Is XperiFirm trustworthy? - General Questions and Answers

Hello.
This is my first post, and might be my only one as well. Since I am
not allowed to post into developers' forums, I post this here. I'm
sorry for any inconvenience caused, if any.
After setting things up (download and install Mono, download and
uncompress XperiFirm then reboot) to use XperiFirm on my Mac, I wanted
to check if I could download Xperia firmwares directly from Sony's
servers.
Assuming XperiFirm downloads files directly from Sony, I asked a
friend a command that could give me what I'd need. He gave me two, one
of which (
Code:
$ lsof -i
) returned some interesting results.
At the
Code:
mono-sgen
command line, the connection is
established with an IP address that Whois says belonging to a single
person located in Santa Monica, California. I tried that while
downloading Xperia Z3+'s Android 5.0.2*, 32.2.A.0.224 / R3C and Xperia
Z3's 23.5.A.0.575 / R9D. I won't give more info on what I found, if
you want to know more you'll have to check this out by yourself.
I don't understand. I am still far from being a network computing and
IT security professional, but I'm not sure Sony would register as one
single person. I don't imply that something stinks, I only say I find
this rather strange.**
If the files were retrieved directly from Sony by someone and stored
on their server to be downloaded, why not keep the files even when
Sony deletes them? Is XperiFirm using some sort of intermediate
service hosted by someone?
Could someone explain me this? I found the official thread to be
elusive about how XperiFirm works.
Thank you. Have a nice day.
* I can't recall this Android version's associated Sony Xperia Z3+
firmware's name since it since disappeared, but I first noticed this
at the time it was still available — some months ago.
** Still, Maps' Street view shows what appears to be a black building
that looks more like a workplace than a home to me.

Related

Downloading the specific contents on any Sony Ericsson phones

Hello, I'm a newbie and I work as a junior software engineer. Actually I had been testing K700 and W902 phones by attempting to download GIF, AWB, MID, AMR, MP3, SIS, RMF, WAV and 3GP files from the server in the company where I work. Unfortunately I received the message that said 'Downloaded file corrupt. Could not be saved.' on both phones instead. My manager told me that the company's rivals allow their customers to download the files I've just mentioned and they prevent the customers from sending the downloaded contents to anyone else. Therefore I've got to test the Forward Lock that already exists in the company's system. By the way, I am able to download the contents in question on Nokia phone if you ask me. Please take a look at the code below;
PHP:
<?
header("Content-type: application/vnd.oma.drm.message; boundary=boundary-1");
print("--boundary-1\n");
print("Content-type: image/gif\n");
print("Content-Transfer-Encoding: binary\n");
print("\n");
fpassthru(fopen("133000001.gif", "rb"));
print("\n--boundary-1--\n");
?>
People, please help me out by suggesting something for me to add to the code above in PHP file.
Hey i need some help?
hey Every body....!! Any body knows which Sony Ericsson Mobile Phones are best for using office and for home... which have a long bettery time....
Thx in advance...

[Q] wp7 emulator dump - how to?

Hello! I'd ask/post my question under the
http://forum.xda-developers.com/showthread.php?t=1096111
or http://forum.xda-developers.com/showthread.php?t=1147161
but the 10-post rules in still in its power, so I think it's no point to whine about that?
In these two posts, the Football has provided some dumps of the emulators' images. While i was able to unpack mine with xipport/boooff, I completely dont know how to preserve/restore/rebuild the directory structure - such as it is seen in Football's dumps. Could you drop me a link or a bit of info where/how to do/find it?
I want to dump it, because I've noticed few strange behaviours in the SDK and I want to check whether it is a bug, or feature I dont understand (ildasm, you know the drill..). Football's latest 7661 dump was really useful, but I just want to recheck on mine and compare what has changed.
My current emu image:
/2D6168DD-3ACB-43bd-BCA7-4033C89E9745.rgu:
REGEDIT4
[HKEY_LOCAL_MACHINE\System\Versions]
"Label"="WM7_Main"
"ParentBranchBuild"="7712" <- different
"TimeStamp"="20110711-1451" <- month later than 7661
"Builder"="mojobld"
It seems newer that Football's. If you deem it useful, but I think I'll be able to upload it somewhere afterwards - but I can't give you my word for that, I have not yet checked if I/we are under NDA here. The company "likes" to get tied by them lately..
If you have any links/knowledge on how to fetch the actual binaries (ie. GAC_*.dll) from the device, _in a more reasonable way_, please let me know/point me there too.
@reasonable: the way I know about currently are:
- unpack from device-update package (I don't know how yet, not tried)
- download from running the device directly (I'm able to do it on per-file basis, quite legthy and boring, and required to knowing the exact file name. I've managed to fetch a few files from GAC, nothing more)
excuse me for just "bupming", but I'd really can't dig anything out on that

RemoteTracker for Android -Antitheft software

Hi there,
This software is an Antitheft and you can use it to track your device when it was lost or stolen. It works catching a formated SMS/EMail sent from any phone/computer and then receiving useful informations back.
You can use it to others objectives, like keep your eye in your child. Use your imagination!
You can set up to four emergengy contacts to receive SMS if the thief change your SIM card and you still can track your device.
The RemoteTracker for Android is an evolution from an old project for Windows Mobile 6 (If you want to see the entire history, please click here).
I'm justing starting this project. There are much more to come.
To send a command to RemoteTracker, send a SMS with the syntax: RT#(command)#(phone or e-mail)#(password). Example: RT#EGP#[email protected]#1234. This version answer the commands below:
help - send to you a list of commands available in Android platform;
ehelp - same as 'HELP', but send the list by e-mail;
fhelp - same as 'HELP', but send the list to your FTP server;
gp - try to get GPS coordinates and send back to cel number passed as parameter;
egp - same as 'GP', but send the list by e-mail;
fgp - same as 'GP', but send a file to your FTP server;
gi - Send informations about your phone: IMSI, IMEI and ICCID;
egi - Same as 'GI' but the answer goes by e-mail;
fgi - Same as 'GI' but the answer goes to your FTP server;
cb - your phone will make a Call Back to you. Just make a call and let the microphone open;
cellid - Retrieve informations (CELLID, LAC, MNC and MCC codes) about the tower your phone are connected. Send to you by SMS;
ecellid - same as 'CELLID', but the answer goes by e-mail;
fcellid - same as 'CELLID', but the answer goes to your FTP server;
secret - if you forget your password you can use this command to receive by SMS your personal secret question;
lostpass - used to receive your password if you forgot it. You must send the answer for your secret question, so, you can use the secret command to help you;
Commands available only in PRO version:
PICSON - Makes RemoteTracker (only PRO version) watch for new photos and send them to Default EMail Address;
PICSOFF - Makes RemoteTracker (only PRO version) stop to watch for new photos;
EPICSON - Same as PICSON, but send an E-Mail back;
EPICSOFF - Same as PICSOFF, but send an E-Mail back;
FPICSON - Same as PICSON, but send the answer to FTP server;
FPICSOFF - Same as PICSOFF, but send the answer to FTP server;
PCALLSON - Makes RemoteTracker (only PRO version) takes a photo on a call is receive or made and send it to Default EMail Address;
PCALLSOFF - Makes RemoteTracker (only PRO version) stop to take photos on calls;
EPCALLSON - Same as PCALLSON, but send an E-Mail back;
EPCALLSOFF - Same as PCALLSOFF, but send an E-Mail back;
FPCALLSON - Same as PCALLSON, but send the answer to FTP server;
FPCALLSOFF - Same as PCALLSOFF, but send the answer to FTP server;
WIPEDATA - This command will return your device to factory default and format your SD Card.
There are another features inside RemoteTracker, like:
- SIM CARD change observer;
- Automatically restore your preferences if you reinstall it. This feature is particular useful if you have a custom ROM with RemoteTracker inside. Once configured, everytime your devices boots up, your preferences will be restored;
- Works as Device Admin, so it can't be uninstalled if you don't know the password;
- And more...
This project can be multi-language. In this version there is only English (sorry about it, my english is very bad because this is not my mother language). If you want to make your own translate, I can tell how. Very simple.
If you decide to try RemoteTracker, I would like to read reviews, comments and suggestions. Remember this is a beta version and may contain bugs. Use at your own risk and with caution.
--> It is a work in progress. In future versions I will make a lot more.
Support this project
You can support this project making a donation clicking here or clicking the banners in the project website: http://remotetracker.sourceforge.net
All the best,
Joubert Vasconcelos
Hello friends!
To test RemoteTracker please download it from here:
http://remotetracker.sourceforge.net/RemoteTracker.apk
Before your tests, please turn on the Debug option. It will make RemoteTracker write the remotetracker.txt file in the root of your memory card.
All the best,
Joubert
I just released the second beta!!!
Now, RemoteTracker can automatically turn on the Mobile and WiFi network to try get location and send EMails!
For older phones RemoteTracker also will automatically turn on the GPS! Unfortunately this is impossible if you are using new Android versions (2.3.x or so).
A few minor bugs was fixed.
All the best,
Joubert
joubertvasc said:
For older phones RemoteTracker also will automatically turn on the GPS! Unfortunately this is impossible if you are using new Android versions (2.3.x or so).
Click to expand...
Click to collapse
GPS can be enabled in 2.3+ - but only if device is rooted. That's what it says in the Cerberus entry in "AppStore" [edit: AndroidMarket].
Hi!
Yes, if you have a rooted device is very easy to enable GPS remotely. But I do not recommend in any way for users to root the phones for security reasons.
I think you are talking about Market, not AppStore We are talking about Android not Apple
All the best,
Joubert
New beta 0.3!!!
Hello again,
I just released version 0.3. Now we got FTP answers back!
In Configurations I added a session to input your FTP server details. The example commands GI and GP now works with FGI and FGP as well.
Once again minor bugs was fixed. If you want to try please download the APK here: http://remotetracker.sourceforge.net/RemoteTracker.apk
As soon as possible I'll make a TODO list and a Road Map.
All the best,
Joubert
Copying my post form the old thread so I can subscribe to this one:
Wow, nice to see this make it to Android.
Some suggestions,
1: Name it something that isn't obvious in the market. Don't want a thief easily finding it in the installed apps list. Going to the market and then buying "my apps" shows you exactly what's installed. So you should name it something totally different that nobody would suspect or want to remove. Like "memory maximizer" or something like that. Probably want to keep it in the middle of the alphabet so it's not at the top or bottom of the list.
2: Maybe make a way to remotely monitor the front/rear camera. Then you could get the thief on video (and also see if it's a crowd, or some huge guy you don't want to mess with, lol).
I'll try to help test when I get another phone and more time. Right now I don't have a lot of time to work out bugs. And more importantly I only have the 1 phone, and I can't afford to have it malfunctioning (I need it for work). I'll buy a used extra phone for testing and then I'll help test.
Thank's!
Be sure I'm worry about the Name I'll post on Market. Not now. I'm trying to make it working and I'll see what I can do later.
About cameras, yes, I think we can control them. At least take pictures and send to an e-mail account. To remotely monitor the cameras, may be I need a server to receive/transmit stream. Of course this is in my todo list
All the best,
Joubert
joubertvasc said:
Thank's!
Be sure I'm worry about the Name I'll post on Market. Not now. I'm trying to make it working and I'll see what I can do later.
About cameras, yes, I think we can control them. At least take pictures and send to an e-mail account. To remotely monitor the cameras, may be I need a server to receive/transmit stream. Of course this is in my todo list
All the best,
Joubert
Click to expand...
Click to collapse
I would rather set up my own server (or even directly stream peer to peer from the device). That way you don't get stuck with hosting fees and the app doesn't die if you decide to stop supporting it someday (not that you would).
There are many possibilities. I'll try all of them.
All the best
Joubert
Another beta
Hi all,
I release another beta. Once again, if you decide to try it, please download from http://remotetracker.sourceforge.net/RemoteTracker.apk.
I edited the first post to add new features. And I have a notice...
I created a free and pro versions. The free version will have the most common commands we had in Windows Mobile. Only specific commands for Windows Mobile I can't write for Android. Pro version will have new features to come (I don't know yet).
But I don't want to charge my friends, so, if you are a beta tester or help me with anything, I'll give the PRO version for free. But it's for future now I'm engaged to finish RemoteTracker free as best as I can do.
All the best,
Joubert
Possible Bugs
Hi Joubert,
Thank you for have been developing so useful application. I believe everyone here is excited about what you are doing.
I tried your better version and here what I have to say:
1) You stated that the command format is RT#EGP#[email protected]#1234, but what if I want to use command to upload that info to FTP? Then,theoretically, I don't need to indicate my email or phone in the command. At the same time commands like "RT#FGP#1234{this is a password}", "RT#FGP##1234{this is a password}" are not recognized as valid RT commands or even failed with fatal exception. How can I upload this info to FTP, what should be the format of the command in this case?Indicating an email inside the command or phone number when sending to FTP seems a kind of redundancy.
2) Once an Fatal error appeared, it started appearing for each further VALID command which were working before. Error states the following:
Fatal error: Call to a member function query() on non-object in /celerra/webstor/root.dev/usr/sms core.php on line 234, most likely there it has some null reference there.
3) In the log file I see that its trying to send messages to invalid address substituting "@" at "?". Does it mean it sends to correct address but it writes to the logs incorrectly or is it really a bug? Because I don't receive any emails at all.For example, when sending RT#EGI#[email protected]#De41Be02AF in the logs I see that it mentioned it sent the message to "test?test.ru" instead of "[email protected]"
This is it for now. I can try to help you out with programming. I have no experience in Android development but have been developing in C# for 7+ years.
Again thanks for you effort.
ser-j said:
Hi Joubert,
Thank you for have been developing so useful application. I believe everyone here is excited about what you are doing.
Click to expand...
Click to collapse
I'm stuck right now. I can not go ahead because I'm not finding some answers. But soon I return to search. Very good to know there are people wainting my work to be done, because there are lots of good programs in Google Market (now Google Play).
ser-j said:
I tried your better version and here what I have to say:
1) You stated that the command format is RT#EGP#[email protected]#1234, but what if I want to use command to upload that info to FTP? Then,theoretically, I don't need to indicate my email or phone in the command. At the same time commands like "RT#FGP#1234{this is a password}", "RT#FGP##1234{this is a password}" are not recognized as valid RT commands or even failed with fatal exception. How can I upload this info to FTP, what should be the format of the command in this case?Indicating an email inside the command or phone number when sending to FTP seems a kind of redundancy.
Click to expand...
Click to collapse
You should use: rt#fgp##1234 The double # are still necessary. I'm working on a simpler syntax to be used in final version.
I'm worried about fatal errors. That's why I released beta versions. Please use Configurations Menu and check the Debug Options. After that you will see in the root of your memory card a file named remotetracker.txt. Send that file to me please.
ser-j said:
2) Once an Fatal error appeared, it started appearing for each further VALID command which were working before. Error states the following:
Fatal error: Call to a member function query() on non-object in /celerra/webstor/root.dev/usr/sms core.php on line 234, most likely there it has some null reference there.
Click to expand...
Click to collapse
I really don't know what is this. Please send the log file to me. I wrote RemoteTracker for Android in Java, not PHP!!!
ser-j said:
3) In the log file I see that its trying to send messages to invalid address substituting "@" at "?". Does it mean it sends to correct address but it writes to the logs incorrectly or is it really a bug? Because I don't receive any emails at all.For example, when sending RT#EGI#[email protected]#De41Be02AF in the logs I see that it mentioned it sent the message to "test?test.ru" instead of "[email protected]"
Click to expand...
Click to collapse
Are you sending the command using another phone, the same phone or using some WEB service (like your carrier website)? There is no code to change '@' to '?'.
ser-j said:
This is it for now. I can try to help you out with programming. I have no experience in Android development but have been developing in C# for 7+ years.
Again thanks for you effort.
Click to expand...
Click to collapse
Thank you very much for your tests. I need that! There are lots of Androids around the world and make something secure for everyone will be a journey.
All the best,
Joubert
Notices
I almost finished writing the commands that existed in RemoteTracker for Windows Mobile (at least the ones Android can execute).
But I'm still trying to make the security of RemoteTracker to be more robust. I had Features in Windows I can't write for Android yet:
- Prompt for password when uninstalling;
- Lock / Unlock the unit with the LOCK / UNLOCK commands;
I'm not able to use the camera without the need to provide a preview to the user. According to the source code of Android that is impossible, but I saw some programs doing that, so there is a way to do that and I'm looking for this information.
If anyone knows how please help me
All the best,
Joubert
Answers to the questions
Hi Joubert,
Sorry for being silent for so long.
joubertvasc said:
Are you sending the command using another phone, the same phone or using some WEB service (like your carrier website)? There is no code to change '@' to '?'.
Click to expand...
Click to collapse
I am using Web service of my sim provider to send SMS. Didn't have a chance to try with sending SMS from the phone.
joubertvasc said:
Thank you very much for your tests. I need that! There are lots of Androids around the world and make something secure for everyone will be a journey.
Click to expand...
Click to collapse
Yes, you are right.
As to the log file I will send it to you shortly.
Thank you. I'll wait for your log to see details. You can send it directly to my e-mail.
All the best,
Joubert
Hide Remote Tracker Application
Hi Joubertvasc:
Are you planing to make a feature to hide the Remote Tracker from the drawer and from any place of the phone. Like with the Theft Aware; you can access the application by dialing from the Phone Dialer. You enter your four code number then hit call. This will open the apllication without calling the number.
Regards;
Willie
Sounds good. I will take a look about how to do that.
Thank you.
Hi!
After a long time I'm back with a new version. This one has lots of bug fixes:
http://remotetracker.sourceforge.net/RemoteTracker.apk
My problem now is Android 3.1 and later, because they don't intercept messages all the time. They need human access the configuration module once to work. Security issue Google said... I'm trying to find an exit.
Best regards,
Joubert
G'day mate.
Long time no see. Great work on this app so far.
I've finally gotten around to installing it and play around with it a little.
I'm testing this on HTC One X with Revolution HD ROM
Here are a few ideas and tips for you to incorporate into your next version.
1. Include an option that allows users to set how many replies to get back from your software.
For Example. If I were to use #RT#GPS#1234, it currently only sends 1 reply. The problem with this is that most GPS units are accurate withing 5 - 10 meters. I tested it on myself where I am and it picks me up as being 2 houses down. If there was an option to send me 3 replies, in 60 second intervals, at least I would get the average GPS location of the phone. If your phone is stolen, it would also be a good idea to have unlimited SMS replies with 60 second intervals so I can get real time minute by minute location on where my phone is. Maybe this might be an idea for your Pro version. Have the option for how many replies to get and also an option for interval time between each reply.
2. Another idea for Pro version. Hide the RemoteTracker Icon from the Apps menu, or disguise it as a useless setting so if a thief were to look in the Apps menu, they wouldn't see it straight away, so wouldn't be forced to reset the ROM. Most thieves aren't smart enough to reset the phone as soon as they steal it, They normally wait till they get home..... but if he saw a tracking program, it would make them either turn the phone off right away, or reset the ROM right away.
3. I dont know much about Android programming, but an idea for capturing the Camera is to embed the photo into an MMS, or as an attachment in an email. Trying to muck around with FTP would be a waste of time because the average user wont have an FTP server, and you dont want to set up a central one because it would give every noob hacker a target to try and get into.
I will keep playing around and get back to you with any other problems or ideas for you.
Keep up the great work.
Loved the software on WinMo and looks like the Android version will be just as great.

[QPST 2.7 build 402]

Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
:good:
solcam said:
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
Click to expand...
Click to collapse
---------- Post added at 04:36 PM ---------- Previous post was at 03:44 PM ----------
:good:
solcam said:
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
Click to expand...
Click to collapse
Ummmm...Yeah. If you say so.
solcam said:
Ummmm...Yeah. If you say so.
Click to expand...
Click to collapse
Anyone managed to download this?
No. It says that it belongs to an unvalidated account. I know that 418 is now out too if anyone might have this one.
cezar1 said:
This file infected by troyan. Thanks a lot
Click to expand...
Click to collapse
I had no issues with it... and still use it. I will look into it. I did not upload it, I just posted the link.
---------- Post added at 10:56 PM ---------- Previous post was at 10:32 PM ----------
cezar1 said:
This file infected by troyan. Thanks a lot
Click to expand...
Click to collapse
I did some checking and a few people DID have issues with this. Thank you for bringing it to my attention...
If you install this via "setup.exe" it will put a backdoor on your system. It lives at "C:\Users\Admin\AppData\Roaming\Qualcomm". It will also add itself to the "HKCU/Software/Microsoft/Windows/Current Version/Run" key in the registry. There is no virus in the MSI file.
You should be able to detect it, remove it and use build 422. Again, I am using it without issue.
rekamyenom said:
I had no issues with it... and still use it. I will look into it. I did not upload it, I just posted the link.
Click to expand...
Click to collapse
Hello, fellow QPST users.
QPST 2.7 Build 4.2.2 is a fake version with keylogger.
Some a$$hole downloaded latest public QPST build (4.0.2) and decompiled MSI installer package, then edited all "4.0.2" to "4.2.2", added "fake changelog", added keylogger (qualcomm.exe), then repackaged and spread around web!
Everyone who downloaded QPST build "4.2.2" should change all his passwords.
More info about malware from fake 4.2.2 build (QPST.2.7.422.msi)
MSI package (QPST.2.7.422.msi) was embedded/tampered with qualcomm.exe which is a .NET based malware that logs your keystrokes and sends it to attacker's server.
How to delete the actual malware from your system?
Look at the startup from msconfig or CCleaner, there should be a file called qualcomm.exe thats set to start everytime system starts. Delete both registry and file.
If you wanted to see what data thief was stolen from you. Just open the .dc file (in "dclogs" folder) with Notepad and see for yourself.
In XP, dc file is located here!
C:\Documents and Settings\Administrator\Application Data\dclogs
there should be a file called "201X-XX-XX-X.dc
if you open that DC files with Notepad, you'll see all your keystrokes.
Here is mine. I've intentionally entered paypal site with fake info.
:: Run (3:01:51 AM)
Script kiddie. NET Based malware, huh?[ESC]
:: Program Manager (3:02:14 AM)
e
:: Firefox (3:02:18 AM)
www.paypal.com
[email protected][TAB]
mypaypalpass
[ENTER]
:: Documents and Settings (3:02:19 AM)
[UP]
:: Administrator (3:02:28 AM)
[DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN]
[DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN]
d
:: (3:02:34 AM)
:: Administrator (3:02:34 AM)
d
:: (3:03:11 AM)
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
:: [Release] QPST 2.7 BUILD 422 - Download Here - Enjoy - Mozilla Firefox (3:03:57 AM)
crap
How to delete?d
:: Clipboard Change : size = 16 Bytes (3:03:57 AM)
QPST.2.7.422.msi
:: (3:04:23 AM)
cccccc
Click to expand...
Click to collapse
Keylogger sends the logs from keylogger to "qpst.hopto.me"
So please report about this incident where and when you encounter QPST 4.2.2 somewhere (forums, posts, sharing-sites, etc)
Copy my whole post and paste it where you see 4.2.2 mentioned.
Bonus: Fake Changelog
If you've installed this 422 build, then open the Readme.txt in C:\Program Files\Qualcomm\QPST\Documents
Scroll down and see the "6/12/13 QPST 2.7.422 changelog"
6/12/13 QPST 2.7.422
1) EFS Hello commands will not be sent unless the device is in a compatible mode. Sending this command when the
device is in download mode can cause a "server busy" message for a few seconds because of command retries.
2) Support for the Sahara device protocol (see 80-N1008-1 or equivalent) is now built in to the QPST server process.
This protocol is only supported by USB Serial ports, not TCP/IP connections. In QPST Configuration a device in
this mode will display as "Q/QCP-XXX (Sahara Download)". This mode can only be detected (1) when the QPST server
process starts or a COM port in this mode added to QPST, or (2) when a device enters Sahara mode on a port assigned
to QPST. This is because the device only sends its Hello message once, as soon as the COM port is opened.
Click to expand...
Click to collapse
Changelog above is actually cloned from QPST 2.7.394 Just scroll down and see Build 2.7.394 changelog. Its same!
So forget about Build 422. It doesn't exist.
Use QPST 2.7 Build 402. It's the latest public build
Sorry about my english
Best Regards
AnycallMongolia
can somebody give proper qpst latest version.
pl provide dropbox link
madroamer said:
can somebody give proper qpst latest version.
pl provide dropbox link
Click to expand...
Click to collapse
Okey, someone (HuaweiDevices.ru) leaked QPST v2.7.411 to the public. I've installed it myself and confirmed that its legit build.
Here is original link of the leak..
Here is my link.
http://d-h.st/qAy
Thread cleaned, potentially unsafe file and posts are gone. All members are to be reminded that whenever you flash anything, regardless of what it is, you take chances.
Thanks for the report, and thanks for not being disrespectful regarding the matter.
Now, back to development.
Thanks for your sharing this.
solcam said:
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
Click to expand...
Click to collapse
anycallmongolia said:
Okey, someone (HuaweiDevices.ru) leaked QPST v2.7.411 to the public. I've installed it myself and confirmed that its legit build.
Here is original link of the leak..
Here is my link.
http://d-h.st/qAy
Click to expand...
Click to collapse
Link works. Thank you.
Hello guys, i have a LG G2 with 3g issue , it works just in 2g, somebody can upload his QCN file so i try to replace mine with it? Thank you so much
!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!
!!! TROJAN AGAIN !!!
Some time ago in Feb 2014 man named anycallmongolia posted a link to QPST 2.7 build 411
Link points to the site HuaweiDevices.ru
h_t_t_p_://_huaweidevices._ru/ROMS/QPST_2.7.411.rar
Later I'd personally downloaded this version from this topic a few times in 2014 and this was normal non fake QPST which i'd installed on a few PC's. (Can't remember particular link now). Today I would like to install QPST to a new NB PC, so assumed this topic as the best source. Being a recovery/data structures expert I always inspect code (mostly by viewing in text/hex). As most of members I've very high trust level to xda (certainly it's much higher then one related to the "famous and respectable" corps like Google/MS/Apple/etc, who aren't on my side, I'm sure).
I've installed QPST got from this topic a few times, so I'd almost pressed Enter (I use FAR most of time and advice you to do the same) over the DL'd file "qpst 2 7 411.exe".... What??? - EXE??? And it's just about 500Kb long... But QPST installer occupies about 16Mb.
I've explored body - I's typical malware with slightly "encoded" (to prevent direct reading) data inside. QXDM offered on the neighbor page is the same malware of the same size.
If you'll try to dl QPST from above link you'll got 404 error in the center of normal html page with site menu etc... What normal man would think in this case? He'll think page/product have moved (e.g. due to overload protection) and what he'll do next? He'll try to find where page have moved and... will got link in menu just at the bottom of 404 page. It's just trivial (but very good working!) "social engineering" - publish real app in trusted place and when it will pass checks replace it with malware. (Or may be domain was sold to the criminals as it often occures in Russia for a few latest years). Even if you will check DL url in the status bar it will show link to the .RAR archive, but ASAY click the link it will be redirected to .exe!
PLEASE PUBLISH BIG WARNING on TOPIC START and remove links to HUAWEIDEVICES.RU!!!
Furthermore. Situation is much worse because huaweidevices shows 1ST position in search request "QPST 2.7.411" by Yandex.ru (#1 search engine in Russia) and 2ND position in Google results with the same request!!! It's VERY DANGEROUS situation! Thousands if not millions of peoples are at risk of infection.
I'm going to write abuses to Google and Yandex NOW!
Please spread info on such a new attack manner/technique around your friends, collegues and internet.!
Always check what you run!!!
QPST 2.7 build 425 (The REAL Thing!)
It is so irritating to see all of the jerks who are trying to spread viruses and malware nowadays.
Here is the REAL build 425:
http://www.mediafire.com/download/neeapht51ub2333/QPST.WIN.2.7_Installer-00425.1.zip
drkcobra said:
It is so irritating to see all of the jerks who are trying to spread viruses and malware nowadays.
Here is the REAL build 425:
h_t_t_p_://_w_w_w.mediafire.com/download/neeapht51ub2333/QPST.WIN.2.7_Installer-00425.1.zip
Click to expand...
Click to collapse
Very very very BIG Thank you!!!
That's really new one and it contains new very promising QFIL util. Didn't explored much yet!
God bless on you man!
BTW does anybody know how to descramble (decrypt)/scramble (encrypt) back EFS/NVRAM partitions (in most cases modemst*). I'd like to be able to patch/change every byte in EFS (not just locks etc bull****, my phones are always free of any contracts). Full modem FW reversing seems too difficult to me (i'm 'not so strong' in ARM assembly and there is too much code in modem FW). I'm sure for a such long period (over decade) of EFS life there should be methods around to manipulate it independently of mfr/commercial products, but I can't find them for a long time. Trust me, it's fully idiotic situation I'm (you're) not able to do with my (yours) computer (PDA is computer, not the "phone") all I want to do being "restricted" to access only data some f...n mfr "allowed" me to access. It's my device, I'd paid for it and I will decide what me to do with it.
Furthermore, modern public licenses don't allow to hide parts of object (device) code, where GNU/GPL code is the main part. Is anybody here who think that Linux/Unix value in ALL there f...n "modern" Android devices less than 90%? Most router mfrs have already forced by requirements GNU/GPL to publish full compilable code of their firmware. I shouldn't have clue what all they want to hide related to their "commercial" and manipulating interests. Using 30years of thousands people's free labor in their commercial products , they're obligated to publish full sources and should DO IT.
Apple is today wealthiest corp on this planet, but If you'll look into the Apple's internals you'll find tons of MODERN Linux code (protected by modern GNU/GPL) simply stolen from open source depositories, then adopted to MacOS/iOS then closed and sold as commercial product . Is it fair game?
TheDrive said:
Very very very BIG Thank you!!!
That's really new one and it contains new very promising QFIL util. Didn't explored much yet!
God bless on you man!
BTW does anybody know how to descramble (decrypt)/scramble (encrypt) back EFS/NVRAM partitions (in most cases modemst*). I'd like to be able to patch/change every byte in EFS (not just locks etc ...................
Click to expand...
Click to collapse
I use EFS Pro for BackUp and Restore.... Sadly its windows only, but works great with VirtualBox on Linux Mint Cinnamon/MATE 17.1 x64.
Hosted on the wonderful XDA:
http://forum.xda-developers.com/gal...ol-updated-09-06-14-efs-professional-t1308546
FWIW
I hear you about Apple, used to be a hardcore fan, when they were nearly bankrupt. I still swear by OS X, but not the iTard line of devices. I tell my nieces and nephews to get an Android cause they are not ignorant! lol There should be more of an effort to make people understand that Apple is using allot of *BSD (Linux) source. The GUI is closed, but some of the other source is available in the dev program site they host.
unimatrix725 said:
I use EFS Pro for BackUp and Restore.... Sadly its windows only, but works great with VirtualBox on Linux Mint Cinnamon/MATE 17.1 x64.
Hosted on the wonderful XDA:
http://forum.xda-developers.com/gal...ol-updated-09-06-14-efs-professional-t1308546
Click to expand...
Click to collapse
Thank you! Certainly I know this good product. It can manipulate NVRAM through COM-port, just the way QPST does it communicating w/modem FW. Is has many advanced options but seems not to be reliable enough (too many OEM customizations around, it's difficult to reverse all) As you stated it can also backup some partitions (like EFS). but you can do this yourself just by simple ADB/Unix shell commands (e.g. "dd if=/dev/block/mmcblk0p?? of=/sdcard/mmcblk0p??.img")
You can write simple scripts and perform such backups directly from device (to SD). Furthermore, you can customize CWM/TWRP for your device to perform such backups from recovery.
To do it you should know which partition numbers to backup/restore (to backup/restore what data you want).
There are methods/commands available to get needed info to build full device partition map (e.g. some devices contains "folders" named "by-names" deeper in /dev/block/... (where partitions are named), but in some cases (e.g. some 2013 MSM7227 based Samsung phones like GT-S756x) there is no names associated with particular proprietary partitions in the device, (at all) so the only way to find what data reside there is to backup and look (hex) with your own "experienced" eyes what these data seems to be (or search what others found on the theme). EFSPro "from the box" also knows only a few device's partition maps so, in most cases you should build configuration for your device manually with full knowledge of it.
There is no problem to locate and backup encrypted modem data partitions (modemst*/efs/etc...) if your device is rooted. Moreover, if your device has standard Qualcomm bootloader (not OEM's cut) you can switch device to the standard Qualcom DM (download mode) when all your eMMC contents will be exposed to USB bus as mass storage device (just like UFD or SDCard) and you can backup/restore whole drive contents or particular partitions just like PC's own partitions (try some "chnese" stuff (made of quality parts) instead of "branded" ones and you'll see superiority of the "open world".
But main question is how to decrypt modem data to explore and change them as I want at any time. Mfrs (i.e. Qualcomm and OEMs hide serials, locks etc BS there, but there is a lot of other interesting stuff related to modem configuration which is also closed and encrypted. This drives me wild because it's my device and my serials/locks and other stuff too, so it's my option to do with is what I want and no one else. I'm definitely know and sure modem FW/config and even mask ROM (which we most probably never will be able to explore) contains many hidden features that may lead to remotely force device to collect info about user and perform actions without his knowledge and consent. I have no matter what all these sec... services planned to do with all these exploits they forced OEMs/chipmakers to implement., but (sic!) they allowed information about these exploits to leak wild! So some "generic" engineers who simply have job and low level access to cellular provider's equipment (which able to broadcast custom service packets) to make "what they want with user's phones (e.g. switch it on or request GPS data) just "for fun". F them all, but most idiotic is fact that being an 25y experienced "lowest level" service engineer I can't get access and control over my own devices (i.e. computers). It's incorrect. It would be difficult but we should pay more attention to explore internals and get clue what goes on.
unimatrix725 said:
FWIW
I hear you about Apple, used to be a hardcore fan, when they were nearly bankrupt. I still swear by OS X, but not the iTard line of devices. I tell my nieces and nephews to get an Android cause they are not ignorant! lol There should be more of an effort to make people understand that Apple is using allot of *BSD (Linux) source. The GUI is closed, but some of the other source is available in the dev program site they host.
Click to expand...
Click to collapse
I've personally explored OSX files and partitions and seen much modern Linux code inside. They even don't hide "copyrights". Nobody will explore anyway and nobody cares. Old 80x-90x versions of public licenses allowed to do "anything" with free open sources (including to make changes, then close sources and sell product). After some smartasses like Apple used this hole to sell free labor of thousands of peoples, public license had changed. Modern licenses allows you to sell derived product, but obligate you to open sources (with same license) so anyone else can use them to and sell too. You can't close your part of sources if free code is most valuable part of your product. E.g. router mfr can't close part his own sources to make firmware sources "uncompilable" because Linux definitely is most valuable part of router FW. This warrant later development of free open source programs and free community n whole. Apple stated that they used only old 80x code in their OS'es and then developed it separately and thus they are not obligated to open sources to everyone. They would be right unless they didn''t used a lot of modern code protected by modern public license's requirements. I didn't explored deeply. May be they publish all derived code for free. Today we can't say accurately if some modern Linux components they adopt for Mac/iOS are most valuable part of their systems or not. We should explore all the code to make decision. but anyway it's not fair to use a lot of thousand's people's free labor just to make money. Google's position here is not ideal but much more fair. They publish most of sources and support open source community. They don't try to make system "unbreakable" and they don't force you to use their accounts too much. I've NO Google "phone" account AT ALL. I've no need in any "markets", "clouds" ect BS., which lead absolutely no problem to me to effectively use Android devices. There are lots of free APK's around
It practice, I have 2-3 old iPhones just for experiments. Yes we have Jailbreaks and some other stuff, but even if you break and get access to your device it's very uncomfortable to work with it at low level. On my sight just one ADB interface costs more then all "jingles and bells" of iOS's GUI. All these "tethered-untethered", "unbreakable" bootloaders in Mask ROM, lack of normal tools to explore and manage data on any level, total control and extraction of my data by mfr via strongly encrypted obfuscated protocols and hidden services make these devices useless for me in practice.
Windows Phone is even far more closed OS then iOS. You have no control over your data at all. You can't do a thing with WP device unless you sign up with MS account. You can't get access to your own data (except MM files) unless you sync it with MS cloud, i.e. you will be forced to send all your private data to MS and MS will decide whether to give piece of it back to you or not. Matrix in action. I've absolutely no clue what thought MS bosses when they decided to close ALL in OS that have had less than 1% of market. Their 1st goal was to attract developers to write apps for their OS and there was no better way to kick them than "close All". There is no matter does it perform GUI actions good or not when devs and users have no effective way to collect and use "useful" results of device's work.
drkcobra said:
It is so irritating to see all of the jerks who are trying to spread viruses and malware nowadays.
Here is the REAL build 425:
http://www.mediafire.com/download/neeapht51ub2333/QPST.WIN.2.7_Installer-00425.1.zip
Click to expand...
Click to collapse
The new versions got rid of QXDM and RF NV Manager.
Build 415
etirkca said:
The new versions got rid of QXDM and RF NV Manager.
Click to expand...
Click to collapse
I have not used this version, so do not know if it has been removed from this one or not, but here is a legitimate copy of build 415:
http://www.mediafire.com/download/ac6yh57yye363mx/QPSTWIN2700415.rar

Bit of an odd one: Symbol TC70 Home Depot Firmware Download

Hello everyone! I had a quick question regarding the availability of the custom Home Depot firmware on these Motorola/Symbol phones. I've done what I believe to be a thorough search of the forums and have found numerous places where people are trying to remove this locked firmware, but few that describe how to obtain a copy of it.
I'm not actually looking to load it onto another device, but rather, I'm looking to explore the files of the firmware.
I have several TC70s with the USB cables, but none of them have the Home Depot software and I was wondering if there is a location or repository where the HD software is uploaded so that it can be downloaded? Or perhaps if someone here has a copy of it? Or if it's even possible to make a copy of it.
tl;dr: I'm looking for a copy of the custom Home Depot TC70 firmware so that I can explore some of the files within it.
Thanks again for reading! Happy belated new year everyone!
-SHL
I want to download the firmware from the Zebra website, but the website requires registration, and there are firmware packages available on the official website

Categories

Resources