Hello,
I am a student of Computer Sciene at the University of Udine, Italy.
And recently I have received a AT&T HTC Surround with Windows Phone 7.5.
The problem is always the same. We need to INTEROP-UNLOCK a HTC device.
People greater than me have tried and I do not want to compare to them (I am a noob as stated in the introductory video) but I came up with a sort of idea on trying to develop a new method of interop unlocking.
Since as stated by Heathcliff74 the INTERP-UNLOCK is related to the number of MaxUnsignedApps and the number of max unsigned apps is determined when the Developer Phone Registration program communicates with the server I thought that it could be possible to analyze the behaviour of this app when it communicates with the server and, instead of sending to the phone 3 or 10 send the max number available.
Modifying an exe is a pain so could it be possible to create an emulated server that communicates with Developer Phone registration program by sniffing the connections between the program and the server (I do not know how to do it either since I have just started the network course )?
Maybe it has been already tried but I wanted to tell you anyway since you're great hackers and I am not.
It's a good idea, but I wouldn't hold my breath. This is how the original ChevronWP7 Unlocker hack worked, essentially - you installed a certificate on the phone for a server (normally it uses Microsoft's server and certificate). You then sent the unlock command to the phone and it would try to communicate with the server, but would get the ChevronWP7 server instead, which always said "yes, unlock!"
The catch in your idea is that the fix for ChevronWP7 was to change which certs the unlock process will use - in particular, you can't use user-installed certs anymore - and that means that a user probably can't catch the communication between the phone and the server anymore (which is, I'm sure, where the "value for MaxUnsignedApp" command comes from).
So is the phone that communicates with the server to get the number of apps, not the developer registration program?
Sorry to disappoint you, but it won't work. First of all, it is not the registration-program that communicates with the microsoft server. The registration-program simply send a command to the phone to start the registration process. The phone will contact the Microsoft registration server. The original ChevronWP7 tool spoofed the registration server. Since NoDo this is not possible anymore, because the phone only accepts ssl connections with certified servers (ie servers which have a certificate that roots to a certified authority). The maxunsignedapp is sent over the ssl connection between the phone and the microsoft server, which can't be spoofed or changed with a man-in-the-middle-attack.
Ciao,
Heathcliff74
---------- Post added at 12:57 PM ---------- Previous post was at 12:20 PM ----------
And by the way, Chevron already announced they will release a new Chevron tool, which will do a legit unlock for just a couple of bucks. Just a little more patience.
I have read they launched this now. However how many max unsigned apps till they release and since I have a legit student account on AppHub (I'm a dev) it won't invalidate my account. Just increase the max unsinged apps i think.
Wait for other methods of INTEROP-UNLOCKING.
And thanks to everybody.
Related
Hi all,
I would like to discuss about the use of Universal with Windows Mobile 6 in professional life...
Could be the base system compliant with general security policy for firms?
Let me know what's your point of view...
mamiware said:
Hi all,
I would like to discuss about the use of Universal with Windows Mobile 6 in professional life...
Could be the base system compliant with general security policy for firms?
Let me know what's your point of view...
Click to expand...
Click to collapse
All of the Windows Mobile 6 ROM's I have used fully support the security policy stuff that is enforced by Exchange when using the device for "Direct Push" email (for what its worth).
I have also found that if you add Blackberry software it works well enough with there policy software if that is your enterprises ‘thing’.
As for your unique company policy, only you and your IT guys can judge that. Just about EVERY company has a different view on what is important.
Support for Exchange policies, a few custom CABs and support for our device management tool mean that using Mobile 6 (or 5) in our enterprise is a non issue. Our only issue with the Universal is the fact that strictly speaking Mobile 6 is a licence violation on the device . Not the case with the Vox’s, TyTN2’s and other native Mobile 6 devices we have.
Your biggest hurdle is that most IT departments in any sizeable company are not going to let non company kit onto there networks, and for a lot of company’s that will extend to non approved software/ROM images etc. being banned.
I guess security enhancements with WM6 are not so... "strong".
As IT Security Integrator, i'm very waiting for Exchange 2007 SP1, that should enforce AS Policies even more than non-sp1 release.
I advise you and your IT Admin (i think they already did, though) to have a look to Exchange SP1 release notes.
There are literally hundreds of enterprise applications out there for management of mobile devices that support everything from symbian phones, to pda's, to windows mobile phone devices.
Some of the better ones are SOTI, Afaria, and Pointsec.
They give remote access to handle remote package management, as well as locking the device and access to applications by user, or user group too.
I thought he was talking about Activesync security policy.
Thank you for all replies...
But does Exchange 2003 store any information about your device? I'm thinking about Windows Mobile 6 Universal issue... And what about contacting Microsoft to buy a license upgrade (without any software delivery from them)?
I'm confused: what do you mean with "But does Exchange 2003 store any information about your device? I'm thinking about Windows Mobile 6 Universal issue... "
If you're talking about ROM Upgrades to Crossbow and license issue, well it's just a lack of support from Manufacturers. Afaik microsoft is providing WM6 license upgrade for free, but providing customers with WM6 rom on old devices would mean no market for new devices. Microsoft ships upgrades to OEM only however.. Not to final customers.
However Exchange 2003/2007 should not store any information regarding devices. I mean, any information relevant. It recognize the device assigning it a unique Idetifier at first synch (SID). I could have a deep look about that with exchange 2007, though. Just tell me what you're looking for.
Ok... If Microsoft is providing WM6 license upgrade for free... why cooked ROM are not so... "legal"?
My problem is: I would like to use my device in my professional life... and I would like to use it the best way I can! This means I need WM6... The problem is that HTC does not provide an official upgrade, but we know that we can develop our ROM... So... How can I legally install my WM6 cooked ROM on Universal? Should I buy some license from someone? Or I can simply flash my device with my ROM and run it without caring about Microsoft license because the upgrade is free?
What about the SD-card encoding "thing"? It should be compliant with any security policy, provided you only lose the card, not the whole device, since in that case, the card can't be read, right?
Yeah... The SD encoding it's fine for policies but... the question is... the encryption key is store in the device (and is deleted with an hardreset) or is created from some device hardcode data? To answer this question we can only try to encode-hardreset-access data... and see if we can still read sd files... (i'll try next weekend)
Anyway... another issue is... how encrypt all data store in device memory? is there any good (light and clean) plugin (driver or application) that can encrypt all the contacts and calendar and, above all, exchange login details?
new symantec mobile suite 5 should do that and make device super-compliat to most (all?) enterprise policy... i'd like to buy it but I do not find any way to place order through the internet!
mamiware said:
Yeah... The SD encoding it's fine for policies but... the question is... the encryption key is store in the device (and is deleted with an hardreset) or is created from some device hardcode data? To answer this question we can only try to encode-hardreset-access data... and see if we can still read sd files... (i'll try next weekend)
Anyway... another issue is... how encrypt all data store in device memory? is there any good (light and clean) plugin (driver or application) that can encrypt all the contacts and calendar and, above all, exchange login details?
new symantec mobile suite 5 should do that and make device super-compliat to most (all?) enterprise policy... i'd like to buy it but I do not find any way to place order through the internet!
Click to expand...
Click to collapse
Hi,
You could change shell paths so that all user data is stored on the SD.
Although I have not tried it, I believe it's simple enough to move all databases to the SD Card.
Cheers,
Beasty
So annoying, I am the only person at work with a winphone 7, I previously had an HTC touch pro 2 and a company PDA both running win 6.5.3 which sych great with the corporate exchange server
Everyone else has iphones, nokias, android phones and blackberrys....I have a brand spanking new TITAN with the latest Mango update and I am the only one that cant synch with exchange server, I get ERROR 8501005 and some guff about security policies, but every other phone of any brand running anything but phone 7 works fine
I have 2 days before I just take it back for a refund, I have no access to the server and cant expect IT dept to change anything just for me
Any ideas ?....its ironic that the only OS that doesnt synch with microsoft exchange is microsoft phone 7
You may want to try:
h**p://bringthewine.syrupie.com/
did you try installing the exchange certificates and rebooting the phone?
Here's a full list of EAS Exchange policies that WP7 supports:
http://social.technet.microsoft.com/...7-clients.aspx
If your IT department uses ones not on that list, your device won't be able to connect, so best show the above article to your IT Department
Thanks for the suggestion, your link is displayed with some charecters missing on my browser so I havent been able to look at that doc, but how and where do I get security certs from and how do I install them on the phone ?
I think that it is something to do with the fact that our security policy enforces encryption and a password, I think its the encryption that WP7 doesnt support
Mobile 6.x.x ix OK though so this phone is no use to me, I will swap it for an i-Phone
Found the answer, the phone is no use to me
Its the on device encrption that is not supported that is my problem, heres an article that explains it
"Many businesses will not be able to support Microsoft's Windows Phone 7 operating system, which began shipping in the United States today. Like the competing Google Android, Windows Phone 7 does not support on-device encryption to protect data stored on it. Many businesses require such encryption to be able to access corporate data through EAS (Exchange ActiveSync) policies and automatically block connections from devices that don't support device-level encryption.
Users will get the error code 85010013/15 when trying to sync their email on a Windows Phone 7 device, rather than an English description of the problem. Microsoft's support forum confirms the lack of on-device encryption support"
I have the same problem, an the answere from the IT department is:
Windows phone 7.5 exchange synchronization doesn't work.
And with an organisation of more than 10.000 emploees I don't think I (as an consultant) will be able to change their view on his.....
There has to be a way to bypass this ?
Maybe we can change som regestry setting to fool the Exchange server that the phone is an iPhone or another compatible phone ?
2new said:
I have the same problem, an the answere from the IT department is:
Windows phone 7.5 exchange synchronization doesn't work.
And with an organisation of more than 10.000 emploees I don't think I (as an consultant) will be able to change their view on his.....
There has to be a way to bypass this ?
Maybe we can change som regestry setting to fool the Exchange server that the phone is an iPhone or another compatible phone ?
Click to expand...
Click to collapse
If your company is using EAS 2007 or newer WP7.5 should work. But if you are using EAS2003 SP2 WP7.5 seems to have broke working with that. There is no registry hack I am aware of to fix this as it is the actual program in the phone.
NoDo works fine which makes this even more frustrating. And yes, it is amazing WP7.5 is the only phone OS out there that does not work well with EAS2003SP2 but I am guessing MS doesn't care much as they want corporations upgrading their EAS servers.
Do you think it's possible to unlock mango via oem.cab file ?
I know one can rollback, unlock and reupgrade but this cab way would be easier
Sent from my OMNIA7 using Board Express
Can't. Unless you could sign the cab with Microsoft's certificates.
Unless for some reason they made an official cab to do this for manufacturers that got leaked.
Xboxmod cabs only work if the certs are cooked into a rom... And if your flashing custom roms you wouldn't need to do this anyway.
Sent from my HD7 T9292 using XDA Windows Phone 7 App
Incorrect. xboxmod has created a WP7 Cab Builder that you can create your own WP7 Cab Updates. I'm 95% complete. I just need to find a way on the tool to set the password for my MIcrosoft Windows Mobile Firmware Installation PCA.pfx which I will do soon. Once signed, it should be able to be sent to all devices. Providing Interop unlock for ALL devices, regardless of generation. Keep your eyes open. I MAY complete it this month or July. I'll need help from xboxmod and Heathcliff74.
AlvinPhilemon said:
I just need to find a way on the tool to set the password for my MIcrosoft Windows Mobile Firmware Installation PCA.pfx which I will do soon. Once signed, it should be able to be sent to all devices.
Click to expand...
Click to collapse
Well, that will be the problem. You don't have the necessary password, so you can't sign it. And all devices will just reject the cab. (just like reeg420 said) Sry, but the odds are against you.
AlvinPhilemon said:
Incorrect. xboxmod has created a WP7 Cab Builder that you can create your own WP7 Cab Updates. I'm 95% complete. I just need to find a way on the tool to set the password for my MIcrosoft Windows Mobile Firmware Installation PCA.pfx which I will do soon. Once signed, it should be able to be sent to all devices. Providing Interop unlock for ALL devices, regardless of generation. Keep your eyes open. I MAY complete it this month or July. I'll need help from xboxmod and Heathcliff74.
Click to expand...
Click to collapse
You asked me for help. I replied to you, but you didn't get back to me. I am reticent about this, but I always keep an open mind. Tell me what you need and I hope I can help.
Ciao,
Heathcliff74
I just need to find a way on the tool to set the password for my MIcrosoft Windows Mobile Firmware Installation PCA.pfx which I will do soon.
Click to expand...
Click to collapse
This tool is called SignTool.exe, but... Do you know the Microsoft master password for MS certificate??? How come? Do you own a 10 millions PC botnet working two years, brute-forcing MS cert?..
P.S. Seems like you don't understand what are you talking about...
So... I actually had a silly little thought about this. Not sure if it'll work for CABs, but it might work for other areas where we need a MS cert.
Anybody read about how the Flame malware was able to spoof a Windows Update package for PCs? It used a cert produced by a Microsoft tool. The tool is supposed to produce certs used for allowing PCs to connect to a Remote Desktop server, but for some reason the certs were also marked to allow code signing and other useful things. These certs also chain back to the Microsoft root certificate (meaning they are trusted as though issued by MS itself).
Now, for WP7 CABs, I don't know that this will work, because the CABs may need to be signed with a *specific* cert, not just one that chains to the same root. However, it's possibly worth checking...
GoodDayToDie said:
So... I actually had a silly little thought about this. Not sure if it'll work for CABs, but it might work for other areas where we need a MS cert.
Anybody read about how the Flame malware was able to spoof a Windows Update package for PCs? It used a cert produced by a Microsoft tool. The tool is supposed to produce certs used for allowing PCs to connect to a Remote Desktop server, but for some reason the certs were also marked to allow code signing and other useful things. These certs also chain back to the Microsoft root certificate (meaning they are trusted as though issued by MS itself).
Now, for WP7 CABs, I don't know that this will work, because the CABs may need to be signed with a *specific* cert, not just one that chains to the same root. However, it's possibly worth checking...
Click to expand...
Click to collapse
Don't you think that microsoft has learnt its lesson after Flame? Would be reat though
GoodDayToDie said:
Anybody read about how the Flame malware was able to spoof a Windows Update package for PCs?
Click to expand...
Click to collapse
Actually (according to Kaspersky Lab report), Flame malware isn't a simple worm/malware by black-hats but kinda "cyber-weapon" written by professionals from some kind of intelligence/security service (with unknown origin). And of course, some of (by unknown origin ) intelligence/security services have enough computer/human power to obtain a MS certs (by brute force attack with supercomputers or by traditional spy methods - I believe these methods are much more effective than computer-based attack).
I don't think this AlvinPhilemon is genius enough to overcome all mathematicians and security experts in the world. Probably he just has no idea what he's talking about (may be he's just discovered ability to push provisioning file via .cab files on the full unlocked handsets ).
Bah... this is why, even though I actually work in the computer security world, I don't like to even mention Flame; it's been hyped through the roof and seems to trigger some kind of "go crazy" circuit in people. Government-created malware has existed for decades, at least. No need to get all excited about it. In security terms, it is infact just a malicious worm written by blackhats (the "malicious" and "blackhat" parts are redundent; malice is how you define a blackhat). They might be "good guy" blackhats, but they're blackhats all the same.
Getting back on topic, did you actually read the rest of what I wrote? It's possible to get Microsoft-trusted certs, ready for code signing, out of a MS tool. On the PC, MS has pushed a patch that breaks the authorization chain those certs were using, so that it no longer looks like things signed by it are signed by MS itself. However, WP7 has received no such update yet. It's a long-shot, but it's a possibility.
EDIT: Agreed that trying to either brute-force the private key or find a hash collision (which apparently the Flame developers did, but they probably used massive computations resources to do it) is impractical for any individual on this forum.
how i developer unlock my LUMIA 710 pls tell.
chavronlabs tokens not available.............
other solution like introp unlock ???????????????????
http://create.msdn.com - Marketplace developer (AppHub) account. Costs $99/year, allows 10 unsigned apps, allows 3(?) phones unlocked at once, allows submitting apps to the marketplace.
http://dreamspark.com - Student version of the AppHub account. Free but requires a student email address (.edu). Allows only 3 unsigned apps, and I think only a single phone, but also allows submitting to the marketplace.
http://labs.chevronwp7.com - Hopefully they will be able to sell unlocks again soon.
As for interop-unlock, that's an extra level of unlock beyond developer unlock. On some phones (LG and Samsung without the latest firmware) it's possible to interop-unlock directly (modify the registry without first having developer unlock). On some other phones (HTC with older firmware), it's possible to interop-unlock only after first develop-unlocking. On the rest of the WP7 phones (Nokia, Dell, etc.) it's not currently possible to interop-unlock even if you already have developer-unlock.
Hello guys,
Finally, I decided to post my question here because I couldn't find any useful information online. What is the problem?
We are looking for a management solution for our Android devices, which can support deploying AD-based user e-mail certificate. We are obligated to deploy a solution for signing and encrypting e-mails. We have AD CA in our windows domain which works ok. The user has to logon, open Outlook, Open the settings and the certificate is there, ready to use. Which for most of the users is ok. The problem is with the mobile devices (Android). We've tested TrendMicro Mobile Security (it is more antivirus as management tool), Sophos Mobile (looks pretty ok, containers etc.) but still can't deploy automatically the user e-mail certificate, We've checked as well XenMobile but there is as well an option only for device certificate. In most cases (solutions), the user should open the AD CA page, generate certificate, download it, deploy it, and then use, which is very difficult for most of the non-technical users and it is as well a security issue. Is there a solution to do this automatically?
I see that there are a lot of management tools for Android but it will be enormous work to test all of them.
So, does someone already did such thing and which tool was used?
Thanks in advance