
Yes, you are right. The Contacts Transfer App is proof that transfer via bluetooth could be possible. And yes, I installed the Contacts Transfer app using your app
Hello.
I'd like to automate XAP deployment from my development environment to WP emulators running for testing. WP emulators are running as Hyper-V VMs and they have a valid IP. As much as I understand communications between MS tools like Visual Studio 2011 Beta and WP are TCP/IP based. So, I wonder what is hiding behind the "Deploy" button? Some PowerShell command? Anything else? For starting I'd like to upload the XAP and install it on the Emulator and eventually the device.
Thanks.
There are third-party deployer apps, so what you want is entirely possible. You'd have to look at the source for them, though, and then write your own that listened on a network socket for the file that it is supposed to install.
GoodDayToDie said:
There are third-party deployer apps, so what you want is entirely possible. You'd have to look at the source for them, though, and then write your own that listened on a network socket for the file that it is supposed to install.
Click to expand...
Click to collapse
Due to security restrictions I still cannot post to developers forums, so I'll try to ask here:
are these applications like Tom XAP installer or Multi-XAP installer Open Source, or what? They are distributed in a compiled form so how I can ask their developers for the source code?
There are any number of programs that can decompile managed assemblies (JustDecompile, for example, but there are a bunch and many are free). It's nice to ask for source (and some of the apps are probably open-source; you can look for the tag [SOURCE] or similar in the thread title) but unless they obfuscated the assembly for some reason, decompiling well enough to understand what it does is easy.