As I briefly posted on my blog Monday, Mango will no longer support the deployment of XAPs containing the ID_CAP_INTEROPSERVICES flag. This means you won't be able to deploy your web servers, root tools, and other assorted unsupported hackery.
With our sanctioned, dirt cheap unlock service around the corner, trying to jailbreak NoDo (without upgrade hacks) is a waste of time. I believe the ROI on time spent on hacking this interop limitation is much greater.
This limitation is implemented in PacmanInstaller.exe (on the phone); it scans the manifest for the flag and bails with HRESULT 0x81030120.
As Mango FFUs haven't been released yet, I haven't tested upgrade path 'hacks'; worse, this behavior doesn't appear to be reproducible in the emulator limiting current testing to those w/ Mango phones. (That should change in the next few weeks, hopefully.)
I'm interested to see what ideas you guys have!
How does Microsoft even explain this? What's the point in allowing your unlock officially and then blocking the very functionality we unlock devices for?
Maybe this is a temporary problem?
As far as Microsoft is concerned the new Unlock variant is for people who want to develop for their devices but without intention to publish the results to the Marketplace, e.g. people who want to play around with things.
If you're a Nokia Dev today you get the unlock for free - allowing people to access undocumented APIs is not what Microsoft wants to happen but more to make people experiment with the platform and then perhaps publish their work to Marketplace later on - but that would not be able to happen if those experiments used COM-Interop which is not allowed on the Marketplace.
Well, this way, from an end user perspective, unlocking is useful only for piracy. Getting sideloading without extended capabilities is a weird proposition.
Re hacking Mango, I guess people need to get it on their phones somehow to begin with.
In the other thread I requested that everyone who upgrades makes a wireshark log and post it here, so we can tear it apart. I also left some instductions there.
Plz also let know if apps with native code survive the upgrade and if the chevron unlock with prevent relock survives the update.
Ciao,
Heathcliff74
mfw i already found out a possible solution how to bypass this.
>NoDo needed before Mango.
No trolling. Also, cant say it here on xda, then the Microsofties will pick it up and block...
>Trusted people i can tell, sry.
Thanks for sharing this secret, but up to this moment, Ansar way (flashing stock ROM, then using advanced configuration utility to avoid relocking) is the only effective way.
One could write an application for NoDo, for example a ChevronWP7 Homebrew Enabler, that uses native APIs to modify manifests of homebrew applications found on the phone. Then upgrade to Mango.
There are lots of upgrade scenarios but we have to remember -- new phones will only ship with Mango.
yeah lets tell rafael and his ms homies how the people here try to hack mango, so that he can tell ms to fix it before mango released to everyone.
I hope you wont tell a thing in the public @ fiinix, jaxbox, heathcliff
diboze said:
rafael and his ms homies
Click to expand...
Click to collapse
Really? Rafael informs us of an important issue that we should try resolving, and your response is "OMG he's in bed with Microsoft let's ostracize him"? That saddens me.
@arktronic: please...you cant be this naive...
I won't dignify that with a response.
Oh wait...
There seems to be a way ... for current NoDo users. It is similar to what happened going from original 7008 to NoDo ... in terms of unlocking. I will stop there.
I'm curious, is the ID_CAP_INTEROPSERVICES merely a flag that the xap contains native code, or does the executive actually forbid the application from running native code unless the flag's present?
i.e. could we modify the xap to remove this flag, but still run the native code app on the phone?
elyl said:
I'm curious, is the ID_CAP_INTEROPSERVICES merely a flag that the xap contains native code, or does the executive actually forbid the application from running native code unless the flag's present?
i.e. could we modify the xap to remove this flag, but still run the native code app on the phone?
Click to expand...
Click to collapse
The flag must be present.
diboze said:
yeah lets tell rafael and his ms homies how the people here try to hack mango, so that he can tell ms to fix it before mango released to everyone.
I hope you wont tell a thing in the public @ fiinix, jaxbox, heathcliff
Click to expand...
Click to collapse
You're an idiot.
Here are some things to consider then:
Can something be done to the XAPs to allow the flag? Signing? Other XML file modifications that, in turn, would allow the flag to be used?
Can something be done to the system? A registry change perhaps?
Have any new flags been added to Mango that might also allow low-level system access?
It seems more complicated that just the flag.
Homebrew apps or resigned apps (like Scansearch, or HTC apps) won't run, but official manufacturer apps (Scansearch on LG, HTC apps on HTC) run fine.
So it seems to depends on some certificate.
Also, installing an apps then upgrade to Mango keeps the app on the phone, but it won't allow you to launch it (no error, just launch and quit).
(nico) said:
It seems more complicated that just the flag.
Homebrew apps or resigned apps (like Scansearch, or HTC apps) won't run, but official manufacturer apps (Scansearch on LG, HTC apps on HTC) run fine.
So it seems to depends on some certificate.
Also, installing an apps then upgrade to Mango keeps the app on the phone, but it won't allow you to launch it (no error, just launch and quit).
Click to expand...
Click to collapse
Ah, thanks for testing that. So that means installing an application then upgrading won't be as easy as it sounded.
One test would be to sign a XAP and place your root certificate in the CA store (with Heath's toolset).
diboze said:
yeah lets tell rafael and his ms homies how the people here try to hack mango, so that he can tell ms to fix it before mango released to everyone.
I hope you wont tell a thing in the public @ fiinix, jaxbox, heathcliff
Click to expand...
Click to collapse
I too hope everyone will be a selfish bastard and will never get anything done.
Arktronic said:
Here are some things to consider then:
Can something be done to the XAPs to allow the flag? Signing? Other XML file modifications that, in turn, would allow the flag to be used?
Can something be done to the system? A registry change perhaps?
Have any new flags been added to Mango that might also allow low-level system access?
Click to expand...
Click to collapse
I'm trying some things with the package manager. I haven't got anything yet, but I got some ideas I yet have to try. I'm working on flagging an app as "not being sideloaded".
(nico) said:
It seems more complicated that just the flag.
Homebrew apps or resigned apps (like Scansearch, or HTC apps) won't run, but official manufacturer apps (Scansearch on LG, HTC apps on HTC) run fine.
So it seems to depends on some certificate.
Also, installing an apps then upgrade to Mango keeps the app on the phone, but it won't allow you to launch it (no error, just launch and quit).
Click to expand...
Click to collapse
Ok. So it looks like the package-manager doesn't allow the interop-flag for apps with a full install-cycle through side-loading. The flag is probably allowed for upgrades and marketplace-installs (including DRM licenses). And the PolicyEngine (runtime system) requires the dll's to be signed properly or else it will deny interop to native code.
WithinRafael said:
Ah, thanks for testing that. So that means installing an application then upgrading won't be as easy as it sounded.
One test would be to sign a XAP and place your root certificate in the CA store (with Heath's toolset).
Click to expand...
Click to collapse
Please refer to the opening post of this thread. For the purpose of code-signing the certificates in the "Code Integrity" store are used. The certificates in that store would probably need a signing-root in the CA store. The means that you have to create a certificate that has the properties of a "Code Integrity" certificate AND the properties of a "CA" certificate and then add this cert to both "Code Integrity" and "CA" stores. Then use the private key to sign all the dll's.
If you look at the certs in the "Code Integrity" store, then all, except the one used for LPC singing have this:
Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)
Enhanced Key Usage: Code Signing (1.3.6.1.5.5.7.3.3), Unknown Key Usage (1.3.6.1.4.1.311.10.3.14)
If you look at the certs in the CA store, then you see that they all have:
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
That means that you have to create a cert with:
Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)
Enhanced Key Usage: Code Signing (1.3.6.1.5.5.7.3.3), Unknown Key Usage (1.3.6.1.4.1.311.10.3.14)
Than add this to "Code Integrity" and "CA".
You have to create the cert with OpenSSL. You can't create such a cert with Visual Studio tools.
I already created such a cert. I will create a new version of the WP7 Root Tools and sign the dll's with this cert. And I will make an option to install/uninstall the public cert in "Code Intergrity" and "CA". I advise everyone who wants to try this to first make a backup! Then, when you have this version of the WP7 Root Tools installed and you used it to install the certificates too, then you should try to upgrade to Mango and see if the WP7 Root Tools are still working.
I will let you know when I got this new version of the WP7 Root Tools ready.
Ciao,
Heathlciff74
Is there any way to fake the user agent while using the web browser on my windows phone 7? The only thing I dislike about my HD7S is that almost all of the websites are full desktop size, I like how it showed my web pages on my iPhone before I ditched it for this HD7S. Another thing is-is there any hack that will also block any ads on apps? Being tied to a limited amount of data that I can use a month, that would come in handy while using ad based apps.
Thanks!
Sent from my HD7 T9292 using XDA Windows Phone 7 App
This question belongs in the Q&A forum, not the Dev & Hack forum. Nonetheless, since a mod hasn't closed it yet:
To change the user agent string to a "mobile" mode, open the Settings page for IE and switch it from Desktop to Mobile. However, you can't actually spoof the user-agent string; it just comes with two options.
No way that I know of to block ads in apps, but they use surprisingly little bandwidth. It might be possible to tweak HOSTS on the phone (if you have interop-unlock) to stop it from talking to the most common ad servers.
Blocking ads is really really rude. Websites cost a lot of money to run and the only way offset that is via advertisements or donations.
MJCS said:
Blocking ads is really really rude. Websites cost a lot of money to run and the only way offset that is via advertisements or donations.
Click to expand...
Click to collapse
Agree, but mostly because I'm running a one-man news website
The few pennies you generate in revenue via ads is what makes the apps you use free. If you want to block the ads, buy the paid version of the app.
There's no faster way to discourage a developer from making apps than to block their only method of generating any sort of revenue.
Must of missed this one.
Not development.
Thread Closed
Hi all,
I came across this article which explains how malcious code can be pushed on our android phones through malicious ad networks.
I will only highlight the important points and include the countermesaures which I think we can use to atleast avoid/prevent this type of malware.
1) Ads displayed within mobile apps are served by code that's actually part of those applications.
2) Application owners typically include SDK's in the application for various ad network's.
3) Not all developers verify the Ad network and if the developer does not care or simply goes with the highest bidder, then the chances of siding with a malicious ad network are high.
4) If an ad from a malicious network is displayed it can push malicious payload which runs quietly in device memory.
5) Detection by AV's can be difficult as this runs in memory and android AV's mostly verify the apk's only.
Not so good thing:
This is a very elegant approach that doesn’t really require the end-user to do anything “wrong”.
The user could download a valid application from a valid app store, and ultimately be silently infected by a disreputable ad network
--
Countermeasures:
1) Do not install applications from untrusted sources. This is configured by default under :Settings->Security->Device Administration->Unknown Sources.
2) Always verify the permissions the application is requesting.
3) Rooted phones can utilize applications like AdAway which simply block all traffic to known ad networks. (Make sure you update it frequently).
4) Av's help in atleast verifying the apk's and there are applications to detect adnetworks like (Lookout,Symantec,TrustGo Ad detectors, etc).
If I get some time, I will try to get list of known malicious networks so we can manually add them to our host file and block all traffic to these networks.
I know these networks are dymanic but blocking can be helpful even for a short time.
If you think there are more better ways to prevent/detect this then please share and benefit the community.
References:
http://researchcenter.paloaltonetworks.com/2013/08/mobile-devices-new-malware-and-new-vectors/
http://www.businessinsider.com/malware-in-mobile-advertising-2013-8
http://www.google.com/ads/admob/monetize.html
hi !
who ready have tried "adhell" on this A5 2017 ?
( i have read that it doesn't block adds on https website....it's true?)
"adclear" is better for you ?
i use "adblock fast" on Samsung browser....seem work fine but i already knew that it's just for the browser ......it don't block adds on apps and games (like adaway for rooted devices ),it's just a browser extention...
I'd recommend using Dns66, which is available on Fdroid. It uses a local (only on your device) VPN connection to allow Ad / Malware filtering, and works system-wide and without root. It is also fully open-source and free.
thank so much for the tip !
****Here are the steps to block ads natively on Pie using the PRIVATE DNS feature.****
****This will allow us to block ads system wide(for apps without built it resolver) without installing additional apps or plugins.****
Step 1. Settings> connections > More connection settings > Private DNS
2. Enter : dns.adguard.com .. or
dns-family.adguard.com (for nofap?)
3. Press save and enjoy ad-free experience.
****These are secured adguard servers with integrated ad-blocking.****
#### For Chrome, type chrome://flags in searchbar... Type ' async ' in search. Click on #enabled-async-dns and chose 'disabled' . Otherwise chrome could use a built in dns resolver which doesn't block ads. ####
So along with blocking ads you also get a secured encrypted DNS. ?
Source: Reddit
The system-wide Adguard DNS protection is not customisable and limited in terms of blocked hosts. Rather, I would go with DNS66 available on F-Droid. It allows customisation of blocked hosts as well as DNS and individual apps can be whitelisted.
I also use dns66 and it works great. Thanks for the chrome tip. I was wondering why it did not block ads in chrome but now it does.
Brilliant.
I use adguard solution. It satisfies me perfectly.
Dns66 keeps vpn connected all the time. I am pretty sure, that it makes load on procesor and battery. Fact it is probably safer when connected to public Wifi
What's the difference between those two addresses dns.adguard.com and dns-family.adguard.com ?
Tnx
Sent from my Galaxy A50 using Tapatalk
i am older (i think that)
Tnx
Sent from my Galaxy A50 using Tapatalk
A w e s o m e . . .
HOT-DANG ! ! ! Only reason I wanted to root was to get the hell rid of one app's horrible ads and BAM ! ! ! Your little workaround works like a charm. Thank you very, very much ! ! !
PERFECT!!!!
This is great. Works great. Thanks !!!!
In comparison to the likes of Luna, it's not all that effective in a lot of sites, especially with popups.
working nice here!
with nextdns.io you can use custom host files and a lot of other options it also supports DNS-over-TLS so far its my favorite option for dns
AdGuard app is #1.
Hello, sorry to have dug up, but I have a problem with dns.adguard.com, it slows down my connection, when it does not block it completely elsewhere, and this for several days, is there an alternative solution ? Thank you