Ok, so basically what I am trying to achieve is configuring the security policies on a WP7 device. Currently at WP7, but will be moving up to 7.1/7.5 to try and figure this out for all platform variations.
I've some experience with Rapiconfig on WM6.5 devices, basically configuring the policies listed here but as yet I haven't found a way to push XML direct to the device to update these on WP.
Another route here is to unlock via Chevron and use the registry editor - the issue there is knowing which registry keys are applicable to which security policy - which I know others are also trying to figure out at the moment, but without a full mapping as yet.
Any help here would be great - and if anyone could point me to a Provxml tutorial I would also appreciate it - having trouble deciphering the many guides available.
Thanks as always, this forum is a wealth of positive information and an example of community support at its best.
Cheers,
Mark
http://forum.xda-developers.com/showthread.php?t=936235
that's the most complete tut which is customized to the windows phone.
Yes we use this on samsung devices.
Can you contact me? I might need some help. But we use it to provision xml's
mark14 said:
Ok, so basically what I am trying to achieve is configuring the security policies on a WP7 device. Currently at WP7, but will be moving up to 7.1/7.5 to try and figure this out for all platform variations.
I've some experience with Rapiconfig on WM6.5 devices, basically configuring the policies listed here but as yet I haven't found a way to push XML direct to the device to update these on WP.
Another route here is to unlock via Chevron and use the registry editor - the issue there is knowing which registry keys are applicable to which security policy - which I know others are also trying to figure out at the moment, but without a full mapping as yet.
Any help here would be great - and if anyone could point me to a Provxml tutorial I would also appreciate it - having trouble deciphering the many guides available.
Thanks as always, this forum is a wealth of positive information and an example of community support at its best.
Cheers,
Mark
Click to expand...
Click to collapse
Yes we use rapiconfig, but when we use it it's an on-device version of it which resides in the \Windows directory and so far the only arguments that have been tested to work with it are provxml filenames. Marvin_S, you're a perfect resource for this .
Related
Hi,
As per the subject, I have been given a Windows Phone 7 device and been tasked to see if a root/user certificate can be extracted from the phone.
We install certificates onto mobile devices such as iPhones, to allow IPSEC VPN tunnels and secure access to exchange servers.
Using the tools I found on this site, I have managed to unlock my test WP7 device, installed the root and user certificates on my WP7 (I downloaded it from our test site) and I also install Advanced File Explorer on WP7 phone.
Based on my rudimentary research, the Certificate Store is not accessible on a WP7 device and the only to remove a certificate from the store is to reset the phone to factory settings.
In the root of the WP7 phone, there is a file called drmstore.dat. I have used Advanced File Explorer to copy this file to my desktop and using NotePad++ see that it does have some MS root certicates in there. But is this the file that would contain the user installed certificates?
My WP7 experience is limited to 3 days so far, so was hoping somebody could point me in the right direction wrt to file location. From what I've read, the OS does seem to be designed really well, so I am hoping that it is indeed impossible to extract the certificate from the device.
The only reason we are doing this test is to work out if the new phone is secure as it is getting difficult to get hold of Windows mobile 6.5 phones as the days progress. The problem is that WP7 phone dont support disk encryption yet (or so I believe) hence the worry ...
Many thanks in advance for your help and pointers.
if the phone is locked then it is really impossible to get it off the phone.
after the update from MS we aren't able to unlock the phone again so I think it is pretty save.
maybe you could look at a dump of a rom to find out where the serts are stored.
Thanks for your reply.
There are interesting times ahead.
The Chevron WP7 exploit will be closed but hte Touchxplorer developer claims that his solution will still allow full file access to system, so I am waiting with bated breadth to see how it all pans out. And who knows, we may have Nokia announcing that they will be using WP7 as an OS for their Nokia hardware on Friday.
Since I am not to au fait with the structure of WP7 phone (and I don't even know why I was given this job considering my hacking skills are about 5%) would you have an inkling as to where they sort of could be kept or how to read or even create a dump of the ROM?
Many thanks. I will search on the forums to see if I can get more information.
Thanks again.
I searched and didn't find anything related so I'm asking if anyone has thought of creating a small app that locks the device when you put it in your pocket like in WM6?
Simple and to the point:
- At the moment we cant control lock of the WP7 platform.
- Phone.Lock()
edit:
What is the app named?
Thanks for clearing that up, hopefully this feature will come in Mango. Why would Microsoft prevent us from having access?
blindpet said:
Thanks for clearing that up, hopefully this feature will come in Mango. Why would Microsoft prevent us from having access?
Click to expand...
Click to collapse
Because WP7 can only code C#, but with bypass we can code c++, but the "procces" its running under is "LEAST_PRIVILEGED" aka you cant do a **** (file access etc with leaked/extracted dll's from e.g HTC xap files that run higher).
WP7 is kind of locked down (realy) compared with WM6.
fiinix said:
Because WP7 can only code C#, but with bypass we can code c++, but the "procces" its running under is "LEAST_PRIVILEGED" aka you cant do a **** (file access etc with leaked/extracted dll's from e.g HTC xap files that run higher).
WP7 is kind of locked down (realy) compared with WM6.
Click to expand...
Click to collapse
So as long as devs continue their hacking progress being able to create such an app would be possible in the future?
or will you guys never be able to code above 'least privileged' C#?
Sorry if this makes no sense I'm just trying to wrap my head around it
blindpet said:
So as long as devs continue their hacking progress being able to create such an app would be possible in the future?
or will you guys never be able to code above 'least privileged' C#?
Sorry if this makes no sense I'm just trying to wrap my head around it
Click to expand...
Click to collapse
It may (probably will) be possible to run higher and even run ARMv4 exe so it can be alive without being killed.
- One possibility would be that we hack the certificate rights system signing our dll with a hacked cert on the system thinking of that our dll is fully trusted
- Or that custom "policy free" (no security checks) ROMs are released making also the system more hackable by external hackers (unwanted backers that hack your phone).
Good morning! I was wondering if anyone would know of any resources that contain info on the trusted root ca's (certificate authorities) for Android, BlackBerry, Symbian, and Windows mobile devices? I am working on a project that involves choosing a new SSL Certificate signer but I want to make sure that the one we choose is trusted on all of the devices. I appreciate any help! Info about iOS is readily available, but that doesnt appear to be the case for the other smartphone players.
Thanks!!
Matt
Me also want..to know
Please help
*Quick bump
Bummer... must not be much out there in regards to this.
This may help for rooted Android devices. The others, I'm not so sure about. In the aftermath of the DigiNotar debacle several months ago, there were articles about removing their root CA from the CA database. If you have a rooted android phone (why else would you be here) you can rebuild the cacerts.bks database. Some instructions for Windows are here in this blog. The instructions are just for removing one but can be adapted for adding one and can certainly be adapted for running under Linux, if you're like me:
(The forum won't let me post links yet so you'll have to be creative here with cut and paste...)
securitymusings.com -> article/3001/removing-trusted-certificates-from-android
The Guardian project also has a CACertMan tool that may do what you want on Android.
guardianproject.info -> 2011/09/05/cacertman-app-to-address-diginotar-other-bad-cas
Blackberry, Symbian, and Windows, I suspect you are on your own there.
Ok, so I have no experience of working with any type of coding of development except for Adobe Flash. I don't think that really counts though, nor help me here, but I want to start off by saying that I'm simply a 17 year old.
I want to start development of an app to edit the registry. For example, I got the idea for everytime you click a button on the app, it edits something on the registry. Of course, phones will have to be Interop-Unlocked (Which my Samsung Focus is).
So to get on topic, how may I start creating an app for Windows Phone to edit registry and etc.? As I said before, I really don't have much experience, but I would love to learn and help the community.
Thanks in advance.
Bump up....
Ok, basic first steps: do you have the WP7 SDK? You can get it for free, and you'll need it. It includes the tools to build and deploy apps (compilers and so forth).
The project you're talking about is a bit heavy for a first foray into app development, but you can give it a shot. One of the easier ways (for me, at least) to learn things is to look at what other people did, which in coding usually means looking at open source projects. There are a few open-source apps which access the registry.
For example, my MultiTaskToggle app (linked in my sig) works on Samsung and provides an example of how to read and write a specific registry value.
If you want to browse the registry at all, you'll need something different. This can be done, using COM to call native APIs. Look at the Homebrew library (used by the Webserver projects, among others) or WP7 Advanced Explorer (open source, code is on Codeplex). These types of project have two parts: managed (.NET code, typically in C#) that calls the COM interface, and native (C/C++, written using the Windows Mobile SDK) that implements the COM object.
You may want to do some research online to get started, either here on XDA-Devs (though I think most tutorials here assume at least basic knowledge) or elsewhere (even from MS directly) if you're really starting from scratch.
Hi all,
I'm sure this is in the forums somewhere, but due to the billion mentions of "registry" I haven't been able to locate it.
Is there a tutorial anywhere for programming the reading and writing of registry keys? I'd like to develop a UI to provide XDA members to adjust the Bluetooth services that are associated with each paired device to enable dual pairing on unlocked phones (I.E. a UI for this: http://forum.xda-developers.com/showthread.php?t=1517029)
Thanks,
Ben
It can't be done directly with C#, because there's no managed (.NET) API for registry access on the phone. Instead, you either need to call into a native DLL that you wrote and exposed through COM, or you need to call into an OEM DLL that calls an OEM driver for you. The first approach requires writing, or at least having access to, a native library written in C++. It will also run only with the permissions of the app, which is insufficient for writing to the registry on stock ROMs (unless elevated with something like HtcRoot or WP7 Root Tools 0.9). The second approach requires device-specific code and the ID_CAP_INTEROPSERVICES capability in its manifest.
For a simple app that uses the second approach, see my MultiTaskToggle app (linked in my sig). Note that this app only needs to read or write a single registry value, so that's how I wrote it. If you want to enumerate registry keys and values, you'll need to use the COM library approach for reading. There used to be a great set of COM libraries for "hybrid" managed/native apps, but most of them were never updated for Mango compatibility. The only one I know of that currently support registry access is used in Schaps' apps, Registry Editor and Advanced Config, and those tools are closed-source (although, with a .NET decompiler, you could probably figure out their APIs easily).
GoodDayToDie said:
It can't be done directly with C#, because there's no managed (.NET) API for registry access on the phone. Instead, you either need to call into a native DLL that you wrote and exposed through COM, or you need to call into an OEM DLL that calls an OEM driver for you. The first approach requires writing, or at least having access to, a native library written in C++. It will also run only with the permissions of the app, which is insufficient for writing to the registry on stock ROMs (unless elevated with something like HtcRoot or WP7 Root Tools 0.9). The second approach requires device-specific code and the ID_CAP_INTEROPSERVICES capability in its manifest.
For a simple app that uses the second approach, see my MultiTaskToggle app (linked in my sig). Note that this app only needs to read or write a single registry value, so that's how I wrote it. If you want to enumerate registry keys and values, you'll need to use the COM library approach for reading. There used to be a great set of COM libraries for "hybrid" managed/native apps, but most of them were never updated for Mango compatibility. The only one I know of that currently support registry access is used in Schaps' apps, Registry Editor and Advanced Config, and those tools are closed-source (although, with a .NET decompiler, you could probably figure out their APIs easily).
Click to expand...
Click to collapse
Perfect, that was all the info I needed. Thanks.
Ben