Related
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Quick question?
Are the CAB's signed, if not are you installing the 'signed' unsign CAB 1st .
Edit: Thinking more about this (and realising that the 1st thing you do is disable signing in your ROM's ) can you provide a little more info about the CAB's (maybe an offending CAB if the content is not private?).
I managed to replicate this issue with a CAB that had a warm reset as part of it's install process (seems to bork the autoexec batch process) and I have had a similar issue with a CAB that just contained some simple OMA in the _setup.xml.
John
yes, that's the point. But how to make any Unsigned CABs become Signed?
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
djwillis said:
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
Click to expand...
Click to collapse
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
gamescan said:
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Click to expand...
Click to collapse
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
huangyz said:
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
Click to expand...
Click to collapse
So, where did you found the signed Disable_Cert.cab?
faria said:
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
Click to expand...
Click to collapse
Sorry to ping an old thread - flogging to proceed immedietly after...
Being that this is a windows device, isn't there a flag that can be passed when executing the cab - like you can on a windows installer application? Similar to setup.exe -q or whatever you're trying to do. Some flags set the answers to yes, admin mode... you get the picture. Does the cab installer engine allow similar flags to get passed with the cab execution command?
In PPC, it calls wceload.exe to install and uninstall a cab.
As shown in http://msdn2.microsoft.com/en-us/library/ms926281.aspx , the only possible argument is to ask or not ask for destination, but no quiet mode.
How can you call wceload.exe manually at ExtROM installation may be a question.
"the device is unable to boot because either you have turned off the device incorrectly or tried to install an application from untrusted source.
press volume up to reset your device or press any other botton to cancel
this operation will delte all your personal data......"
the above messege is my subjected problem. whenever I do fresh hardreset and after that install any new software and do reset this messege come to my face....
any there anything to correct it........
Actually it was perfect once a months ago but then I suddenly tried to change sim of my mrs. It started to giving me problems... 1st it was not taking any sim even my already working sim, then I repaired it from market now
1) very less battery timing
2) and take too much time to boot
3) every new app installation gives subjected error.
4) not Rom flashing, stuck at 0% (this problem is older than subjected)
5) Network Signal fluctuation
6) After closing call, it hangs up a little bit....
so much problems I have, Please any solution would be appreciated....and thankful to bear my long magazine size issue....
SDKcert - software developers kit certificate(s)
It's the first application I install;
SDKcerts.cab
If you want to remove it..
RemoveSDKcerts.cab
You will need this to run certain applications and carrier settings (most notably Orange cq T-Mobil).
Do you know what an SDK is? its a developers pack. Do you know what a signed program is? Commercial programs are usually signed. certifying their integrity. Most freeware isnt. Problem is the phone is picky about allowing unsigned apps, or programs modification of signed apps. SDKcert is a developers certificate so the phone accepts unsigned apps and allows modification due to development status. Many programs you use NEED sdkcert installed for them to be allowed to run.
Hope this helps,
Senax
Very sorry to say, the problem is still there even installed your suggested-SDKcerts.cab after hard reset but still receiving same problem.
Actually I repaired my mobile and after coming from repairer shop its giving me following problems:
1-mobile booting speed very slow (sleeps on Touch DIAMOND2 screen about 3,4 minutes)
2-after coming to home screen gives many times the error (We're Sorry..."A problem has occurred with device.exe")
3- after installing any new software (those installed and worked without giving any error before repairing) gives the subjected error..
Thanks for your reply and hoping to get more help from you and other peers
Then lets move to file information!
Helle again,
Via PEinfo (Portable Executable) one can obtain information;
Features:
- Information about PE files (executable file and dll in Windows and WindowsCE)
- Shows from what dll depends executable file
- Auto detect some other files *cough*
- Hexviewer
- Image / extraction of resources (icons, images, sounds, dialogs, etc.)
- Determine the processor type and operating system for the assembled file - The program analyzes the resources and applications for Pocket PC
- Information about required to run the modules (DLL) and check their availability -=[can help find the cause of a system message "Can not find file or one of its components," attempting to start the file]=-
- Automatic determination of more than 350 file types, other than PE
Dependency Walker (Win32) is a freeware program, with which you can view several file extentions their dependencies.
Use it when your device is cradled
Success and let me know if these linx helped for you..
Senax
Sir, Senax! what is this? I really don't understand it, I need my system to start without giving this error how can I rid off from this, Can you please tell me how is it possible. Can you please tell me in a simple way if you are experience of this software that how this software can help me to solve my problem
[WIP][HTC 8x][8.1]Fiddler2 Update Utility UEFI, BOOT Dumps & Templates[ExploitsFound]
heres the story. i hex edit, spyder, leech, rip, hack all day everyday from my inseure server. always trying to break security on multiple platforms and remote locations. anyways my pc is just filthy. my devices probably have more imfections than a skid row street hooker. the is no exact explination on how this happened but all i know is a combination of a app\xap called webserver native access 0.4.3 , xenu url checker for pc and fiddler2 all running on the same ip and port [9999] started doing strange things. i fiddles when i typed in the address that webserver xap gave me while spyder crawling my phone with xenu,fiddler picked up lots of certificates while decoding system files.then o e after another probably 5 or 6 updates poped up on my phone. ive already had 3 windows 8.1 updates in the past. and wasnt aware of anything new. . also fiddler never picked up any remote link only local. strabge thing is i think rom updates for other devices got flashed to my phone. anyways the phone still works. im not sure the exact situation but the other day microsoft gave me a security signed symantic enterprise mobile code signig certificate when i made my store on the app studio website. i could of swore it was something of 250 dollar fee to get symantic to sign the cert for you. cant rember the process i went through a year or 2 ago when i need a cert signed. nice of mixrosoft the hook it upi guess. thats not enen the start with certs . i ripped hundreds of crt and crl from ruu's including qualcomm protected root ca's htc-cert , uefi keys, pulled from my device. anyways i had a dumb idea to install all of these onto my pc. what a dumb/smart mistake good happening. now i cam download all ota cabs with out going through proxy loops, and now have deeper access to htc and qualcomm based devices, it seems as the mpment i plug and windows phone with secure boot locked within minutes the device registery hive syncs with my servers hive and forcesthephone to disable uefi secure boot since my server isnt uefi compatible. i not if any sense is made here. ........soonyou will be seeing custom roms for htc8x fully flashable with out the use of a ycable. 2 jumps away from fullly rebuilding partitions from a 3.41 ruu . new roms will be a completely different platform. choice is in the air. right now my htc 8x is compiled from a mixture of windows phone 7 & 8, embedded compact 2013 and windows RT. strange thing is my device is based on gdr2..
my thumbs hurt from thping this on my nexus. sorry for the bad grammer and broken up sentences.
one last note anybody know wherr to get the OAK (OEM Adaptation Kit) layers and the 9600_POWERTOOLS with out having to sign up as an oem for microsoft.? I Have part of oak but only the portion for embedded compact 8
if anybody woild lit to join in be my guest. the more heads in this project the faster we break one of the most secure phones in the world. i will get everyone caught up wothin the soon on info. got to sort my files.
as of right now i think the ruu_signed.nbh is actually a .egisenx file extension which can be decrypted with edatasecurity by acer. once i find the framework software to install edatasecurity. i will give it a shot. in the mean time in anybody has an acer or gateway computer with that software installled on it already you could take a crack at. pick up any ruu_accord and 7z the exe file directly open the ruu_signed.nbh with a hex editoe without extracting the file and save the the nbh as a .egisenx file extension then proceed to attempt to decrypt. if it requires a password. i will provid some strings i pulled from the hexeditor. even beter if anybody has decrypting software that might work too.
also some of the htc 8x partitions arr encrypted SHK (SENTENIAL SKYNET) this is interensting i think this might be easier to crack.
softqare used so far in project accord
Revskills final release
Revskills 1.xx
qmi by revskillz
winrar good for converting damaged files
7zip good old extract to temp location
telerik justdecompile standalone version or visual studio extenson
webserver 0.4.3 or 0.5.0 .xap for wp8 winpone8 works on windows phone 8.1 also!
xenu url checker
fiddler2
winhttrack rip my phone like a website
010 editor with lots of custom scripts templates and syntex.
hhd hex editor is optional
hiew hex editor for the pros. still experimentig with this one.
lots of time.
cmd.exe and ecery damn xommand executible you can find that rips, strios, converts, merges, splits de/compress makes thing go backwards forward up down and flip around.
lots more fime
brew mp
win phone 7 tools.
OAK
osbuilder for wp7
basicly any file you can find that de/compiles that was made my microsoft mobile, embedded or ce department.
wak, wdk, hck 8.1 microsoft hardware tools
visual studio 2012 2013.
visual studio .net compiler 'rosylin'
lots of samples.
2014-05-24
RUU PARTITION RIPPING THE EASY WAY.
7zFM build 932 can directly open any file when using the options in the contex menu. just right click on the .ruu_signed.nbh highlight 7z open with arguement submenu and eithe choose # option or the #e option. both arguements work but with different outcomes. when 7z is done loading you will end of with a numbered liat of files some witj or without extensions. extensions as folowing .efi, .elf, .fat, .ntfs, .exe. all extenses with extensions open. the fat files are complete partitions. thw ntfs partition is metadata that is also embedded with in a file called boot.sdi located in one of the fat partitions. the exe files are normal MZ PE executable system32 applications. efi executable files are also located within the fat partitions. the elf files which strangely exist within the phones operating system can be extracted and read with a hex editor. strange that windows phone contains elf. considering Microsoft binary format is COFF/PE. DOWNLOADS WILL BE UP SOON FOR DEVELOPMENT. it is a possibility that the boot partition ripped form a accord_u_wwe was part of the updateos.wim. therr is refrence on how to add packages to the wim on the windows phone developer oem site.
an interesting experement done which worked on nokia ffu files. convert the nokia ffu to a vhd using winimage with fixed size settings. once completed. mount it with osfmount tool. none of the partitions show up nor are they mountable. so i proceded to generate a raw img from the vhd in osfmount which put out a raw img just over 7gb. jezuz the vhd was only just over 1gb. decided to mount the raw img using diskinternals linux reader and what do you know every partition showed up. even the secret one. most were still unable to open but boot uefi data and mainos. it did give me good insite on what to look for and discover within the windows phone lock filesystem.
There is a metadata file hidden deeply with MFT (MasterFileTable) called $Boot. this $Boot file header is R.NTFS.
i will get more in depth on thia later.
File system encryption used for the MAINOS is called RSDS mi. very hard maybe impossible to reverse engineer. I did find an explination in a .text file located inside of the file Liveupdate.exe located in The windows/system32 folder of my phone. the file gave vague instructions on how to compile an Fupdate.xml template which and be used to push update packages over wifi. more details layer.
Possibility to mount several partitions including mainos directly on my pc by minipulating binary regestery keys on windows 7. more soon.
Found these in my pc. Going to play around with them see what happens
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\WP8]
[HKEY_CURRENT_USER\Software\WP8\DL]
"MODE"=dword:d10ad121
"CSC"=hex:00,00,00,00
"SBL"=hex:00,00,00,00
"RPM"=hex:00,00,00,00
"UEFI"=hex:00,00,00,00
"ACPI"=hex:00,00,00,00
"MainOS"=hex:00,00,00,00
Click to expand...
Click to collapse
Diffrences in files located in the fat16 partitions cross refrenced branded and unbranded ruu's csv.cfg on the branded ruu has the radio build number defined while the unbranded ruu is blank 00 hex bytes through the entire csv.cfg file. RADIOVER.CFG unbranded ruu has anextra line IMEI line configured to 1 while the branded ruu is missing the imei line. my guess is with the imei 1 assignment with the unbranded ruu is once the device gets flashed with the original firmware it also gets assigned a new imei as well. just my guess. some insite would help on this.
Well, as the dev of NativeAccess I'm certainly very interested in what you found. My first guess is that you wandered into the section of the registry where the phone's certs are stored (yes, it's readable), although the format that the app returns them in isn't something that would normally be recognized as a certificate. Which means my *best* guess is that you wandered onto some certificate files stored on the phone in a readable directory, because the server app will let you download files
Everything from there is Really Weird though, and we'll need to investigate it more. I should spin up some VMs to try this... anyhow, getting additional updates to your phone is pretty weird, so let's start with that. Did you install those updates? What were their descriptions (i.e. what did they say was getting updated)? What are your current phone version strings (OS, Firmware, etc.) from Settings -> About -> More info (and do any of those look notably different than you expect)?
Installing certs ripped from RUUs onto your PC is... well, I would never have tried it on my main box, but now I really want to try it on a VM. Do you have the list of certs you installed anywhere handy? What ROMs did you rip them from, and where in those ROMs?
Deeper access into WP8 devices sounds *seriously* interesting! I don't have a modern HTC (only my old HD7, a WP7 device) but I could probably obtain one, at least temporarily, for research purposes. What registry hives do you think are synching (and why do you think it's a synch)? Is it actually turning off Secure Boot for real, or just causing the registry to report that it's off? (We can override the report value on Samsung WP8 phones, but that does no good.) If you've managed to turn off Secure Boot on HTC WP8 devices, you've probably just found the door to custom ROMs and possibly other fun hacks. Do you have any non-HTC WP8 devices you could test with too, to see if anything else interesting is happening?
Good luck cooking up those custom ROMs! That is unfortunately not my field at all, so I can't really help... but it would be pretty cool to have the ability to run RT instead of / in addition to WP! There's also a ton of tweaks and unlocks we can do if we have totally arbitrary access to the device and no pesky code signing enforcement getting in the way.
GoodDayToDie said:
Well, as the dev of NativeAccess I'm certainly very interested in what you found. My first guess is that you wandered into the section of the registry where the phone's certs are stored (yes, it's readable), although the format that the app returns them in isn't something that would normally be recognized as a certificate. Which means my *best* guess is that you wandered onto some certificate files stored on the phone in a readable directory, because the server app will let you download files
Everything from there is Really Weird though, and we'll need to investigate it more. I should spin up some VMs to try this... anyhow, getting additional updates to your phone is pretty weird, so let's start with that. Did you install those updates? What were their descriptions (i.e. what did they say was getting updated)? What are your current phone version strings (OS, Firmware, etc.) from Settings -> About -> More info (and do any of those look notably different than you expect)?
Installing certs ripped from RUUs onto your PC is... well, I would never have tried it on my main box, but now I really want to try it on a VM. Do you have the list of certs you installed anywhere handy? What ROMs did you rip them from, and where in those ROMs?
Deeper access into WP8 devices sounds *seriously* interesting! I don't have a modern HTC (only my old HD7, a WP7 device) but I could probably obtain one, at least temporarily, for research purposes. What registry hives do you think are synching (and why do you think it's a synch)? Is it actually turning off Secure Boot for real, or just causing the registry to report that it's off? (We can override the report value on Samsung WP8 phones, but that does no good.) If you've managed to turn off Secure Boot on HTC WP8 devices, you've probably just found the door to custom ROMs and possibly other fun hacks. Do you have any non-HTC WP8 devices you could test with too, to see if anything else interesting is happening?
Good luck cooking up those custom ROMs! That is unfortunately not my field at all, so I can't really help... but it would be pretty cool to have the ability to run RT instead of / in addition to WP! There's also a ton of tweaks and unlocks we can do if we have totally arbitrary access to the device and no pesky code signing enforcement getting in the way.
Click to expand...
Click to collapse
right now im hexediting ruus and they seem almost completely decrypted. its strange becUse a few weeks ago they were all scrambled.
i will postnmy findings on my website for every one to view
i rememersomeones post on possible certificates could bethekey to jailbreaking qindows phone 8. i think theymight beright
it said the updates i got stated they would further enchance my device. windows phone 8.1. funny.
i ripped certs from several ruu_accord_u and img_accord_u packages. i have 9 or 10 htc 8x ruu's stashed.
i installed the certs that had embedded htc_cert, qcom, qualcomm, symantic, uefi, and a few others i cant remember them all.
i have a lot to catch everybody up on. about 50gb of findings from accord ruu's and from files ripped from my phone. its a cluster **** of work.
uefi flashing
uefi disabling
source code
software lots of software refrences found.
wince800
winrt
qcomedk2 = edk2 part of the original dev kit ised to build flash dump reflash enable and disable uefi bios
certificates thousands of crl cer in every device. even the smallest file has a certificate. and i found their passwords
rsa-keys in the tesst faze
uefi keys
esn keeys
every partition size, format, offset and sector size.
port numbers and usages
every single registery key
.....
.....
keeps going on.
reserved
grilledcheesesandwich said:
reserved
Click to expand...
Click to collapse
reserved
Hi all,
A while ago I managed to install LightJB thanks to this forum; the phone became a lot snappier because that ROM had ditched a bunch of bloatware.
Just now, I ran a PC system scan with Ad-Aware which detects in the file "LightJBv1-2.zip", a trojan called "SMSspy". The ROM is too big to upload, but its size is reportedly 417 MB (437.476.670 bytes), and the size on disk is 417 MB (437.477.376 bytes). Unfortunately I have not written down from what mirror I downloaded the ZIP file, but it was a link listed here as I slavishly followed all suggested steps. I did a search for 'virus' and for 'LightJBv1-2' and did not find any report on this. This leads me to believe that more people have downloaded the file. Possibly the ROM has been used as a basis for other ROMs (I am quite a n00b, so perhaps this is a dumb remark:cyclops.
I was wondering whether this might be a false positive, or perhaps if someone that has the LightJB v1-2 installation file on his/her PC could try to verify if the Ad-Aware scan was correct or not?
I am using some government services that require an SMS verification system, which makes me worry a bit..
Kind regards and please do let me know if more info is required,
Wouter
wouterwp said:
Hi all,
A while ago I managed to install LightJB thanks to this forum; the phone became a lot snappier because that ROM had ditched a bunch of bloatware.
Just now, I ran a PC system scan with Ad-Aware which detects in the file "LightJBv1-2.zip", a trojan called "SMSspy". The ROM is too big to upload, but its size is reportedly 417 MB (437.476.670 bytes), and the size on disk is 417 MB (437.477.376 bytes). Unfortunately I have not written down from what mirror I downloaded the ZIP file, but it was a link listed here as I slavishly followed all suggested steps. I did a search for 'virus' and for 'LightJBv1-2' and did not find any report on this. This leads me to believe that more people have downloaded the file. Possibly the ROM has been used as a basis for other ROMs (I am quite a n00b, so perhaps this is a dumb remark:cyclops.
I was wondering whether this might be a false positive, or perhaps if someone that has the LightJB v1-2 installation file on his/her PC could try to verify if the Ad-Aware scan was correct or not?
I am using some government services that require an SMS verification system, which makes me worry a bit..
Kind regards and please do let me know if more info is required,
Wouter
Click to expand...
Click to collapse
Whats the file name which antivirus find it as virus?
Force said:
Whats the file name which antivirus find it as virus?
Click to expand...
Click to collapse
thanks for the reply. I have made a screendump to prove my point about the ZIP (attached). I then unpacked and scanned the contents hoping Ad-aware would pinpoint the file containing the SMSspy.GD trojan. However, it did not find anything Does this mean it is a false positive? I don't know, but Ad-aware does continue to find this Trojan in the ZIP file...
F-Secure has written about the SMSspy trojan and what the code does. Unfortunately I'm not allowed to post a link there, but searching Duckduckgo with this "On Android threats Spyware:Android/SndApps.A and Trojan:Android/SmsSpy.D." does bring up the site immediately. I'm reckoning someone could change some values in that code to make a phone running the hacked app send data to himself. Perhaps someone on this forum recognizes where this code may be put and help with this search. Anyone with the F-secure virusscanner could also download the LightJBv1-2.ZIP file and go through the contents.
I have scanned several more times since then and no suspicious file was found... I downloaded the Avira scanner hoping that it would find SMSspy.GD too, but to no avail. Avira does find code of Rootor.RH (listed as a virus in their database) in the Superuser.apk files, but I'm guessing that is a false alarm that has to do with the function of the Superuser app.
wouterwp said:
thanks for the reply. I have made a screendump to prove my point about the ZIP (attached). I then unpacked and scanned the contents hoping Ad-aware would pinpoint the file containing the SMSspy.GD trojan. However, it did not find anything Does this mean it is a false positive? I don't know, but Ad-aware does continue to find this Trojan in the ZIP file...
F-Secure has written about the SMSspy trojan and what the code does. Unfortunately I'm not allowed to post a link there, but searching Duckduckgo with this "On Android threats Spyware:Android/SndApps.A and Trojan:Android/SmsSpy.D." does bring up the site immediately. I'm reckoning someone could change some values in that code to make a phone running the hacked app send data to himself. Perhaps someone on this forum recognizes where this code may be put and help with this search. Anyone with the F-secure virusscanner could also download the LightJBv1-2.ZIP file and go through the contents.
I have scanned several more times since then and no suspicious file was found... I downloaded the Avira scanner hoping that it would find SMSspy.GD too, but to no avail. Avira does find code of Rootor.RH (listed as a virus in their database) in the Superuser.apk files, but I'm guessing that is a false alarm that has to do with the function of the Superuser app.
Click to expand...
Click to collapse
My antivirus ( G Data antivirus) find in harshjelly rom a virus too in MobileTrackerEngineTwo.apk and at description was writing something like Android.Riskware.sms... I scaned with same antivirus same apk from system folder from stock jb firmware and it doesnt find any virus. So i dont know what to think or what to say...
Force said:
My antivirus ( G Data antivirus) find in harshjelly rom a virus too in MobileTrackerEngineTwo.apk and at description was writing something like Android.Riskware.sms... I scaned with same antivirus same apk from system folder from stock jb firmware and it doesnt find any virus. So i dont know what to think or what to say...
Click to expand...
Click to collapse
I have it!! That is, Avira did find it this time:
--> system/app/DSMLawmo.apk
[5] Archieftype: ZIP
--> classes.dex
[DETECTIE] Bevat code van het virus ANDROID/SmsSpy.S.Gen
Click to expand...
Click to collapse
(Dutch version, reporting "[DETECTION] Contains code of the virus ANDROID/Smsspy.S.Gen")
Apparently, the classes.dex file in the DSMLawmo.apk contains the Trojan code. What does this file do and who can open the APK file and check whether the code from the SMSSpy trojan (see my previous post about the F-secure forum message) is actually being misused??
best regards, Wouter
Attached:
- screendump showing Avira found the virus in the DSMLawmo.apk file,
- the Avira log (also finding code of another virus in Superuser.APK - I am guessing this has to do with the fact that Superuser is root-related and therefore scares the virusscanner),
- and.. the infected APK file. I renamed this file to make sure people don't run it unintentionally. SO please, only run the APK if you know what you're doing! I take no responsibility for any damages coming from running it (as a matter of fact, I might be a victim myself as I installed and am still running JBLightV1-2 on my Samsung Advance S). I do think the importance of uploading this file outweighs the risks as developers may have unwillingly and unknowingly contributed to spreading malicious code through this great community. It may - after all - also be a false positive, but two scanners have now found the SMSSpy trojan independently.
Please tell me how to remove G data Internet security ? When I try to remove from Goole Play, tell me to the this application is Administrator on device, and I must deactivate first , and try remove ?
How to deactivate???
Try in Settings --> Security (on CM11, on Stock look for something similar)
Wysłane z mojego GT-I9070 przy użyciu Tapatalka
XDADev Forum i9300 ROMs contain trojans
Just bumping this post as it appeared on google when I looked up the smsspy.s.gen virus. The Avira database had this to say:
The file is a malicious Android application that undermines the security of the device or the privacy of the user. Typically, Android malware attempts to steal personal or account information, gain access to device functions via backdoors, send text messages or dial premium numbers, and lock or encrypt the device so the user must pay to unlock the device.
Operating System: Android.
This piece of malware is able to steal sensitive information.
Aliases
AVG: Android/G2M.R.FB4923BB003A
Avast: Android:SmsSpy-KB
Dr. Web: Android.SmsBot.439.origin
ESET: Android/TrojanSMS.Agent.AAJ trojan
Kaspersky Lab: HEUR:Trojan-Spy.AndroidOS.SmsThief.es
So in general, this isn't some harmless adware and what is more disturbing is that my anti-virus didn't detect the trojan when I downloaded the I9300XXUGNH4.LiteROM zip file. The trojan also appears to remain dormant for several weeks before activating. It's damage isn't limited to Android since it was hijacking Java files on my PC and dropping a Bladabindi backdoor virus into them. I also found that another APK file called DSMLawmo contains the same virus. So in short, the xdadeveloper forum is a minefield of trojan software which the administrators really need to do something about since it undermines the trust of it's users.
Hi,
with all those Lumia posts I'm wondering if it is also possible to interop-unlock a Samsung Ativ S with the latest software (8.1 Update 1 or later) on it *without* a prior downgrade to 8.0 GDR2/GDR3. If it is possible please tell me how or where to find the answer (my search yielded no result so far).
With interop-unlock I mean accessing the 'full' file system and registry and having additional capabilities just like it was/is possible with 8.0 GDR2.
Thanks.
Unblock RPC (file called "Non-production errors.txt" in the Documents folder of the phone, if I recall correctly). There are now two options:
First option: use chamber hijacking.
* Move an app with ID_CAP_INTEROPSERVICES (I like to use HTC's silly "Converter" app; it should still be available on all devices, but other targets are more popular) to the SD card.
* Either sideload or unzip and copy the contents to the SD card an app that uses Samsung RPC to write to the registry. You may need to remove ID_CAP_INTEROPSERVICES from the app before sideloading.
* Use any of the several tools for app hijacking, or do it manually (remove the Hidden and System flags from D:\WPSystem, then rename D:\WPSystem\apps to something like D:\WPSystem\apps1, then delete the files from the install folder of the app that you're hijacking, then move or copy the files from the install folder of the app that uses RPC into the install folder of the app you're hijacking; don't forget to un-rename the apps folder afterward).
* Run the hijacked app; it should by the registry editor app you replaced it with instead, and you can now interop-unlock the phone.
Second option: Use @djamol's "Root Tool" app from the Store, or another app that can modify its own capabilities via SD card tricks.
* Install "Root Tool" from the store; it should show up in Search.
* Move it to the SD card if it wasn't installed there to start.
* Run the app, hit Help, and follow the instructions (several of them are similar to the manual instructions above, but at the end you have to move the app from SD back to Phone before the trick works).
Note that in either case, the EnableAllSideloading app won't work (technically BootstrapSamsung will, but you shouldn't use it since it assumes EnableAllSideloading will be used afterward). Microsoft basically removed the capability that EnableAllSideloading relies on.
Thanks for your reply! So basically the same way works with Ativ S that works with Lumia and you don't need the Samsung diagnosis tool anymore. You just need SamWP8 or a similar tool that uses Samsung RPC after unblocking RPC.
I'll give this a try on the next weekend(s). :good:
Yeah, basically just that. The diagnosis app no longer has the registry editor, and the steps needed to launch to a specific page in an app (such as the reg editor) are technically still possible but are identical to just installing an interop-based registry editor (via hacks), so do that instead.
GoodDayToDie said:
Yeah, basically just that. The diagnosis app no longer has the registry editor, and the steps needed to launch to a specific page in an app (such as the reg editor) are technically still possible but are identical to just installing an interop-based registry editor (via hacks), so do that instead.
Click to expand...
Click to collapse
But after is it possible to unlock all capabilities?
How to interop-unlock now?
Mattemoller90 said:
But after is it possible to unlock all capabilities?
Click to expand...
Click to collapse
I'm curious about that as well.
I tried the second option from (you) GoodDayToDie: It is not possible to use Samsungs Registry Editor component from Root Tool after following the instructions (moved app to SD, deleted the two files, moved stuff from HACK-subfolder to its parent, moved app to phone memory; file "Non-Production Errors.txt" exists in Phone\Documents -- BTW: Is the file name case-sensitive?). The general registry editor from Root Tool works, but with this one it is not possible to write several important keys (e. g. MaxUnsignedApps).
After this I tried the first option: I can successfully deploy CustomPFD (replacing Preview for Developers by hand or with CustomWPSystem). But what to do then?
I tried replacing Preview for Developers with SamWP8, but the app won't start then (getting "Loading ..." for about ten seconds then it closes); also tried commenting some capabilities of SamWP8 and repeating, but has no effect.
Deploying SamWP8 or IO Explorer using application deployment tool obviously fails because of missing interop capability.
This is a fresh and clean installation of WP 8.1 Update 2 now if it should matter.
Any further hints would be appreciated.
My Samsung died months ago (spontaneous hardware failure; I wasn't even hacking on it at the time) so I can't test Samsung-specific things anymore.
The steps as described (by both you and me* *should* work - I assume you rebooted the phone afterwards - so if it's not then I'm confused. The registry editor in Root Tool is mildly terrible and sometimes gives error messages when stuff actually works, but if it's really not working then I'm not sure what you do about that.
As for unlocking all capabilities, that's going to take a little work. The hack used by BootstrapSamsung unlocks one capability, and technically it could be applied to *all* the capabilities, but it changes the registry value type and loses a couple of NULL bytes at the end of the value every time you do it, which is potentially going to break things if you do it to all the capabilities / leave the capabilities in that state for long.
For what it's worth, if you're willing to hard-reset, the OemSettings.reg method mentioned in a few other threads should work too. It requires writing to a normally-unreachable part of the file system, but the Samsung RPCComponent class allows you to do this. I haven't tested it, though, and it does require a hard-reset.
Im interested in this too
If it does not work then what to do if im on 8.1 update already?
@up
AFAIK path is
Unblock RPC Functions proved easy. You just need to create an empty file:
Phone \ Data \ Users \ Public \ Documents \ Non-Production Errors.txt
Click to expand...
Click to collapse
Maybe that's why it didn't worked if you put it just in documents.
I just want to change black/white background-color and accent color in registry. That's all.
Regards
GoodDayToDie said:
My Samsung died months ago (spontaneous hardware failure; I wasn't even hacking on it at the time) so I can't test Samsung-specific things anymore.
Click to expand...
Click to collapse
Ouch, too bad. Would be really useful to have your helping hands on getting this done.
The steps as described (by both you and me* *should* work - I assume you rebooted the phone afterwards - so if it's not then I'm confused. The registry editor in Root Tool is mildly terrible and sometimes gives error messages when stuff actually works, but if it's really not working then I'm not sure what you do about that.
Click to expand...
Click to collapse
I did reboot.
Is there an app with a basic registry editor out there so I could at least change phone manufacturer like I could with Root Tool (Root Tool doesn't seem to be available in the store anymore)?
As for unlocking all capabilities, that's going to take a little work. The hack used by BootstrapSamsung unlocks one capability, and technically it could be applied to *all* the capabilities, but it changes the registry value type and loses a couple of NULL bytes at the end of the value every time you do it, which is potentially going to break things if you do it to all the capabilities / leave the capabilities in that state for long.
For what it's worth, if you're willing to hard-reset, the OemSettings.reg method mentioned in a few other threads should work too. It requires writing to a normally-unreachable part of the file system, but the Samsung RPCComponent class allows you to do this. I haven't tested it, though, and it does require a hard-reset.
Click to expand...
Click to collapse
I tried to use ROMRebuilder, but it just gave me "Failed " when tapping "Backup". But with full file system access I copied OEMSettings.reg zip-file out of the known C:\Windows subdir, extracted the .reg-file, appended all the unlock stuff, repacked and put it back to its original place overwriting the original file (with Root Tool, because in Windows Explorer I didn't have the right to write - Root Tool told me it was successful. I didn't double check ). But after resetting (About - Reset phone) no unlock or access to C:\ was there. Looks like the stock ROM. What went wrong..?
Edit: Used CustomPFD for registry access. Looking at "This PC\Samsung ATIV S\Phone\Windows\Packages\RegistryFiles\OEMSettings.reg" I can see that it is the original file, not my modified one. Is this file restored from somewhere upon reset or did my copy action fail?
Edit2: Tried using vcREG_1_2_BOOTSTRAP (replaced Extras & Info). It gives me an error about missing ID_CAP_INTEROPSERVICES, so it can't do anything.
And CustomPFD can't write MaxUnsignedApp. :-/
Not sure if ROMRebuilder is smart enough to use Samsung's RPC instead of Nokia's for moving the file into place, but regardless it requires interop itself (at least, I'm not sure how it could work otherwise). Root Tool definitely requires interop in order to overwrite Windows files, although it can do so. For the record, for stuff like just reading files or registry values, you can use the (normal-caps) version of my webserver; might be a bit easier.
vcREG should work, assuming it supports Samsung RPC - I think so, but I haven't checked - and you use the whole app hijacking thing correctly. Did you launch the hijacked app after the installation? Pretty sure Extras+Info has interop, so that *should* work.
EDIT: Assuming that the Samsung RPC service is working at all. I don't know of any easy way to test that short of just trying to do things with it, though. I don't think they "fixed" the RPC unblock, though...
GoodDayToDie said:
Not sure if ROMRebuilder is smart enough to use Samsung's RPC instead of Nokia's for moving the file into place, but regardless it requires interop itself (at least, I'm not sure how it could work otherwise). Root Tool definitely requires interop in order to overwrite Windows files, although it can do so. For the record, for stuff like just reading files or registry values, you can use the (normal-caps) version of my webserver; might be a bit easier.
Click to expand...
Click to collapse
Okay, so it probably didn't replace the file at all but only showed a success message. Grmbl. Which file manager would you recommend for moving the file to its place or in general?
vcREG should work, assuming it supports Samsung RPC - I think so, but I haven't checked - and you use the whole app hijacking thing correctly. Did you launch the hijacked app after the installation? Pretty sure Extras+Info has interop, so that *should* work.
Click to expand...
Click to collapse
Ohhh, you mean if I started the app that's about to be hijacked before actually hijacking it? No, I did not. (Not sure what Extras+Info would do on a Ativ S...)
But I do have to?
Edit: Removed Extras&Info (with dummy.xap), installed it again, started it (it actually works) and replaced it with vcREG_1_2_BOOTSTRAP.xap. Started vcREG, but it still gives me "error initializing. check if you have correct permissions (ID_CAP_INTEROPSERVICES). registry functions disabled".
I've also deployed CustomPFD and original preview for developers to sdcard. I have access to the registry but can't write values
Have you tried to hijack Extra+Info permissions with CustomPFD? It does not work with original PFD but it may work with Nokia one. I can't find Extra+Info xap to test, sorry.
Ok tried to deploy ROMRebuilder and hijack original PFD permissions. ROM Rebuilder just crashes on start (no message) WP 8.1 14157.
Installed ROMRebuilder with deleting Capabilities from xap and deployed it from deployment tool.
Manually removed PfD with SD hack and replaced it with ROMREbuilder.
It starts but when pushing "Backup" it says FAILED
Jesus im so tired with this phone...
ROM flasher does not work at 8.1 x64 even with test mode..
Ezio21 said:
Have you tried to hijack Extra+Info permissions with CustomPFD?
Click to expand...
Click to collapse
Yes I have. CustomPFD doesn't start in this case (it does when I'm replacing Preview for developers).
cerebos said:
Edit: Removed Extras&Info (with dummy.xap), installed it again, started it (it actually works) and replaced it with vcREG_1_2_BOOTSTRAP.xap. Started vcREG, but it still gives me "error initializing. check if you have correct permissions (ID_CAP_INTEROPSERVICES). registry functions disabled".
Click to expand...
Click to collapse
Your phone can't initialize Lumia RPC.
So what can we do?
What apps are there that use Samsung RPC to write to the registry? I know SamWP8 and IO Explorer. Any more?
@cerebos
Huh im sorry but it seems that only one way to get that Interop unlock is to flash GDR3
I flashed GDR3 but there is NO WAY to unlock your phone anymore. WP 8.0 developer registration is down. You can't install developer unlock helper and can't interop unlock your phone.
Also because of Samsung firmware update you can't install custom rom on wp8.0
How to interop unlock WP 8.0 without developer unlock? Any way? Or we're locked forever?
As far as I know you can still use beta apps on windows store. Is there anyone with personal developer account reading and could upload Interop_Unlock_Helper_Debug_ARM.xap as BETA to the store and send me the link? I would be very grateful (
@-W_O_L_F- maybe?
We're in very bad situation now. Thanks for any help or advices
Based on the Posting here (by @-W_O_L_F-) it looks like 8.1 Update 2 can't be interop-unlocked. So I'll need to downgrade first.
Edit: Assuming vcREG could write to Samsung Registry is only true for a small set of values, it is never true for interop-unlock. For this you need a registry editor with Samsung's RPC components.