Related
One way to start custom executabled in windows phone 7 is following method:
1) create a exe file that runs in phone
2) create a zip file and put exe inside
3) upload zip file to some internetpage and create .html page for it with <a href.. link for it.
4) navigate to the page with phone IE.
5) when clicking the link the phone can open the zip file and display its contents (tap to open the file ...zip)
6) when clicking the .exe file the phone asks are you sure you want to run
(The program ...exe is from an unknown publisher. Running it could harm your phone. Do you want to continue?)
7)enjoy your homebrews
will this also work on a phone that isn't developer unlocked ?
if that is right than this is the ultimate way to jailbreak a wp7 phone
Never-mind
Nope, he isn't, and described above method works (I guess because of MS ZipView executable bug). But I can't get my apps running, probably because they are not compatible with CE 7.0 and WP7 .Net (I've tried CE 6.0 native code and .NET code).
sensboston said:
Nope, he isn't, and described above method works (I guess because of MS ZipView executable bug). But I can't get my apps running, probably because they are not compatible with CE 7.0 and WP7 .Net (I've tried CE 6.0 native code and .NET code).
Click to expand...
Click to collapse
is your phone developer unlocked ?
Yes, unlocked.
sensboston said:
Yes, unlocked.
Click to expand...
Click to collapse
**** bummer , do you have a web link to that test file of yours then I can try it my phone is locked
xttp://home.comcast.net/~sergsv/
There are two links to zip archives at the left top corner of the page. I can't run these files but MS zip archiver open these zips and asked to run
yes man this is working on a locked phone
now we need some code that works to test this
lets say an .exe that run the file explorer
yes. right now we don't know whether the apps are opened at all. Are the managed Apps in VS compiled into an exe? Maybe we could extract one from an xap for testing purposes...
Silverlight XAPs use XAMLs and DLLs, no EXEs involved I'm afraid.
Hmm yes you're right. Are there extracted executables from the leaked Mondrian ROM?
There are, but they are not GUI apps, they look mainly like command line executables provided by Qualcomm, and some of them look like they could mess up your phone if you don't know what you're doing.
There are some GUI apps, but they come disassembled. I've been trying to assemble them but haven't had much luck yet.
Neat. I shall put together a sample application to test this. (I have Visual Studio 2010 configured to pump out CE7 native executables.)
I think the executable run is blocked. They left typical MS (say - stupid) dialog box but, I believe, ignore the user input...
However the Word and Excel documents can be opened this way.
I tried a few things -- rebooting the phone, crashing the program with invalid pointers, and launching some known executables. Nothing. I even signed my executable with a valid certificate; It still claims unknown publisher.
Wonder if this is some left over dialog as mentioned by sensboston
WithinRafael said:
I tried a few things -- rebooting the phone, crashing the program with invalid pointers, and launching some known executables. Nothing. I even signed my executable with a valid certificate; It still claims unknown publisher.
Wonder if this is some left over dialog as mentioned by sensboston
Click to expand...
Click to collapse
The dialog will be hidden by the shell. You need to add your cert into the phone, email it, resign your app and try it again.
It's possible it'll work.
this will only work with MSFT signed exe's.
walshieau said:
this will only work with MSFT signed exe's.
Click to expand...
Click to collapse
I tried with both my signed executable (with Root CA cert installed) and a Microsoft executable. Neither show signs of execution.
Hi guys,
I used ChevronWP7 to unlock my device. But every time I connect device to a PC and sync with Zune device relocks. Is there any way I could prevent that?
I read about device checking periodically if it should be unlocked. I am not sure if Zune caches that. But there must be a way to prevent that. It is very annoying.
Thnaks
Only when we have our own ideals, can
jonusb4 said:
Only when we have our own ideals, can
Click to expand...
Click to collapse
I can see this is your first post.
I was thinking if Zune contacts Microsoft to check that every time when I connect a device, then disconnecting from the network or disallowing access to a certain address I could prevent that. But if that information is cached than I would have to find that somewhere.
Leave ChevronWP7 open after it's unlocked your phone. It'll never lock until you close it. Now to find a way to bind ChevronWP7 code to the Service that detects the WP7.
Maybe the answer is to create a 3rd party Zune Sync tool (i.e. reverse engineer everything that doesnt involve copy protection/DRM) so that you can use that instead of loading the MS tool that does the unlock check.
Such a tool could allow syncing of WP7 from Linux also. (if it was ported that is)
jfwfreo said:
Maybe the answer is to create a 3rd party Zune Sync tool (i.e. reverse engineer everything that doesnt involve copy protection/DRM) so that you can use that instead of loading the MS tool that does the unlock check.
Such a tool could allow syncing of WP7 from Linux also. (if it was ported that is)
Click to expand...
Click to collapse
The device is checking a service OTA, not sure this would matter much. If you leave the chevron app running 24/7 and run a custom DNS server on your network, you could mitigate some of it... a pita? possible...
Now, I know no-one actually likes reading threads, and would prefer to just post a new question at the end (I'm guessing partly because the threads are so long, but that's because everyone is doing it) so I'm going to try and give solutions to as many of the issues with ChevronWP7, sideloading and anything else that's not quite working.
Note, none of this is to facilitate any kind of software pirating (we will notice if it gets discussed, and it's in the forum rules - and kinda immoral).
Firstly, Windows Vista (I think SP2) or Windows 7 is required, this won't work on XP without a few hacks/tweaks, and it's not worth me writing the whole process out, plus I don't have an XP machine to hand, so I can't try things.
The most common issues can be fixed with just installing the correct software.
You NEED to have the official WP7 Developer Tools installed, they're a free download from Microsoft, and if you're planning on doing development (which is after all part of the reason for wanting sideloading) you kind of need them.
There's a guide on how to install them (provided by Microsoft) here. You only need the basic toolset from here, but installing the October update won't cause any issues.
This should solve the following exception:
Code:
System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.SmartDevice.Connectivity, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.
as well as a few other issues.
When running any of the tools, if you encounter issues, try either running the tool as an administrator or turn of UAC (for both, do a search if you've no idea what I'm on about), this may solve some issues with access rights etc.
Once you've got that installed, Chevron issues are in post #2, sideloading XAPs in #3.
ChevronWP7 Issues
With Chevron, most things are explained well in the opening post of this thread. Read it.
Chevron works by tricking your phone into thinking it's communicating with Microsoft servers, when it's actually just communicating with Chevron, this means certain web based activities may interfere (Skype for example).
The best way of finding out what's going on, is to use the following guide, it should work, if that fails, then post a question.
sushovande said:
Okay so here is *everything* I did to succeed in re-unlocking my Samsung Focus
1. Have Winphone developer tools installed
2. Connect Phone via USB
3. Wait till zune starts and sync completes
4. Verify that zune is not in a guest relationship
5. open a command prompt, type netstat -a to confirm that port 443 is not being used
6. open an admin command prompt, navigate to c:\windows\system32\drivers\etc\ then type notepad hosts and delete any references to windowsphone developer services
7. go to the settings on the phone and turn airplane mode on (so that the phone is forced to use internet via zune)
8. While the phone is still on the settings page, run Chevron with admin privileges
And it worked!
Click to expand...
Click to collapse
There's no way to know whether a device is unlocked or not until you come to sideloading, which is the point where it matters anyway. Nothing (visible) will change on the device, so don't bother looking for any changes.
WP7 devices occasionally phone home (as far as I know they only do so when connected with Zune) to check whether they should be unlocked or not. If not, they quietly re-lock themselves, and non-marketplace apps will say something along the lines of "This application has been revoked". You'll need to try unlocking again with Chevron and possibly reinstall the apps. There's not much that can be done other than legitimately unlocking your devices.
There's a sideload limit of 10 applications, though there's a version of Chevron that has this limit hacked out of it, I just can't remember where it is. For most legitimate uses, this limit should be fine (and is better than the student/DreamSpark limit of 3).
XAP Installation
A first port of call if Toms XAP Installer doesn't work is to use the official one. It does work.
If you've installed the Developer Tools linked to in the first post, you'll have it already, and should be able to sideload, if your device has been unlocked. If it hasn't you'll have issues, and you should take a look at post #2 in this thread.
Hi hackers,
Version 2.1 of DeployProvXML is here, and should be more robust than the previous version:
1: The CustClear.provxml file is now copied both using the filesystem DLL (like v1) and using XML provisioning (hopefully works aroudn the HTC update blocking filesystem access.
2: The CustClear.provxml file is now self-chaining. Really, this time - so long as you run the program *once*, you can even change the included CustClear.provxml, re-deploy, and run Connection Setup; your new version will then be copied to \Windows. (Re-run CS to actually process your new version). No more need to re-run DeployProvXML after each use of Connection Setup!
3. The program now contains more diagnostics. It sets a registry value at launch (using ComRegRW.DLL), changes that registry value (using provxml) when deploying the file, and changes it again when the deployed file is processed by Connection Setup (as part of the CustClear.provxml). It also checks that the value is as expected avter deploying.
REQUEST:
Anybody who has an interop-unlocked HTC phone with the latest official HTC update (meaning you can't use TouchXplorer anymore), please run this app, then run Connection Setup, then use a registry editor to check the key HKCU\Software\DeployProvXML. It should have a value, LastOperation. Please include the data in the value (or the fact that it doesn't exist) with your reports. Thank you!
Description:
Another handy little utility for people with HTC phones, this app simply copies a CustClear.provxml file from its install directory to \Windows, then exits. The idea is to make sure that you're never without at least a basic file that can be used by Connection Setup to unlock your phone. New in v2, every time you run Connection Setup, the file will automatically restore itself to the Windows directory. This ensures you'll never accidentally get caught with a locked phone after an upgrade or something!
The included Provxml has three parts. However, you can customize it however you like by opening the XAP file and editing the embedded provxml. The parts are:
1: Applies the registry settings to unlock the phone, including Interop-Unlock.
2: Applies a test value in the registry, at HKCU\Software\DeployProvXML. This value is harmless but can be used to test if the app is working.
3: Chain-copies itself from DeployProvXML's install folder into Windows again, replacing the copy that Connection Setup consumes.
Note that this program does not actaully apply the provxml, merely copies it to where Connection Setup expects to find it. It should close immediately after starting; this is not a bug. If you see a dialog box instead, something went wrong and you should report it below!
This program is only going to work on HTC phones, since it uses the HTC DLLs for provxml, file access, and registry. It is a 7.0 app but is compatible with Mango if you have Interop Unlock already.
XAP is in DeployProvxml\bin\debug. Source included for those interested.
Do you think a deployer for OMNIA 7 is possible ?
Maybe with a .dll of WP7 Root Tools ?
So users who didn´t prepare their device for our OnDevice provxml app under NoDo could also enable this feature...
contable said:
Do you think a deployer for OMNIA 7 is possible ?
Maybe with a .dll of WP7 Root Tools ?
So users who didn´t prepare their device for our OnDevice provxml app under NoDo could also enable this feature...
Click to expand...
Click to collapse
This has been solved I can finally test the app myself now. I changed the path to copy the provxml from the iso storage of the app instead of the provxml folder.
Interop.Services
Just read this http://translate.google.com/transla...oducing-windows-phone-7-5-native-programming/
Any joy?
Looks cool, but I'll need to investigate further. It has definitley been reproted that Homebrew apps without ID_CAP_INTEROPSERVICES don't work even in Mango. It sounds like this guy is maybe using a marketplace signed DLL, though? Not sure - the translation isn't great. He's working from an app that I've never explored, and that appears to be specific to the Japanese Mango phone.
how do we use it. will it permanently unlock when we update to official Mango?
Ttblondey said:
how do we use it. will it permanently unlock when we update to official Mango?
Click to expand...
Click to collapse
Install app in NoDo.
Run in once.
Upgrade to Mango.
Run the Connection Setup app (from Marketplace).
Hit "OK" in Connection Setup.
Your phone is now dev-unlocked and will not automatically relock. Additionally, you can now install Mango homebrew.
I suggest you then run DeployProXml again, since installing an update, even something like a HTC firmware update, may re-lock the phone. So long as you've run DeployProvXml since the last time you ran Connection Setup, though, you can unlock again.
If this helps, please hit Thanks!
piaqt said:
Just read this http://translate.google.com/transla...oducing-windows-phone-7-5-native-programming/
Any joy?
Click to expand...
Click to collapse
he does pretty much the same from what I read. You just use oem dll's and have some native functions to work with. f/e htc has file operations + regoperations + provxml, samsung has regoperations + provxml (trough which you can do regops). This manufacturer dll probably contains fileops as well, which is nice since there might also be a chance that there will be a working provxml method and with the fileops you can copy the provxml files to the desired location. In theory ofcourse.
Marvin_S said:
he does pretty much the same from what I read. You just use oem dll's and have some native functions to work with. f/e htc has file operations + regoperations + provxml, samsung has regoperations + provxml (trough which you can do regops). This manufacturer dll probably contains fileops as well, which is nice since there might also be a chance that there will be a working provxml method and with the fileops you can copy the provxml files to the desired location. In theory ofcourse.
Click to expand...
Click to collapse
There are two differences that are worth noting, though.
A) This is a phone that came with Mango. There was never any chance to unlock it for Mango homebrew. It blocks apps with ID_CAP_INTEROPSERVICES - something we had to work around with registry edits.
B) Related to A, he can call native code without having ID_CAP_INTEROPSERVICES. This isn't supposed to be possible at all. Makes me wonder if he's actually calling anything in the DLL or if he's just loading the COM object but not using it and calling that success.
GoodDayToDie said:
There are two differences that are worth noting, though.
A) This is a phone that came with Mango. There was never any chance to unlock it for Mango homebrew. It blocks apps with ID_CAP_INTEROPSERVICES - something we had to work around with registry edits.
B) Related to A, he can call native code without having ID_CAP_INTEROPSERVICES. This isn't supposed to be possible at all. Makes me wonder if he's actually calling anything in the DLL or if he's just loading the COM object but not using it and calling that success.
Click to expand...
Click to collapse
Ahh yeah your right. Yeah I realy wonder what the trick behind it is and if he manages to install it.
Something else I have not tried yet, but what happens if you deploy it without the id_cap and than run it. It will not work obviously, but what happens if you redeploy with the tag in? Will it still get rejected? Because the phone rejects the app I think.
Hey, the ZIP contains a folder, which, if I package into a XAP, fails on deployment. What's the best way to get this packaged into a usable XAP?
trying to figure out how to install this app.
@thesecondsfade:
Bottom line of the first post:
"XAP is in DeployProvxml\bin\debug. Source included for those interested."
I distribute most of my apps this way, unless the source is really big and the XAP alone is a significantly smaller download for some reason.
@Ttblondey:
Is your phone dev-unlocked?
Is your phone either pre-Mango, or interop-unlocked?
Do you have a XAP deployment program and the Zune software?
GoodDayToDie said:
@thesecondsfade:
Bottom line of the first post:
"XAP is in DeployProvxml\bin\debug. Source included for those interested."
I distribute most of my apps this way, unless the source is really big and the XAP alone is a significantly smaller download for some reason.
@Ttblondey:
Is your phone dev-unlocked?
Is your phone either pre-Mango, or interop-unlocked?
Do you have a XAP deployment program and the Zune software?
Click to expand...
Click to collapse
My TouchXplorer does not work anymore after updating to the official Mango, though my phone is still unlocked. This XAP will definitely helps if new firmware/updates come along to deploy Provxml to /windows.
I've installed it but how can I verify if this is being installed/copied to /windows?
GoingInside said:
My TouchXplorer does not work anymore after updating to the official Mango, though my phone is still unlocked. This XAP will definitely helps if new firmware/updates come along to deploy Provxml to /windows.
I've installed it but how can I verify if this is being installed/copied to /windows?
Click to expand...
Click to collapse
This app uses the same DLL as TouchXplorer, which means it doesn't work either (I wrote a number of apps using that DLL, including a backup tool, and none of them can see any files anymore). I'm not sure exactly what was changed, but yeah, they broke it. My hope is that Heathcliff74's WP7 Root Tools will restore file browsing on HTC soon.
As soon as I finish restoring my phone, I'll try writing a version of the app that uses ProvXML to copy the file, instead of ComFileRW.dll (which no longer works if you get the final HTC update). Using ProvXML is limited in some ways - you can't browse the filesystem, for example - but it works great for this type of operation.
i'm on force unlock from Ansar's thread with Pedbe way final mango.Been trying to use advancedconfig 1.3,1.4 battery meter it don't work anymore.Good thing I can sideload(that's important)
GoodDayToDie said:
This app uses the same DLL as TouchXplorer, which means it doesn't work either (I wrote a number of apps using that DLL, including a backup tool, and none of them can see any files anymore). I'm not sure exactly what was changed, but yeah, they broke it. My hope is that Heathcliff74's WP7 Root Tools will restore file browsing on HTC soon.
As soon as I finish restoring my phone, I'll try writing a version of the app that uses ProvXML to copy the file, instead of ComFileRW.dll (which no longer works if you get the final HTC update). Using ProvXML is limited in some ways - you can't browse the filesystem, for example - but it works great for this type of operation.
Click to expand...
Click to collapse
Ok, guess I'll have to wait for the experts (Heathcliff74 and you etc) to solve this HTC drive update issue. Thank you!
GoingInside said:
Ok, guess I'll have to wait for the experts (Heathcliff74 and you etc) to solve this HTC drive update issue. Thank you!
Click to expand...
Click to collapse
@GoingInside, and anybody else in the same boat (latest HTC update installed, filesystem browsing broken), please try the latest version (v2, now on the initial post)! After running the app once, run Connection Setup and hit OK. After you do that, use a Registry Editor to check for the presence of the following registry key: HKCU\Software\DeployProvXML.
Please report whether that key is present. If it is, that means the app is fully functional even with the latest update!
I only have a NoDo Backup (my phone came with nodo) - can I get the interop unlock trough dev unlocking the phone and then running our app?
nvm, I am now downgrading to NoDo and Will then update to the HTC RTM (the one that Comes via zune). As soon as I am there I will tell you if i had luck with it or not (I hope I can interopunlock on NoDo as the 3 apps sideloadlimit is crap)
Update 1: I am on NoDo and I started your app. It cloesd, i went to Connection Setup and ran it. Will check if the registry value is there as soon as some XAPs are deployed (first time that I can deploy more than 3 XAPs )
Update 2: Now going trough the Beta - RTM - HTC Update Update marathon. Will Report back as soon as I am on HTC's RTM
GoodDayToDie said:
@GoingInside, and anybody else in the same boat (latest HTC update installed, filesystem browsing broken), please try the latest version (v2, now on the initial post)! After running the app once, run Connection Setup and hit OK. After you do that, use a Registry Editor to check for the presence of the following registry key: HKCU\Software\DeployProvXML.
Please report whether that key is present. If it is, that means the app is fully functional even with the latest update!
Click to expand...
Click to collapse
Unfortunately, it seems that the new XAP (v2) doesn't work as well. Copy and deploy the latest DeployProvXML.xap (dated 5/10/2011) to my HTC trophy. After running Connection Setup, I can't find the registry key: HKCU\Software\DeployProvXML. I only found MICROSOFT under HKCU/Software/.
But please continue your research into this. THANKS!
In the past, Windows has had editions for consumers that did not include Remote Desktop enabled. Usually there was a patch to enable it. Recently it has been proved how there is almost no difference between Windows 8 and Windows RT and that RT is just a port of Windows 8. So what about all the system files? They can be changed just like x86 Windows. So what about enabling Remote Desktop, so we don't need a ARM remote app that we need to unlock Windows for, and we can use what comes with Windows. In the past we modified the termsrv.dll file and changed some registry settings. I've included the Windows 8 and the Windows RT versions of termsrv.dll so that maybe some clever ones might try and crack a solution to enabling it on Windows RT.
sionicion said:
In the past, Windows has had editions for consumers that did not include Remote Desktop enabled. Usually there was a patch to enable it. Recently it has been proved how there is almost no difference between Windows 8 and Windows RT and that RT is just a port of Windows 8. So what about all the system files? They can be changed just like x86 Windows. So what about enabling Remote Desktop, so we don't need a ARM remote app that we need to unlock Windows for, and we can use what comes with Windows. In the past we modified the termsrv.dll file and changed some registry settings. I've included the Windows 8 and the Windows RT versions of termsrv.dll so that maybe some clever ones might try and crack a solution to enabling it on Windows RT.
Click to expand...
Click to collapse
termsrv is a system service and how can we use a modified termsrv.dll before we use the Jailbreak tool?maybe we can edit termsrv.dll in the memory.
We can't, I suspect. Even after jailbreaking, the lack of a signature on a system file may be a problem. It's worth a shot, though.
termsrv.dll -should- be a usermode library that would be editable after the jailbreak.
I am able to take ownership of the file and replace it. But it won't use the termsrv.dll from my windows 8… I'm almost positive it is because the dll is different depending on architecture. But it should be as easily replaceable as any system file on windows 8, am I right? I don't see why it wouldn't but I could be wrong.
Yeah, pretty much. You definitely won't be able to use the Win8 version (x86 machine code, ARM processor, not gonna fly...) but a modified version of the Windows RT version might work. Bear in mind that since modifying the DLL will invalidate the signature, this won't work if the signature validation is enforced (i.e. you'll have to jailbreak).
Should be possible using the Remote Debugging Tools or, even better, cdb. Put it in a .cmd file in autorun and voila
clrokr said:
Should be possible using the Remote Debugging Tools or, even better, cdb. Put it in a .cmd file in autorun and voila
Click to expand...
Click to collapse
Please!! Remote desktop would be awesome enabled on the Surface RT, if someone could work on it I know a lot of people would be very grateful!
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
Can you share how you managed to get the rt joined to a domain?
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
Wouldn't both methods work though? Your method works by enabling features from other editions by telling Windows that's what edition it is running. It disables it when the Software Protection service restores it to the original template according to the edition. By patching the DLL file, you could trigger Remote Desktop to work without it needing to check in with the kernel policies.
I mean unless you have a way to modify these policies without all the extra occuring, it would work. But Bitlocker and the Software Protection service getting involved...it just sounds like a lot of extra work for something much bigger in the end, and I know there must be an easier way to force Remote Desktop to work without listening to these policies because it has been done in the past.
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
I tried to enable one of the Remote Desktop vars last night, allowRemoteConnections I think it was called, but I didn't get anything from it.
mamaich said:
I've already posted a method that should enable RDP here: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211 - no need to patch DLL, and would work on an a locked device. But you'll have to manually edit binary registry value, instead of using a provided tool.
I have not tested RDP, but after using this method I was able to recover an option of joining device to Active Directory domain (it was blocked by the similar policies).
Click to expand...
Click to collapse
Again, please if you were able to join an RT to the domain. Please let me know what you did. Would love to not get prompted to log in into PowerShell.
apatcas said:
Again, please if you were able to join an RT to the domain. Please let me know what you did. Would love to not get prompted to log in into PowerShell.
Click to expand...
Click to collapse
As I've already wrote - use this method: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211
1. Edit registry:
Code:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
and reboot. You will enter the setup mode. You would not see the mouse cursor in this mode, and you'll need a hardware keyboard.
2. Open this reg_binary value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductPolicy. Look for unicode string "WorkstationService-DomainJoinEnabled", it is near offset 0x4000. Look at this screenshot:
http://imageshack.us/photo/my-images/526/35796208.png/
Select the "00" byte that follows the zero byte after the 64 (64 00 == unicode "d" letter) as you see on the screenshot. Overwrite it with 01. Be careful not to insert a byte, you need to overwrite the existing byte!
3. Rename sppsvc.exe to anything else so that it would not run on boot and reset ProductPolicy ("ren sppsvc.exe sppsvc.bak")
4. Reboot. Now the option to join the domain would be available.
I have not tried to add workstation to domain myself - try that and post here. After adding to domain you may try to rename sppsvc.bak back to sppsvc.exe as otherwise you'll get the "unactivated" Windows RT. I think that this would only remove the add to domain UI, but the RT would be still domain-joined.
I've tried to edit the remote desktop settings keys - this unblocked the corresponding options in the computer settings, but I was unable to connect. Maybe this is due to absence of RDP code in terminal server service - I don't see anyone listening port 3398 though TermServer service is running.
mamaich said:
As I've already wrote - use this method: http://forum.xda-developers.com/showpost.php?p=36386089&postcount=211
1. Edit registry:
Code:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
and reboot. You will enter the setup mode. You would not see the mouse cursor in this mode, and you'll need a hardware keyboard.
2. Open this reg_binary value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductPolicy. Look for unicode string "WorkstationService-DomainJoinEnabled", it is near offset 0x4000. Look at this screenshot:
http://imageshack.us/photo/my-images/526/35796208.png/
Select the "00" byte that follows the zero byte after the 64 (64 00 == unicode "d" letter) as you see on the screenshot. Overwrite it with 01. Be careful not to insert a byte, you need to overwrite the existing byte!
3. Rename sppsvc.exe to anything else so that it would not run on boot and reset ProductPolicy ("ren sppsvc.exe sppsvc.bak")
4. Reboot. Now the option to join the domain would be available.
I have not tried to add workstation to domain myself - try that and post here. After adding to domain you may try to rename sppsvc.bak back to sppsvc.exe as otherwise you'll get the "unactivated" Windows RT. I think that this would only remove the add to domain UI, but the RT would be still domain-joined.
I've tried to edit the remote desktop settings keys - this unblocked the corresponding options in the computer settings, but I was unable to connect. Maybe this is due to absence of RDP code in terminal server service - I don't see anyone listening port 3398 though TermServer service is running.
Click to expand...
Click to collapse
Joined... Nice find.
apatcas said:
Joined... Nice find.
Click to expand...
Click to collapse
Have it remained domain-joined after restoring the original sppsvc.exe?
You have to return it back, otherwise you'll be annoyed with the activation reminders.
mamaich said:
Have it remained domain-joined after restoring the original sppsvc.exe?
You have to return it back, otherwise you'll be annoyed with the activation reminders.
Click to expand...
Click to collapse
We could possibly patch sppsvc to not check, then start the service up after jailbreaking it.
I'm honestly not sure if this would be considered piracy or not, though.
Edit: I used the program to set every value to 1 in setup mode (The latest jailbreak tool works in setup mode), and I didn't see any change for anything dealing with RDP.
Edit 2: Perhaps I shouldn't have set 'Disable' to 1. Regardless, I set it to 0 and the options popped up, but I can't get anything to go. As mamaich stated, I'm not seeing anything listening on port 3389. netstat -a -b on a desktop with it enabled says it's opened by CryptSvc, but I'm not seeing anything with CryptSvc that's not there on the tablet. That could just be netstat guessing which service running under svchost is actually running it, too.
netham45 said:
We could possibly patch sppsvc to not check, then start the service up after jailbreaking it.
I'm honestly not sure if this would be considered piracy or not, though.
Edit: I used the program to set every value to 1 in setup mode (The latest jailbreak tool works in setup mode), and I didn't see any change for anything dealing with RDP.
Edit 2: Perhaps I shouldn't have set 'Disable' to 1. Regardless, I set it to 0 and the options popped up, but I can't get anything to go. As mamaich stated, I'm not seeing anything listening on port 3389. netstat -a -b on a desktop with it enabled says it's opened by CryptSvc, but I'm not seeing anything with CryptSvc that's not there on the tablet. That could just be netstat guessing which service running under svchost is actually running it, too.
Click to expand...
Click to collapse
I think we must hack the dll file.But I find when I edit a byte in the dll,the service was not able to start.
apatcas said:
Joined... Nice find.
Click to expand...
Click to collapse
So is it true? that your device stays domain-joined after you restore sppsvc.exe?
@ Netham45, you could try to open up W81x86 termsrv.dll and go to these hex locations to find out what functions needed patching.
Hashes
File: W81x86\termsrv.dll
CRC-32: 202cd912
MD4: a879d39b8fbcd968b525af05a66aaf2c
MD5: 7a8e1158291cf4c8d8474a2091b9bf6d
SHA-1: e10028b074d24605e05b5e0bafd42f6a93ac01ad
1550F-15520
17428
A1B29
Then go into WinRT termsrv.dll, jump to those functions by name (because offsets will be different between x86 and RT) and Jmp or Nop as needed for WinRT. Afterwords it could be added via CDB / KD on-the-fly.