About 2 weeks ago, I took johnkussack's advice (I think it was him) and went to LinkedIn to try t be friends with anyone who came up on the search for "kin phone". In the invite email, I just said that I noticed they worked on the Kin phones and would like to ask them a few questions on how one could write to the phone. I have had 3 responses in the last 2 days.
Guy1: didn't know because he worked on the UI for the Kin Studio
Guy2: kindly told me he couldn't release an unauthorized build and that he would be breaking the law by doing so.
Guy3: This guy worked on the phone for over a year. He first told me I was breaking the DCMA by hacking/reverse engineering Kin, regardless of intent. Then he said this important thing:
"You are absolutely right in assuming that the device is locked; in fact, it has a hardware lock that is common to many such devices. When the devices roll of the manufacturing line the programming fuses are blown (literally) preventing any further programming of the device. This is all handled by hardware so unless you find a flaw with that you are out of luck."
So if this is true (sounds like it is), the "dream" is over. Hopefully there is some way that someone out there can find.
If I get more responses, I will post them here. Don't ask me to go back to these three who already replied and asked them more questions, I think I made some of them mad.
Hmmmm... I don't know whether or not the KIN models will accept OTA updates so that's a good question to ask. If OTA updates are possible then it's inherently possible to change the software. I wonder...
Yes, it was me the one who said about "linkedin".
But i also said "in one word NDA". You should known even before ask that the signed NDA are also legal contracts, so i prevented before asking them.
On the DCMA, yes.. on the USA. Outside the big country, the legal question is different and may not operate with that law. (if ever). If they provide a normal (legal?) way to unbrick my factory mode here, or to use the phone options, then i wait for the cost for it.
And everyone knew that hardware was not the way, just at the moment where first flash attempt failed. "Dream" is doable by software, if anything is to be done.
What i don't get is why to ask for rom rom roooooms, where we need drivers drivers driveeeeers... or sdk's. We won't get it anyway from MS, but no flashing means a rom is futile, non useful,crap pack of bytes.
But i also said "in one word NDA". You should known even before ask that the signed NDA are also legal contracts, so i prevented before asking them.
Click to expand...
Click to collapse
I figured I just take a shot in the dark; hope for the best and expect the worst. Since the phone and suuport from MS was discontinued, maybe the NDAs would be voided.
And everyone knew that hardware was not the way, just at the moment where first flash attempt failed. "Dream" is doable by software, if anything is to be done.
Click to expand...
Click to collapse
Good to know you still think there's a way.
What i don't get is why to ask for rom rom roooooms, where we need drivers drivers driveeeeers... or sdk's. We won't get it anyway from MS, but no flashing means a rom is futile, non useful,crap pack of bytes.
Click to expand...
Click to collapse
I just asked if "there is a way to get around the write lock". Had I known ahead of time to ask about drivers or SDKs, I would have put that in the msg.
I strongly believe that we could operate with the device,softwarewise. there is proof that the kin NAND memory (for now on, called "Storage" as label) is writeable. Not sure on the Rom part.
Of course, i mean.. just use it as a normal writable storage memory.
I posted how it could be done and would do it myself but, again, i bricked my phone, and available ones (through bidding sites) are so expensive to buy another one just for this (+ $150). Don't see a way to get it internationally again.
And even doing it, i'm not sure about what could be done just writing on the storage mem....
If the fuse byte is burn't should not it have prevented you from bricking?
kintwouser said:
If the fuse byte is burn't should not it have prevented you from bricking?
Click to expand...
Click to collapse
Nvitem bricked, not flashing bricked. You can succesfully write to the NVItems memory. But i guess it's just configuration memory and not the one "fused".
I just want to mention that jailbreaking a phone is NOT illegal in the United States! Geohot hacked the iphone... Apple went after him... Apple lost.
Also blowing the programming fuses seems a little fishy to me actually. No other phone does that. The majority of other phones have been flashed. I just think it would be pretty odd for a company to do that so that they no longer could update it. I am not sure I believe him. If this really was true... then why wouldn't Apple or Sony be doing it? This also doesn't make sense since Microsoft actually originally intended on putting WP7 on this as well as allowing apps for it. Check this article out:
http://www.intomobile.com/2010/05/12/kin-windows-phone-7-a-lot-closer-than-we-thought/
you must understand, its not possible to blow fuses in the hardware, it would be a top news story if they were able to keep the OS running in complience with the flash memory without it crashing. Obviously that was a lie to discourage us, and i dont even think that was a real kin developer, because microsoft clearly stated that all kin developers would be moved to WP7 or another programming section. And it doesnt matter if its legal or not to jailbrake phones, if we are porting a new OS, we wouldnt have modified the original OS, which is what jailbraking means. Most likely the OS is hidden deep in the flash memory with a write - protection. If you think its saying access denied because they said the fuses were blown, its wrong. They must just have a password or code that needs to be sent continuasly to the phone to access files. If the fuses were blown, then nothing would be able to be accessed by zune, because it would be impossible to reach the memory.
soninja8 said:
Most likely the OS is hidden deep in the flash memory with a write - protection. If you think its saying access denied because they said the fuses were blown, its wrong. They must just have a password or code that needs to be sent continuasly to the phone to access files. If the fuses were blown, then nothing would be able to be accessed by zune, because it would be impossible to reach the memory.
Click to expand...
Click to collapse
Not my expertise field, but this mobiles can (and in fact they do) have several memories, storing the OS in the ROM memory and all the data on the NAND memory (our "8gb" storage).
Zune software has protocols to query for available storages (requiring its label/id) and is allowed to write/read to it. If you dare to click on update version (at least in the 1st version I tried) it expressed that the option was not "available" to that device without web requesting data, apparently.
So.. in the nand flash we may only have the equivalent of a SD Card. And my last wince PDA showed that as /Storage too, apart from main wince ROM.
You can format the nand memory using win explorer if in fact it is the 8gig storage. I did this and it deleted all pics,albums etc. It was interesting to note that we cannot copy or view these pics without an access error but it does let me delete them.
I just wan't to be able to get my pics off this piece of crap without emailing them.
I posted it once. You are able to:
- Query storage properties (label, size, id,...)
- Query storage folders
- Query folder files.
- Query tracks / albums / playlist / images / anyZuneSupportedFile
- Delete * file (whatever)
- Format the storage
You are "unable" to:
- Upload (create) a file into the device
- Download a file from the device.
MTP protocol tools allows you to do so, from command line (not quite sure if they are available on Win32 OS's), but... fails to operate with this device when it comes to the "unavailable" operations.
I am curious as to which former developers you contacted?
I was doing some research and noticed that Microsoft acquired the company Danger, Inc. After Microsoft purchased them, the former president of Danger went to develop Android (later acquired by Google). One thing I read was that most of Dangers employees left after being purchased by Microsoft. Apparently these people don't like Microsoft all that much! I also looked into it a little more and found one of the founders of Danger who had a twitter account. Of course all of his tweets were via a "KIN". Thought that was interesting. It seems to me that these former Danger employees would be interested in helping out if they don't hold to high of an esteem for the big "M".
seems like this is your first "inside the move" trying-to-hack/reverse a thing, so i will say:
people involved doesnt wanna risk through legal issues, even if they were pissed off, just for "some kids" to have a driver or rom. NDA are strong there, and they could either sign them or leave (if leaving, they don't have the interesting things).
At most you would get bad-mood or good-luck comments, and ocassionaly (very uncommon), leaks (wont happen here).
yeah, they purchased danger for an amazing 500 million dollars, which they later developed the kin with it, they were planning to put windows phone 7 on it, but they were to behind and released it with the old windows CE, then the former developer moved to work on a free source OS, later called android. Google wanted to get android while it was cheap, so they bought that company, and made the old developer as 2nd engineer.
Maybe not worth yet, but we should get more *info* about the SBL mode (aka "Ms Pink Bootstrap), as coinflipper said that it was the way to flash OS or parts (like radio's).
I have been trying even OMA wap WBXML bootstrap examples with it, but as we dont know if our phone is standard, it's like looking for a water drop in the sea of possibilities.
We do not need a guide on how to do something, but what-to-do with it.
Maybe, JUST MAYBE, we could design a program like bitpim. I am a mac user and when I used bitpim with my enV touch, I used to edit all sorts of files. Examples would be phone info, server info etc. We could make a program like that to get the info. I know programming may be hard, but its worth a shot. I hate the OS on this phone, ESPECIALLY WHEN YOU PIN APPS! THEY LOOK HORRIBLE
Kinuser1 said:
Maybe, JUST MAYBE, we could design a program like bitpim. I am a mac user and when I used bitpim with my enV touch, I used to edit all sorts of files.
Click to expand...
Click to collapse
We can't. If we have not the protocols or the supported phone features (protocols, drivers, documentation,...) you cannot guess it and put it into visual basic (or Xcode) and then by *magic*get the program you want.
i will admit that i know very little about protocols and drivers but i would like to point out that bitpim is open source, and that the code can be found here ->
http-//sourceforge.net/scm/?type=svn&group_id=75211 (change "-" to ":")
i seem to recall bitpim already having limited support for the kin, but perhaps with a little research and a little code tweaking we can find ways to improve it? i'm not sure how feasable it is as i have very little experience with programming for phones/usb devices, but it's just a thought.
slimeq said:
i will admit that i know very little about protocols and drivers but i would like to point out that bitpim is open source, and that the code can be found here ->
http-//sourceforge.net/scm/?type=svn&group_id=75211 (change "-" to ":")
i seem to recall bitpim already having limited support for the kin, but perhaps with a little research and a little code tweaking we can find ways to improve it? i'm not sure how feasable it is as i have very little experience with programming for phones/usb devices, but it's just a thought.
Click to expand...
Click to collapse
We can't. If we have not the protocols or the supported phone features (protocols, drivers, documentation,...) you cannot guess it and put it into visual basic (or Xcode) and then by *magic*get the program you want.
Click to expand...
Click to collapse
The above applies to any software you want. Unless you magically found documentation or files (like OP), there's no way to. So f#cked.
The thing is always the same, tweaking tweaking... what to tweak, huh?
Related
Good evening folks,
I am considering buying the HTC Touch Pro2 when it is released in the USA on Tmobile. I would like to understand what hacking (security testing) tools are available on the Windows Mobile Platform. I am a security professional and have the desire to perform penetration testing from the HTC Touch Pro2.
It seems the MetaSploit framework is not available. I like to work with the command prompt, is the command prompt accessible on the HTC Touch Pro2? I've read some info about being able to mount ISOs or run emulators. Is there WiFi hacking software such as Kismet available?
Does anyone know what hacking tools are available for this platform?
Thank you!
Anyone have any ideas?
It doesn't run real windows, you can't get a command prompt. You'd be better off with a real machine.
There's a couple companies out there that sell WM devices for pentesting, but they are all provided with the hardware since they are focused on wifi and I don't believe the standard WM stuff lets you put it into promiscuous mode.
You'd probably be better off with an android device so you can just compile whatever you want.
MSFT products have never been suitable for comp-sec professionals.
You're better off connecting to a *nix box using either PocketPuTTY or using a webbrowser to connect to a remote server running metasploit.
Check out VxUtil, it gives you DNS, reverse DNS, port scan, ping, finger & so on. Pocket Putty is a good free SSH client, also does port forwarding.
OpenVPN works as well if that takes your fancy. Lots of security tools are available, they are just a bit obscure. I don't think nmap is around though.
thanks for the reply
Our company actually just released a new product (called Security Tools) that lets you ping, traceroute, do a WHOIS lookup, and even do port testing on your Windows Mobile phones. The port testing can even send clear text commands to a port such as 'GET / HTTP/1.0' to verify that it is a HTTP service listening on that port. The traceroute is also able to visually show the trace (if it's public IP address) on a map so you can kind of get a visual representation of where your traffic is going. Please feel free to try our one week free trial which lets you use the application for a week without limitations, so you can make sure everything works as you want before you buy.
You can visit the original post here at xda over at this thread:
http://forum.xda-developers.com/showthread.php?t=550473
or you can visit the website for the product at:
http://www.securenetworksystems.com/SecurityTools/
Punkster812:
I downloaded "security tool" , installed, got a license - and it was already expired...
Also, your company name is "secure network systems" and your web-pages are hosed in Microsoft IIS, and based on aspx .....seriously, if you wish to appear as a security company, you cannot use that crap.
the program with won't work because you serve old license, but one thing is clear; the icon is of very low resolution, and looks bad on WM6.5 or TouchFlo menu.
And: the long Device-ID is there only to annoy your customers, no pir8 would ever be bothered by it, so you may as well stick to 6 characters alphanumeric code +-+++...
AlCapone said:
Punkster812:
I downloaded "security tool" , installed, got a license - and it was already expired...
Also, your company name is "secure network systems" and your web-pages are hosed in Microsoft IIS, and based on aspx .....seriously, if you wish to appear as a security company, you cannot use that crap.
the program with won't work because you serve old license, but one thing is clear; the icon is of very low resolution, and looks bad on WM6.5 or TouchFlo menu.
And: the long Device-ID is there only to annoy your customers, no pir8 would ever be bothered by it, so you may as well stick to 6 characters alphanumeric code +-+++...
Click to expand...
Click to collapse
I am sorry that you had troubles with the trial download, if you PM me with your Device ID I can get you one. We are aware of the low resolution, but rather than focusing on a pretty icon, we worked hard on a functional program. The long Device ID is not to annoy customers, it is actual a very secure method that we use and if you are able to break it, I would be very impressed; I know it's long but it's to protect our intellectual property and no other licensing method existed that prevent piracy like this does. We know ever method is breakable, but this accomplished our goal of restricting to the pirates that are going to steal software no matter what.
As far as the server... you are using a Microsoft product as well for you phone. We very rarely use Asp.net through our site, in fact it's only for license generation and to set up an order, but doesn't actually handle purchases. So the site is secure and I am confused on why you think our site is so insecure. I love Linux and Apache as much as the next network administrator. 4 out of 5 of my personal pc's run Linux with one set up with Apache for my personal site, but for our business needs, we went with IIS.
Again I am sorry that it didn't work for you, I will double check to see if it's still properly generating license, and remember, the trial starts from when you download the license, not run the application with the license.
regarding IIS: http://www.internetnews.com/securit...Microsoft+Rushes+to+Patch+FTP+Hole+in+IIS.htm
This finally got some attention, it was in fact being exploited for years, over several versions.
Hosting software on vulnerable servers gives an opportunity for hackers to easily repack your CAB with spyware/dialer, and you can guess the rest. - such CABs must be inspected for each download.
Regrading long serial number, it only makes a brute force attack harder, at best, which is usually not the method used. You can as well trunk it to a 6-7 char/alphanumeric number, and it will work the same, but annoy people less.
Remember you are at a forum where people often reflash, and entering long serials each time (if cannot be exported from registry) - is boring, and a motivation to workaround.
I can't remember what it's called, but there is a CAIN port for Windows Mobile.
Fmstrat said:
I can't remember what it's called, but there is a CAIN port for Windows Mobile.
Click to expand...
Click to collapse
you are right; - it's simply "Cain for PPC:"
http://www.oxid.it/downloads/Cain_setup_PPC.ARM.exe
and yes, it's far away from the "real" Cain.
AlCapone said:
regarding IIS: http://www.internetnews.com/securit...Microsoft+Rushes+to+Patch+FTP+Hole+in+IIS.htm
This finally got some attention, it was in fact being exploited for years, over several versions.
Hosting software on vulnerable servers gives an opportunity for hackers to easily repack your CAB with spyware/dialer, and you can guess the rest. - such CABs must be inspected for each download.
Regrading long serial number, it only makes a brute force attack harder, at best, which is usually not the method used. You can as well trunk it to a 6-7 char/alphanumeric number, and it will work the same, but annoy people less.
Remember you are at a forum where people often reflash, and entering long serials each time (if cannot be exported from registry) - is boring, and a motivation to workaround.
Click to expand...
Click to collapse
Thanks for the link, I looked into and we are not vulnerable against the attack and never have been due to the attacks requirements (http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx). As far as brute forcing, without going into to much details, would be extremely difficult to do as it uses standards proven encryption algorithms. The extremely long serial that you are talking about is a unique ID for your phone. We know it's long and are always looking for ways to improve the licensing we use. The license is a file and not something that you key in, you copy to the installation directory; so you can keep a copy in your email, on your computer, flash drive, where ever for back up purposes in case you need to reload the app.
As far as reflashing, that is a very valid point. I am not 100% sure, but I believe reflashing should not hurt the license, which would hopefully mean you wouldn't have to enter your device id again. But if any one could confirm this, that would be appreciated. We know a lot of the people here are very advanced and know more about their phones then most the people at service providers or even the phone manufactures themselves sometimes, which is why we enjoy releasing our products here for testing before we release them to the public. In the little time that Security Tools has been up we have received some constructive feedback on what could be improved.
Punkster812 said:
As far as brute forcing, without going into to much details, would be extremely difficult to do as it uses standards proven encryption algorithms.
Click to expand...
Click to collapse
Right, that's why I said long numbers would be good for only that, once the calculation/verification routine is extracted for a keygen, it's no more job whatever the result is 6 or 50 digits long.
- Therefore, you might save your customers from all the boring entry, because no keygen /(or crack) will be more difficult by having more digits.
This is a new feature for WP7. An API will be provided for external services to validate that a call is coming from a Genuine Windows Phone. This will be accomplished by a requirement that every phone have a unique certificate applied during manufacturing process (similar to an IMEI, but more than a simple number, an actual .cer)
The certificate is to be stored in the "Device Provisioning Partition" during the manufacturing process and is to be destroyed upon completion of manufacturing. Any time a reflash occurs, a new certificate is to be issued.
This represents a significant change from the existing paradigm as your phone will be instantly uniquely identifiable through this method.
Bump for visibility
Is that going to make flashing custom ROMs an issue?
i think it gonna make flashing difficult..
if you flashed with custom, your WP7 would not be taken as genuine hehehe like Windows 7 lol
maharz said:
i think it gonna make flashing difficult..
if you flashed with custom, your WP7 would not be taken as genuine hehehe like Windows 7 lol
Click to expand...
Click to collapse
lol then you have to mod your bios.
On the bright side, we may have fewer reasons to flash custom ROMs on WP7. What are our current reasons for flashing?
1. We need new OS versions on our devices when OEMs don't provide that. Well, this is supposed to be taken care of by centralized update mechanisms for all devices. WP7 will also support partial updates where you don't have to change everything but rather update certain components. Also, firmware files should be replaceable - otherwise OS updates wouldn't work. We'll be less dependant on HTC or whomever.
2. We need components from other devices (newer versions of Manila etc.). Well, these won't exist anymore.
3. We want light ROMs. WP7 will need things added, not removed, for the most part, and crapware will be very limited.
vangrieg said:
On the bright side, we may have fewer reasons to flash custom ROMs on WP7. What are our current reasons for flashing?
1. We need new OS versions on our devices when OEMs don't provide that. Well, this is supposed to be taken care of by centralized update mechanisms for all devices. WP7 will also support partial updates where you don't have to change everything but rather update certain components. Also, firmware files should be replaceable - otherwise OS updates wouldn't work. We'll be less dependant on HTC or whomever.
2. We need components from other devices (newer versions of Manila etc.). Well, these won't exist anymore.
3. We want light ROMs. WP7 will need things added, not removed, for the most part, and crapware will be very limited.
Click to expand...
Click to collapse
Very true. With the OTA MS updates and such it will make life easier for updating the OS.
That could also bring a pitfall - hacking attempts that once worked get blocked.
Da_G said:
This is a new feature for WP7. An API will be provided for external services to validate that a call is coming from a Genuine Windows Phone. This will be accomplished by a requirement that every phone have a unique certificate applied during manufacturing process (similar to an IMEI, but more than a simple number, an actual .cer)
The certificate is to be stored in the "Device Provisioning Partition" during the manufacturing process and is to be destroyed upon completion of manufacturing. Any time a reflash occurs, a new certificate is to be issued.
This represents a significant change from the existing paradigm as your phone will be instantly uniquely identifiable through this method.
Click to expand...
Click to collapse
1. Project Echelon, lol.
2. End of dev'n'hacking, lol.
(now, remove both lol's)
M$ REALLY thinks it may compete with iphone(and apple stupidity), can you believe...
The "uniquely identifiable phone" feature is probably the major reason for this. Face it, outside of these forums, how many "non-genuine" WM builds are there?
What this provides is a token-pair for secure message encryption and a single point of origin/destination for all those notifications.
Thank you for the information, Da_G.
So it seems this will also affect us being able to port a WM7 ROM to another mobile?
So this means evry phone has a unique certificate
They will look for a way around that. For instance...who's to say microsoft are even implementing the certificate etc on prototypes...that would be darn impractical since there's so much chopping and changing in this developer stage, and do we know the servers are up and running? We should cross this bridge when we/Da_G come to it, and look for a bypass if not.
I do not think this money will be wasted if we dont port it to HD2, the fact is I will be the first to donate when pre-orders for the first HTC WP7 handset is outed so that Da_G can use his tools for that too. The JTAG test point will be useful to the community and I know Da_G will use it for the community...actually there's very little personal stuff he could do, and I doubt he would anyways, since all the uses will be of benefit to the community.
We should definitely start look at alternatives to the marketplace now, like Cydia. I'm not sure how the guy's doing it, whether he has servers etc, whether we could use them for multitasking/social networking or other uses. Depends how far microsoft go. Anyways, we all know that if m$ close it down and we cant jailbreak etc, then the community will have to migrate to android.
if i understand the situtation. If every phone is uniquely identifyable it means that imei may be part of cert calculations which means update code would have to be able to generate a cert or request a cert from the update server.
But if the phone checks the certs validity reverse engineering the check could help us fake cert files
EDIT:
after reading on rom deployment it seems that it cert files would need to be faked in order to port to other phones and updates will also involve trickery of its own
Unless somone does something even more awesome
Hey, i was playing a bit with some files here and there, so i faked Xna to believe that kin was a zune (i'm a ninja) and then becoming asleep when suddenly i launched the first non-official app on the kin.. although it didn't work.
It's the result of a bad deployment of a XNA game template, which runs till the loading part, where it's broken and does nothing.
On the other hand, it's listed on the recent apps tab, and i was able to re-do the deployment. I wasnt able to redo after some time, even rebooting the Kin.
Yup, i know it does nothing but... makes you wonder if working apps can be made and yak yak yak.
Fyi, i was able to reboot succesfully but the app must be in a temp space, cause it didnt showed anymore nor in recent apps, nor in the menu. Kino showed me that there were no further files, other than mines.
i thought that a video would show things that are real and ... well.. all. So it's attached.
I wont tell how it goes in the very end till i'm able to reproduce it, and also, cause i *cough* modified *cough* some file in my windows to do so (not distributing them, for legal reasons and so). In any case, i would just tell how to get the same file, through a process.
I h4ck3d this thing, now, where are my cookies? (just kidding)
Edit:
Disclaimer
Ha! Before doing anything, this is going to scr*w your XnaFramework 3.1 Zune capabilities, so.... backup first, backup first... did you backup?
Ha 2.0. This is you, doing it personally. If it's not legal there (?) i take no responsabilities from what you do. If you crash your windows/zune/kin... i won't pay it.
Procedure
- Install Visual studio 2008 c# express (or 2008 if you have it... legally and so on) for free from microsoft.
- Install the Xna framework 3.1 (I also installed 4.0 but... it's not going to work for other tests i wanna make... so.... i wouldnt do it)
- Install the Xna framework 3.1 zune extensions
- Install a hex editor ... my favourite is HxD but others, like ultraedit32 or... [insert other here] will work. Notepad is not a hex editor.
- Look for "XnatransZ.dll" under "c:\program files\common files\microsoft shared\xna" (or just common files will only have one or two inside). There are Am64 folders with it (64 bits) and X86 (32 bits), of course, you are going to edit the one you use and so....
- Backup... remember to backup... backup... man, do a backup. Then open the file
- Search for the following HEX pattern: 5a 00 75 00 6e 00 65 00 00 00
(which is "Z.u.n.e..."). Make sure that on the right side on HxD shows Zune alone and not "Z.u.n.e.D.e.v.i.c.e.", or so. Replace it (overwriting left side on Hxd) with: 4b 00 49 00 4e 00 00 00 00 00 (which is "K.I.N....")
- Save the file.
- Now use the xna device center to add a new device, and pick a Zune (yup, a zune). Kin will appear there if done correctly.
Explanation
Why this change? Well, seems like it's pretty much stupid things around.
First i thought that as there were only a few models of zune, the xna would have the PID and VID values for their devices.
Then through *magic process* i saw that it just looked at the "Zune" text and compared it with the devices on the system. So i changed the zune driver info to name the Kin as "Zune" (haha smart approach huh!) but the Zune software is sooo smart, that it changed the device name under device manager... Wow!
So... i checked that file and ... through *magic process* i found out that it checked the devices statically (using "Zune"), so as i couldn change my device name, i turned that string into ours: "KIN" and.. magic worked...
Surely, not going to help us... but it's kind of a weird thing that it worked "as is" (Xna detects the phone as compatible) even if later it says that the needed runtimes werent present at the phone (it's ok, the files for gaming aren't probably on the kin).
That means that microsoft could modify the Xna to let development on the kin, but was out of it, not the kin market i guess.
hmm.. if this XNA application doesn't appear on first page... then how did you launch it in the first place?
Any way of receiving already made apps?
You wrote to phone's unreachable memory?
Tutorial?
Too many question? umad?
Try to get one of the phones apps and see how they are coded so you can get one to launch
Antonpup said:
hmm.. if this XNA application doesn't appear on first page... then how did you launch it in the first place?
Click to expand...
Click to collapse
Deployment launched it if i had the device connected, in a non error state, and with the screen showing the home (apps) window. IF it was with the screen turned of, it didnt showed anything (quite meh). Then i realizzed that it was on the recent
Antonpup said:
Any way of receiving already made apps?
Click to expand...
Click to collapse
Who knows yet?
Antonpup said:
You wrote to phone's unreachable memory?
Click to expand...
Click to collapse
Not sure of where this app went, must recheck at night
Antonpup said:
Tutorial?
Click to expand...
Click to collapse
When is repeatable or a working thing. I said, i modified files which is not the same as redevelop things. this is clearly a hack (of the files,not the device itself).
Great to hear of more potential progress here.
I'm curious, JohnKussack... was it my comment about XNA a while back that led you in this direction?
Marcellus1 said:
Would Zune apps loaded through KinO run? What about XNA apps?
Click to expand...
Click to collapse
Marcellus1 said:
Great to hear of more potential progress here.
I'm curious, JohnKussack... was it my comment about XNA a while back that led you in this direction?
Click to expand...
Click to collapse
Unfortunately, not. I was inspecting the Xna software for about 1 day or more before posting this. A few days before your post, i was able to upload anything with KinO and tried it without success.
This comes from *other* ways, which we have no idea about how they work. I will skip the part where i found how it all works when looking for a "Zune".
I've been experimenting with all the kin related test for a year (not continuosly) and went curious about "why Xna device center doesnt recognize the kin?". The answer is pretty much stupid: because it looks for the Zune.
I updated the first post about how to operate with the Xna framework, although it doesnt let you do anything, it's a lame thing.
Pretty cool findings, man. So are you able to duplicate this on both the TWO and TWOm versions of the OS? Are the results the same?
(actually, I don't even know if your current working device can be switched between the original and M versions of the OS)
klamation said:
So are you able to duplicate this on both the TWO and TWOm versions of the OS? Are the results the same?
(actually, I don't even know if your current working device can be switched between the original and M versions of the OS)
Click to expand...
Click to collapse
I prefer not to play Russian Roulette with RB+power option, and getting a kintwo or a brick atm. If i was on verizon coverage area... mmmm might be. I'm getting this on my new phone, which is a Kin Two M (2 yellow dots model to be exact)
I will try to send programs till i figure out what could work or i get bored. In the end... microsoft abandoned the kin, so unless we test things... we'r stuck with the phone.
maybe one of this lame programs lets us read(even only reading) the normal filesystem.
In any case... i will try some helloworld!
I could kiss you right now
johnkussack, I've been reading all of your posts on here and... wow. I'm amazed at your knowledge and how much you have been able to figure out. You are so close to getting apps on this phone!
I know nothing about Windows hacking/development, but I have had experience with Android development on old WM6 devices. The hardware on this phone is capable of running android, the only thing stopping it is not being able to test the builds. If you figure out how to get apps to launch, one of the ones I suggest you put on your list is Haret.exe, then maybe we can send the android files to the phones storage and... well, I'm rambling on and on right now. Anyways, here's what I am thinking after reading all that you have done:
On my old Env2, the device was locked to only run BREW games, which was a pain because you can't torrent them Flash games couldn't be launched from the SD card or the internal memory, but some genius figured out that the calculator and the world clock were flash apps. So by connecting your phone to your PC and using bitpim (at least I think it was bitpim) you could replace the world clock or calculator with 2 flash games, like pac man.
So, I'm assuming that the apps already on the Kin are .exe or something, couldn't you just replace the calculator on the kin with a file system explorer?
You probably know all of this, I hope this post helped in some way and didn't just waste your time...
Good Luck! - Jeff
Jemilio3 said:
...So, I'm assuming that the apps already on the Kin are .exe or something, couldn't you just replace the calculator on the kin with a file system explorer?
You probably know all of this, I hope this post helped in some way and didn't just waste your time...
Good Luck! - Jeff
Click to expand...
Click to collapse
The main complication with this is, we haven't found any way to get access to the main file system of the phone (the one containing the Windows Mobile OS files). BitPim gives access to one small area, and MTP (using John's KinO software) gives access to another area.
If we could find a way to gain access to the main operating system of the phone, then we're almost assured victory.
@Jemilio3 Thanks for the compliments hehehe.
As was very well explained by Klamation, we do not have access to the filesystem where the OS is (at least for now), we are kind of stuck with what we have.
From my past experiences with a win mobile 2003 pda, the system will be a fixed rom memory, user available space (configuration & temp values) and a storage card (our storage now).
So when we CB reboot the kin, just configuration & storage are cleaned.
I'm still operating on what to do with my pc, the disk is half dead, but isnt sata, so no replacement easily... reinstalling on another external disk to test things....tomorrow
There are several things to test by now:
-test for deployment tools on the xna3.1
-deployment of apps using xna 3.1 and openzdk deploy tools
-xna 3.1 deployment with visual studio (for ages testing)
.... a lot hahaha
It's very strange that the device is so locked down. Music and videos sync to the main memory, right? Maybe the solution isn't to hack the device, but to hack the program that syncs the music.
I wish I could help with the testing, but the only Kin I have access to is my dads, so I can't mess with it. Maybe I will call the people who made the Kin and see if they will help us.
Jemilio3 said:
Maybe I will call the people who made the Kin and see if they will help us.
Click to expand...
Click to collapse
We already tried this. Microsoft, Sharp, and Verizon didn't help much. They mostly dropped support for the phone.
Jemilio3 said:
Maybe I will call the people who made the Kin and see if they will help us.
Click to expand...
Click to collapse
Antonpup said:
We already tried this. Microsoft, Sharp, and Verizon didn't help much. They mostly dropped support for the phone.
Click to expand...
Click to collapse
You are more than welcome to call. Past experience is you'll get a run-around of people telling you to call the other company, if you're lucky.
I've tried calling a few people (within Verizon) and basically reached dumb tech support people. (minor rant, how can you work in tech support when you are a self-proclaimed "non technical person"??)
If you do contact anyone more than the customer service and tech support staff with no information, like somebody who advises you to contact somebody else, please take note of whom they say to contact, and their own name/contact information. If we can actually get the right people, or at least get a lead on the right people to contact, maybe we can make progress within the companies.
@John
If you ever need parts or anything im sure all of us on here are willing to help, including me.
Jemilio3 said:
Maybe the solution isn't to hack the device, but to hack the program that syncs the music.
Click to expand...
Click to collapse
That's what KinO is for .
The OS memory and the music/pictures/etc storage is different, so only apps should be able to use it.
@soninja Thanks . I guess that i will use one my several external disks instead the zombie one, but yesterday i had to classify ~200gb of info & videos into others before formatting it and reinstalling linux. My data inside was a mess rofl so it took about 4 hours.
In any case, thanks to awesome71717 & some random analysis i did on the kin mtp, i saw that most of the MTP commands used on the Zune HD app deployment are present on the kin MTP commands list, so at least deploy is available, even if it's not using XNA code, but c# code or so.
I know this might be a stupid question (this is really my 1st phone I've ever worked with)
but is there a way to push an XNA framework to the kin or something along those lines or would that just be pointless work?
jthree2001 said:
I know this might be a stupid question (this is really my 1st phone I've ever worked with)
but is there a way to push an XNA framework to the kin or something along those lines or would that just be pointless work?
Click to expand...
Click to collapse
Probably easier to just test what works from the xna or c# examples. I dont want to deal with microsoft things more than needed. Legal issues and that things. I try to draw a line there.
I'm not 100% sure I understand how this all works but have we figured out how the browser adds links to the main menu? Or possibly where this is located?
What are we able to access at this time?
Heratiki
As it is known that HTCUtility.dll will provide complete, unrestricted access to the TCB chamber on HTC devices, can this be used to unlock (at any level) the OS?
I have not heard anyone speaking of it and exists on my HTC Arrive. Seems to be a bypass for unrestricted access to anything within HTC devices.
I am looking at it myself, but thought I would share.
See details here...
http://labs.mwrinfosecurity.com/files/Advisories/mwri_htc-htcutility-kernmem_2011-11-10.pdf
Your link is down
very interesting but you link is down so please fix it so I can take a look. I too have a HTC arrive and have been working on an unlock.
Don't know what happened to the link.
Here is the link to the google docs version.
https://docs.google.com/viewer?a=v&...1C1HkN&sig=AHIEtbTwK-r8RyAyFmt1ai119m7EVAqsNA
-Paul
This looks promising, I'd like to know if what's written there is true ...
The paper is a couple months old, so it *could* have been patched by HTC... but hey, it also might not have been! This bears investigation post-haste.
It's easy enough to use this to execute some arbitrary code at high permissions, which is certainly useful as-is (do things like unrestricted registry and filesystem access). The real potential of it, though, is to turn off the security restrictions for specific apps. Essentially, get the benefits of a "fully unlocked" ROM but on a stock ROM, and only for the apps you specify.
One thing to note here: this is still going to require an interop-unlocked phone. It's opening a handle to a driver, and just like everything else that does so, it needs ID_CAP_INTEROPSERVICES. This is great news for owners of interop-unlocked/unlockabe phones (since this makes interop-unlock useful again) but probably doesn't help on 2nd-gen phones or on the Arrive (unless you want to roll back to NoDo, in which case this can probably be used to make an interop-unlock that works on Mango, though it wouldn't be easy).
I hope some one gets this working for the Arrive ASAP
Oh this was talked about a while back. It was patched back in NODO
Really? The paper is from only 3 months ago (assuming USA numeric date style, 2 months otherwise). You don't typically publish security advisories for things that were patched more than 6 months prior.
In any case, HTCUtility.dll still exists on my phone. No idea yet if that IOCTL still works, though. I'll try it out in any case, and report back.
For those asking about it for the Arrive though, you're likely out of luck even if this works. It is *not* a way to interop-unlock a phone, and it is *not* a way around interop-unlock. It's a way to do more things on an interop-unlocked phone. You can't even reach a driver (which is what HTCUtility.dll is) unless your app has ID_CAP_INTEROPSERVICES - that's what the capability is actually for, accessing drivers - and you can't install a homebrew app with that capability unless interop-unlocked (or on pre-Mango).
GoodDayToDie said:
I'll try it out in any case, and report back.
Click to expand...
Click to collapse
Thank you
GoodDayToDie said:
Really? The paper is from only 3 months ago (assuming USA numeric date style, 2 months otherwise). You don't typically publish security advisories for things that were patched more than 6 months prior.
In any case, HTCUtility.dll still exists on my phone. No idea yet if that IOCTL still works, though. I'll try it out in any case, and report back.
For those asking about it for the Arrive though, you're likely out of luck even if this works. It is *not* a way to interop-unlock a phone, and it is *not* a way around interop-unlock. It's a way to do more things on an interop-unlocked phone. You can't even reach a driver (which is what HTCUtility.dll is) unless your app has ID_CAP_INTEROPSERVICES - that's what the capability is actually for, accessing drivers - and you can't install a homebrew app with that capability unless interop-unlocked (or on pre-Mango).
Click to expand...
Click to collapse
Yeah I think it was mentioned here on XDA and it was believed to already have been patched.
I think by "patch" they mean that Interop was restricted as of Mango, thereby securing this exploit, in Mango. But for those that are Interop unlocked, this should still grant full access to everything else.
Just my observations. I have an Arrive and am not Interop unlocked yet, so I can't test it.
Looking at the hand-free provisioning to see if I can find a way to leverage that....
-Paul
It works. I successfully opened a handle, read a kernel-mode memory address, modified it, confirmed the modified value, and restored it.
Next trick: finding something really useful to change. Ideally, probably the process security info - if I can simply elevate a given process to full permissions, then I'm golden.
Will share code soon. If somebody knows where I can find the important part of the process info, let me know - I have a little familiarity with NT process contet blocks, but none with CE ones (if it even uses such a structure).
GoodDayToDie said:
It works. I successfully opened a handle, read a kernel-mode memory address, modified it, confirmed the modified value, and restored it.
Next trick: finding something really useful to change. Ideally, probably the process security info - if I can simply elevate a given process to full permissions, then I'm golden.
Will share code soon. If somebody knows where I can find the important part of the process info, let me know - I have a little familiarity with NT process contet blocks, but none with CE ones (if it even uses such a structure).
Click to expand...
Click to collapse
All the information looks like it is in the advisory. KDataStruct is what you want. That is equivalent to the PEB in Windows CE.
GoodDayToDie said:
It works. I successfully opened a handle, read a kernel-mode memory address, modified it, confirmed the modified value, and restored it.
Next trick: finding something really useful to change. Ideally, probably the process security info - if I can simply elevate a given process to full permissions, then I'm golden.
Will share code soon. If somebody knows where I can find the important part of the process info, let me know - I have a little familiarity with NT process contet blocks, but none with CE ones (if it even uses such a structure).
Click to expand...
Click to collapse
Can you confirm this works only on already Interop Unlocked device ?
Thx for your efforts.
Could htclv.dll be helpful in setting security on an app? It supports the following functions:
LVModInitialize LVModUninitialize LVModAuthenticateFile LVModRouting LVModAuthorize LVModGetPageHashData LVModCloseAuthenticationHandle LVModGetHash LVModProvisionSecurityForApplication LVModDeprovisionSecurityForApplication LVModGetSignerCertificateThumbprint LVModSetDeveloperUnlockState LVModAuthorizeVolatileCertificate LVModGetDeveloperUnlockState
In particular the "Deprovision Security for App" and "Get/set DeveloperUnlock" or maybe "Authorize Volatile Certificate"....
Or maybe htcpl.dll which seems to be the HTC policy engine interface. Supports:
GetFunctionTable PolicyCloseHandle PolicyEngineInit PolicyRuleAbortTransaction PolicyRuleAddRawData PolicyRuleBeginTransaction PolicyRuleBuildRawData PolicyRuleCommit PolicyRuleCommitTransaction PolicyRuleCreate PolicyRuleDelete PolicyRuleFindFirst PolicyRuleFindNext PolicyRuleGetInfo PolicyRuleOpen PolicyRuleParseRawData PolicyRuleReadRawData
These all look good to modify the security policies on HTC, assuming Interop-Unlocked.
-Paul
@dragonide: Confirmed, this requires interop-unlock since the very first step is opening a handle to a driver.
@Paul_Hammons: The LVMod functions look quite interesting indeed. Where are you getting these functions from (straight out of the DLLs, or some doc somewhere, or decompiled code, or...?), are they user or kernel entry points, and what permissions do they require? The ability to modify app security doesn't do as much good if you already have to be high-privileged to call it, though it might simplify my current goal.
@n0psl3d: Cool, I'll get to work on it.
@n0psl3d: KDataStruct contains kernel information, but I'm pretty sure what I need is in a PROCESS struct (such as is pointed to by pCurPrc). The problem is, I can't find any documentation for that struct. I'm searching online but so far coming up empty. CE doesn't seem to use PEBs or TEBs as I've seen them on NT (not terribly surprising, but annoying).
EDIT: I'm downloading the Embedded CE toolkit, which comes with source code. It'll take a while but hopefully that will have what I need.
OK, digging through the CE source I've found some interesting things. No idea if this will work yet; it'll be exciting just to make it compile.
PROCESS struct -> hTok (handle to a Token) -> phd (PHDATA, pointer to the handle data) -> pvObj (PVOID to the actual object, which is probably a TOKENINFO) -> psi (pointer to ADBI_SECURITY_INFO) -> contains the actual ACLs and privileges, and can be created from an account ID.
Probably the easiest option is to find a relatively high-privilege process and clone its token or some such. Token re-use (if I increment the reference count, this should work) may be easier. Modifying an existing token might also be doable.
Anyhow, I'm not going to have this finished tonight, but it'll get there. For those wondering wht you can do with this, it basically breaks you out of the sandbox entirely. You can call any function, access any resource, etc. that is available to a userland process (executing in kernel mode is also possible but trickier). Practically speaking, this makes all the other high-privilege COM DLLs useless - instead of ComFileRW, just use the file IO methods (anywhere you want), instead of DMXMLCOM just call ConfigProvXml directly. Even things like launching native EXEs directly should become possible (run those Opera ports on a stock ROM, for example).
I'm sorry, I still don't know what any of that means. But it sounds good! I wish I knew how to do this kind of stuff. Thanks for all of your work!
I can still sidle load and my phone is still interop unlocked but neither my registry editor nor my advanced configuration editor work. Way to go HTC and MS, pat your selves on the back. I pay $99 dollars a year to have my phone unlocked and to develop apps but I can't even develop useful apps because APIs and restrictions, I can't customize my phone with out hacks, nothing! And to top it all off the phone has very limited functionality. What is MS thinking? I'm seriously thinking about jumping ship after being a loyal Windows Mobile supporter from the very begging. It use to make me sick to think about how flooded the market is with Android phones and now I know why. I can't even come on here and vent my frustrations or voice my opinions without someone getting offended or warned like I'm some child. Granted that all phones have their fails but not as many as this phone, I wish Windows Mobile was still around, imagine a world with no having to have an Windows live account or no complicated Zune, imagine just being able to do what you want or need to do without any limitations or restrictions. Imagine being able to laugh at Android and iPhone users. I honestly don't see Windows Phone 8 being any better at all. Say what you want, lash out at me with your fan boy comments, report me to your MOD but no matter what you say or do at this rate WP will fail.
what is the radio driver version , is it 5.71??
well u cant blame anyone, WP7 is more secure than IOS.
thats a good thing right?
The purpose of paying $99 per year is to develop applications and publish them to the app store.
Being able to sideload for anything other than testing was just a side benefit.
If all you wanted was to side load apps, the ChevRon utility would have been a much better deal. One time fee verses yearly and 10% the cost.
Surprised that the radio drivers are to blame. Unless there was a flaw in them that was being exploited to make the editor.
It is pretty annoying that you can't directly programatically alter the registry.
But, I believe the provisioning methods still work. Just write a C# app that will provision a file. Then have the app generate an xml provisioning string to alter the registry and apply it.
There are ways to read the registry doing the same thing.
I can probably find a link in the Windows Phone 7 development section on how to do this.
I will update with a link if I find something.
Link for an HTC ProvXML importer and Reg to Prov XML convertor: http://forum.xda-developers.com/showthread.php?t=907169&highlight=registry
Try searching that forum for ProvXML. There probably are examples. Serach is temporarily disabled. It always around this time of day for about 20 to 30 minutes.
I was afraid of this. The HTC driver updates may have been to v2 and that breaks the interop-unlock ability (such as allowing ACT and Reg Editors to run). This is known and mentioned by Heathcliff.
Magpir said:
what is the radio driver version , is it 5.71??
well u cant blame anyone, WP7 is more secure than IOS.
thats a good thing right?
Click to expand...
Click to collapse
They just fixed an exploit.
Of course it's good to have your own device unlocked, but if Microsoft or HTC wanted you to modify the registry they would have released that feature natively.
For example LG has a native application to do this on their Windows Phones.
I interop unlocked my girlfriend's Optimus 7 the next day she got it in 1-2 mins.
what has the radio got to do with this?
will downgrading radio help then?
I know, it's my fault for being stupid and accepting the update, it's a little faster but I noticed it drains my battery much quicker and it disabled my reg exploits. to be honest I thought it was the keyboard fix but the keyboard seems to be getting worse. Microsoft is not what it use to be, Steve Jobs was right, MS is not original and always steal Apples ideas, why if the thing that made WM better is what is diving Androids success. I went to the T-Mobile store and was tempted to switch but walked out and have not decided yet but I just give up on WP this year if MS doesn't stop being so Communist like.
JVH3 said:
The purpose of paying $99 per year is to develop applications and publish them to the app store.
Being able to sideload for anything other than testing was just a side benefit.
If all you wanted was to side load apps, the ChevRon utility would have been a much better deal. One time fee verses yearly and 10% the cost.
Surprised that the radio drivers are to blame. Unless there was a flaw in them that was being exploited to make the editor.
It is pretty annoying that you can't directly programatically alter the registry.
But, I believe the provisioning methods still work. Just write a C# app that will provision a file. Then have the app generate an xml provisioning string to alter the registry and apply it.
There are ways to read the registry doing the same thing.
I can probably find a link in the Windows Phone 7 development section on how to do this.
I will update with a link if I find something.
Link for an HTC ProvXML importer and Reg to Prov XML convertor: http://forum.xda-developers.com/showthread.php?t=907169&highlight=registry
Try searching that forum for ProvXML. There probably are examples. Serach is temporarily disabled. It always around this time of day for about 20 to 30 minutes.
Click to expand...
Click to collapse
Unfortunately I don't know how to work with ProvXML's. I will check out your link, thanks. do you by any chance know how to change the dark background color back to black using this method?
So you mean to tell me that Windows Phone is actually more secure than the iPhone? God all mighty!! I seriously hope Windows 8 is not as lame as Windows Phone.
sinister1 said:
Unfortunately I don't know how to work with ProvXML's. I will check out your link, thanks. do you by any chance know how to change the dark background color back to black using this method?
Click to expand...
Click to collapse
I just read the thread you sent me and it says that the new drivers also disable this method too.
To the OP, they also fixed a problem, If you ran connection setup with your phone in CDMA mode, it would kill 3G and the only real way to get it back was to hard reset the phone. It also broke those apps too.
To note, I manually installed 8107(last weekend, 3 days before vzw's release) and it did break Advanced Config (could not add more colors but, only had 3-4 extra onces) but, I am still able to sideload as I need. So, I'm not sure if it was the firmware that broke it...
I don't know what the big deal is with MS not letting us to simply personalize our phones? I mean really what is wrong with changing a notification tone, background color or tile color? If they really don't want anyone hacking the phone then simply give us those options. In every update instead of giving us simple features and options that we want all they do is secure the damn phone down even more It's almost like Microsoft wants to fail. Who wants to pay for a phone that is dictated to the point to where you can't even do that? As much as I hate to admit it; Android is coming up more and more when I think about my options.
sinister1 said:
I don't know what the big deal is with MS not letting us to simply personalize our phones? I mean really what is wrong with changing a notification tone, background color or tile color? If they really don't want anyone hacking the phone then simply give us those options. In every update instead of giving us simple features and options that we want all they do is secure the damn phone down even more It's almost like Microsoft wants to fail. Who wants to pay for a phone that is dictated to the point to where you can't even do that? As much as I hate to admit it; Android is coming up more and more when I think about my options.
Click to expand...
Click to collapse
I guess it really comes down to what you can do. Opening up the phone, opens it to hack software to run. So, it opens a world of phones with pirated software on it with nothing MS can do it about it. Not everyone will go this route but, there are people who will not buy anything, and that kills the marketplace and vendors who will add to the marketplace.
As I always say, Pirates will always Pirate, block them and they'll find another way around it. BUT with blocking it makes honest people have a harder time to use their devices or software.
I personally just want to customize my phone and use all the home brew apps but, sad to say they will try to block the honest people just to attempt to stop the pirates...
Back to the subject on hand...
So, Connection setup no longer works (I get a Invalid sim if I go to GSM mode or in CDMA mode, Carrer is not in the database), is it possable to get a older version to sideload that would enable registry edits again ?
DavidinCT said:
I guess it really comes down to what you can do. Opening up the phone, opens it to hack software to run. So, it opens a world of phones with pirated software on it with nothing MS can do it about it. Not everyone will go this route but, there are people who will not buy anything, and that kills the marketplace and vendors who will add to the marketplace.
As I always say, Pirates will always Pirate, block them and they'll find another way around it. BUT with blocking it makes honest people have a harder time to use their devices or software.
I personally just want to customize my phone and use all the home brew apps but, sad to say they will try to block the honest people just to attempt to stop the pirates...
Back to the subject on hand...
So, Connection setup no longer works (I get a Invalid sim if I go to GSM mode or in CDMA mode, Carrer is not in the database), is it possable to get a older version to sideload that would enable registry edits again ?
Click to expand...
Click to collapse
I had that problem before, I had to toggle airplane mode and WIFI back and forth until it took.
DavidinCT said:
I guess it really comes down to what you can do. Opening up the phone, opens it to hack software to run. So, it opens a world of phones with pirated software on it with nothing MS can do it about it. Not everyone will go this route but, there are people who will not buy anything, and that kills the marketplace and vendors who will add to the marketplace.
As I always say, Pirates will always Pirate, block them and they'll find another way around it. BUT with blocking it makes honest people have a harder time to use their devices or software.
I personally just want to customize my phone and use all the home brew apps but, sad to say they will try to block the honest people just to attempt to stop the pirates...
Back to the subject on hand...
So, Connection setup no longer works (I get a Invalid sim if I go to GSM mode or in CDMA mode, Carrer is not in the database), is it possable to get a older version to sideload that would enable registry edits again ?
Click to expand...
Click to collapse
The registry being locked down is less to do with piracy than control.
Code for the Windows Phone 7 was not a complete rewrite of the OS. They did reuse much of the old Windows Phone 6.5. They might have reviewed each piece and modified most, but they did reuse code. If they give you or developers control of the registry, then the entire device could be put into a state that would make nothing work. Or worse, your phone could be made to do just about anything in the background without your knowledge.
It's one thing to not allow programmers to access it. It's another to stop users from doing it intentionally. Any user doing it themself, knows the risks. And you can always reset the phone.
This latest lockdown might spur more interest in creating custom ROMs. Not sure if it is even possible yet for things like the Titan 2 and the new Nokia phones. But, this is the site to find out or find people doing it.
Your right I don't think it's possible at least not for the Trophy or CDMA phones at the moment, I guess we are just stuck at the state of sucks. Either way MS isn't making any money with their strategy at all the hold like 1% of the market; if it weren't for their PC sales they would have already went under.
sinister1 said:
Your right I don't think it's possible at least not for the Trophy or CDMA phones at the moment, I guess we are just stuck at the state of sucks. Either way MS isn't making any money with their strategy at all the hold like 1% of the market; if it weren't for their PC sales they would have already went under.
Click to expand...
Click to collapse
Microsoft has alot more products as well. SQL Server, Visual Studio (professionals don't use the express versions), Exchange Server, Office, XBox 360, msdn subscriptions, Skype, etc.
Microsoft makes money on all HTC and Samsung Android sales. Somewhere between $10 to $15 for each Samsung Android Phone and somewhere around $5 to $10 for HTC Android phone from patent licensing.
So, every Android sold helps Microsoft. Hopefully they use those dollars to improve Windows Phone 7.
This is actually the real reason that Microsoft can afford to deliver things a little late and still be OK.
They have a ton of cash flowing in all the time and the competition financially supports them.
I'm guessing that there is still a way using provisioning to affect the registry. When exchange servers push policies down, I thought they did that through provisioning. If exchange can do this, then there should be another way as well.
It's also how custom ringtones were created prior to Mango. It would create a xap to create a program that would write a ringtone file using provisioning. Something similar should be doable for the registry. Doing it this way would require you to use a computer to deploy the changes, but you should be able to make them.
Thaks guys for your feed back and support. If anyone knows a way that I can change my background back to default #FF00000 black now that the registry option is gone; please let me know, I will dontae becuse I have lookd at some Android phones and to be honest they are always pluged in and charging and the only other opption is the iPhone
Hmm.. was about to update and then cancelled it when I read this. Does it add tethering? but since it still lets us sideload... I kind of want to update, I don't do any registry stuff and i can always hard reset to interop unlock again right?
slick13 said:
Hmm.. was about to update and then cancelled it when I read this. Does it add tethering? but since it still lets us sideload... I kind of want to update, I don't do any registry stuff and i can always hard reset to interop unlock again right?
Click to expand...
Click to collapse
No it actually does nothing other that updates your radio's firmware and blocks exploits, worth less update unless you travel out of the country. This was lame on HTC and Verizon's part. I hate Verizon, MS should just stop doing business with them.