I'm thinking about creating an application ( based on GScript ) that allows Rom developers to add the ability for rom developers to run shell scripts after the actual rom is flashed and to allow the user to run some rom-specific scripts.
I don't know if there is any need for this by any of the devs, but i have seen TwistedUmbrella used GScript Lite to add some scripts to his build, so that people don't have to ask the same question on how-to run the scripts ( and commands ) over and over.
Although GScript can be easily used for it I think that a special project could offer much more then this and the actual output can be a lot user friendly when its less generic ( i have done the same for the LucidREM script application which can be found in the market ).
And maybe the ability to run some scripts when the actual rom is started the first time after flashing etc.
If you think this could be useful in rom deployment or you have ideas/feature requests etc please drop a post so i know if its worth the work.
like UC
Kinda like UC for windows mobile (I said kinda)? I suppose it could have its uses. First thing that comes to mind is automatic restoration of sms, wep settings, etc.. after a wipe. One thing I like about the g1 is it so easy to build and customize your own builds in comparison to winmo (from a development standpoint). Well, depending on how you look at it I guess.
Curiously, If a function or program like this existed already, what uses would you get from it.
Edit)
I suppose it could be useful afterall. I drew a blank when I initially read your post because everything I run from a script or terminal for that matter is because I'm not behind a computer. If I'm gonna modify something it can be implemented in the update.zip before flash ect.. but if I'm flashing a new rom and I want the dalvikvm updated, louder sound mod, Odex optimized, etc to be done from the first boot I guess it'd be cool. But usuall i'd implement it in an update.zip. I donno I don't think I'm thinkin creatively enough about its uses.
We could create an easy way to backup/restore sms mms bookmarks etc, which can be started before updating and which will run to restore when the image is flashed.
Automatically create the apps2sd settings etc after a flash.
Or even create "smaller"-distributions which asks if the user wants to download extra applications after reflashing...
We could even incorporate google source projects so that users can look for and report issues from within the app for the given distribution.
An easy way to bring out small updates without users having to reflash or have to do manual stuff
Just shooting out some ideas....
I love this idea, I'm a huge supporter for GScript so this only seems natural. Since I use gscript after wipes/loading custom roms ANYWAY it'd be awesome if the process was automated. Chances are people are going to want to restore previous settings and info when they load new roms. I hope more Rom devs see this. So mildly bumping for notice.
Eventually user support will be deciding for developers to use it or not...
I will have a test application finished in a few days.
I will post the first screenshots tomorrow if i will find some time...
Hello, XDA. This is my first post.
Before I start out looking like I'm helpless, and keeping with the mindset that I don't expect something for nothing, I've spent the time to write up newbie-friendly guides:
(edit: Apparently, I have to make eight posts before I can post external links) I will probably accumulate eight posts in this thread, and will edit this at that point.)
Adding OpenVPN and liblzo to the AOSP source tree and compiling a kernel to support it. Includes instructions for patching OpenSSL1.0.0a to enable engine support.
Wrangling with USB permissions
Making a custom boot animation from an animated gif
If it would be better to have the content located on the forum somewhere, tell me where it ought to go.
My problem:
I am trying to roll my own ROM from AOSP (Gingerbread 2.3.4). I have been successfully building images and even kernels for the Nexus S for several weeks now. Recently, I broke something.
I've beat my head against this for three days now. I think I read the entire internet before posting here. I think there is a problem with my build tools, but I don't know where I should be looking for it, or how to test it. The problem is not in the AOSP source tree. I know this because I checked out a clean copy of it, followed Google's instructions, and I get the same result. I get the same result in both the emulator, and on the Nexus S.
When I launch the browser, this is the output from logcat:
(edit: Wow... the parser that tells me I can't post URLs is so aggressive, that I can't paste my logcat output either... I have base64 encoded it instead.)
Code:
SS9BY3Rpdml0eU1hbmFnZXIoICAgNjYpOiBTdGFydCBwcm9jIGNvbS5hbmRyb2lkLmJyb3dzZXIg
Zm9yIGFjdGl2aXR5IGNvbS5hbmRyb2lkLmJyb3dzZXIvLkJyb3dzZXJBY3Rpdml0eTogcGlkPTM1
NyB1aWQ9MTAwMjEgZ2lkcz17MzAwMywgMTAxNX0NCkkvQWN0aXZpdHlUaHJlYWQoICAzNTcpOiBQ
dWIgYnJvd3NlcjogY29tLmFuZHJvaWQuYnJvd3Nlci5Ccm93c2VyUHJvdmlkZXINCkkvQnJvd3Nl
clNldHRpbmdzKCAgMzU3KTogU2VsZWN0ZWQgc2VhcmNoIGVuZ2luZTogQWN0aXZpdHlTZWFyY2hF
bmdpbmV7YW5kcm9pZC5hcHAuU2VhcmNoYWJsZUluZm9ANDA1OTU4Yzh9DQpEL2RhbHZpa3ZtKCAg
MzU3KTogR0NfQ09OQ1VSUkVOVCBmcmVlZCA0NTZLLCA1MSUgZnJlZSAyOTE0Sy81ODMxSywgZXh0
ZXJuYWwgOTM0Sy8xMDM4SywgcGF1c2VkIDVtcyszbXMNClcvZGFsdmlrdm0oICAzNTcpOiBObyBp
bXBsZW1lbnRhdGlvbiBmb3VuZCBmb3IgbmF0aXZlIExhbmRyb2lkL3dlYmtpdC9KV2ViQ29yZUph
dmFCcmlkZ2U7Lm5hdGl2ZUNvbnN0cnVjdG9yICgpVg0KVy9kYWx2aWt2bSggIDM1Nyk6IHRocmVh
ZGlkPTExOiB0aHJlYWQgZXhpdGluZyB3aXRoIHVuY2F1Z2h0IGV4Y2VwdGlvbiAoZ3JvdXA9MHg0
MDAxNTU2MCkNCkUvQW5kcm9pZFJ1bnRpbWUoICAzNTcpOiBGQVRBTCBFWENFUFRJT046IFdlYlZp
ZXdDb3JlVGhyZWFkDQpFL0FuZHJvaWRSdW50aW1lKCAgMzU3KTogamF2YS5sYW5nLlVuc2F0aXNm
aWVkTGlua0Vycm9yOiBuYXRpdmVDb25zdHJ1Y3Rvcg0KRS9BbmRyb2lkUnVudGltZSggIDM1Nyk6
IAlhdCBhbmRyb2lkLndlYmtpdC5KV2ViQ29yZUphdmFCcmlkZ2UubmF0aXZlQ29uc3RydWN0b3Io
TmF0aXZlIE1ldGhvZCkNCkUvQW5kcm9pZFJ1bnRpbWUoICAzNTcpOiAJYXQgYW5kcm9pZC53ZWJr
aXQuSldlYkNvcmVKYXZhQnJpZGdlLjxpbml0PihKV2ViQ29yZUphdmFCcmlkZ2UuamF2YTo2MCkN
CkUvQW5kcm9pZFJ1bnRpbWUoICAzNTcpOiAJYXQgYW5kcm9pZC53ZWJraXQuQnJvd3NlckZyYW1l
Ljxpbml0PihCcm93c2VyRnJhbWUuamF2YToxOTIpDQpFL0FuZHJvaWRSdW50aW1lKCAgMzU3KTog
CWF0IGFuZHJvaWQud2Via2l0LldlYlZpZXdDb3JlLmluaXRpYWxpemUoV2ViVmlld0NvcmUuamF2
YToxOTApDQpFL0FuZHJvaWRSdW50aW1lKCAgMzU3KTogCWF0IGFuZHJvaWQud2Via2l0LldlYlZp
ZXdDb3JlLmFjY2VzcyQ1MDAoV2ViVmlld0NvcmUuamF2YTo1MykNCkUvQW5kcm9pZFJ1bnRpbWUo
ICAzNTcpOiAJYXQgYW5kcm9pZC53ZWJraXQuV2ViVmlld0NvcmUkV2ViQ29yZVRocmVhZCQxLmhh
bmRsZU1lc3NhZ2UoV2ViVmlld0NvcmUuamF2YTo2MTQpDQpFL0FuZHJvaWRSdW50aW1lKCAgMzU3
KTogCWF0IGFuZHJvaWQub3MuSGFuZGxlci5kaXNwYXRjaE1lc3NhZ2UoSGFuZGxlci5qYXZhOjk5
KQ0KRS9BbmRyb2lkUnVudGltZSggIDM1Nyk6IAlhdCBhbmRyb2lkLm9zLkxvb3Blci5sb29wKExv
b3Blci5qYXZhOjEzMCkNCkUvQW5kcm9pZFJ1bnRpbWUoICAzNTcpOiAJYXQgYW5kcm9pZC53ZWJr
aXQuV2ViVmlld0NvcmUkV2ViQ29yZVRocmVhZC5ydW4oV2ViVmlld0NvcmUuamF2YTo2MzMpDQpF
L0FuZHJvaWRSdW50aW1lKCAgMzU3KTogCWF0IGphdmEubGFuZy5UaHJlYWQucnVuKFRocmVhZC5q
YXZhOjEwMTkpDQpXL0FjdGl2aXR5TWFuYWdlciggICA2Nik6ICAgRm9yY2UgZmluaXNoaW5nIGFj
dGl2aXR5IGNvbS5hbmRyb2lkLmJyb3dzZXIvLkJyb3dzZXJBY3Rpdml0eQ0KVy9kYWx2aWt2bSgg
IDM1Nyk6IE5vIGltcGxlbWVudGF0aW9uIGZvdW5kIGZvciBuYXRpdmUgTGFuZHJvaWQvd2Via2l0
L1dlYlZpZXc7Lm5hdGl2ZU1vdmVHZW5lcmF0aW9uICgpSQ0KRC9BbmRyb2lkUnVudGltZSggIDM1
Nyk6IFNodXR0aW5nIGRvd24gVk0NClcvZGFsdmlrdm0oICAzNTcpOiB0aHJlYWRpZD0xOiB0aHJl
YWQgZXhpdGluZyB3aXRoIHVuY2F1Z2h0IGV4Y2VwdGlvbiAoZ3JvdXA9MHg0MDAxNTU2MCkNCkkv
UHJvY2VzcyAoICAzNTcpOiBTZW5kaW5nIHNpZ25hbC4gUElEOiAzNTcgU0lHOiA5
At first, I thought maybe it was some setting specific to the browser. But then I tried another application that also calls native libraries (CSIPSimple). Whenever CSIP tries to load native libraries, I see something like this:
Code:
RC9kYWx2aWt2bSggIDQyOCk6IFRyeWluZyB0byBsb2FkIGxpYiAvZGF0YS9kYXRhL2NvbS5jc2lw
c2ltcGxlL2xpYi9saWJwanNpcGpuaS5zbyAweDQwNTEzNDg4DQpFL1BqU2VydmljZSggIDQyOCk6
IFdlIGhhdmUgYSBwcm9ibGVtIHdpdGggdGhlIGN1cnJlbnQgc3RhY2suLi4uIE5PVCBZRVQgSW1w
bGVtZW50ZWQNCkUvUGpTZXJ2aWNlKCAgNDI4KTogamF2YS5sYW5nLlVuc2F0aXNmaWVkTGlua0Vy
cm9yOiBDYW5ub3QgbG9hZCBsaWJyYXJ5OiByZWxvY19saWJyYXJ5WzEzMTVdOiAgICAzMiBjYW5u
b3QgbG9jYXRlICdfX2Rzb19oYW5kbGUnLi4uDQpFL1BqU2VydmljZSggIDQyOCk6IA0KRS9QalNl
cnZpY2UoICA0MjgpOiAJYXQgamF2YS5sYW5nLlJ1bnRpbWUubG9hZChSdW50aW1lLmphdmE6Mzk0
KQ0KRS9QalNlcnZpY2UoICA0MjgpOiAJYXQgamF2YS5sYW5nLlN5c3RlbS5sb2FkKFN5c3RlbS5q
YXZhOjUzNCkNCkUvUGpTZXJ2aWNlKCAgNDI4KTogCWF0IGNvbS5jc2lwc2ltcGxlLnBqc2lwLlBq
U2lwU2VydmljZS50cnlUb0xvYWRTdGFjayhQalNpcFNlcnZpY2UuamF2YToxMTkpDQpFL1BqU2Vy
dmljZSggIDQyOCk6IAlhdCBjb20uY3NpcHNpbXBsZS5zZXJ2aWNlLlNpcFNlcnZpY2UubG9hZFN0
YWNrKFNpcFNlcnZpY2UuamF2YTo5MTMpDQpFL1BqU2VydmljZSggIDQyOCk6IAlhdCBjb20uY3Np
cHNpbXBsZS5zZXJ2aWNlLlNpcFNlcnZpY2Uub25TdGFydChTaXBTZXJ2aWNlLmphdmE6ODczKQ0K
RS9QalNlcnZpY2UoICA0MjgpOiAJYXQgYW5kcm9pZC5hcHAuU2VydmljZS5vblN0YXJ0Q29tbWFu
ZChTZXJ2aWNlLmphdmE6NDI4KQ0KRS9QalNlcnZpY2UoICA0MjgpOiAJYXQgYW5kcm9pZC5hcHAu
QWN0aXZpdHlUaHJlYWQuaGFuZGxlU2VydmljZUFyZ3MoQWN0aXZpdHlUaHJlYWQuamF2YToyMDM5
KQ0KRS9QalNlcnZpY2UoICA0MjgpOiAJYXQgYW5kcm9pZC5hcHAuQWN0aXZpdHlUaHJlYWQuYWNj
ZXNzJDI4MDAoQWN0aXZpdHlUaHJlYWQuamF2YToxMTcpDQpFL1BqU2VydmljZSggIDQyOCk6IAlh
dCBhbmRyb2lkLmFwcC5BY3Rpdml0eVRocmVhZCRILmhhbmRsZU1lc3NhZ2UoQWN0aXZpdHlUaHJl
YWQuamF2YTo5OTQpDQpFL1BqU2VydmljZSggIDQyOCk6IAlhdCBhbmRyb2lkLm9zLkhhbmRsZXIu
ZGlzcGF0Y2hNZXNzYWdlKEhhbmRsZXIuamF2YTo5OSkNCkUvUGpTZXJ2aWNlKCAgNDI4KTogCWF0
IGFuZHJvaWQub3MuTG9vcGVyLmxvb3AoTG9vcGVyLmphdmE6MTMwKQ0KRS9QalNlcnZpY2UoICA0
MjgpOiAJYXQgYW5kcm9pZC5hcHAuQWN0aXZpdHlUaHJlYWQubWFpbihBY3Rpdml0eVRocmVhZC5q
YXZhOjM2ODMpDQpFL1BqU2VydmljZSggIDQyOCk6IAlhdCBqYXZhLmxhbmcucmVmbGVjdC5NZXRo
b2QuaW52b2tlTmF0aXZlKE5hdGl2ZSBNZXRob2QpDQpFL1BqU2VydmljZSggIDQyOCk6IAlhdCBq
YXZhLmxhbmcucmVmbGVjdC5NZXRob2QuaW52b2tlKE1ldGhvZC5qYXZhOjUwNykNCkUvUGpTZXJ2
aWNlKCAgNDI4KTogCWF0IGNvbS5hbmRyb2lkLmludGVybmFsLm9zLlp5Z290ZUluaXQkTWV0aG9k
QW5kQXJnc0NhbGxlci5ydW4oWnlnb3RlSW5pdC5qYXZhOjgzOSkNCkUvUGpTZXJ2aWNlKCAgNDI4
KTogCWF0IGNvbS5hbmRyb2lkLmludGVybmFsLm9zLlp5Z290ZUluaXQubWFpbihaeWdvdGVJbml0
LmphdmE6NTk3KQ0KRS9QalNlcnZpY2UoICA0MjgpOiAJYXQgZGFsdmlrLnN5c3RlbS5OYXRpdmVT
dGFydC5tYWluKE5hdGl2ZSBNZXRob2Qp
Are there any veteran android devs that can point me in the correct general direction? I don't need to have my hand held, but having never written any app more complex than HelloWorld, I'm not sure where to begin debugging.
edit: As long as I'm thwarting the parser with Base64, here are the external links I am not supposed to be able to post. I hope it helps someone. Figuring all that out was a lot of work.
Code:
W0xJU1RdDQpbKl1bVVJMPSJodHRwOi8vd3d3Lmpvc2hpYW5saW5kc2F5LmNvbS9pbmRleC5waHA/
aWQ9MTEzIl1BZGRpbmcgT3BlblZQTiBhbmQgbGlibHpvIHRvIHRoZSBBT1NQIHNvdXJjZSB0cmVl
IGFuZCBjb21waWxpbmcgYSBrZXJuZWwgdG8gc3VwcG9ydCBpdC4gSW5jbHVkZXMgaW5zdHJ1Y3Rp
b25zIGZvciBwYXRjaGluZyBPcGVuU1NMMS4wLjBhIHRvIGVuYWJsZSBlbmdpbmUgc3VwcG9ydC5b
L1VSTF0NClsqXVtVUkw9Imh0dHA6Ly93d3cuam9zaGlhbmxpbmRzYXkuY29tL2luZGV4LnBocD9p
ZD0xMTIiXVdyYW5nbGluZyB3aXRoIFVTQiBwZXJtaXNzaW9uc1svVVJMXQ0KWypdW1VSTD0iaHR0
cDovL3d3dy5qb3NoaWFubGluZHNheS5jb20vaW5kZXgucGhwP2lkPTExMSJdTWFraW5nIGEgY3Vz
dG9tIGJvb3QgYW5pbWF0aW9uIGZyb20gYW4gYW5pbWF0ZWQgZ2lmWy9VUkxdDQpbL0xJU1Rd
Thanks in advance for any help you are willing to give.
RT Jailbreak Tool
By Netham45, Version 1.20
An all-in-one program to jailbreak Windows RT tablets using the method recently released by clrokr
Usage
Boot your RT device and log in, allow it to sit on the desktop for about a minute.
Extract all files out of the latest version of the .ZIP attached to this post. To do this on Windows RT, right-click on the .zip, choose 'Extract all', and select the destination folder.
Run runExploit.bat. It'll prompt you to either install the jailbreak to run on login, uninstall it not to, or run the jailbreak once.
Choose an option and follow all subsequent prompts. They're all quite easy and self-explanatory.
FAQ
Q) What does this do, in layman's terms?
A) It allows non-Microsoft ARM-compiled .exes to run on the desktop. That is it.
Update (03/01/2013): The jailbreak now allows unsigned drivers to load.
Q) Can I use this to run Photoshop, Steam, AutoCAD, <Insert commercial product here>?
A) While it is -technically- possible for the companies to port their stuff over to Windows RT using the hack it is extremely unlikely. As a rule of thumb, if it's a commercial piece of software it won't run on the ARM.
Q) Can I use this to run PuTTY, VNC, X-Chat, <Insert open-source product here>?
A) Yes! Open-source programs are ones that you, having the source code, can recompile to work on the ARM. If it's not already available (A small but growing number of programs are) it's easy to get started. There are some useful threads in the Windows 8 Development and Hacking board on XDA-Developers.
Please note that not all programs can reasonably be ported over to ARM, due to either program complexity, overuse of inline assembly, or the current lack of a GNU Compiler
Q) Can I use this to run any random x86 app I find on the internet?
A) No. Apps must be recompiled for ARM. Stop asking why Chrome doesn't run.
Q) Can I use this to hack my Android tablet?
A) Not really. Most Android hacks require custom kernel-mode drivers (APX, Odin, ADB all require drivers that are unavailable), and this hack only allows us to run unsigned User-mode code.
If you don't know the difference between User-mode and Kernel-mode, I'm sure Wikipedia has a good article on the subject.
Q) Will Chrome/Firefox be ported over?
A) I don't see any major technical hurdles for those, but I probably won't be the one to do it.
Q) Are there any precompiled apps for this available?
A) Check out THIS THREAD for a list of all currently known compiled apps.
Q) I ran the jailbreak, now where can I download pirated apps from?
A) Nowhere. This jailbreak does not allow for pirated apps, and it is a long ways off from actually supporting pirated apps. If you manage to get pirated apps to run on Windows RT you will be doing the entire community a large disservice, along with ruining what credibility this hack may have in Microsoft's eyes.
Q) I don't know how to recompile code, can I get someone else to do it?
A) If it's a simple project you can likely find someone who will be more than happy to recompile it for you. If it's a large project with numerous dependencies, or a commercial project, I will be willing to take a look at it and quote a price to do it. (On that note, please realize that I am not affiliated with XDA-Developers at all.)
Q) I keep BSoD'ing! What's up?
A) I haven't managed to track down the cause of the BSoDs, except that they seem to happen when the exploit is ran within the first minute or so of the tablet booting and logging in. If you're getting BSoDs, boot your tablet to the desktop and wait 2 or 3 minutes before trying the exploit. Also, make sure that you're up to date with Windows Updates, as of 2/26/2013.
Q) I ran the .bat and it told me it couldn't find it's bin folder. What's wrong?
A) Extract the ZIP in entirety. Don't just open the ZIP and double-click on the runExploit.bat.
Q) It's not working! What do?
A) Post in this thread describing what you're doing and the issue you're having, do not PM me, even if you don't have the number of posts to post in the developer sections. I'll consider it spam and disregard it. Don't message me on Twitter either, the only place that I will provide support for this tool is in this thread.
Q) Is this persistent across reboots?
A) No, it resets every time the device reboots.
Q) Is this a tethered exploit?
A) No. Tethering is connecting the device to a computer, or other device to jailbreak it. This is done entirely on the device. It just has to be redone at reboot.
Q) Will this work with all the latest updates, as of 02/26/2013?
A) There was an updated .zip posted for the latest update (Patch Tuesday, Feburary 2013.) It should work.
Q) How do I compile apps for the Surface RT? It says I'm missing a bunch of .libs!
A) Visual Studio 2012 does not come with all the required ARM .libs for compiling most desktop apps. Please see THIS post by _peterdn for a useful utility for generating .libs and .exps from the .dlls on the tablet.
Q) Why would you want desktop apps? They suck for touch.
A) Mainly for the library of easily ported software, along with the things that metro apps just can't do. I agree, they're more inconvenient to use with touch, but that's the tradeoff for having a huge library of software. You also don't have to use desktop mode, the tablet still is quite good without it (Except the mail client). I also believe that since it's my device I should be able to do whatever I want with it, regardless of what MS says. Traditionally MS has leaned the same way with Windows, which makes it rather disappointing they chose to lock this platform down.
Q) Will this void my warranty?
A) Since it doesn't persist across reboots chances are the support center will never know, though it may be against the terms of your devices warranty.
Q) Is there any warranty for this program?
A) No express or implied warranty exists.
Q) Your hack caused the paint to chip off my tablet, the felt to peel off my type keyboard, the kickstand to fall off, and my tablet to display nothing but satanic messages while it's on! I want you to buy me a new one!
A) No it didn't, and see my warranty policy.
Q) Can Microsoft patch this?
A) Yes and no. They can patch it through Windows Update, but since we have the ability to reinstall from recovery partitions we can revert any Windows Updates they release.
Q) Will this allow people to run viruses on my tablet?
A) Yes and no, if something malicious is compiled and ran while jailbroken it could act like a virus, yes. Once you reset, though, it'll be gone.
Q) I came across a malicious RT application! Who do I tell?
A) If it's a jailbroken application then the most you can do is make a post informing about it. That's one downside to having unsigned code, there's no one regulating body who can decide what is and isn't available, and manage safety. If it's a store application then I suggest you contact Microsoft. If it's a Modern UI app that requires the jailbreak to run you still may have luck contacting Microsoft, as they can blacklist the developer's certificate.
Q) Can any random Store app do this?
A) No, this requires tools and privileges that Windows Store apps can't possess. The appcontainer model that MS uses is very strict and good at preventing things like this from happening. There's a number of things that flat-out aren't possible to do from a Store app that this uses, not to mention that it would get rejected by MS.
Q) Will I (The user) get my developer license banned?
A) It's possible, though I doubt that MS will do that.
Update: With the new payload (as of 1/18/2013) users no longer need to get their own developer certificate.
Q) Won't you (Netham45) get your developer license banned?
A) Time will tell, I knew the risk when I posted this. I suspect that their banning system is more geared towards piracy, though, which this doesn't really enable.
Update: With the new payload (as of 1/18/2013) my developer certificate is no longer required.
Q) I've got this great feature/idea for the jailbreak! Where can I tell you at?
A) Post it in this thread. Note that the area where we can script and such before the exploit is limited and restricted to pretty much batch scripts, and that I am under no obligation to implement a feature if you suggest it. And, seriously, do not PM me about it. If you don't have the prerequisite number of posts to post in the developer section then go get them.
Q) Can I throw money at you for writing the tool to automate this?
A) There's a donate link on the side of this post. (I'd love to get a Surface Pro. )
Q) Can I throw money at clrokr for documenting the exploit?
A) You'll have to talk to him about that.Here's his profile.
FAQ last updated 2/26/2013 10:17 PM MST
Thanks to clrokr for documenting the usage of the exploit, and to the numerous people who contributed positively in the [Q] Hacking Windows RT to Run Desktop Apps thread
Download is attached to this post.
Update log
Update 1.01(1/10/2013): Uncommented pause in the PS script to install the ModernUI app -- It was causing it not to prompt to install a developer license/my cert for some reason.
Update 1.02(1/10/2013): Fixed issue on non-English devices.
Update 1.03(1/11/2013): Fixed issue with usernames with spaces in them, fixed issue where the user running the jailbreak isn't the first user logged in
Update 1.1(1/18/2013): Redid functionality; it now gets the kernel base inside the payload, instead of requiring a Metro application. Added a startup folder that gets ran after jailbreak. Cleaned up output. Click for more info
Update 1.11(1/18/2013): Added commandline options, added a simple interface to handle creating scheduled tasks to run, added a powershell script to keep it from running if the system hasn't been up for two minutes, added missing startup folder, added sanity check so it doesn't freak out if the startup folder isn't there
Update 1.12(2/12/2013): Fixed the scheduled task to not require AC power to run, tweaked script to not crash on latest patches, Fixed startup folder not getting executed properly
Update 1.12a(2/12/2013): Fixed it to actually work on the latest updates. Oops.
Update 1.13(2/14/2013): Added the ability to dynamically get the signing level. It now requires internet on the first launch, and after an update changes ntoskrnl.exe. This version is slightly experimental, so if it doesn't work use one of the older versions.
Update 1.13a(2/15/2013): Tweaked the script to return from the hook in a way that seems more robust. If 1.12a or 1.13 work for you there's no need for an update.
Update 1.20(3/01/2013): Made the bat use registry keys instead of files in system32, added registry-based startup folder, altered payload to support unlocking kernel-mode code
Click here to download the latest version
Older versions may be downloaded here
(Note: If you wish to mirror this post please retain a link to it at http://forum.xda-developers.com/showthread.php?t=2092158 so users can always get the latest version.)
Nice job! Good to have an all-in-one. Is this tool using the decrement by 0x80000 or trying the option of a slightly lesser decrement?
Also, it would be good to have a unified selection of RT-compiled desktop apps. I'm working on porting Pidgin (the Windows Store IM clients kind of suck...) but it's not easy; the "build under Windows" instructions boil down to "make your Windows system as Unix-y as possible, then build it there". There may be a way to target RT from GCC, but I am not aware of it.
EDIT: What I meant to say is, perhaps a thread linking all the various apps that people have built (preferably with links to their source, for those of us mildly paranoid types who like to see what other peoples' code is doing on our systems) would be a good idea.
GoodDayToDie said:
Nice job! Good to have an all-in-one. Is this tool using the decrement by 0x80000 or trying the option of a slightly lesser decrement?
Also, it would be good to have a unified selection of RT-compiled desktop apps. I'm working on porting Pidgin (the Windows Store IM clients kind of suck...) but it's not easy; the "build under Windows" instructions boil down to "make your Windows system as Unix-y as possible, then build it there". There may be a way to target RT from GCC, but I am not aware of it.
Click to expand...
Click to collapse
I'm decrementing by 0x7EFF0, it seems to not get the 0x18 bugcheck at all with that number. The one it gets if you run it too soon is a different bugcheck.
Install Fails
Brilliant!
I tried running it but it keeps going in an endless cycle because the Metro app fails to install.
Using a Surface with the latest patches from Microsoft.
merill said:
Brilliant!
I tried running it but it keeps going in an endless cycle because the Metro app fails to install.
Using a Surface with the latest patches from Microsoft.
Click to expand...
Click to collapse
Does it give you any error messages when it fails to install?
netham45 said:
Does it give you any error messages when it fails to install?
Click to expand...
Click to collapse
When installing the metro app, the installation fails because the certificate isn't added to the cert-store by default and the batch just tries again.
I uncommented the #Pause in PrintMessageAndExit to read the error message and that made it possible to choose to install the certificate, the powershell just closed otherwise.
After that the metro app installs fine, and tries to start it. I can see the app start, though the cmd still doesn't recognize it and tries to install it again...
I wrote my own metro app for that today and installed it instead of yours and it worked fine with mine.
My App is just this:
protected override void OnFileActivated(FileActivatedEventArgs args) {
WriteAddress((StorageFile)args.Files[0]);
}
private async void WriteAddress(StorageFile file) {
using (Stream s = await file.OpenStreamForWriteAsync()) {
using (StreamWriter wrt = new StreamWriter(s)) {
uint adr = GetKernelAddress.Address.Get() + 0x19FFBC;
await wrt.WriteAsync((adr & 255).ToString("X2") + " " + ((adr >> 8) & 255).ToString("X2") + " " + ((adr >> 16) & 255).ToString("X2") + " " + ((adr >> 24) & 255).ToString("X2"));
}
}
App.Current.Exit();
}
Click to expand...
Click to collapse
sebmaster16 said:
When installing the metro app, the installation fails because the certificate isn't added to the cert-store by default and the batch just tries again.
I uncommented the #Pause in PrintMessageAndExit to read the error message and that made it possible to choose to install the certificate, the powershell just closed otherwise.
After that the metro app installs fine, and tries to start it. I can see the app start, though the cmd still doesn't recognize it and tries to install it again...
Click to expand...
Click to collapse
Having the same issue, uncommenting the pause seems to fix it all for me. I'll update the zip in the top in just a second.
Edit: New zip with that uncommented uploaded.
Metro app failed to run. Trying to (re)install the metro app...
Found certificate: C:\Users\Merill\Downloads\RT_Jailbreak\bin\ModernUI_App\Get Kernel Base_1.0.
Before installing this package, you need to do the following:
- Install the signing certificate
Cannot invoke method. Method invocation is supported only on core types in this language mode.
At C:\Users\Merill\Downloads\RT_Jailbreak\bin\ModernUI_App\Add-AppDevPackage.ps1:497 char:9
+ $IsAlreadyElevated = ([Security.Principal.WindowsIdentity]::GetCurrent() ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MethodInvocationNotSupportedInConstrainedLanguage
merill said:
Metro app failed to run. Trying to (re)install the metro app...
Found certificate: C:\Users\Merill\Downloads\RT_Jailbreak\bin\ModernUI_App\Get Kernel Base_1.0.
Before installing this package, you need to do the following:
- Install the signing certificate
Cannot invoke method. Method invocation is supported only on core types in this language mode.
At C:\Users\Merill\Downloads\RT_Jailbreak\bin\ModernUI_App\Add-AppDevPackage.ps1:497 char:9
+ $IsAlreadyElevated = ([Security.Principal.WindowsIdentity]::GetCurrent() ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MethodInvocationNotSupportedInConstrainedLanguage
Click to expand...
Click to collapse
Try the new zip I just uploaded, I believe I fixed that.
Edit: I see what happened. The file that MS distributes has a signature at the bottom which allows it to make unrestricted system calls and when I commented out the pause I broke that.
Very Nice job! Thank you again!
Yahoo!!! Works. Have PuTTY running. Now to get all ARM compatible apps in one place!
merill said:
Yahoo!!! Works. Have PuTTY running. Now to get all ARM compatible apps in one place!
Click to expand...
Click to collapse
Glad to hear it's working.
Now, 6 AM, time to go to bed.
merill said:
Yahoo!!! Works. Have PuTTY running. Now to get all ARM compatible apps in one place!
Click to expand...
Click to collapse
I agree! If anyone gets Utorrent working ill be eternally greatful
Sent from my HTC One X using xda premium
vincepg13 said:
I agree! If anyone gets Utorrent working ill be eternally greatful
Click to expand...
Click to collapse
With 7Zip, Putty and an .Net 4.0 FTP Uploader app... all I need now is a Transmission console and I no longer really need my laptop.
Would be great to associate .torrent with Transmission on the Surface.
What other "needed" apps that are projects (like SourceForge) that people can think of?
MediaInfo would be handy... wonder if it could also integrate with explorer...
Perhaps this discussion needs its own thread
I'm actually starting a thread for this topic... but since we're here, one thing that would be awesome (instantly add support for a ton of software) would be a Java runtime. Unfortunately, they're huge and complex beasts, and tend to either require assembly or be buildable only on Linux (sometimes both...).
in asus vivo tab rt , I can not go where I say,
please press the volume down now
Silverlight ideally. But it sounds like thats a no go.
Also Chrome or Firefox would be good!
Filezilla would also be nice.
Nice work guys.
It works, but I still get the SmartScreen filter when I try to run apps from Explorer. When I run them from command line, it works fine.
I believe there's a registry entry that needs to be changed, but I don't remember what it is.
randomned said:
It works, but I still get the SmartScreen filter when I try to run apps from Explorer. When I run them from command line, it works fine.
I believe there's a registry entry that needs to be changed, but I don't remember what it is.
Click to expand...
Click to collapse
in the pop up, click more info then click 'run anyway' - itll never bother you again for that app.
will this work with the latest updates installed
AnJaRoot stands for Android Java Root, and it's just that - a replacement for the previous generation of supersuer access on Android. The days of calling su to execute scripts in a limited environment are over, developers are now able to perform previously restricted actions directly from Java!
This is the official Developer Support Thread for the AnJaRoot Library - Please focus your post on the Library, everything about the app should go here.
For more informations about AnJaRoot, please visit main thread or go to http://www.anjaroot.net/.
Getting Started
To start using the AnJaRoot Library, download it from the main thread or from the homepage. You will need the AnJaRoot-Library.jar, optionally also the provided JavaDoc jar. Integrate it as a dependency in your app and you are ready to go!
Resources
I'ts always easier to start with a sample and some documentation at hand. I've started the AnJaRootTester project to serve as a reference for the library usage as well as testing if AnJaRoot is correctly running and installed on a device. While it's not the cleanest app the world has ever seen, it shows pretty good how to integrate AnJaRoot into your app.
You may also like the online library documentation.
Feel free to post anything which is related to the library itself and happy hacking!
Luminger said:
AnJaRoot stands for Android Java Root, and it's just that - a replacement for the previous generation of supersuer access on Android. The days of calling su to execute scripts in a limited environment are over, developers are now able to perform previously restricted actions directly from Java!
Click to expand...
Click to collapse
Nice! And very different from how I implemented Java code support in RootTools.
A question regarding your NOTES file: you write that setresuid() is inlined. Where is it inlined? If you use LD_PRELOAD, your own library will be hit first, and you can ask the compiler not to inline your code.
Yea, it turned out pretty simple I think
After reading the NOTES file again, I have to say that I was wrong on the comment placed there regarding inlines getresuid()/getresgid() calls.
You are right, your library will be hit first when it comes to external symbol resolve. But this only works for dynamically linked symbols, not for anything which is inlined or comming directly from the executable. I'm currently evaluating switching to ptrace() to place my capset() hook as it would interop with Xposed without it even knowing - so it may become obsolete soon anyway.
I can remember that I poked around in the compiled libraries pulled from my device, searching for external symbols I could replace. I looked at the wrong files and assumed that the compiler inlined those calls. Looking back this conclusion is so wrong, it would be awful if the compile would inline calls to shared library symbols
AnJaRoot 1.1.0 is now compatible with Xposed. It can be downloaded from http://anjaroot.net or the main AnJaRoot thread here at XDA.
You have to reinstall it via the provided update.zip to get Xposed compatibility. The library change is upward compatible, updating is recommended but not needed.
Hello, if you know what cSploit is you also probably knows that it's buggy and outdated.
I have taken time to rebrand the software, mixing versions, and modifying code.
My goal was to fix the login cracker which was not giving status output since the C regex was broken, so I re implemented the original dSploit 1.0 fashion - each tried passwords are shown - and the progress bar is effective. Also did modify the java code and res to be able to fully use hydra (more options, and most importantly being able to pass http related plugins parameters).
Metasploit is outdated, and ruby 1.9 cannot run the lattest version; so I switched to version 2.7, which is running: we can install gems.
Issue is that when downloading the MSF and setting it up, the bundle doesn't return, and gives no output. I don't know what is happening here, there may be a prompt for administrator's password so I run 'bundle install' as root, but it doesn't change anything.
gem install bundler does succeed, but not bundle install, showing forever "downloading gems". This part is tricky and I need people to look upon it with fresh eyes (I spent too much time on the code).
I'm calling the project eSploit and renamed a lot of things like package name, since I have been working alone and that the cSploit project is utterly abandoned, but still is delivered on platforms like nethunter store despite the bugs and EOF notice. So don't judge me on taking it over since no one cares.
Status is:
Nmap: fully functionnal
Hydra: restore not working (restore file's path issue)
Exploit finder: Not working since the MSF doesn't update yet -see above- , and that is the milestone.
MITM: not tested, might just get rid of it.
There is a change of strategy in the way we will retrieve exploits, instead of contacting outbound server and pass it the result of the inspector, then seeking in the metasploit database for the CVE, we will just pass the inspector's result to metasploit. No difference, and the thing will be working on local networks without internet connection,
To be honest this is a bit like pinning a nail with a bulldozer, but for now there is no alternative.
Submodules are removed from git, instead there's a big working tree with all the dependencies.
Note that the openssl library originaly shipped with the package doesn't 'work' with most newer software, hence are we using 1.1.1l for ruby, and will either stick to the lattest for older softwares (like hydra 8.8) or update the programs, so now only nmap is working.
So you tell me what you think of it, and don't hesitate to report bugs on github, ask me questions about the architecture of the software (originally designed by simone margaritelly), and help me finding a solution to the main issue.
GitHub - e2002e/eSploit: cSploit - The most complete and advanced IT security professional toolkit on Android.
cSploit - The most complete and advanced IT security professional toolkit on Android. - GitHub - e2002e/eSploit: cSploit - The most complete and advanced IT security professional toolkit on Android.
github.com
This is very cool. It would be really cool if this is working. I hope that you can fix these Problems
cSploit, dSploit.. now eSploit i really like this program.
Any similarities with zANTI ?
I am very interested in this project! But the github page is offline Are you still working on this?
Hi people, I got to some reasoning that this was not needed, though being cool to have the metasploit framework for android, I remember now how younger I tried to hack into things without a proper vulnerability scanner. This results in frustration. You can't know just from an nmap scan what exploit to launch. This thing would be awesome with (for instance) greenbone. But as is it is like attacking tanks with guns.
So I dropped it and deleted the repository.
Thanks for your reactions.
What happen it's not available