Database Develop

L0phtCrack has anyone used this?

ive been told this is what it does,can anyone throw some light as to if it works
LC 5 optimizes operations by first scanning for dictionary words, then using various methods of altering dictionary words to create new probable guesses, then (if all else fails) resorting to brute force. To crack a password, the program must select a guessed word, compute the hash, then compare that hash with the stored password hash. LC 5 supports direct hash imports from a local or remote SAM database, a SAM file, an LC 4 file, a PWDUMP file, a Windows NT 4.0 Emergency Repair Disk (ERD), a UNIX password file, or by sniffing the local network. To speed the hashing process, most versions of LC 5 include precomputed hashes and let you create your own precomputed hash tables. During the audit, the tool shows time elapsed and other statistics.
LC 5 also lets you disable accounts or force users to reset weak passwords.
im thinking uploading to a mirror.thanks

I've used it in my younger and more foolish days and it could work. Getting the SAM file was always the hard part
Please don't post the mirror here, I'm not sure on the copywrite issues, but you used to have to pay for it. So any free-version will be cracked.
http://en.wikipedia.org/wiki/L0phtCrack
Moved to Off-Topic.
Ta
Dave

DaveShaw said:
I've used it in my younger and more foolish days, Please don't post the mirror here, I'm not sure on the copywrite issues, but you used to have to pay for it. So any free-version will be cracked.
http://en.wikipedia.org/wiki/L0phtCrack
Moved to Off-Topic.
Ta
Dave
Click to expand...
Click to collapse
thanks for reply,sorry i was posted in wrong place.i wont be mirroring.happy new year

Android Access Database

Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me. Now understanding that Microsoft and Android are two completely different beasts, what I really am looking for is the ability to take the tables (I use all Back-end database so all my tables are in a completely separate file then all my forms, queries, and reports) and the data with me and be able to run them in a program on Android that keeps the relationships and fields and all of that sort of stuff.
Now what would be great is the ability to use forms (even if special forms for android need to be made), run queries, and even be able to run reports and print as PDFs.
now I know how to code in VBA, hence the extensive coding I have done in Access, so anybody willing to WORK WITH in creating an Android Program to basically be an extension of Microsoft Access please contact me. Please not I use the words WORK WITH loosely, while I am trying to learn how to Program for Android, I currently do not have a computer that I can use to develop programs for android on, and well I would be only able to create the "Hello World" starter program and this project seems a slight bit more complicated. But what I can bring to the table is real world experience in testing and using the program day in and day out, a number of already existing Microsoft Access Databases ranging from Complex to Simple that I use every day. Really a program that can run Microsoft Access Tables on Android would be really useful to me and I am willing to do anything to help make this happen.

kronos82 said:
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me. Now understanding that Microsoft and Android are two completely different beasts, what I really am looking for is the ability to take the tables (I use all Back-end database so all my tables are in a completely separate file then all my forms, queries, and reports) and the data with me and be able to run them in a program on Android that keeps the relationships and fields and all of that sort of stuff.
Now what would be great is the ability to use forms (even if special forms for android need to be made), run queries, and even be able to run reports and print as PDFs.
now I know how to code in VBA, hence the extensive coding I have done in Access, so anybody willing to WORK WITH in creating an Android Program to basically be an extension of Microsoft Access please contact me. Please not I use the words WORK WITH loosely, while I am trying to learn how to Program for Android, I currently do not have a computer that I can use to develop programs for android on, and well I would be only able to create the "Hello World" starter program and this project seems a slight bit more complicated. But what I can bring to the table is real world experience in testing and using the program day in and day out, a number of already existing Microsoft Access Databases ranging from Complex to Simple that I use every day. Really a program that can run Microsoft Access Tables on Android would be really useful to me and I am willing to do anything to help make this happen.
Click to expand...
Click to collapse
I think we must have the same job
Android utilizes an sqlite database engine and it looks like sqlite already offers a conversion utility HERE. The real question would be how to get the data in and out of the phone. Regarding forms, they definitely would need to be custom built.

Thanks this is deffenetly a start, From what I can tell this This Looks to be the most promising, It looks like all you would have to do is put a MS Access Database file on your SD CARD and have a program access it. That way you copy it back and forth. Unfortunately it doesn't support Access 2003, but I can save down. I also got a lot of learning to do in programing Java programs.
Forms would be as simply as making a program, this is great thanks much

kronos82 said:
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me....
Click to expand...
Click to collapse
I would like to say, "yes, please!" to this idea. I currently use Smart List to Go (the descendant of ThinkDB) on my Palm TX. The TX is dying, and I've been shopping for a replacement. HanDBase exists for the iPhone, but I don't want an iPhone. So I've been focused on WinMo - not by choice as much as by necessity.
And android option would be very welcome around my computers.

benmyers2941 said:
I think we must have the same job
Android utilizes an sqlite database engine and it looks like sqlite already offers a conversion utility HERE. The real question would be how to get the data in and out of the phone. Regarding forms, they definitely would need to be custom built.
Click to expand...
Click to collapse
androids sqlite its for applications to access and store data using java code.
try the pocket office app

Freedomcaller said:
androids sqlite its for applications to access and store data using java code.
try the pocket office app
Click to expand...
Click to collapse
Exactly and we're talking about creating an app that would enable manipulation of an sqlite database. Essentially all that would be needed would be to create a ui framework wrapper for the existing api in android. Not the least monumental task I've heard of an individual taking on but not the most either.
The versions of pocket office that I've seen for android do not currently support Access databases as far as I'm aware. If I'm wrong could you post a link and save everyone some trouble?

aaaaaaaaaaaaaaaaaaa

kronos82 said:
Thanks this is deffenetly a start, From what I can tell this looks to be the most promising, It looks like all you would have to do is put a MS Access Database file on your SD CARD and have a program access it. That way you copy it back and forth. Unfortunately it doesn't support Access 2003, but I can save down. I also got a lot of learning to do in programing Java programs.
Click to expand...
Click to collapse
Jackcess library is now patched to support android (will be in 1.2.2 release). Also seems to support 2000, 2003 and 2007 formats now.
Works great for me.

View jackcess site. Couldn't find anything on support for android. I'm using htc desire and would really like to find program to view ms access file. Can you tell me how you do it?

As I remember reading worked as on PC, while writing had some problems.
This forum prevents me from linking directly, but if you click tracker/patches on Jackcess project, check Android Compatibility Fix - ID: 3101578
The changes are in trunk and will be in the 1.2.2 release. I've added some
notes which will eventually make it to the FAQ page on the website
detailing the compatibility steps:
- Set the system property "com.healthmarketscience.jackcess.broken
Nio=true"
- Set the system property "com.healthmarketscience.jackcess.resour
cePath=res/raw/"
- Copy the *.txt, *.mdb, and *.accdb files from the
"com/healthmarketscience/jackcess/" directory in the Jackcess jar to the
"/res/raw" Android application directory.
- Before executing any Jackcess code, set the current Thread's context
classloader, e.g.
"Thread.currentThread().setContextClassLoader(Database.class.getClassLoader())".
Click to expand...
Click to collapse
Until this version (1.2.2) is released you need to build lib yourself.
You also need commons-lang and commons-logging from apache commons.
Before you use Jackcess in Android code, you set
Thread.currentThread().setContextClassLoader(
getClass().getClassLoader());
System.setProperty(
"com.healthmarketscience.jackcess.brokenNio",
"true");
System.setProperty(
"com.healthmarketscience.jackcess.resourcePath",
"res/raw/");
Click to expand...
Click to collapse
and copy those resource files to res/raw
Then you can work as on PC, for example open /sdcard/yourprogram/file.mdb
Jackcess has no GUI, it's a library to read/write access files.

Getting an Access file into Android
I keep a lot of information on a Psion Revo, which has just turned its face to the wall and is giving up the ghost, and have always backed the information up on to my pc as an Access file. It looks easier to get this into a format acceptable to Android by converting the Access .mbx file into an Excel .xls file. This can be searched readily by Column and Values. Maybe this deals with too simple a need for most enquirers to the forum, but if it helps somebody then so much the better.

hi all i have beenlooking for something the same for some time now and just the other day i came accross this site cellica.com
the android app is free and the desktop application has a 5 day trial period or its $50 to buy it works great the only thing you can not do is create a report from the phone
i have emailed support team and they said they will be adding it on in the future.

Any Updates???
I currently build and use databases in MS Access and was wondering if there are any updates on this topic now that Tablets are in use now. Looking to get the Motorola Xoom (2nd version) in the future, but would love to be able to use a program that I would be able to access my MS Access databases while "on-the-go".
Anyone? This would be huge (I believe), since we now have tablets.
Thanks a bunch,
~Kilch~

Access to MS Access by Android
Hi,
I'm also looking to get on-the-go access to my Access databases on my Android HTC Tattoo.
The file is on it, I just need a tool to access it in read-only / search mode, but judging from the previous comments, there doesn't seem to be an oversupply in applications.
The "convert to Excel format" may be OK for me. I want to use a 3 language Access DB (dictionary) on my phone, so I'll try the Excel solution.
It would be nice if we had an ACCESS reader though...
John

Panacea Database
I know XDA frowns upon excessively hawking your own products here, but I do seem to be directly answering more than one of the reply questions, it just happens that the answer is an application my company released.
The Panacea Database application can handle Access from Access 2000 to Access 2007. It has also worked so far on every Access 2010 database we've tested, and we've received no complaints in that department yet. We release updates from time to time as we improve its functionality and features, often guided in our priorities by user e-mail and market comments. Our next update will be focused on improving screen layout for a variety of Android devices - from small QVGA smartphones, to large WXGA tablets. After that we may move onto other functionality.
In the interest of fairness, I'll point out arafa1209's post. He mentions Celicca Database, which is the only other application that I know of that deals with Access databases on Android. It has features Panacea does not have (yet) - ability to work with forms, ability to create and modify databases, ability to connect to your PC etc. Like us, they also send out updates improving their app regularly. So you can compare the apps, and use which one fits your needs better (or use both). If anyone knows of any others they can post here as well, but these are the only two I know of currently.

Just tried Panacea. Although it is more basic and annoyingly doesn't remember the last files you'be opened necessitating finding the file each time you open the app I prefer it for the simple reason you don't have to convert the Access database to another format.

amwebby said:
doesn't remember the last files you'be opened necessitating finding the file each time you open the app
Click to expand...
Click to collapse
If you update the app, this should be fixed, the last version should have this feature.

Got the update last week. Certainly goes a long way to making it more user-friendly. Keep up the great work!

Since the last update it seems to be broken. Although it remembers the last database I cannot open a table within any database.
Edit: It appears the file was corrupted. Loaded a new file and all working again.

Any news in this topic.
I tried panacea Database, works fine. But not very effective. Searching data is a must for me however I didnt manage to find a search option. When I search for tables, it cant even locate the tables by names.

Some thoughts about efuses....

Hi fellas,
i must admit that i'm really impressed by the energy that has been put into the BOINC project, to hunt for the Motorola private certs to crack the RSA key inside OMAP3430.
From the M-shield white paper:
Code:
...
For example, secure on-chip keys (E-Fuse) are OEM-specific, one-time-programmable
keys accessible only from inside the secure environment for authentication and encryption.
...
More specific information here:
https://www.droid-developers.org/wiki/EFuse
What would happen, if we slip into the role of the OEM's?
To be more precisely what happens, if...
a) we disable VFUSE power domain (VPP rated @ 2.4V/50mA, connected to APE_VPP and DBB_VPP)?
b) we use eFuse programming algorithm in mbmloader to blow additional eFuse and enter engineering mode?
(what is the hash for engineering mode?)
c) we use read routines within mbmloader to read eFuse values?
d) we blow all remaining efuse for the 160-bit hash in the user programmable area (factory default on milestone = 1d3fb662 794d8c70 fb57b4cb 492e27f6 6f152e4f)?
(result would be a OEM value of 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)
Perhaps we'll never know...
Here's what i think:
a) Barely no effect, apart from preventing mbmloader to blow another e-fuse.
b) Maybe the whole mbmloader code could only be accessed from within security domain, not sure if a debugger would work here.
c) Same as above. There had to be a proof of concept that mbmloader routines could be executed.
d) See b) and c). We need the correct offset, of course.
Any comments welcome.
IMHO there might be a better chance to crack the security on Milestone, if the interest would be focussed on mbmloader disassembly and further investigation on JTAG access for debugging the platform more intensely.
If you're a technical geek, you might have a look over here:
http://forum.xda-developers.com/showthread.php?t=849632
Experts are very welcome!!!!
P.S.: If nothing will ever work out, there's something slightly off-topic we might think about ...
Someone should contact Mototola to follow a new marketing strategy... called: ICS (Individual Customer Support).
Customers could upload their custom kernels to Motorola and get them signed by beautiful private key!
We could also push our kernel source to Motorola and as a side effect they would fix bugs and finish firmware updates much earlier .
TBC...
EDIT: Corrected some parts...
Cheers,
scholbert

Always nice to read your posts But there is one error I think:
scholbert said:
...to crack the 128-bit RSA key inside OMAP3430...
Click to expand...
Click to collapse
I think it is a 1024Bit key or am I wrong?

TheSSJ said:
Always nice to read your posts
Click to expand...
Click to collapse
Thanks for your reply!
TheSSJ said:
But there is one error I think:
I think it is a 1024Bit key or am I wrong?
Click to expand...
Click to collapse
Not 100% sure about all this.
In fact i must admit that i'm not a cryptographic expert, but after reading all these hardware manuals and references, this is what i understand:
The hash key stored in the eFuse farm seems to be 160 Bit SHA-1 and uses 1024Bit certification.
Seems that this basically is used to verify mbmloader security.
Maybe this is bull****, so who ever got some more details please join discussion!
I really like to know at which offset the key is stored
Regards,
scholbert

So if I get this right, you want to disassemble a Milestone and mess with the circuit?

djefkbefke said:
So if I get this right, you want to disassemble a Milestone and mess with the circuit?
Click to expand...
Click to collapse
Yeah correct, first this would be hardware stuff to get JTAG to work.
It's not strictly me reaching this, in fact this addresses to a community!
See my JTAG post, there's anything you need to trace the signals
So if you got a broken device go for it!
Afterwards some cracks might use a JTAG debugger (e.g. OpenOCD) to fiddle with the bootcode: Set breakpoints, trace conditional branches, even tweak some lines of code.
The hope is that something will open another door to get access to certain memory areas, especially eFuse location would be interesting
Regards,
scholbert

There was someone on here a month or so ago that had a device without a working radio. There are probably others like him. If we manged to get someone willing to donate their non-working device, would you be willing to try your jtag on it. I don't have a jtag at this time, and although i wouldn't mind getting 'hold of one, it probably wont happen for a while.

http://forum.xda-developers.com/showthread.php?t=849632

Hey,
just stumbled over these lines in one of the Ti documents:
...
The device type is readable from an eFuse by the CONTROL.CONTROL_STATUS[10:8] DEVICETYPE
field. During booting, the ROM code checks the DEVICETYPE field to determine in which mode to
operate.
· The HS device is a production device with all security features enabled. The ROM code requires the
authentication of the Initial SW before execution. A failed authentication causes a watch-dog reset.
Authentication of code in external flash memory or code that is downloaded is handled by routines in
the secure ROM (a part of the ROM code).
· The GP device is a production device in which security is disabled. Authentication is not performed
before initial SW execution.
...
Click to expand...
Click to collapse
Just wanted to add it here for completeness
There's also some progress to understand the bootloader implementations of security functions, pushed by xvilka!
For the geeks, see here:
https://www.droid-developers.org/wiki/Security
Regards,
scholbert

additional info....
Hi,
i gathered some more information about how things work out:
- SHA1 sum of the first (root) key in the CertPK is stored in eFuse array inside SoC, accessible through PKEY 0..4 registers
- the value for the SHA1 sum has a length of 160 bits
- theoretically eFuse bits that are now zero could be blown by using Secure Service, to modify hash value
- Milestone: 1d3fb662 794d8c70 fb57b4cb 492e27f6 6f152e4f
Droid: 75ed7020 641333dd 7bc3aecb 9857683c 2422efe1
- BootRom loads root key in SecureRAM and uses Secure Service, from secure part of BootROM to verify integrity/signature
This secure part of BootRom is not accessible from non secure world.
- All main keys are stored in CertPK/SecureRAM
- In theory we could break the chain of trust with:
a) find rsa keypair where the public key's sha1sum matches the existing SHA1 sum in PKEY 0..4 registers (hash_collision)
b) modify the efuse setup with Secure Service function and alter PKEY 0..4 registers to match a given key pair (this might be a very complicated issue)
Please correct me if i'm wrong
PS: Just realized that this is my 666th post, so this is dedicated to the devil
Regards,
scholbert

The devil thanks you.

[Q] Altering Shutdown Message

Good Evening Guys,
A few quick questions for you this Wednesday evening; looking to make some customizations to my Windows Phone. I would like to alter the word "Goodbye" when the phone turns off to display alternative text.
Question 1: Is anyone familiar where these settings are stored in the root offhand?
Question 2: Can anyone confirm if this is simply text or a prerendered image?
Questin 2: Has anyone ever tried anything like this before?
Best Regards!

Device Type
Almost forgot:
Nokia 1020
OS:8.0.10521.155

Um... we can't even made the smallest of changes to the Lumia file system (outside of the user documents/media folders and the app folders) or registry. Trying to change system stuff like this is pretty out of the question.
Since you ask, though: to the best of my knowledge, nobody has found that even on the Samsung Ativ phones, for which we have most of a working "jailbreak".

The string that is displayed is probably pulled from a .MUI file.

Thanks for the feedback guys. If I make any headway, I will post back. Would love to have the device power down with "Will I dream?" from 2010 The Year We Made Contact.

That would indeed be cool. You've got an uphill battle, though. If it is, in fact, a .MUI file then it's probably signed (MUIs are technically DLLs, and although they are usually just loaded as resource files they can contain executable code so I expect Microsoft signs and enforces signature checks on them). Thus even if you get filesystem write access, it may not work.
A true custom ROM, where you could remove the signature check requirements, would probably work. That's no simple thing to ask for, though!

Shut Down Message
GoodDayToDie said:
That would indeed be cool. You've got an uphill battle, though. If it is, in fact, a .MUI file then it's probably signed (MUIs are technically DLLs, and although they are usually just loaded as resource files they can contain executable code so I expect Microsoft signs and enforces signature checks on them). Thus even if you get filesystem write access, it may not work.
A true custom ROM, where you could remove the signature check requirements, would probably work. That's no simple thing to ask for, though!
Click to expand...
Click to collapse
What is free time for if not to obsess over little niggly things? Thanks for the feedback

[Q&A] [WP8.1] Hypothesis about a possible interop unlock with Messaging+ app

Q&A for [WP8.1] Hypothesis about a possible interop unlock with Messaging+ app
Some developers prefer that questions remain separate from their main development thread to help keep things organized. Placing your question within this thread will increase its chances of being answered by a member of the community or by the developer.
Before posting, please use the forum search and read through the discussion thread for [WP8.1] Hypothesis about a possible interop unlock with Messaging+ app. If you can't find an answer, post it here, being sure to give as much information as possible (firmware version, steps to reproduce, logcat if available) so that you can get help.
Thanks for understanding and for helping to keep XDA neat and tidy!

CAPs required for editing registry
snickler said:
You won't achieve any sort of interop-unlock with such an app. The Messaging+ app uses capabilities specific to chat that are restricted. Just because an app uses the interopservices capability, does not mean that it has rights to write to the specific portion of the registry needed to provide interop-unlock. There are a few threads out there that discuss this already
Click to expand...
Click to collapse
I am curious what CAP is required for editing the registry?

gingerjoke said:
I am curious what CAP is required for editing the registry?
Click to expand...
Click to collapse
You at least need ID_CAP_INTEROPSERVICES or ID_CAP_OEM_DEPLOYMENT at the minimum. There are many threads that detail that interop unlock canNOT be achieved unless we have an RPC Service that runs under the SYSTEM account. The MaxUnsignedApp reg value is locked down so that it can only be edited in the way that I just spoke of.
No app on the marketplace, no modifying a store app will achieve this. We were just VERY lucky with Samsung in the beginning.. That's all.

More generally true: there are lots of CAPs (such as OEM_DEPLOYMENT) that permit editing specific parts of the registry. There is *NO* capability that allows you to edit all of it (in theory ID_CAP_BUILTIN_TCB should, through minor additional work, but in practice that cap doesn't seem to do anything for an app).
ID_CAP_INTEROPSERVICES does not give registry access, or at least not any meaningful amount. All that it gives is the ability to call into RPC servers and drivers. *IF* one of those services exposes an externally-callable API for editing the registry - as one of Samsung's (FCROUTER?) does, or at least did - then you can use that to edit the registry. So in that specific case, INTEROPSERVICES indirectly makes it possible to edit the registry, but it doesn't inherently do anything of the sort.

GoodDayToDie said:
More generally true: there are lots of CAPs (such as OEM_DEPLOYMENT) that permit editing specific parts of the registry. There is *NO* capability that allows you to edit all of it (in theory ID_CAP_BUILTIN_TCB should, through minor additional work, but in practice that cap doesn't seem to do anything for an app).
ID_CAP_INTEROPSERVICES does not give registry access, or at least not any meaningful amount. All that it gives is the ability to call into RPC servers and drivers. *IF* one of those services exposes an externally-callable API for editing the registry - as one of Samsung's (FCROUTER?) does, or at least did - then you can use that to edit the registry. So in that specific case, INTEROPSERVICES indirectly makes it possible to edit the registry, but it doesn't inherently do anything of the sort.
Click to expand...
Click to collapse
Finally found RPC service in NdtkSvc.dll
But requires InteropServices Capability
Here is list of functions works as "SYSTEM".
CopyFileEx()
NdrServerCall2()
CreateThreadpoolWait()
SetThreadpoolWait()
CloseThreadpoolWait()
SetEvent()
SetServiceStatus()
CreateEventW()
RegisterServiceCtrlHandlerW()
CloseHandle()
OpenProcessToken()
FindFirstFileW()
CopyFileExW()
GetCurrentProcess()
CreateDirectoryW()
RegCreateKeyExW()
RegQueryValueExW()
IsCharAlphaNumericW()
LookupPrivilegeValueW()
FindClose()
RemoveDirectoryW()
RegOpenKeyExW()
FindNextFileW()
AdjustTokenPrivileges()
InitiateSystemShutdownExW()
DeleteFileW()
RegCloseKey()
RegSetValueExW()
RpcServerUnregisterIfEx()
RpcServerInqBindings()
RpcEpRegisterW()
RpcServerUseProtseqW()
RpcBindingVectorFree()
RpcServerRegisterIf3()
RpcEpUnregister()
ResetPhoneEx()
EncodePointer()
DecodePointer()
QueryPerformanceCounter()
GetCurrentThreadId()
GetSystemTimeAsFileTime()
GetTickCount64()
But I'm confused about how to write a code for as RPC Client or using any DllImport functionality. ?
Can someone provide me at least demo/example code of RPC client ?

... Whoa, that is a seriously valuable list of APIs. Those are callable as SYSTEM, without any restrictions except the caller needing ID_CAP_INTEROPSERVICES? Either I've been out of the loop longer than I thought or this should have been discovered long ago (is it new to some not-yet-widely-available version?) You cannot *trivially* get root this way - it doesn't, for example, include the APIs you would need to inject arbitrary code into a SYSTEM process or similar - but you can certainly do things like write an arbitrarily powerful file-and-registry browser. With that, you can do a hell of a lot of other stuff, stuff that even Samsung's RPCComponent didn't permit.
MS RPC is documented on MSDN here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa378651(v=vs.85).aspx
It includes a full API reference, lots of guidance on development, and a tutorial. The tutorial looks pretty well-written, and is probably a better place to start than the API reference unless you know more about RPC at the moment than I do.
However, this documentation is aimed at "normal" implementations, where the client has, if not the server's source code, at least the interface definition. You have to know the UUID (probably easily findable though I'm not sure where) and the function interfaces (in a reasonable level of detail). Black-boxing that is going to be one of the harder tricks, I think, though somebody may have written one or more tools to make it easier.
EDIT: I can't find NdtkSvc, or its binary, on my phone. It's either OEM-specific or (more likely) requires a particular OS update/upgrade. What version did you find it in?
EDIT2: How'd you get the list of APIs it serves? Do you have the IDL file for the RPC server? That would help a ton; if you have that, we're good to go.
EDIT3: Don't forget you can PM people if you don't want to put this stuff out in public.

@GoodDayToDie
Hi, Sorry for the late reply.
It is only specific for Lumia.
NdtkSvc.dll known as "Nokia Device Toolkit Service".
"C:\Windows\System32\NdtkSvc.dll"
Yes, ID_CAP_INTEROPSERVICES cap is everything here too on Lumia.
Here is a one of the example which same "Nokia.SilentInstaller.Runtime" does that on RPC Access,
Code:
static bool NRSCopyFile(String sourcePath, String destPath);
works without any "RESTRICTIONS", with any "PARTITION".
Even possibilities to "REPLACE" the hidden/non-accessible Registry "HIVE" Files.
Such as,
"C:\Windows\System32\Config\ProvisonStore"
But unfortunately they are all in simply zip file having a signed.
We can't modify and place back them such HIVE/POLICY files, sad
So what i did it so far,
-Modified "DeviceReg.exe" with hex-editor and replaced to "C:\PROGRAMS\DEVICEREG\DeviceReg.exe". (signature getting a braked)
-Replaced "PolicyFiles". (signature getting a braked)
It's frustrating to me, It's shame for me that i cant do anything having a full FS Access, lol.
Such files and System binaries are fully signed with the new 8.1 "Policy Engine".
but i think .dll files doesn't required to be signed to run in System chamber.
Well, Time to write a some RPC library
Thanks.
Edit: I don't know about which update is required, I think it is from WP8.0 GDR1. At least WP8.1 GDR1 or above.
but the "NdtkClient.dll" is available since WP8.0 GDR1 in "Extras+Info" App.