Related
Hello!
I have a question regarding WhatsApp. Is there a possibility to save WhatsApp conversations/history? Through any homebrew-App?
I searched through Google and XDA, didn't find anything useful, unfortunately.
Thanks in advance.
Greetings,
Crash1k
You need to copy out the Isolated Storage for the app. There are a few tools that can do this, including any filesystem browser (such as WP7 Root Tools). An easy way to get the file(s) from your phone to the PC would be my Root Webserver app; find the App GUID of WhatsApp and go to http://<PHONE_IP>/FileSystem/Applications/Data/<APP_GUID>/Data on the PC while the phone runs the webserver app.
Thanks for your fast answer.
Since I'm pretty new to this homebrew-and-phoneHacking thing I don't have much of a clue how to work with those programs. I have downloaded "HtcRootWebServer_231.zip" and the ".xap" file, but I don't know how to get started. Are there any instructions online, perhaps on your homepage, if you have one?
Thanks again.
Oh boy... okay, I assumed you'd already be familiar with dev-unlock at least, so this is going to be a bit complicated. First of all, what phone do you have? On some phones, you won't even be able to run the app because of restrictions that we don't know how to get past.
The summary:
To install an app to the phone from a XAP file, your phone needs to be developer-unlocked. There are a few ways to do this, including an official one from Microsoft (though that costs money unless you're a student). To deploy the apps, you'll probably want to download the Windows Phone SDK from Microsoft as it has all the tools.
To use high-privilege apps, you'll need your phone to be "interop-unlocked" which you can read about on XDA-Devs. Not all phones can currently be interop-unlocked, though many can.
Once your phone is IUed, install the webserver and also WP7 Root Tools v0.9. Use the Root Tools to mark the Webserver app as "Trusted"; this will give it the permissions it needs (it has its own permission elevation code, but I'm almost sure your phone isn't compatible).
if your phone is unlocked:
install wmdc by ultrashot, then, connect it to wmdc, then browse <YOUR WP NAME>\\Applications\Data\218A0EBB-1585-4C7E-A9EC-054CF4569A79 then copy everything from it
GoodDayToDie said:
Oh boy... okay, I assumed you'd already be familiar with dev-unlock at least, so this is going to be a bit complicated. First of all, what phone do you have? On some phones, you won't even be able to run the app because of restrictions that we don't know how to get past.
The summary:
To install an app to the phone from a XAP file, your phone needs to be developer-unlocked. There are a few ways to do this, including an official one from Microsoft (though that costs money unless you're a student). To deploy the apps, you'll probably want to download the Windows Phone SDK from Microsoft as it has all the tools.
To use high-privilege apps, you'll need your phone to be "interop-unlocked" which you can read about on XDA-Devs. Not all phones can currently be interop-unlocked, though many can.
Once your phone is IUed, install the webserver and also WP7 Root Tools v0.9. Use the Root Tools to mark the Webserver app as "Trusted"; this will give it the permissions it needs (it has its own permission elevation code, but I'm almost sure your phone isn't compatible).
Click to expand...
Click to collapse
Thanks a lot for your help, and I'm sorry you had to write this much. I already know how to deploy .xap's and these things, but I have no clue when it comes to the Webserver and how to find the conversations with that. I'll try this for now. I appreciate your help and effort.
aramadsanar said:
if your phone is unlocked:
install wmdc by ultrashot, then, connect it to wmdc, then browse <YOUR WP NAME>\\Applications\Data\218A0EBB-1585-4C7E-A9EC-054CF4569A79 then copy everything from it
Click to expand...
Click to collapse
Is this the same method as the one GoodDayToDie explained?
Thanks for your answer!
//Edit:
I tried it like you, GoodDayToDie, told me. I downloaded your HtcRootWebServer_231.xap and HtcRootWebServer_231.zip. (even though I have a Samsung Omnia 7 with windowbreak unlock (I think that's interop unlock, don't know for sure though)). Then I deployed the .xap, opened the App in the phone but didn't know what to do with the numbers and text fields (like what kind of Admin name and password I should fill in...). After I gave up on the phone-part, I tried to work with the .zip file, but I don't know what to do next. There are 2 folders, one is called "Homebrew" the other "WebServer", I tried to open the programs which are placed in the subfolders (I opened both with Microsoft Visual Studio Solution) but I only get an error and it won't show anything.
Do you know where the problem is? (aside from my lack of knowledge of course :/ )
Thanks for your help.
Crash1k said:
Thanks a lot for your help, and I'm sorry you had to write this much. I already know how to deploy .xap's and these things, but I have no clue when it comes to the Webserver and how to find the conversations with that. I'll try this for now. I appreciate your help and effort.
Is this the same method as the one GoodDayToDie explained?
Thanks for your answer!
//Edit:
I tried it like you, GoodDayToDie, told me. I downloaded your HtcRootWebServer_231.xap and HtcRootWebServer_231.zip. (even though I have a Samsung Omnia 7 with windowbreak unlock (I think that's interop unlock, don't know for sure though)). Then I deployed the .xap, opened the App in the phone but didn't know what to do with the numbers and text fields (like what kind of Admin name and password I should fill in...). After I gave up on the phone-part, I tried to work with the .zip file, but I don't know what to do next. There are 2 folders, one is called "Homebrew" the other "WebServer", I tried to open the programs which are placed in the subfolders (I opened both with Microsoft Visual Studio Solution) but I only get an error and it won't show anything.
Do you know where the problem is? (aside from my lack of knowledge of course :/ )
Thanks for your help.
Click to expand...
Click to collapse
yes, it goes to one objective, but in a simpler method
Eh, WebServer doesn't require installing anything on the PC, WPDM doesn't (directly) require installing anything on the phone. In both cases, you'll need to have WP7 Root Tools installed.
For WPDM + TouchXperience:
Install Windows Phone Device Manager from TouchXperience.com.
Start Zune and connect your phone.
Start WPDM and wait for it to install the TouchXperience app on the phone.
Open WP7 Root Tools v0.9 and go to the Policy pivot.
Mark TouchXperience as "Trusted" and exit Root Tools.
Open TouchXperience (and WPDM on the PC, if you closed it) and connect them.
Either do what @aramadsanar suggested, or use the Installed Apps feature of WPDM to make a backup.
For Root Webserver:
Install Root Webserver (the XAP; the ZIP file is the source code); you already did this.
Open WP7 Root Tools v0.9 and go to the Policy pivot.
Mark "Webserver (HtcRoot)" as Trusted and close Root Tools.
Connect the phone to WiFi (on the same network as your PC) and launch the webserver app.
Set a username and password you can remember ("admin" and "root" for example, though that's insecure).
On the PC, open a web browser and go to the phone's IP address, then drill down into the FileSystem like I said (aramadsanar gave you the app's GUID).
Download the files from the Isolated Storage to your PC, and save them somewhere.
Thanks a LOT for those great instructions, GoodDayToDie! That's really nice, thanks for your effort.
I tried the WebServer method since I didn't want to install Windows Phone SDK 7.1, but I didn't manage to get into my phone through the browser (by typing the I.P. of the phone, which is listed on the Webserver App, just as you said), that's why I was forced to use the other way. Well, who cares, it worked! I have my messages file, but the next problem shows up. I can open the file with the Editor, but it shows weird symbols and you can't read the messages actually. I tried many other programs but none work. Do you guys know how to open those files? The ending is ".sdf". I google'd it for nearly two hours, couldn't find anything useful.
Thanks for the help so far.
You used the WiFi address of the phone, right? The WWAN (cellular) connection is almost certainly firewalled. For example, on my home network the router usually gives my phone IP address 192.168.0.73 on WiFi, so I type in "http://192.168.0.73" into the browser on my PC. It'll ask for username and password; give it what you put on the phone.
As for the file contents, I can't help there. They might be encrypted, in which case the crypto key is somewhere but might be hard to find. Or they might be compressed, in which case you need to find a decoder for that compression. Either one would produce files that appear to be meaningless binary to a casual glance.
One thing you could try for the compressed file possibility is tell 7-Zip to open the file. It's usually very good at recognizing compressed formats. If it's encrypted, you'll probably need to decompile WhatsApp to figure out how. If WhatsApp is obfuscated, you're going to be in a tough spot.
By the way, I assume you downloaded the messages file directly, rather than using the data backup function of WPDM, right?
Hmm... what do you need these files for? If it's just for backup, what you have is *probably* sufficient, so long as you grabbed *all* the files from the IsolatedStorage.
Yeah, I used the WiFi address which is listed on the WebServer App, and I typed that IP Address just like you said into my browser, with "http://" etc., but it still didn't work. It doesn't even ask me for any password or username.
I don't think they are compressed, because I already tried to open/extract them with 7zip, all I got was an error because of the incompatibility. The other thing is, that when I open the files with the "Editor", I can see my messages there, but there are many many other symbols there, which makes it impossible to read the messages. They are too wide spread and you can't tell which messages belong together etc.
Even though I have no idea how to "decompile" WhatsApp, I won't ask you to tell me, since it sounds pretty complicated. I hope there is another way to solve this problem.
Yes, I simply saved the file on my Desktop, didn't use the BackUp function.
That's right, they're "just" for backup, and I didn't grab just the IsolatedStorage folder, I took the whole "Data" folder, just like aramadsanar told me to.
Thanks again for your fast and detailed answer.
If the wifi address didn't work, either your phone was not on WiFi (did the address start with 169.254.?) or your PC was not on WiFi or even connected to the same WiFi network. You can (in theory; I've never tried) also connect to the phone over wired Ethernet by plugging in the phone to the PC with its USB cable, and running Zune on the PC. That will add an ethernet entry to the phone IP list, but I don't know if it can be used for server ports from the PC.
There are a number of free apps for decompiling managed (.NET) code. The latest version of .NET RAIN, distributed right here on XDA-Devs, can do it, for example. Decompiling turns the intermediate-language binary code in a managed DLL or EXE file into C# or VB.NET or whatever. It's not a perfect reversal; the decompiler has to guess what the original source code looked like, and of course comments are missing. It's good enough to read pretty easily, though.
It sounds like what you have is probably a database file of some kind. There are only a few database formats available for WP7 apps (a few more can be accessed using native code).
Hi guys!
Microsoft said this to The Verge recently:
The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.
We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.
Click to expand...
Click to collapse
So fire up regedit, go to
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
and set the DWORD AUOptions to 0x00000000.
Only do this if you want to run unsigned apps!
Stay safe!
clrokr
For those who prefer do-it-for-me solutions, with the ability to roll back, have a pair of .REG files. The "Default" one I taken from my Surface before applying this tweak. The "Disabled" one sets the reg value as above.
@clrokr: We gotta get you a RD tag, pronto! You're doing great things.
GoodDayToDie said:
@clrokr: We gotta get you a RD tag, pronto! You're doing great things.
Click to expand...
Click to collapse
Wow, I'm flattered. Also, thanks for the reg files!
GoodDayToDie said:
@clrokr: We gotta get you a RD tag, pronto! You're doing great things.
Click to expand...
Click to collapse
Seconded.
As far as MS's quote goes, I'm not 100% sure they will be setting out to patch it, but it's still a good idea to disable Windows Update anyways. They may be able to store some sort of cert blacklist in the UEFI that will block the executables required for this, even after a reinstall.
whats the difference between uefi,efi and firmware?
I find bootmgfw.efi,winload.efi in bcdedit.and I find surfacertuefi.bin in c:\windows\firmware.and every time I reinstall windows,there is a firmware in windows update.so is there anything flash into the surface hardware from window update?I think the uefi is just a file in the filesystem and its recovered when I reinstall windows from usb.
windowsrtc said:
whats the difference between uefi,efi and firmware?
I find bootmgfw.efi,winload.efi in bcdedit.and I find surfacertuefi.bin in c:\windows\firmware.and every time I reinstall windows,there is a firmware in windows update.so is there anything flash into the surface hardware from window update?I think the uefi is just a file in the filesystem and its recovered when I reinstall windows from usb.
Click to expand...
Click to collapse
No, the firmware (stored on-chip) is what you find in SurfaceRTUEFI.bin. The .EFI files are executables that can be loaded by this firmware if they are signed correctly.
Note: just because automatic updates are disabled doesn't mean you should ignore Windows Update. Quite the opposite, in fact, since this hack makes malicious exploits easier too. Just be very careful which patches you install.
clrokr said:
No, the firmware (stored on-chip) is what you find in SurfaceRTUEFI.bin. The .EFI files are executables that can be loaded by this firmware if they are signed correctly.
Click to expand...
Click to collapse
so uefi is checking efi ,but whats checking uefi?what will happen if we flash a modified uefi?
windowsrtc said:
so uefi is checking efi ,but whats checking uefi?what will happen if we flash a modified uefi?
Click to expand...
Click to collapse
The UEFI is currently the only thing capable of flashing a new UEFI, and it checks the signatures on any new UEFIs it flashes.
The only real way you could do it without relying on a signature check would be to open the tablet and solder onto the NAND directly.
Oh, there might be a JTAG port you could use... but yeah. Short of opening up the device (which the Surface, at least, is definitely not designed to support) there's not supposed to be any way to flash an unsigned firmware.
Also, the signature keys are probably stored in a TPM, so mucking with them isn't a practical option either if the EFI doesn't have a way to do it (which it doesn't).
GoodDayToDie said:
Oh, there might be a JTAG port you could use... but yeah. Short of opening up the device (which the Surface, at least, is definitely not designed to support) there's not supposed to be any way to flash an unsigned firmware.
Also, the signature keys are probably stored in a TPM, so mucking with them isn't a practical option either if the EFI doesn't have a way to do it (which it doesn't).
Click to expand...
Click to collapse
You can reset the TPM from Windows (change the owner password w/o knowing the previous one) and it doesn't break, I don't think they're stored in the TPM.
I have no idea what the TPM is used for.
GoodDayToDie said:
Also, the signature keys are probably stored in a TPM
Click to expand...
Click to collapse
No. There are lots of info on TPM, and it is not used to store CA keys.
A “Debug System” is will initially be identified by the presence of the Microsoft Test Signing CA in the UEFI signature database (“db”). The mechanism to identify debug machines may change, but the exclusion path logic should remain unchanged.
OEMs will need to work with their SOC supplier to provide the tools and process to implement “Debug Systems”.
To enable debug systems the db will need to contain the “Microsoft Testing Root Certificate Authority 2010”
....
Note: If there is a need to run unsigned tools, the system can be configured as a “Debug System” during manufacturing but there must be a step in the production process that removes the Microsoft Test CA. Production machines must not ship with the Microsoft Test CA in the db .
Click to expand...
Click to collapse
The last line explains the behavior I've seen on a just-bought VivoTab - I've seen lines about running unsigned files in CodeIntegrity eventlog. Seems that the device was provisioned with the unsigned tools, one of which deleted the certificate from uefi DB.
By the way, it should be theoretically possible to recover those tools on a just-bought device, if you would not go through the initial setup process but immediately press shift+f10 to run CMD and run a deleted-file recovery tool from there, or make a sector-by clone of disk C: to an SD card for later analysis. But, sadly, currently there are no such tools, and even if they are - they need to be signed by ms
Im using genuine Windows 8 Pro, and I dont see any benefits of this. But hey, I installed the "free" one on my friends computer. So this would be pretty handy for them, in case microsoft release an unfriendly patch
clrokr said:
So fire up regedit, go to
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
and set the DWORD AUOptions to 0x00000000.
Only do this if you want to run unsigned apps!
[/QUOTE]
I navigated to this position in regedit and the key was already setted to 0x00000000
Might that be caused by the jailbreak tool published by netham45?
Click to expand...
Click to collapse
GoodDayToDie said:
Oh, there might be a JTAG port you could use
Click to expand...
Click to collapse
Even if you could find the JTAG it would be useless, Tegra processors lock out JTAG access when set to ODMPRODUCTION.
save_jeff said:
I navigated to this position in regedit and the key was already setted to 0x00000000
Might that be caused by the jailbreak tool published by netham45?
Click to expand...
Click to collapse
My tool does not set any settings of the sort.
netham45 said:
My tool does not set any settings of the sort.
Click to expand...
Click to collapse
Thx ;]
I would like to have this in the jailkreak tool as an optional funktion.
Maybe you could consider that :]
Just wondering why the registry hack is needed when you can simply disable the service? Seems like a more straightforward approach to me
bfosterjr said:
Just wondering why the registry hack is needed when you can simply disable the service? Seems like a more straightforward approach to me
Click to expand...
Click to collapse
Does not the service start again after restart of the system?
save_jeff said:
Does not the service start again after restart of the system?
Click to expand...
Click to collapse
You can permanently disable it.
Hi,
I started experimenting with this idea. I have WP8 files extracted from a firmware file. I copied these files to my surface RT. I was able to run some WP8 applications out of the box. however, applications that require UIXmobile.dll (WP GUI) failed to run. Now both WP8 and W8 share the NT core. so some libraries would just work. now the main WP8 library UIXmobile.dll doesn't work out of the box. as it uses a different function to create the gui for its applications.
I was thinking of something similar to what has been done by "mamaich", to implement a library that will replace the WP8 call wtith the standard W8 call (for example: use createProcess instead of createApplication) and pass the common calls to the already implemented APIs.
sadly , It's a very difficult task for me to do. I'll be spending time on it but i can't promise of any fast results.
I'd like to thank the authors of these threads for their wonderful work:
1. Running x86 apps on WinRT devices (by mamaich)
http://forum.xda-developers.com/showthread.php?t=2095934
2. RT Jailbreak Tool (By netham45 )
http://forum.xda-developers.com/showthread.php?t=2092158
3. Desktop apps ported to Windows RT (by GoodDayToDie)
http://forum.xda-developers.com/showthread.php?t=2092348
4. (FFU) ImgMount Tool v.1.0.15 (by AnDim)
http://forum.xda-developers.com/showthread.php?t=2066903
Which apps worked without tinkering?
Oh, very cool idea. It would probably only work for actual WP8 apps at first (not WP7.x apps, as those would require either a Silverlight or XNA runtime), but the idea has merit for sure. It was speculated for a long time that running WP8 apps on Win8/Windows RT would be possible, as both are written against the WinRT API, but that never happened. If we can make it happen ourselves, though... that would be awesome.
Of course, ideally we'd want to be able to access the store, since there aren't a lot of WP8 app packages floating around where we could use them. That's probably a very tricky problem in and of itself, although you could try extracting the store EXE and seeing what is required to make it work...
I think windows phone(os) is just a min gui shell for windows rt.so its possible to run the shell in windows rt.and maybe a windows phone can run windows rt.
windowsrtc said:
I think windows phone(os) is just a min gui shell for windows rt.
Click to expand...
Click to collapse
Not exactly. It's the same shell (well, the next rev) that was running on top of wince for WP7.
Is it an alternate shell (like Explorer), or a totally separate graphics subsystem?
Boomchaos said:
Which apps worked without tinkering?
Click to expand...
Click to collapse
there is a program called telwp.exe that was able to reach a certain point. I attached a screen shot of 3 different apps. 2 apps showed something before crashing (telwp, nokia_security). and the third app crashed with an error message. other wp apps usually crash silently leaving an error message about a faulty CoreUi.dll in the evenlog .
Salutations folks,
Before you get ready to get your flame on, I'm NOT asking about the STATUS of a RT Windows 8.1 Jailbreak. I'm posting about jailbreaks in general. I'm from a linux/android background. I got an Asus Vivotab RT LTE (AT&T version) for a steal off 1Sale. Before I even looked into doing anything with my tablet, I updated it to 8.1. Then I finally got around to looking into running desktop apps on Windows RT (not knowing how it all worked with RT vs desktop), I ran into the issue of not being able to run them (duh, right?). Then I found out about jailbreaking. So.. do you HAVE to jailbreak to run desktop apps? As I understand it, we currently have to run 8.0 to jailbreak/run desktop apps, yes? Well.. I obtained the Asus recovery files to downgrade my 8.1 to 8.0. On a whim, I updated my 8.1 with the 8.1 big spring update (basicly 8.1.1). I seem to be able to run some of the ported desktop apps without any problem. Am I missing something? How'd my tablet manage that without having run the jailbreak? And jailbreak doesn't work on 8.1 anyways? Before anyone says I'm full of it.. (you can click the thumbnail for full pic)
(windows rt 8.1 with 8.1 spring update installed)
(windows rt 8.1 running desktop 7zip)
(windows rt 8.1 running desktop putty)
(windows rt 8.1 running desktop notepad++)
Can anyone clarify if I'm missing something or I've come across an anomaly or even a blessed relief?
Thanks.
This is sure amazing
1. Can you run *any* unsigned application or only a few work (and the rest throw signature errors?)
2. Check the status of Secure Boot in PowerShell. Run as admin, "Get-SecureBootPolicy", press enter (http://technet.microsoft.com/en-us/library/jj603043.aspx)
3. Could you detail exactly your process? I understand that you did the following:
(On 8.1) Run unsigned desktop app, fail with digital signature error.
(Downgrade) Downgrade to 8.0 -> (On 8.0) Run Jailbreak -> Run Desktop Apps and they work.
(Upgrade) Upgrade to Windows RT 8.1 (via Store?) -> Upgrade to 8.1.1 (Spring Update) via Windows Update -> Run Desktop Apps and they work (partly or all of them?)
4. I'm not sure if it'd be any useful, but perhaps you could look in your EFI system partition (mountvol S: /s) as there has been a previous report of Asus leaving debug tools in VivoTab RTs before (http://forum.xda-developers.com/showthread.php?t=2477285). If you could retrieve a "debug" version of Secure Boot Policy from your EFI partition then it means that Secure Boot has just disabled itself on your tablet. It's highly unlikely, however, since you weren't able to run desktop apps in your original 8.1 install...
jimmielin said:
This is sure amazing
1. Can you run *any* unsigned application or only a few work (and the rest throw signature errors?)
Click to expand...
Click to collapse
I only grabbed the ported Putty, 7zip and Notepad++ desktop apps as those were the only ones that I was needing.. Oh I recently grabbed the FileZilla one too. All ran without any problems and never got any signature errors. Hell.. even my 7zip integrated into the shell and replaced archive icons with 7zip archive icons and opens my archives by default with the desktop app. Were there any particular applications you wanted me to try so that I can see if I can replicate any signature errors?
jimmielin said:
Check the status of Secure Boot in PowerShell. Run as admin, "Get-SecureBootPolicy", press enter (http://technet.microsoft.com/en-us/library/jj603043.aspx)
Click to expand...
Click to collapse
SecureBoot is enabled and it displays a Publisher GUID. Confirm-SecureBootUEFI confirms SecureBoot is enabled too.
jimmielin said:
3. Could you detail exactly your process? I understand that you did the following:
(On 8.1) Run unsigned desktop app, fail with digital signature error.
(Downgrade) Downgrade to 8.0 -> (On 8.0) Run Jailbreak -> Run Desktop Apps and they work.
(Upgrade) Upgrade to Windows RT 8.1 (via Store?) -> Upgrade to 8.1.1 (Spring Update) via Windows Update -> Run Desktop Apps and they work (partly or all of them?)
Click to expand...
Click to collapse
hmm
- Received clean OEM install Vivotab RT LTE with RT 8.0
- Upgrade to Windows RT 8.1 via Store
- (attempted to run some ported desktop apps, received error)
- was going to downgrade back to 8.0 after getting Asus recovery files but instead..
- Upgrade to RT 8.1.1 (Spring Update) via Windows Update
- (attempted to run some ported desktop apps, ran successfully, no errors)
NOTE: Not once had I ever gotten around to downloading or installing the Jailbreak. Is there some way to confirm if I have the jailbreak installed at startup or something?
jimmielin said:
4. I'm not sure if it'd be any useful, but perhaps you could look in your EFI system partition (mountvol S: /s) as there has been a previous report of Asus leaving debug tools in VivoTab RTs before (http://forum.xda-developers.com/showthread.php?t=2477285). If you could retrieve a "debug" version of Secure Boot Policy from your EFI partition then it means that Secure Boot has just disabled itself on your tablet. It's highly unlikely, however, since you weren't able to run desktop apps in your original 8.1 install...
Click to expand...
Click to collapse
I copied a SecureBootDebugPolicy.p7b (dated 02/13/2014 @ 3:19PM) file from there. From what I was reading, I take it that's a good thing? (click thumbnail for full pic)
SecureBootDebugPolicy in the certificate manager tool
what is the icon that next on the left of action center (bottom-right, triangle flag) and at the right side of OneDrive?
hisoft said:
what is the icon that next on the left of action center (bottom-right, triangle flag) and at the right side of OneDrive?
Click to expand...
Click to collapse
USB/SD eject (I have SD card I keep in the slot for extra storage)
thesawolf said:
USB/SD eject (I have SD card I keep in the slot for extra storage)
Click to expand...
Click to collapse
Good job ASUS :good:
If you were able to retrieve a SecureBootDebugPolicy.p7b that is functional, it probably means that there was a Debug policy on your device at some point? (ref. Original Thread on ASUS). I've just looked into my Surface RT and there's a file with that name too, but it cannot be opened (it's simply an empty 0-byte file) and probably you're another lucky one who has a debug policy. (However it can't be explained why Get-SecureBootPolicy shows that you're using a production policy? Does it show the production policy GUID that TechNet says is normal, or something else? Policies don't disable secure boot, Confirm-SecureBootPolicy showing true is perfectly normal even in debug.)
Would it be possible to share this SecureBootDebugPolicy.p7b and then we'd able to see if there is someone else with a VivoTab RT that could test it? I assume it's locked to your device but it's always worth a try.
Could anyone else with experience working with Secure Boot look into this? While it's probably a lucky isolated case, it's nevertheless promising...
Just to double check: does anybody else have a Vivo Tab RT with 8.1u1 they could check this against? It would be amazing / hilarious if the update disabled signature enforcement. The question would then be whether that was Microsoft's idea or Asus's...
Oh, and one other quick test: grab a built-in program (CMD.EXE or Notepad.EXE, for example) and make a copy of it to somewhere you can edit it (like the desktop). Open the file in a hex editor (if needed, copy it off the tablet first) and change something unimportant, like a few characters in a string (not a file path, more like "is not recognized as an internal or external command..." or some such thing) to some other value that has the same number of characters. Save the file and try running it on the tablet again. The idea is that this will be an EXE with an *invalid* signature (as opposed to just being unsigned) and that would be very surprising if it works... but this whole thing is surprising!
GoodDayToDie said:
Just to double check: does anybody else have a Vivo Tab RT with 8.1u1 they could check this against? It would be amazing / hilarious if the update disabled signature enforcement. The question would then be whether that was Microsoft's idea or Asus's...
Click to expand...
Click to collapse
Tried it on a VivoTab RT LTE (AT&T) with u1 -- ran 7z ARM and it failed on signature verification.
I would never run another update on that device. Don't want to patch up the botched update.
Sent from my Z10 using XDA Premium 4 mobile app
I wonder if there's some way to take a full image of your current installation (possibly using a backup utility?) that can be restored onto other peoples' tablets. Even better would be if the relevant bits could be extracted from your image and carried over to other tablets (such as Surface RTs, Surface 2s, Lumia 2520s, etc.) but that may be harder. Still, worth investigating more...
Was it new or used when you got it? And if it was used, is it possible the original owner JB'd it and it stuck through the update?
Sent from my HTC6600LVW using XDA Premium 4 mobile app
GoodDayToDie said:
I wonder if there's some way to take a full image of your current installation (possibly using a backup utility?) that can be restored onto other peoples' tablets. Even better would be if the relevant bits could be extracted from your image and carried over to other tablets (such as Surface RTs, Surface 2s, Lumia 2520s, etc.) but that may be harder. Still, worth investigating more...
Click to expand...
Click to collapse
Should be able to use dism.exe. Not sure if it will capture the online image, but you can definitely use it in recovery mode. Should be able to capture with new-windowsimage too. Going to try it out real quick and report back... I would choke puppies for this image.
---------- Post added at 11:24 AM ---------- Previous post was at 10:35 AM ----------
Okay it you can't capture the online image. You'll need to have a USB drive with enough space to capture the whole thing. Make sure you either suspend bitlocker or make sure you have a copy of the recovery key handy (It's 48 decimal digits).
Boot to the recovery partition (it doesn't matter if it's on the local storage or a USB key - it can even be the same USB key you will copy the disk image to if you have enough free space).
Choose language, troubleshoot, advanced, command prompt (I think - point is, you want a command prompt).
Verify the drive letters are what you expect them to be (internal storage is c, usb disk is d, ramdisk is x).
run: dism /capture-image /ImageFile:d:\winrt81u1.wim /CaptureDir:c:\ /Name:WinRT81U1vivotab
Let it finish. It will take a while. Probably a long time since it's writing to USB 2.0 flash storage. Bet on an hour. You probably want to make sure it's plugged in to power (but you're not writing anything to the local storage, so you won't break anything if it goes dead).
Upload that wim file to skydrive and share it with me!
Sjflowerhorn said:
Was it new or used when you got it? And if it was used, is it possible the original owner JB'd it and it stuck through the update?
Sent from my HTC6600LVW using XDA Premium 4 mobile app
Click to expand...
Click to collapse
That is impossible, the 8.0 jailbreak was performed in memory and it not written to the disk.
Toxickill said:
That is impossible, the 8.0 jailbreak was performed in memory and it not written to the disk.
Click to expand...
Click to collapse
Gotcha, I haven't JB'd mine yet, so I have no idea how it works. Apparently I'm Windows ShmeShmarted and can't make a bootable flash drive that contains the rollback. And coming from android devices where everything sticks except for some very select mods/devices I just figured it might be possible.
Sent from my HTC6600LVW using XDA Premium 4 mobile app
Sjflowerhorn said:
And coming from android devices where everything sticks except for some very select mods/devices I just figured it might be possible.
Click to expand...
Click to collapse
Believe me, that's what all RT owners would WANT to have. Although there's many reasons to jailbreak a device, I personally prefer feeling like I've gained full control of hardware I own. The in-memory jailbreak was good, but it didn't have that satisfying feeling of permanence you often get with an Android rooting / OS replacement.
southbird said:
Believe me, that's what all RT owners would WANT to have. Although there's many reasons to jailbreak a device, I personally prefer feeling like I've gained full control of hardware I own. The in-memory jailbreak was good, but it didn't have that satisfying feeling of permanence you often get with an Android rooting / OS replacement.
Click to expand...
Click to collapse
Until the carrier gets to your device and locks the bootloader (AT&T)
I actually preferred the in-memory jailbreak in many ways. It meant we couldn't modify system files or run unsigned code for a couple minutes after boot, but it also meant we could trivially easily "un-jailbreak" and we could install updates with no fear of them destroying anything. Even the huge 8.1 update, which broke the jailbreak *process*, could be started on a device which was already jailbroken without causing any harm (unlike, say, many iOS jailbreaks).
I agree. I liked that the 8.0 jailbreak wasn't permanent but also exceedingly simple to install at boot. It meant that sending my Surface RT back to my Microsoft under warranty had no problems at all.
Lumen_Melano said:
I agree. I liked that the 8.0 jailbreak wasn't permanent but also exceedingly simple to install at boot. It meant that sending my Surface RT back to my Microsoft under warranty had no problems at all.
Click to expand...
Click to collapse
The in-memory Jailbreak is great when you hard brick your Surface and take it to the Microsoft Store. They just gave me a new one with no problems at all.
Inspired by this post:
http://forum.xda-developers.com/showthread.php?t=1885399&page=22
I wanted to play a bit to join my XPS10 to my home domain. But
Check that the process is working on RT - a provided .NET program obviously would not work, so you should do the same manually
Click to expand...
Click to collapse
Well... it's for .net 4.0, AFAIR we have only 4.5, yep (?) And I was to lazy to read sourcecode.
So I loaded project into Visual Studio, changed target to 4.5 Any CPU. After that:
1. Took ownership of c:\windows\system32\sppsvc.exe and removed all rights (so noone, even system can execute it)
2. Created a copy of runJailbreak.bat and removed all exit commands in it (as a workaround for closing cmd - that will be needed later)
3. Added in registry:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
4. Reboot
After reboot I got cmd window on bootscreen background. Somehow, mouse cursor disappeared even with USB mouse.
5. Started jailbreak by running modified .bat
6. Started attached ProductPolicyEditor, enabled WorkstationService-DomainJoinEnabled policy, wrote changes to registry
7. Closed PPE, cmd, system self restarted in normal mode
8. Connected to domain as usual.
Proof - screenshots attached
After this RT went to not activated state. But when already connected to domain, I reverted changes I done (changed policy to 0, restored sppsvc rights), activated it again - everything works, computer is still in domain, only change is that in system properties I can only leave it, not change to another one.
This method may be used to exploit more hidden RT features.
kitor said:
Inspired by this post:
http://forum.xda-developers.com/showthread.php?t=1885399&page=22
I wanted to play a bit to join my XPS10 to my home domain. But
Well... it's for .net 4.0, AFAIR we have only 4.5, yep (?) And I was to lazy to read sourcecode.
So I loaded project into Visual Studio, changed target to 4.5 Any CPU. After that:
1. Took ownership of c:\windows\system32\sppsvc.exe and removed all rights (so noone, even system can execute it)
2. Created a copy of runJailbreak.bat and removed all exit commands in it (as a workaround for closing cmd - that will be needed later)
3. Added in registry:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
4. Reboot
After reboot I got cmd window on bootscreen background. Somehow, mouse cursor disappeared even with USB mouse.
5. Started jailbreak by running modified .bat
6. Started attached ProductPolicyEditor, enabled WorkstationService-DomainJoinEnabled policy, wrote changes to registry
7. Closed PPE, cmd, system self restarted in normal mode
8. Connected to domain as usual.
Proof - screenshots attached
After this RT went to not activated state. But when already connected to domain, I reverted changes I done (changed policy to 0, restored sppsvc rights), activated it again - everything works, computer is still in domain, only change is that in system properties I can only leave it, not change to another one.
This method may be used to exploit more hidden RT features.
Click to expand...
Click to collapse
Confirmed working on Surface RT :good:
Wonder what happens if you then upgrade the device to win rt 8.1...
I did this on my Surface RT running 8.1 the other day, Nil issues..
jordanmills said:
Wonder what happens if you then upgrade the device to win rt 8.1...
Click to expand...
Click to collapse
I wonder whether this technique could also be used to allow incoming Remote Desktop sessions in Windows RT...
Melissa
Myriachan said:
I wonder whether this technique could also be used to allow incoming Remote Desktop sessions in Windows RT...
Melissa
Click to expand...
Click to collapse
I spent quite a while trying to get that back when this first came out for 8.0, never had any luck with RDP. The Windows Help remote assistant works alright, though.
Work very fine in windows 10 home single language
You can also get "full BitLocker" from "limited Device Encryption" by changing:
SecureStartupFeature-Enabled-Premium
from 0 to 1
Then you can for example add USB-startup-key to encrypted OS volume by:
manage-bde -protector -add C: -StartupKey
...after changing back to "non-Premium" created start-up key protector will stay (survive),
so instead of nonsence TPM (which unlocks drive everytime unless you rip storage outside TPM chip), you can have fully encrypted and protected tablet.
BTW: @Myriachan: On jailbroken RT, how to get rid of inability to auto-start programs, when OS starts?
Can be system service made, which will only launch EXEs (in TXT list, minimised, maximised, normal) or is there other solution (TaskScheduler method doesn't work in W81RT)?