Hey, i was playing a bit with some files here and there, so i faked Xna to believe that kin was a zune (i'm a ninja) and then becoming asleep when suddenly i launched the first non-official app on the kin.. although it didn't work.
It's the result of a bad deployment of a XNA game template, which runs till the loading part, where it's broken and does nothing.
On the other hand, it's listed on the recent apps tab, and i was able to re-do the deployment. I wasnt able to redo after some time, even rebooting the Kin.
Yup, i know it does nothing but... makes you wonder if working apps can be made and yak yak yak.
Fyi, i was able to reboot succesfully but the app must be in a temp space, cause it didnt showed anymore nor in recent apps, nor in the menu. Kino showed me that there were no further files, other than mines.
i thought that a video would show things that are real and ... well.. all. So it's attached.
I wont tell how it goes in the very end till i'm able to reproduce it, and also, cause i *cough* modified *cough* some file in my windows to do so (not distributing them, for legal reasons and so). In any case, i would just tell how to get the same file, through a process.
I h4ck3d this thing, now, where are my cookies? (just kidding)
Edit:
Disclaimer
Ha! Before doing anything, this is going to scr*w your XnaFramework 3.1 Zune capabilities, so.... backup first, backup first... did you backup?
Ha 2.0. This is you, doing it personally. If it's not legal there (?) i take no responsabilities from what you do. If you crash your windows/zune/kin... i won't pay it.
Procedure
- Install Visual studio 2008 c# express (or 2008 if you have it... legally and so on) for free from microsoft.
- Install the Xna framework 3.1 (I also installed 4.0 but... it's not going to work for other tests i wanna make... so.... i wouldnt do it)
- Install the Xna framework 3.1 zune extensions
- Install a hex editor ... my favourite is HxD but others, like ultraedit32 or... [insert other here] will work. Notepad is not a hex editor.
- Look for "XnatransZ.dll" under "c:\program files\common files\microsoft shared\xna" (or just common files will only have one or two inside). There are Am64 folders with it (64 bits) and X86 (32 bits), of course, you are going to edit the one you use and so....
- Backup... remember to backup... backup... man, do a backup. Then open the file
- Search for the following HEX pattern: 5a 00 75 00 6e 00 65 00 00 00
(which is "Z.u.n.e..."). Make sure that on the right side on HxD shows Zune alone and not "Z.u.n.e.D.e.v.i.c.e.", or so. Replace it (overwriting left side on Hxd) with: 4b 00 49 00 4e 00 00 00 00 00 (which is "K.I.N....")
- Save the file.
- Now use the xna device center to add a new device, and pick a Zune (yup, a zune). Kin will appear there if done correctly.
Explanation
Why this change? Well, seems like it's pretty much stupid things around.
First i thought that as there were only a few models of zune, the xna would have the PID and VID values for their devices.
Then through *magic process* i saw that it just looked at the "Zune" text and compared it with the devices on the system. So i changed the zune driver info to name the Kin as "Zune" (haha smart approach huh!) but the Zune software is sooo smart, that it changed the device name under device manager... Wow!
So... i checked that file and ... through *magic process* i found out that it checked the devices statically (using "Zune"), so as i couldn change my device name, i turned that string into ours: "KIN" and.. magic worked...
Surely, not going to help us... but it's kind of a weird thing that it worked "as is" (Xna detects the phone as compatible) even if later it says that the needed runtimes werent present at the phone (it's ok, the files for gaming aren't probably on the kin).
That means that microsoft could modify the Xna to let development on the kin, but was out of it, not the kin market i guess.
hmm.. if this XNA application doesn't appear on first page... then how did you launch it in the first place?
Any way of receiving already made apps?
You wrote to phone's unreachable memory?
Tutorial?
Too many question? umad?
Try to get one of the phones apps and see how they are coded so you can get one to launch
Antonpup said:
hmm.. if this XNA application doesn't appear on first page... then how did you launch it in the first place?
Click to expand...
Click to collapse
Deployment launched it if i had the device connected, in a non error state, and with the screen showing the home (apps) window. IF it was with the screen turned of, it didnt showed anything (quite meh). Then i realizzed that it was on the recent
Antonpup said:
Any way of receiving already made apps?
Click to expand...
Click to collapse
Who knows yet?
Antonpup said:
You wrote to phone's unreachable memory?
Click to expand...
Click to collapse
Not sure of where this app went, must recheck at night
Antonpup said:
Tutorial?
Click to expand...
Click to collapse
When is repeatable or a working thing. I said, i modified files which is not the same as redevelop things. this is clearly a hack (of the files,not the device itself).
Great to hear of more potential progress here.
I'm curious, JohnKussack... was it my comment about XNA a while back that led you in this direction?
Marcellus1 said:
Would Zune apps loaded through KinO run? What about XNA apps?
Click to expand...
Click to collapse
Marcellus1 said:
Great to hear of more potential progress here.
I'm curious, JohnKussack... was it my comment about XNA a while back that led you in this direction?
Click to expand...
Click to collapse
Unfortunately, not. I was inspecting the Xna software for about 1 day or more before posting this. A few days before your post, i was able to upload anything with KinO and tried it without success.
This comes from *other* ways, which we have no idea about how they work. I will skip the part where i found how it all works when looking for a "Zune".
I've been experimenting with all the kin related test for a year (not continuosly) and went curious about "why Xna device center doesnt recognize the kin?". The answer is pretty much stupid: because it looks for the Zune.
I updated the first post about how to operate with the Xna framework, although it doesnt let you do anything, it's a lame thing.
Pretty cool findings, man. So are you able to duplicate this on both the TWO and TWOm versions of the OS? Are the results the same?
(actually, I don't even know if your current working device can be switched between the original and M versions of the OS)
klamation said:
So are you able to duplicate this on both the TWO and TWOm versions of the OS? Are the results the same?
(actually, I don't even know if your current working device can be switched between the original and M versions of the OS)
Click to expand...
Click to collapse
I prefer not to play Russian Roulette with RB+power option, and getting a kintwo or a brick atm. If i was on verizon coverage area... mmmm might be. I'm getting this on my new phone, which is a Kin Two M (2 yellow dots model to be exact)
I will try to send programs till i figure out what could work or i get bored. In the end... microsoft abandoned the kin, so unless we test things... we'r stuck with the phone.
maybe one of this lame programs lets us read(even only reading) the normal filesystem.
In any case... i will try some helloworld!
I could kiss you right now
johnkussack, I've been reading all of your posts on here and... wow. I'm amazed at your knowledge and how much you have been able to figure out. You are so close to getting apps on this phone!
I know nothing about Windows hacking/development, but I have had experience with Android development on old WM6 devices. The hardware on this phone is capable of running android, the only thing stopping it is not being able to test the builds. If you figure out how to get apps to launch, one of the ones I suggest you put on your list is Haret.exe, then maybe we can send the android files to the phones storage and... well, I'm rambling on and on right now. Anyways, here's what I am thinking after reading all that you have done:
On my old Env2, the device was locked to only run BREW games, which was a pain because you can't torrent them Flash games couldn't be launched from the SD card or the internal memory, but some genius figured out that the calculator and the world clock were flash apps. So by connecting your phone to your PC and using bitpim (at least I think it was bitpim) you could replace the world clock or calculator with 2 flash games, like pac man.
So, I'm assuming that the apps already on the Kin are .exe or something, couldn't you just replace the calculator on the kin with a file system explorer?
You probably know all of this, I hope this post helped in some way and didn't just waste your time...
Good Luck! - Jeff
Jemilio3 said:
...So, I'm assuming that the apps already on the Kin are .exe or something, couldn't you just replace the calculator on the kin with a file system explorer?
You probably know all of this, I hope this post helped in some way and didn't just waste your time...
Good Luck! - Jeff
Click to expand...
Click to collapse
The main complication with this is, we haven't found any way to get access to the main file system of the phone (the one containing the Windows Mobile OS files). BitPim gives access to one small area, and MTP (using John's KinO software) gives access to another area.
If we could find a way to gain access to the main operating system of the phone, then we're almost assured victory.
@Jemilio3 Thanks for the compliments hehehe.
As was very well explained by Klamation, we do not have access to the filesystem where the OS is (at least for now), we are kind of stuck with what we have.
From my past experiences with a win mobile 2003 pda, the system will be a fixed rom memory, user available space (configuration & temp values) and a storage card (our storage now).
So when we CB reboot the kin, just configuration & storage are cleaned.
I'm still operating on what to do with my pc, the disk is half dead, but isnt sata, so no replacement easily... reinstalling on another external disk to test things....tomorrow
There are several things to test by now:
-test for deployment tools on the xna3.1
-deployment of apps using xna 3.1 and openzdk deploy tools
-xna 3.1 deployment with visual studio (for ages testing)
.... a lot hahaha
It's very strange that the device is so locked down. Music and videos sync to the main memory, right? Maybe the solution isn't to hack the device, but to hack the program that syncs the music.
I wish I could help with the testing, but the only Kin I have access to is my dads, so I can't mess with it. Maybe I will call the people who made the Kin and see if they will help us.
Jemilio3 said:
Maybe I will call the people who made the Kin and see if they will help us.
Click to expand...
Click to collapse
We already tried this. Microsoft, Sharp, and Verizon didn't help much. They mostly dropped support for the phone.
Jemilio3 said:
Maybe I will call the people who made the Kin and see if they will help us.
Click to expand...
Click to collapse
Antonpup said:
We already tried this. Microsoft, Sharp, and Verizon didn't help much. They mostly dropped support for the phone.
Click to expand...
Click to collapse
You are more than welcome to call. Past experience is you'll get a run-around of people telling you to call the other company, if you're lucky.
I've tried calling a few people (within Verizon) and basically reached dumb tech support people. (minor rant, how can you work in tech support when you are a self-proclaimed "non technical person"??)
If you do contact anyone more than the customer service and tech support staff with no information, like somebody who advises you to contact somebody else, please take note of whom they say to contact, and their own name/contact information. If we can actually get the right people, or at least get a lead on the right people to contact, maybe we can make progress within the companies.
@John
If you ever need parts or anything im sure all of us on here are willing to help, including me.
Jemilio3 said:
Maybe the solution isn't to hack the device, but to hack the program that syncs the music.
Click to expand...
Click to collapse
That's what KinO is for .
The OS memory and the music/pictures/etc storage is different, so only apps should be able to use it.
@soninja Thanks . I guess that i will use one my several external disks instead the zombie one, but yesterday i had to classify ~200gb of info & videos into others before formatting it and reinstalling linux. My data inside was a mess rofl so it took about 4 hours.
In any case, thanks to awesome71717 & some random analysis i did on the kin mtp, i saw that most of the MTP commands used on the Zune HD app deployment are present on the kin MTP commands list, so at least deploy is available, even if it's not using XNA code, but c# code or so.
I know this might be a stupid question (this is really my 1st phone I've ever worked with)
but is there a way to push an XNA framework to the kin or something along those lines or would that just be pointless work?
jthree2001 said:
I know this might be a stupid question (this is really my 1st phone I've ever worked with)
but is there a way to push an XNA framework to the kin or something along those lines or would that just be pointless work?
Click to expand...
Click to collapse
Probably easier to just test what works from the xna or c# examples. I dont want to deal with microsoft things more than needed. Legal issues and that things. I try to draw a line there.
I'm not 100% sure I understand how this all works but have we figured out how the browser adds links to the main menu? Or possibly where this is located?
What are we able to access at this time?
Heratiki
Related
I've finally reach 10 unsigned app on my phone. Took way longer that I thought...
This is not new for anyone who's not spending time asking for unlock key, but I've made a small app to automate the process of pushing the limit to 100000.
Here it is: http://bit.ly/qpVyR4
Work on my HTC, may work on other device as well (let me know).
Warning: At least one person had problem deploying app on his Samsung after running this app.
Edit: Updated version with rollback button (which already exists but was hidden )
this has been out for like a month now..... but good job of creating one!
http://forum.xda-developers.com/showthread.php?t=875885
Exactly what I said... nothing new but packaged as a XAP
Advanced Configuration Tool for WP7 Beta
http://forum.touchxperience.com/viewtopic.php?f=11&t=590&p=2349
has an option to remove the limit, plus set as many colour schemes as you like, and add single registry keys directly.
Its still beta but works a treat so far on my HD2, and comes with about 50 colours for the theme, or input your own with hex codes.
This tools works only on HTC. Minne should work on Samsung too, maybe on LG.
But if you have an HTC, AdvConfig is probably easier to use.
I'm not spending much time making pretty app
I ran this earlier (along with setting the key manually before), and it doesn't work. I still was limited to 10 apps.
But now, frighteningly, I'm unable to deploy -some- apps from Visual Studio (limit reached). I have a real dev unlock, never messed with Chevron.
Thanks, (nico)! I've removed this (stupid!) limit on my Focus (officially unlocked), everything works fine including deployment/debug from VS 2010. Good job!
davux said:
I ran this earlier (along with setting the key manually before), and it doesn't work. I still was limited to 10 apps.
But now, frighteningly, I'm unable to deploy -some- apps from Visual Studio (limit reached). I have a real dev unlock, never messed with Chevron.
Click to expand...
Click to collapse
I'm also officially unlock.
Like with folks with Chevron, I think the limit will be reseted periodically by Zune.
What do you mean by "some" apps?
You can't install more than 10 apps?
Not sure what do you mean, but I'll try to answer.
Using (official) unlock method, you won't be able to deploy more than 10 unsigned apps. 3 if you have a student account.
Chevron also have the same 10 limit (because they intentionally keep MS limit).
This registry tweak try to remove that limit.
In either way, this don't modify the number of app you can install though Marketplace, which is not limited.
(nico) said:
I'm also officially unlock.
Like with folks with Chevron, I think the limit will be reseted periodically by Zune.
What do you mean by "some" apps?
Click to expand...
Click to collapse
I set the key manually in the code Rusty released for the Samsung devices the other day. I wasn't able to deploy the 11th app via VS. I continued dealing with it until I got your XAP, I ran that yesterday and now sometimes I have trouble deploying in VS, even with <10 apps. Restarting VS and the phone doesn't have any effect.
Not that I'm blaming you or anything - just figured I'd note my experience. Some projects will still deploy, not sure of the pattern yet.
Thanks, that the kind of feedback I'm looking for. I'll add this to the first post to warn people.
If you have more infos, please share so we can have something more stable.
Thanks!
* Works on [Europe] Omnia 7
Ah this is the tool that some XDA user was trying to pass off as his own tool.
The big Athiest said:
Ah this is the tool that some XDA user was trying to pass off as his own tool.
Click to expand...
Click to collapse
What are you talking about?
(nico) said:
What are you talking about?
Click to expand...
Click to collapse
Look up the RRTool in this forum that I wrote, he is basically saying I rebranded the Chevron Tool as my own, even though my Tool runs on the device not from desktop and only prevents relocking, it doesnt actually unlock a device like chevron does. He only has 2 posts and tried to ruin my credability! Not Happy!
He is a lame troll. Don't pay attention. Thank you both guys! Great job!
P.S. Just a small remark: after using your tools (first I've tried (nico)'s tool, later (toady) RRTool. Both works good but behavior of VS 2010 a little bit changed. Now I can't deploy project via Zune - must close it first and use WPConnect.
Did you try to restore the original value (probably 10 for most users) and see what happends?
Nope, I didn't. Just have no time to browse for Samsung's registry editor or reflect back your's or lyriquidperfection app. Could you add an option to restore back an original values? Anyway, it's not a real problem. MS limitation of 10 app (or 3 for student account) it's just stupid and unfair. What, if I have more than 10(3) homebrew projects to debug and run? What, if I want to recreate all apps I need by myself? But of course the "MS greediness sux!" is not a topic for this thread
sensboston said:
Nope, I didn't. Just have no time to browse for Samsung's registry editor or reflect back your's or lyriquidperfection app. Could you add an option to restore back an original values? Anyway, it's not a real problem. MS limitation of 10 app (or 3 for student account) it's just stupid and unfair. What, if I have more than 10(3) homebrew projects to debug and run? What, if I want to recreate all apps I need by myself? But of course the "MS greediness sux!" is not a topic for this thread
Click to expand...
Click to collapse
Sorry I thought I did it but the button was hidden
Here is an updated version with a restore button to 10 apps: http://bit.ly/gKZDgj
About 2 weeks ago, I took johnkussack's advice (I think it was him) and went to LinkedIn to try t be friends with anyone who came up on the search for "kin phone". In the invite email, I just said that I noticed they worked on the Kin phones and would like to ask them a few questions on how one could write to the phone. I have had 3 responses in the last 2 days.
Guy1: didn't know because he worked on the UI for the Kin Studio
Guy2: kindly told me he couldn't release an unauthorized build and that he would be breaking the law by doing so.
Guy3: This guy worked on the phone for over a year. He first told me I was breaking the DCMA by hacking/reverse engineering Kin, regardless of intent. Then he said this important thing:
"You are absolutely right in assuming that the device is locked; in fact, it has a hardware lock that is common to many such devices. When the devices roll of the manufacturing line the programming fuses are blown (literally) preventing any further programming of the device. This is all handled by hardware so unless you find a flaw with that you are out of luck."
So if this is true (sounds like it is), the "dream" is over. Hopefully there is some way that someone out there can find.
If I get more responses, I will post them here. Don't ask me to go back to these three who already replied and asked them more questions, I think I made some of them mad.
Hmmmm... I don't know whether or not the KIN models will accept OTA updates so that's a good question to ask. If OTA updates are possible then it's inherently possible to change the software. I wonder...
Yes, it was me the one who said about "linkedin".
But i also said "in one word NDA". You should known even before ask that the signed NDA are also legal contracts, so i prevented before asking them.
On the DCMA, yes.. on the USA. Outside the big country, the legal question is different and may not operate with that law. (if ever). If they provide a normal (legal?) way to unbrick my factory mode here, or to use the phone options, then i wait for the cost for it.
And everyone knew that hardware was not the way, just at the moment where first flash attempt failed. "Dream" is doable by software, if anything is to be done.
What i don't get is why to ask for rom rom roooooms, where we need drivers drivers driveeeeers... or sdk's. We won't get it anyway from MS, but no flashing means a rom is futile, non useful,crap pack of bytes.
But i also said "in one word NDA". You should known even before ask that the signed NDA are also legal contracts, so i prevented before asking them.
Click to expand...
Click to collapse
I figured I just take a shot in the dark; hope for the best and expect the worst. Since the phone and suuport from MS was discontinued, maybe the NDAs would be voided.
And everyone knew that hardware was not the way, just at the moment where first flash attempt failed. "Dream" is doable by software, if anything is to be done.
Click to expand...
Click to collapse
Good to know you still think there's a way.
What i don't get is why to ask for rom rom roooooms, where we need drivers drivers driveeeeers... or sdk's. We won't get it anyway from MS, but no flashing means a rom is futile, non useful,crap pack of bytes.
Click to expand...
Click to collapse
I just asked if "there is a way to get around the write lock". Had I known ahead of time to ask about drivers or SDKs, I would have put that in the msg.
I strongly believe that we could operate with the device,softwarewise. there is proof that the kin NAND memory (for now on, called "Storage" as label) is writeable. Not sure on the Rom part.
Of course, i mean.. just use it as a normal writable storage memory.
I posted how it could be done and would do it myself but, again, i bricked my phone, and available ones (through bidding sites) are so expensive to buy another one just for this (+ $150). Don't see a way to get it internationally again.
And even doing it, i'm not sure about what could be done just writing on the storage mem....
If the fuse byte is burn't should not it have prevented you from bricking?
kintwouser said:
If the fuse byte is burn't should not it have prevented you from bricking?
Click to expand...
Click to collapse
Nvitem bricked, not flashing bricked. You can succesfully write to the NVItems memory. But i guess it's just configuration memory and not the one "fused".
I just want to mention that jailbreaking a phone is NOT illegal in the United States! Geohot hacked the iphone... Apple went after him... Apple lost.
Also blowing the programming fuses seems a little fishy to me actually. No other phone does that. The majority of other phones have been flashed. I just think it would be pretty odd for a company to do that so that they no longer could update it. I am not sure I believe him. If this really was true... then why wouldn't Apple or Sony be doing it? This also doesn't make sense since Microsoft actually originally intended on putting WP7 on this as well as allowing apps for it. Check this article out:
http://www.intomobile.com/2010/05/12/kin-windows-phone-7-a-lot-closer-than-we-thought/
you must understand, its not possible to blow fuses in the hardware, it would be a top news story if they were able to keep the OS running in complience with the flash memory without it crashing. Obviously that was a lie to discourage us, and i dont even think that was a real kin developer, because microsoft clearly stated that all kin developers would be moved to WP7 or another programming section. And it doesnt matter if its legal or not to jailbrake phones, if we are porting a new OS, we wouldnt have modified the original OS, which is what jailbraking means. Most likely the OS is hidden deep in the flash memory with a write - protection. If you think its saying access denied because they said the fuses were blown, its wrong. They must just have a password or code that needs to be sent continuasly to the phone to access files. If the fuses were blown, then nothing would be able to be accessed by zune, because it would be impossible to reach the memory.
soninja8 said:
Most likely the OS is hidden deep in the flash memory with a write - protection. If you think its saying access denied because they said the fuses were blown, its wrong. They must just have a password or code that needs to be sent continuasly to the phone to access files. If the fuses were blown, then nothing would be able to be accessed by zune, because it would be impossible to reach the memory.
Click to expand...
Click to collapse
Not my expertise field, but this mobiles can (and in fact they do) have several memories, storing the OS in the ROM memory and all the data on the NAND memory (our "8gb" storage).
Zune software has protocols to query for available storages (requiring its label/id) and is allowed to write/read to it. If you dare to click on update version (at least in the 1st version I tried) it expressed that the option was not "available" to that device without web requesting data, apparently.
So.. in the nand flash we may only have the equivalent of a SD Card. And my last wince PDA showed that as /Storage too, apart from main wince ROM.
You can format the nand memory using win explorer if in fact it is the 8gig storage. I did this and it deleted all pics,albums etc. It was interesting to note that we cannot copy or view these pics without an access error but it does let me delete them.
I just wan't to be able to get my pics off this piece of crap without emailing them.
I posted it once. You are able to:
- Query storage properties (label, size, id,...)
- Query storage folders
- Query folder files.
- Query tracks / albums / playlist / images / anyZuneSupportedFile
- Delete * file (whatever)
- Format the storage
You are "unable" to:
- Upload (create) a file into the device
- Download a file from the device.
MTP protocol tools allows you to do so, from command line (not quite sure if they are available on Win32 OS's), but... fails to operate with this device when it comes to the "unavailable" operations.
I am curious as to which former developers you contacted?
I was doing some research and noticed that Microsoft acquired the company Danger, Inc. After Microsoft purchased them, the former president of Danger went to develop Android (later acquired by Google). One thing I read was that most of Dangers employees left after being purchased by Microsoft. Apparently these people don't like Microsoft all that much! I also looked into it a little more and found one of the founders of Danger who had a twitter account. Of course all of his tweets were via a "KIN". Thought that was interesting. It seems to me that these former Danger employees would be interested in helping out if they don't hold to high of an esteem for the big "M".
seems like this is your first "inside the move" trying-to-hack/reverse a thing, so i will say:
people involved doesnt wanna risk through legal issues, even if they were pissed off, just for "some kids" to have a driver or rom. NDA are strong there, and they could either sign them or leave (if leaving, they don't have the interesting things).
At most you would get bad-mood or good-luck comments, and ocassionaly (very uncommon), leaks (wont happen here).
yeah, they purchased danger for an amazing 500 million dollars, which they later developed the kin with it, they were planning to put windows phone 7 on it, but they were to behind and released it with the old windows CE, then the former developer moved to work on a free source OS, later called android. Google wanted to get android while it was cheap, so they bought that company, and made the old developer as 2nd engineer.
Maybe not worth yet, but we should get more *info* about the SBL mode (aka "Ms Pink Bootstrap), as coinflipper said that it was the way to flash OS or parts (like radio's).
I have been trying even OMA wap WBXML bootstrap examples with it, but as we dont know if our phone is standard, it's like looking for a water drop in the sea of possibilities.
We do not need a guide on how to do something, but what-to-do with it.
Maybe, JUST MAYBE, we could design a program like bitpim. I am a mac user and when I used bitpim with my enV touch, I used to edit all sorts of files. Examples would be phone info, server info etc. We could make a program like that to get the info. I know programming may be hard, but its worth a shot. I hate the OS on this phone, ESPECIALLY WHEN YOU PIN APPS! THEY LOOK HORRIBLE
Kinuser1 said:
Maybe, JUST MAYBE, we could design a program like bitpim. I am a mac user and when I used bitpim with my enV touch, I used to edit all sorts of files.
Click to expand...
Click to collapse
We can't. If we have not the protocols or the supported phone features (protocols, drivers, documentation,...) you cannot guess it and put it into visual basic (or Xcode) and then by *magic*get the program you want.
i will admit that i know very little about protocols and drivers but i would like to point out that bitpim is open source, and that the code can be found here ->
http-//sourceforge.net/scm/?type=svn&group_id=75211 (change "-" to ":")
i seem to recall bitpim already having limited support for the kin, but perhaps with a little research and a little code tweaking we can find ways to improve it? i'm not sure how feasable it is as i have very little experience with programming for phones/usb devices, but it's just a thought.
slimeq said:
i will admit that i know very little about protocols and drivers but i would like to point out that bitpim is open source, and that the code can be found here ->
http-//sourceforge.net/scm/?type=svn&group_id=75211 (change "-" to ":")
i seem to recall bitpim already having limited support for the kin, but perhaps with a little research and a little code tweaking we can find ways to improve it? i'm not sure how feasable it is as i have very little experience with programming for phones/usb devices, but it's just a thought.
Click to expand...
Click to collapse
We can't. If we have not the protocols or the supported phone features (protocols, drivers, documentation,...) you cannot guess it and put it into visual basic (or Xcode) and then by *magic*get the program you want.
Click to expand...
Click to collapse
The above applies to any software you want. Unless you magically found documentation or files (like OP), there's no way to. So f#cked.
The thing is always the same, tweaking tweaking... what to tweak, huh?
Mabey we should try getting windows 6.5 on the device for a start instead of other software like droid or windows phone 7. Its a start after all the software in 6.5 is older than the kin so it might actually be possable if we can find a way to get it on the device.
Have we ever tried getting software or custom firmware or apps on the device through email? MMS? Its worth a shot. My KIN recognizes docx files (No Clue Why But It Does). So mabey some of these sites that say they have kin twom apps arent as crazy as we might think. Its worth a shot so Ill try it. The only problem is email blocks the uploading of program files in hotmail but I dont know about any other service.
I have another idea I just thought of while reading some old posts. Why dont we go back to the old Zune HD approach and try to get the Zune HD apps onto the KIN via ActiveSync! I know its a longshot at best but its a start!
WEM97 said:
via ActiveSync
Click to expand...
Click to collapse
You didn't read enough.
And your docx recognition is not well explained. Furthermore, cab files (what you suggest) was tried and not detected.
I guess that's the problem when you come as the new guy, and open a bunch of threads as is. (when there's a big sticky thread for suggestions & thing to test, and you dont apport things but suggestion)
But what about ActiveSynce its possable? Also windows 6.5 OS (HTC Imagio) is older than the KIN software and hardware so it would mostlikely work if we could find a way to get it on the phone. I wonder if emailing the software piece by piece would work. hmmmmmmm....
WEM97 said:
But what about ActiveSynce its possable? Also windows 6.5 OS (HTC Imagio) is older than the KIN software and hardware so it would mostlikely work if we could find a way to get it on the phone. I wonder if emailing the software piece by piece would work. hmmmmmmm....
Click to expand...
Click to collapse
You are more than welcome to try anything you want to. Don't be surprised when you find that everything you test fails.
The Kin has very unique hardware, so it's pretty much impossible to take an image of any other Windows Mobile device and try to put it on the Kin. That is, unless you have completely rewritten it for the hardware in the Kin.
was implied that was already tested. doesnt work.
And unfortunately, you cant just put another os in pieces (this isnt lego).
Point taken. Also why dont we try to find the old port KIN Studio used to use for its link up. Right now that seems the only way that we can get stuff onto the device.
WEM97 said:
Point taken. Also why dont we try to find the old port KIN Studio used to use for its link up. Right now that seems the only way that we can get stuff onto the device.
Click to expand...
Click to collapse
While there was clearly some kind of communication between the Kin Studio and the Kin phones, the ONLY things that were synced were pictures, video, music files, and contacts. Guess what? We have access to ALL of that through KinO. I don't think finding the Kin Studio port would get us any further than we are now.
Can someone post all the KIN Key shortcuts?
WEM97 said:
Can someone post all the KIN Key shortcuts?
Click to expand...
Click to collapse
Yeah, they are in another thread in this forum area.
Do you know which one?
There's a few of them, actually. If you've read through the different threads in this KIN Two Software Development area, you'll find some that go over the different keystrokes, the programnitt menu, and other fun things.
Coolz thanks.
WEM97 said:
Mabey we should try getting windows 6.5 on the device for a start instead of other software like droid or windows phone 7. Its a start after all the software in 6.5 is older than the kin so it might actually be possable if we can find a way to get it on the device.
Click to expand...
Click to collapse
Here's a bright idea. Maybe we should um.. I don't know, figure out how to read/write to the filesystem before we put a different OS on the Kin? Sorry if I sound like an ass.
Im not talking about that. I was saying when yuo download a file from email the phones software opens up and allows the file in. So what I was saying was mabey we should try getting small programs on through that. Just an idea.
WEM97 said:
Im not talking about that. I was saying when yuo download a file from email the phones software opens up and allows the file in. So what I was saying was mabey we should try getting small programs on through that. Just an idea.
Click to expand...
Click to collapse
The ability to read docx files didn't just magically pop up on the device. It was programmed in by someone, (in other words it was intentional). I really doubt a programmer risked their job by adding in the functionality to open an executable file on the Kin, but you could try.
It didnt read it it just recognized the file type and gave me an option to open it.
according to certain websites, the kin ui was made in silverlight. whether this is true or not i dont know. however i just wanted to say that i will be working on a new kin design interface and will be possibly making a website for it if it works okay. all support is appreciated.
Yes, everything points to the Kin menu being Silverlight-based, however, the IEmobile 6 browser on the Kin does not support Silverlight.
possible solution
hmm... maybe i could make the ui in silverlight, save it as a file, and redo the programming in some like visual c++ or visual c#. we need to find out how microsoft did it and retrace their steps our way.
The biggest complication is just that we don't have access to the Kin OS files. If we did, then it would be almost easy to modify what's already there.
I'll try anyway
im gonna see if i can break in...im good at that so this may not be that difficult.
Good luck with that. Seriously, lol.
........... Guys, guys. This stuff is a lot harder than it looks, take it from someone whos worked on this for a long time. ITS TOUGH! We have none of the neccesary codes and system access for a clean succesful break in. Just slow down a little ok.
Good luck to anybody who tries to crack this phone but I would like to mention the fact that if you can jailbreak a itouch does not mean that you can hack into this phone.
BitPim alternatives
Anybody know any good alternatives to BitPim? I need something like it that is centered around the file system. I may have just figured out how to hack this phone, but I need something better than BitPim for it to work.
X-15D9W8491 said:
Anybody know any good alternatives to BitPim? I need something like it that is centered around the file system. I may have just figured out how to hack this phone, but I need something better than BitPim for it to work.
Click to expand...
Click to collapse
I would suggest that you make a thread about your question so people can see your question
Sent from my ADR6300 using XDA Premium App
The Issue
X-15D9W8491 said:
Anybody know any good alternatives to BitPim? I need something like it that is centered around the file system. I may have just figured out how to hack this phone, but I need something better than BitPim for it to work.
Click to expand...
Click to collapse
I believe this is at the core of the issue. There is nothing that can access the "file system" other than what media we store. If there was anything better it would already be hacked. I believe we are going in circles here. If we can get into the "file system" it's hacked.
This is what I know accesses the phone so far(none are hacks):
* Zune software
* Qualcomms QPST(scary)
* KinO(johnkussack's closest to a hack)
* BitPim
Are there anymore to add to the list?
gerrypw said:
I believe this is at the core of the issue. There is nothing that can access the "file system" other than what media we store. If there was anything better it would already be hacked. I believe we are going in circles here. If we can get into the "file system" it's hacked.
This is what I know accesses the phone so far(none are hacks):
* Zune software
* Qualcomms QPST(scary)
* KinO(johnkussack's closest to a hack)
* BitPim
Are there anymore to add to the list?
Click to expand...
Click to collapse
If you're on a Mac, MarkSpace has a Kin sync program. It's basically like Zune software excluding DRM content, but also has a pretty simple browser program to access the folders (not the root folder, where the contact XML file would be found).
There are other MTP explorers out there, that will actually show you the content of the phone. However, in my testing, none of them will allow you to read or write content.
Basically, if the phone is in MTP (default) mode, you only have access to the media, and not to the OS space on it. We'd need a driver to use one of the other USB modes.
ok
ill make a new thread...
"What am I doing, why am I here, what is this about, and where am I going with this."
Hello all. After dealing with rumors, rumors of rumors, and the like, I've finally managed to disclose something I hold very dear to me: the WindowBreak project.
As the name suggests, this is a jailbreak project for Windows Phone 7. I started something a while back that had little success, but through the months, I've managed to figure out something that should bring light into the Windows Phone jailbreaking scene.
Real quick, though:
What this is: A project, with information about some interesting exploits I found, and a call for the community to dive in.
What this isn't: A full fledged jailbreak. Please don't post replies such as "when will XXXX device be supported". It just wastes time, and I assure you, I want every device included.
It also is not a full unlock. Just interop.
The details
So here's the sitch. We all know how Heathcliff74's interop unlock works. XAP files are just ZIP files, and ZIP files can have entries that allow extracting in parent directories.
Interesting thing is, this can be done using the ZipView application, which normally stores data in \Application Data\Volatile\Zipview\<random id>
Thus, creating a directory in a ZIP file called ../../../../provxml will copy all those files into the \provxml\ folder upon extraction.
See what I did there?
Limitations
Of course, there are limitations.
1) We cannot extract into \Windows\. There's a policy that prevents it.
2) The bad one: We can only extract known MIME types, at least to my knowledge. This is because the files are only extracted when they are clicked on in ZipView. And clicking on a .dbz file, for example, will just say the file type is not supported. Bummer.
What we can do...
As mentioned above, this can be used for a fresh out of the box jailbreak for Samsung devices, using provxml. Here's a video of that:
Try it yourself: with a Samsung device, go to http://windowsphonehacker.com/windowbreak and press WindowBreak Me.
In theory, this would be all we need to jailbreak most Windows Phone devices. Unfortunately, Nokia and HTC devices block the registry entries in provisioning files. I'm not sure what the extent of this "whitelist" (or is it a blacklist?) is, and details/tests on this would be appreciated.
What needs to be done...
Nokia: I don't have a Nokia device, but I've been working a great deal on figuring out how to crack it's shell, and have a couple of ideas. If I'm able to get my hands on a Nokia device soon, I'll try some of these unorthodox exploits out, otherwise I'll need some daring volunteers.
HTC: I do have an HTC device, but I can't figure out how to extract the files for the Connection Setup program. If someone can give me details on what the password encryption is on it, etc, for the HTC interop unlock, that would be much appreciated.
Other devices: Not a lot of demand for these (and LG needs no jailbreak, since it has MFG), but if something comes up, feel free to share where the provisioning files exist and I'll see about "windowbreaking" them.
So this is my little project, and I hope the details I'm sharing will lead to further development. My personal device (Samsung Focus) is easily interop unlocked now, without costing me a cent. I'd really like this to be the case for everyone; I'm not saying the $9 unlock for Chevron Labs is bad, in fact, it's greatly supported homebrew. What I am saying, though, is that freedom is still possible, and regardless, any developments made here will further support interop unlocking on Chevron/apphub unlocked devices. With that in mind...
Merry Christmas.
Special thanks to: Heathcliff74 for much of the research and idea behind the exploit
All the supporting members of XDA, who bring appreciation for what we do. Thank you.
Cool! Ridiculous that I didn't think of this myself
I will send you the password of the dbz files when I get home. I don't have it here.
But the real problem for HTC and NOKIA are the whitelists. I've been working on this for the past time. And today I made more progress. I developed a new way of debugging native 3rd party dll's/drivers. U can isolate functions and call them from a test app for unit-testing. This makes testing a lot easier. This will help me find exploits much faster. I can even call the whitelist functions of HTC and NOKIA on my Samsung now Working on it right now.
Good find!!
Heathcliff74
Heathcliff74 said:
Cool! Ridiculous that I didn't think of this myself
I will send you the password of the dbz files when I get home. I don't have it here.
But the real problem for HTC and NOKIA are the whitelists. I've been working on this for the past time. And today I made more progress. I developed a new way of debugging native 3rd party dll's/drivers. U can isolate functions and call them from a test app for unit-testing. This makes testing a lot easier. This will help me find exploits much faster. I can even call the whitelist functions of HTC and NOKIA on my Samsung now Working on it right now.
Good find!!
Heathcliff74
Click to expand...
Click to collapse
Haha, I knew you would say that when you saw this. Most credit of this goes to your work, in fact, which gave me much of the idea.
As for the whitelists, do you know exactly how it's blocking? Is just registry blocked, or all non-APN related settings?
^-- This is why I nominated you guys for those free Nokia Lumias. Keep up the good work!
Jaxbot said:
Haha, I knew you would say that when you saw this. Most credit of this goes to your work, in fact, which gave me much of the idea.
As for the whitelists, do you know exactly how it's blocking? Is just registry blocked, or all non-APN related settings?
Click to expand...
Click to collapse
Both brands have very similar mechanisms. They both have a driver dedicated to provisioning. The whitelists are implemented in those drivers. HTC has whitelisted only specific registry keys for APN's and stuff. NOKIA does not have the registry on the whitelist at all.
Heathcliff74
Heathcliff74 said:
Both brands have very similar mechanisms. They both have a driver dedicated to provisioning. The whitelists are implemented in those drivers. HTC has whitelisted only specific registry keys for APN's and stuff. NOKIA does not have the registry on the whitelist at all.
Heathcliff74
Click to expand...
Click to collapse
Shame it's a whitelist instead of a blacklist :\
Do you know which CSPs are allowed? I've managed to move files around using provxml on my Samsung, but it seems to allow just about anything.
Yeah I want you two to get the free Nokia Lumia's too! You both do great work - thank you keep giving love to the Omnia 7 too please since it's my girlfriend who has the Lumia 800 (dammit!)
Indeed a very cool solution ! Thanks button pressed.
Is it limited to 1st gen samsung devices or does it work on 2nd gen devices too ?
contable said:
Indeed a very cool solution ! Thanks button pressed.
Is it limited to 1st gen samsung devices or does it work on 2nd gen devices too ?
Click to expand...
Click to collapse
Both first and 2nd gen will work, though some interop won't work on 2nd gen devices (e.g., last I heard, registry editors were all read only)
DBZ Password
030D681B-1DFC-4bd0-A72A-A9B3CCCDA653
---------- Post added at 10:30 AM ---------- Previous post was at 10:29 AM ----------
Oh and it was found here http://forum.xda-developers.com/showthread.php?p=18916888
When I go to http://windowsphonehacker.com/windowbreak/
I don't get any buttons, just these text :
WindowBreak
By WindowsPhoneHacker
WindowBreak is a project with the goal of enabling true jailbreaking on Windows Phones.
We believe in freedom, both in gratis and in libre.
For details on WindowBreak, see here [add XDA link here].
BTW Nice worrk, hope to see more nice hacks these Xmas!
DJSave said:
When I go to http://windowsphonehacker.com/windowbreak/
I don't get any buttons, just these text :
WindowBreak
By WindowsPhoneHacker
WindowBreak is a project with the goal of enabling true jailbreaking on Windows Phones.
We believe in freedom, both in gratis and in libre.
For details on WindowBreak, see here [add XDA link here].
BTW Nice worrk, hope to see more nice hacks these Xmas!
Click to expand...
Click to collapse
You visit it on your phone, silly
And thanks, forgot to add the XDA links to that page.
Damn, purchased yesterday chevron labs-.-
But great work! I appreciate that!
Jaxbot said:
You visit it on your phone, silly
And thanks, forgot to add the XDA links to that page.
Click to expand...
Click to collapse
Yep Had desctop version in settings
10X it worked like a charm
Wait and hope for a solution for HTC devices
yea I can't wait for this. I have a HTC HD7.
Well done man, exactly what worked also with calling provxml files from the iso storage in DiagProvXML. Just do "../the entire path to iso storage/provxml.ext" this worked also on htc. Although of course your mechanism is different as you have to copy it to the correct folders while we just needed to change the default paths of the drivers to a custom folder.
Well done and nice creative solution. It would be great if you manage to get this working for more devices.
Maybe somebody can somehow find the exact provisioning the Developer Registration Tool makes, so you can use that one as that should be white listed I assume.
The Registration tool actually uses a socket connection to send a partly modified cookie string to the phone. The phone then goes and checks that against microsoft's servers and goes OK.
hey ii was just wonderiing, as nobody rarely mentions the dell venue pro, if something was going to be actually done for it. I know you said dont post stuff liike this but its just that ive never heard something like this or anything done about the Dell Venue Pro.
Thanks
Is the point of this for it to go from out of the box to interop unlocked, or from chevron/dev unlock to interop?
In /Classes Root/ registry part you can add the file type so it's known...