I found where the system registry files are stored inside the ffus. This is from my Lumia 928 factory ffu.
Code:
\Windows\System32\config - DEFAULT, DRIVERS, FP, ProvisionStore, SAM, SECURITY, SOFTWARE, SYSTEM
\Windows\System32\config\MOUNTMGR - SYSTEM
\Windows\System32\config\unmodified - BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
\EFIESP(Different Partition)\Windows\System32\config\unmodified - BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
BCD, DEFAULT, DRIVERS, NTUSER.DAT, SAM, SECURITY, SOFTWARE, and SYSTEM
All of these files contain regf as the first few characters in hex. Beyond that, the files are mostly garbage looking at them in Notepad++.
I haven't been able to find any registry editors yet that can edit them, including ones built for Windows CE/Mobile or even Win7/8.
Anyone know of something that can display it in a normal fashion? (without needing a WP8 device to attempt to edit it on.)
EDIT: The files from \Windows\System32\config have been zipped for simplicity reasons (for those of you who don't have a ffu handy)
EDIT2 (August 22): The files from the GDR2/Amber update from my phone's rom have been added.
WalkingCat said:
OK, this is a reply to this thread, but apparently I can't post in that forum yet.
So, you've found registry file inside \Windows\System32\config, and this is the way to open and edit it.
No third-party tools needed, just use regedit.exe in your Windows system
1. Run regedit.exe
2. Click on any root key, like HKEY_LOCAL_MACHINE
3. Open File menu, select Load Hive
4. Select a file in your mounted ROM \Windows\System32\config, like SOFTWARE or SYSTEM, open it
5. In the dialog asking for a name, input any text, like WP8Software
6. Registry is now loaded under HKEY_LOCAL_MACHINE\WP8Software, you can edit it.
7. Open File menu, select Unload Hive, then its written back to disk.
reference: http://technet.microsoft.com/en-us/library/cc732157.aspx
Click to expand...
Click to collapse
Check this post : http://forum.xda-developers.com/showpost.php?p=44312736&postcount=41
I used 7zip to extract the file
vivekkalady said:
Check this post : http://forum.xda-developers.com/showpost.php?p=44312736&postcount=41
I used 7zip to extract the file
Click to expand...
Click to collapse
That works fine for .wim or a .zip, but these files are the complete registry store that's same format that Windows 2000, XP, Vista, ect. uses to store the settings for hardware/drivers, windows itself, and other apps that have that kind of access (e.x. Tier3 Applications)
If it's same format as XP/Vista type it should be easy openable, look for the application on the internet.
GodlikePL said:
If it's same format as XP/Vista type it should be easy openable, look for the application on the internet.
Click to expand...
Click to collapse
Apparently it isn't. I used RegistryEditorPE, that's supposed to work with offline registries for 2000 to 7, but it kept erroring out.
Sent from my RM-860 (Lumia 928) using the OFFICIAL Tapatalk app.
This is good stuff to know. Something that should be good to note is that while I decompiled the .NET for a few of the Verizon Xaps from the 928 ROM, I discovered some Nokia-specific COM Interop that interfaces with the registry. I'm hoping I can try something out and put up a test program within the next few days and make some registry changes.
Hi
I found a registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Office Mobile\SPMC\Action\doc]
"Application"=dword:00000005
"ApplicationCommand"="app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/Default?CmdLine=-url %s"
"Action"=dword:00000003
this is for Microsoft office Word
I think we can open word using the link i guess (app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/)
so is this part useful?
can external commands executable through this part (CmdLine=-url %s) ??
something like this
http://dotnet.dzone.com/articles/windows-phone-7-tip-day-know
@snickler: Let me know if you succeed with that. I managed to sideload an app using one of those libraries (after removing nearly all the interesting capabilities...), but immediately got an error about the component not being registered. I didn't try running regsvr or anything, though...
GoodDayToDie said:
@snickler: Let me know if you succeed with that. I managed to sideload an app using one of those libraries (after removing nearly all the interesting capabilities...), but immediately got an error about the component not being registered. I didn't try running regsvr or anything, though...
Click to expand...
Click to collapse
Hmmm, which phone do you have?
Edit: I tried to deploy just a sample app with one of the .winmds referenced, and got the 0x81030120 error
Holy fuzzle.. ANOTHER EDIT: I was able to do it. I had to remove all the damn Capabilities that I added from the Nokia Maps xap though.
I referenced the NokiaRegistryUtils.winmd and just ran this sample code
MessageBox.Show(NokiaRegistryUtils.Registry.IsChinaFirmware().ToString());
It returned "false" as expected.
I'm going to try something else now.
Something to note, in the WMAppManifest.xml, the following needs added after the <Tokens> declaration
<ActivatableClasses>
<InProcessServer>
<Path>NokiaRegistryUtils.dll</Path> <-- or whatever dll you're adding
<ActivatableClass ActivatableClassId="NokiaRegistryUtils.Registry" ThreadingModel="both" />
</InProcessServer>
</ActivatableClasses>
vivekkalady said:
Hi
I found a registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Office Mobile\SPMC\Action\doc]
"Application"=dword:00000005
"ApplicationCommand"="app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/Default?CmdLine=-url %s"
"Action"=dword:00000003
this is for Microsoft office Word
I think we can open word using the link i guess (app://5B04B775-356B-4AA0-AAF8-6491FFEA5617/)
so is this part useful?
can external commands executable through this part (CmdLine=-url %s) ??
something like this
http://dotnet.dzone.com/articles/windows-phone-7-tip-day-know
Click to expand...
Click to collapse
Where did you find that key?
in ffu file
location <ffu mount>\Windows\Packages\RegistryFiles\Microsoft.Office.Word.reg
Perfect. That's what I'm doing now, but just from my 920 ROM dump. I can access the registry sections that Nokia provides in their app, but I can't from the one you provided me. I'm going to do more tests to see if this is using HKCU rather than HKLM. It could also be that the registry keys have permissions placed on them.
Hmm,
I'm able to get the value of SOFTWARE\Classes\MIME\Database\Codepage\1254 -> BodyCharset
I may write a simple app that reads registry from Lumia devices... I think that's going to happen today.
found these things dont know it is of any use
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3]
"DefaultId"="{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1]
"$DLL"="C:\\Windows\\System32\\WINTRUST.DLL"
"CallbackAllocFunction"="SoftpubLoadDefUsageCallData"
"CallbackFreeFunction"="SoftpubFreeDefUsageCallData"
"DefaultId"="{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"
Click to expand...
Click to collapse
http://support.microsoft.com/kb/287547
vivekkalady said:
found these things dont know it is of any use
http://support.microsoft.com/kb/287547
Click to expand...
Click to collapse
I did find THIS..
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=dword:7FFFFFFF"
That translates to the value of InterOp unlock by default which means we should be able to sideload more than 10 apps at a time.
I also found these within policy xml files
Code:
Microsoft.BaseOS.SecurityModel.policy.xml
<Capability ElementID="2EF45E94A01864DE3387212D6E73AEA885E709AD0F24FB97FE2E84728CB09D14" AttributeHash="49B8EC80A54998B68D7F65A44A340FD28B535494B7A41D650FD94851E38A6B6B" Id="ID_CAP_DEVELOPERUNLOCK" AppCapSID="S-1-15-3-1024-2489250862-3731101856-757172019-2830005102-2903107461-2549818383-1921265406-345878668" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1443" FriendlyName="Enable bearing chamber to load unsigned modules" Visibility="Internal" />
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>
<Capability ElementID="BAFBED1970753822A266C1985F4A2CA2BA7A97CCE149F874743D00F678643C26" AttributeHash="54A2744DE064E139FD4403623C2AB9F1E130BC5C0786F56C1CE39AC814DC3F03" Id="ID_CAP_DEVELOPERUNLOCK_API" AppCapSID="S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088" SvcCapSID="S-1-5-21-2702878673-795188819-444038987-1450" FriendlyName="Enable setting of registry key protecting developer unlock mode." Visibility="Internal">
<CapabilityRules>
<Rules>
<RegKey ElementID="F0921CC3ADB2FEE5B7DC90F9F2BBDDB6E4D7BFAF9CE189C1585A90CD71E36882" DACL="(A;CI;KRKW;;;S-1-15-3-1024-435026874-574125424-2562811554-2720811615-3432479418-1962428897-4127210868-641492088)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1030)(A;CI;KRKW;;;S-1-5-21-2702878673-795188819-444038987-1450)" Flags="515" Path="HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager" />
</Rules>
</CapabilityRules>
</Capability>
Need a Nokia Device?
snickler said:
I may write a simple app that reads registry from Lumia devices... I think that's going to happen today.
Click to expand...
Click to collapse
Thats great! If anyone needs a Nokia device to test on, Nokia has Remote Device Access to those who need it. Its a free service to anyone who has a Nokia DEVELOPER account, which is separate but free as well. The devices they mostly have are Lumia 820s, but the have a few others (620, 720, 920 and the 928.) The great thing about them, you can deploy an xap and run the apps. Some of those phones have sims in them and some of them have a "Nokia On-Device Diagnostic Tool". The only drawback, is that the connection can be SLOW.
Huh, you had to add the InProcServer manually? That may be the problem, then. I'm not sure why they're using COM - it works just fine to simply use the native Win32 APIs (add references to ADVAPI32LEGACY.LIB and/or KERNELBASE.LIB; that's what my NativeAccess library does and it works fine) - but it's good to know that COM is, in fact, usable.
Yeah, I already found those policy files. As I've said in other posts, if you can find a way to sideload an app that uses them, we can do a lot more than is currently possible - the internal and private capabilities (and some of the so-called public ones, most of which still won't install) have all kinds of cool potential.
One advantage of the WP8 app model, as opposed to the WP7 model that used ID_CAP_INTEROPSERVICES for everything, is that an app like you're making may well work on other devices. The fact that you got the interop-lock error means that the app did have ID_CAP_INTEROPSERVICES specified, so it may use it for some things, but the registry access is probably not one of them.
GoodDayToDie said:
Yeah, I already found those policy files. As I've said in other posts, if you can find a way to sideload an app that uses them, we can do a lot more than is currently possible - the internal and private capabilities (and some of the so-called public ones, most of which still won't install) have all kinds of cool potential.
One advantage of the WP8 app model, as opposed to the WP7 model that used ID_CAP_INTEROPSERVICES for everything, is that an app like you're making may well work on other devices. The fact that you got the interop-lock error means that the app did have ID_CAP_INTEROPSERVICES specified, so it may use it for some things, but the registry access is probably not one of them.
Click to expand...
Click to collapse
The best part is that the Nokia CityLens uses ID_CAP_INTEROPSERVICES, but I can't find anything that references it.
The winmds use System.Runtime.InteropServices though.
The Nokia app I got the RegistryRT from didn't use the INTEROP Capability at all, but I did notice that I had to add that extra stuff in the AppManifest.
Related
So after reading about all the App Store hacks that have developed around Fiddler2, I decided to give it a go myself. After setting up the proxy, I noticed that most SSL-based transactions were failing to connect on my device (Windows Updates, Email, etc).
I exported the SSL cert that fiddler 2 installed on my development PC, emailed it to myself, and installed it on my Windows Phone device. LO and Behold, Most of my SSL issues went away! (App store still woudn't auth). More Interestingly, Windows Updates started checking for updates successfully. These transactions are done with SOAP calls.
The basic process is as follows:
1. Phone initiates a connection to the windows update server
2. a series of cab files are downloaded containing certificate and base URL info of the update server
3. the phone connects to the update server with a list of all updates it has installed as well as a unique device identifier.
4. the server responds with a list of updates that it wants the phone to evaluate.
5. If the phone decides it needs the update, it sends a request to the server for instructions to deter
6. the server responds with a specially crafted packet that contains a link to where the microsoft cab can be downloaded from as well as a checksum of the cab file and evaluation instructions to determine if the update is needed. (checking registry keys, etc the SOAP commands contain things like RegRead32)
7. the phone then downloads and installs the update, if needed.
Fiddling around with fiddler, I was able to remove the "filter" GUID from the phones request to the server. As a result, it evaluated and installed any update it could get its hands on. The Hardware Test app still shows that my last update was 5/1/2013, but the number of updated packages included in that update jumped from 83 to 200!
I have some more experiments I would like to try (such as trying to blindly write a reg key instead of just reading it...anyone know of a good one?). I am also wondering if I can somehow package a Microsoft cab file, and tell the update mechanism to download and install it. Depending on how it evaluates the cabs, I might be able to get away with signing the cab with the private key from the Fiddler certificate I installed.
Just thought I'd pass along
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Not that i seriously looked into that, but you may probably consider these entries as interesting
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\DeviceReg\Install]
"MaxUnsignedApp"=DWORD:A
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppLicenseCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppSignatureCheck"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\PackageManager]
"EnableAppProvisioning"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\.NETCompactFramework\Managed Debugger]
"Enabled"=dword:0
"AttachEnabled"=dword:1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\Debugger]
"WaitForAttach"=dword:1
Some of those might get obsolete already, though.
Though, the most interesting thing one can do with registry is enabling KD.
For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now.
Click to expand...
Click to collapse
Yeah
I've never really looked at the fact: which certificate is used by actual cabs? look at *.cat file
GoodDayToDie said:
Very, very nice finds! I had noticed the cert pinning used on the store and on dev-unlocking, but apparently had failed to look into the update process.
Give me a little while and I'll find you the reg key used for dev-unlock. I can't guarantee you that I'll be able to give you the exact value you need - they seem to have changed the format since WP7, and I'll be working blind from templates and policy files here - but it's worth a shot. Mind you, I wouldn't be surprised if the whole process is read-only, or if the responses from Microsoft are signed (although you could try re-signing them, I guess). For what it's worth, creating an entire update from scratch (or even editing one) is unlikely to work; Windows has required a Microsoft signature (not just any trusted signature) on update files for many years now. It's certainly possible that they messed that up, though.
I also kind of want to see if some of the recent ZIP signature validation bypass exploits from Android (where you could create a ZIP file containing multiple files that have the same name, and the original would be used for the signature but the *last* copy of each file would be the one actually unpacked) might be made to work as well. I've got some ideas about that... not sure if it would work for the update format, though.
Please keep researching this!
Click to expand...
Click to collapse
Will do! Here is where it gets interesting...The attached screenshots are of a SOAP request from my phone to the update server (I disabled filtering, so the GUID isn't present) and then it's response for "missing" updates to evaluate.
the section labeled "xml" contains the instructions on how to evaluate if the update is needed.
here is a cleaned up, friendly dump of what is in the "XML" section it needs to parse to determine if an update is applicable:
Code:
<UpdateIdentity UpdateID="f092f820-8161-410b-ab11-c7a6d36b7837" RevisionNumber="101" />
<Properties UpdateType="Software" />
<Relationships>
<Prerequisites>
<UpdateIdentity UpdateID="eb644fbf-5e6e-4719-b97c-485ffb9e867f" />
<AtLeastOne>
<UpdateIdentity UpdateID="450b8808-d056-4c18-a383-2db11e463eb0" />
</AtLeastOne>
</Prerequisites>
</Relationships>
<ApplicabilityRules>
<IsInstalled>
<CspQuery LocUri="./DevDetail/SwV" Comparison="GreaterThanOrEqualTo" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
</IsInstalled>
<IsSuperseded />
<IsInstallable>
<And xmlns="http://schemas.microsoft.com/msus/2002/12/LogicalApplicabilityRules">
<CspQuery LocUri="./DevDetail/SwV" Comparison="LessThan" Value="9.0.0.0" xmlns="http://schemas.microsoft.com/msus/2002/12/MobileApplicabilityRules" />
<b.RegSz Key="HKEY_LOCAL_MACHINE" Subkey="Software\Microsoft\Windows\CurrentVersion\DeviceUpdate\Agent\Protocol" Value="TestTarget" Comparison="EqualTo" Data="72c5dc6d-00a9-412f-9d13-f4f483f2ed7f" xmlns="http://schemas.microsoft.com/msus/2002/12/BaseApplicabilityRules" />
</And>
</IsInstallable>
</ApplicabilityRules>
an interesting URL with info from someone else that was looking into this for Win7...
http://withinwindows.com/2011/03/06/notes-on-windows-phone-7-update-process-thus-far/
I wonder if we can figure out what "updates" are actually required if we can trick the server into giving us more OOB updates/othercarrier updates/updates we aren't "supposed" to have..
Found some info on the "Evaluate" action:
Action: The action that clients in the specified target group will perform on this revision: Install, Uninstall, PreDeploymentCheck (which means that clients will not offer the update, just report back on the status), Block (which means that the update will not be deployed, and is used to override another deployment), Evaluate (which means that clients will not offer the update and will not report back on the status), or Bundle (which means that clients will not offer the update for install; it is only deployed because it is bundled by some other explicitly deployed update).
Click to expand...
Click to collapse
source:
http://msdn.microsoft.com/en-us/library/cc251980.aspx
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
If either that DLL or any of those certificates are not signed (highly unlikely, but worth checking), or if the DLL doesn't enforce the signature check (extremely unlikely), or if any of the certs include the private key or use a weak hash algorithm or a short key... maybe. I checked the certs, though; they at least are clean. Nothing useful that I saw.
Reverse engineering the DLL may be useful, but it's probably native code and therefore a pain to decompile.
aclegg2011 said:
I was also messing with fiddler and I noticed my phone access two different places when a phone update is selected. One of the pages is: http://ds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab . In that cab is this file wuredir.xml and consists of:
<?xml version="1.0"?>
<WuRedir xmlns="http://schemas.microsoft.com/msus/2002/12/wuredir" redirectorId="1002">
<Protocol
elementVersion="1"
clientServerUrl="https://fe1.update.microsoft.com/v6/"
reportingServerUrl="http://statsfe1.update.microsoft.com/" />
</WuRedir>
the second page accessed is: http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
I hexed the .dll after download and found some download links to some cert files, which are:
Microsoft Windows Phone Production PCA 2012.crt
http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
MicRooCerAut_2010-06-23.crt
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
MicTimStaPCA_2010-07-01.crt
http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
can any of this info help us?
Click to expand...
Click to collapse
Those are the first steps in the update process. Basically, it gets the certs that it will use for validation and server communication. then the CAB file contains the info on what servers are used for Windows Update communications. It then logs that a request has been made to the tracking server. After that, it gets a list of updates from the v6 address. If there are no updates, Once the update process is complete, it logs the result to the tracking server.
Do you guys think I could use this to fix the problems I seem to have when trying to stream or download music from Xbox Music? I get a lot of errors, or this song can't be played on your device and some times the app crashes. I have had this problem since I switch from my Windows Phone 7 device to my Nokia Lumia 920, and I am on my 4th 920. I think for some reason the Music store is getting botched certificates or something.
Kind of on the same subject. anyways i extracted around 140 Certificated from a HTC 8x Ruu. then installed them to my pc. Which is windows 7. The cool part was i was able to install windows phone sdk 8 and 8.1 with emulators and visual studio 2013. which i though all of these were not possible to run on windows 7. all because of certificates from a rom.
I need for someone to possibly dump the latest version of the app from their development/pre-production edition of their Nokia Lumia. I don't think it matters if its a BUILD 920 or if its a developer 822, or whatever. I have a few ideas of some things that can be done via this app, as almost all of the dial codes on the 928 launch extras+info. One of them involves launching the service tools (including EPST) menu and stuff of that nature. I could probably just experiment with the one that launched with the 928 GDR2 rom, but its probably missing some "features" that have been worked on, but still incomplete.
Its also possible that these are baked inside the rom and completely inaccessible to the app and will only be updated when Nokia Black update releases.
ANY HELP WOULD GREATLY APPRECIATED!!!
Sent from my RM-860 using Tapatalk
dumped from ROM .
but I don't know whether it is the latest one or not.
Also, I think you won't be able to deploy it to any NOKIA devices cause it requires INTEROP UNLOCK which is impossible on NOKIA now.
hjc4869 said:
dumped from ROM .
but I don't know whether it is the latest one or not.
Also, I think you won't be able to deploy it to any NOKIA devices cause it requires INTEROP UNLOCK which is impossible on NOKIA now.
Click to expand...
Click to collapse
did you extract it from GDR2 (Amber Rom) ?
It's not the last version .
maybe we have to wait for GDR3 then we can extract last version of Extras + Info.
or maybe someone who have Samsung Ativ S can try proxy and try to download Extras + Info from market place using Sysapp Pusher (to find market link)
Then Using Full File Access to copy app files.
ngame said:
did you extract it from GDR2 (Amber Rom) ?
It's not the last version .
maybe we have to wait for GDR3 then we can extract last version of Extras + Info.
or maybe someone who have Samsung Ativ S can try proxy and try to download Extras + Info from market place using Sysapp Pusher (to find market link)
Then Using Full File Access to copy app files.
Click to expand...
Click to collapse
That's essentially why I said I needed it from a developer lumia, I don't even think it will install on ATIVs, due to OEM drivers required. Those devices have the option to have their full filesystem exposed when changed via the "Diagnostics" app that only available on developer/pre-production handsets.
Besides that what ROM did you dump this from hjc?
thals1992 said:
That's essentially why I said I needed it from a developer lumia, I don't even think it will install on ATIVs, due to OEM drivers required. Those devices have the option to have their full filesystem exposed when changed via the "Diagnostics" app that only available on developer/pre-production handsets.
Click to expand...
Click to collapse
I haven't read your posts here, so not sure if my post is still relevant, but one great chinese guy asked me to send this to you:
from R&D Lumia
https://www.dropbox.com/s/pf31egysniuschp/extras-hongkong.zip
Is your dump from the first GDR2 that appeared on NCS for the 928 or the actual release? I have the 2nd update but not sure if extras&info updated since then??? Found this in a wim which gives me new hope that the tool is buried somewhere in this mess...
RegKeyName="$(hklm.microsoft)\Shell\OEM\Start"
RegName="AltLayoutID"
RegType="REG_DWORD" />
<!-- -->
<SettingMapping Name="FeatureTileID"
RegKeyName="$(hklm.microsoft)\Shell\OEM\Start"
RegName="FeatureTileID"
RegType="REG_DWORD" />
<!-- -->
<SettingMapping Name="DiagnosticEnabled"
RegKeyName="$(hklm.microsoft)\Shell\OEM\Start"
RegName="DiagnosticEnabled"
RegType="REG_DWORD" />
</SettingsGroupMapping>
</ComponentMapping>
Click to expand...
Click to collapse
Guys a little question
Why don't we use the first lumia 920 rom ?
maybe we can find something that can help us to Interop Unlock but Microsoft and Nokia delete that in next rom releases .
Then we can Prevent Re-lock and update phone again !
I'm not sure but it seams to be some different between GDR2 rom of Nokia Lumia 920 (Apac Malaysia White is mine) and it's first Rom .
I have some problems in these days and I don't see all the differents but In first view you can find that there is no test folder in first rom but GDR2 have a folder named test and includes "QCFMFTMApp.exe"
or another thing is all of the programs are listed in :
PROGRAMS\CommonFiles\Xaps
but in GDR2 there's some xap files in this address too :
PROGRAMS\CommonFiles\OEM\Public\PreloadedApps\tier3Apps
did anyone checked the older Roms?
Thats it! I needed ver. 3.0.6.1 (because I can't deploy this to it and I'm not reflashing to just have an older version) to first see if there were any changes to Nokia.FUE.WinPRTRegistry, and possibly launch that registry script that's been embedded in it. Now all I need to do is see if there is a URI that links to the page, but I believe all bets are off. Nokia has been good about cleaning up their tracks.
THe version from the other extras was 2.6.1.18.
ngame said:
Guys a little question
Why don't we use the first lumia 920 rom ?
I have some problems in these days and I don't see all the differences but in first view you can find that there is no test folder in first rom but GDR2 have a folder named test and includes "QCFMFTMApp.exe"
or another thing is all of the programs are listed in :
PROGRAMS\CommonFiles\Xaps
but in GDR2 there's some xap files in this address too :
PROGRAMS\CommonFiles\OEM\Public\PreloadedApps\tier3Apps
did anyone checked the older Roms?
Click to expand...
Click to collapse
QCFMTMApp.exe seems to be a driver level executable that physically tunes the FM Radio in Nokia's various phones.
tier3apps, seem to be xaps that need additional permissions that essentially use provxml like in WP7 days. The NFL app that @tonbonz had done some looking into had a settings page that changes the WAP address for Verizon devices.It was interesting at the very least to see the differences between HTC and Nokia. The difference? @wap vs no @wap
Dump files from 2nd 928 GDR2 .... http://sdrv.ms/1hnqgNA
This package(extra+info) contains a silent installer and it is worth doing some research around it.
I opened it using ilspy only to find it called AddPackageAsync(), which is available in Windows Runtime to deploy enterprise xap and nobody knows how it works. @GoodDayToDie @ultrashot how do you think about it? Nokia use this API to install and update xap in settings page. It seems to be a service agent,too ,which is very interesting. How did it call the API silently...when we call the API, user will notice a notification asking whether he/she wants to install the enterprise app but no matter how you call it, the deployment won't succeed
hjc4869 said:
This package(extra+info) contains a silent installer and it is worth doing some research around it.
I opened it using ilspy only to find it called AddPackageAsync(), which is available in Windows Runtime to deploy enterprise xap and nobody knows how it works. @GoodDayToDie @ultrashot how do you think about it? Nokia use this API to install and update xap in settings page. It seems to be a service agent,too ,which is very interesting. How did it call the API silently...when we call the API, user will notice a notification asking whether he/she wants to install the enterprise app but no matter how you call it, the deployment won't succeed
Click to expand...
Click to collapse
I am also wondering about details of Enterprise deployment - I haven't looked into it too much, but as i remember you have to install .cer provided by MS to device and then sign your xap with it, and such apps will get installed.
(I was wondering if such signing can "unlock" any of interesting capabilities)
Sadly, enterprise apps (CAPABILITY_CLASS_ENTERPRISE_APPLICATIONS) just uses the same capability list as CAPABILITY_CLASS_THIRD_PARTY_APPLICATIONS; nothing useful there. It's a shame.
GoodDayToDie said:
Sadly, enterprise apps (CAPABILITY_CLASS_ENTERPRISE_APPLICATIONS) just uses the same capability list as CAPABILITY_CLASS_THIRD_PARTY_APPLICATIONS; nothing useful there. It's a shame.
Click to expand...
Click to collapse
After diving into a Lumia 521 ROM, I am not 100% sure that's the case....
I was poking around in the tier3apps directory (\PROGRAMS\CommonFiles\OEM\Public\PreloadedApps\tier3Apps\), and I noticed that some of these apps ("Nokia Accessories" and "Network Settings" apps) have interesting capabilities such as <Capability Name="ID_CAP_CELL_API_OEM_PASSTHROUGH"/>, <Capability Name="ID_CAP_INTEROPSERVICES"/>, and <Capability Name="ID_CAP_OEM_DEPLOYMENT"/>. These apps can be installed/updated via Nokia's "SilentInstaller" app. Nokia's "SilentInstaller" app just calls into AddPackageAsync(), which is available to us "normal folk" for Enterprise app deployment.
I am wondering if we could create some sort of a "shell" xap with a giant "Install button" that contains a payload such as an unaltered copy of the Samsung Diagnostics xap and appropriate license file. Clicking on the Install button would then install the signed "elevated app" onto any device. We could then launch a toast that will launch the "Registry Editor" page in the Samsung app, allowing for us to interop unlock.
The only thing that I can think of that would make this fruitless is if somehow "AddPackageAsync()" is being called "elevated" by Extras + Info (maybe it inherits whatever capabilities the parent process launched as?), and that is why Nokia can deploy things like this.
What do you guys think? This is all speculation, but I think it could be worth exploring.
**EDIT**
My phone will be back from service Wednesday, so maybe I will whip something up next weekend, if no one tries before then.
compu829 said:
After diving into a Lumia 521 ROM, I am not 100% sure that's the case....
I was poking around in the tier3apps directory (\PROGRAMS\CommonFiles\OEM\Public\PreloadedApps\tier3Apps\), and I noticed that some of these apps ("Nokia Accessories" and "Network Settings" apps) have interesting capabilities such as <Capability Name="ID_CAP_CELL_API_OEM_PASSTHROUGH"/>, <Capability Name="ID_CAP_INTEROPSERVICES"/>, and <Capability Name="ID_CAP_OEM_DEPLOYMENT"/>. These apps can be installed/updated via Nokia's "SilentInstaller" app. Nokia's "SilentInstaller" app just calls into AddPackageAsync(), which is available to us "normal folk" for Enterprise app deployment.
I am wondering if we could create some sort of a "shell" xap with a giant "Install button" that contains a payload such as an unaltered copy of the Samsung Diagnostics xap and appropriate license file. Clicking on the Install button would then install the signed "elevated app" onto any device. We could then launch a toast that will launch the "Registry Editor" page in the Samsung app, allowing for us to interop unlock.
The only thing that I can think of that would make this fruitless is if somehow "AddPackageAsync()" is being called "elevated" by Extras + Info (maybe it inherits whatever capabilities the parent process launched as?), and that is why Nokia can deploy things like this.
What do you guys think? This is all speculation, but I think it could be worth exploring.
**EDIT**
My phone will be back from service Wednesday, so maybe I will whip something up next weekend, if no one tries before then.
Click to expand...
Click to collapse
Samsung Diagnosis uses RPC (Remote Procedure Call) to access high privileged functions. We are not sure if Server exists on other phones.
-W_O_L_F- said:
Samsung Diagnosis uses RPC (Remote Procedure Call) to access high privileged functions. We are not sure if Server exists on other phones.
Click to expand...
Click to collapse
I don't know is it that thing you want or no but check it :
http://d-h.st/Me3
ngame said:
I don't know is it that thing you want or no but check it :
http://d-h.st/Me3
Click to expand...
Click to collapse
Yep! That's it. But I'm not sure it'll work.
-W_O_L_F- said:
Yep! That's it. But I'm not sure it'll work.
Click to expand...
Click to collapse
No problem I can test for you . my device is a Lumia 920 with Malaysia GDR 3 (Developer test) rom. and surely it's dev unlock
please tell me what can I do and how can I help you ?
I could test too... I don't know if the fact this is a dual CDMA+GSM device will change any parts of the app, but I can always try!
Sent from my RM-860 using Tapatalk
I have uploaded Extras And Info v3.0.6.1.xap here:
https://hotfile.com/list/2278056/5476aae
Hi guys,
I tried to implement good old method to block unwanted ads by adding advertising sites to the HOSTS file, on the Sammy ATIV Odyssey (full FS unlock) and it works perfectly But I'm still unsure ('cause I'm developer and do have some ad-based apps in store) - should I post this info? BTW, we do have mods, lets give 'em the rights to decide, delete this thread or not...
So, this method is pretty simple (he-he, same as my very-very first WP7 hack):
1) You muist have an interop-unlocked handset with full FS access
1) Download the latest "blocking" hosts file, for example, from here
2) Rename your download from hosts.txt to HOSTS
3) Connect your handset to PC, navigate to \Windows\system32\drivers\etc folder
4) Paste downloaded HOSTS file, choose "replace" in the copiyng dialog.
5) That's all folks!
You don't need to reboot (like on Android phone with AdAway app) - now your handset is ads-free...
If you wanna revert back, just delete \Windows\system32\drivers\etc\HOSTS file.
Nice! I will try it! ?
Sent from my Ativ S with Tapatalk 2
@sensboston:
Am I right in assuming that there's no way to interop-unlock a WP8.1 phone like the Lumia 930? At least I couldn't find one...
After some years I did the 2nd attempt to adopt to WP. The first one lasted for a day or so. Now, after some days of using the Lumia 930, I really really love it. Not only the device, but also WP8.1. But the fact that there is no way to block ads in browsers is really really annoying. I have no problems with ads in apps, because if I like an app, I purchase it anyway. But I can't "buy away" ads in browsers, and lots of sites get more or less unusable in mobile view and without ads being blocked.
Unfortunately there's not even an alternative browser for WP that would have the capability to block ads...
Worked on Lumia
I did this on my Lumia 1520 without Interop unlock
Works fine, thanks
I did this AGES ago on my 8X. Didn't think it was post-worth lol.
djamol said:
I did this on my Lumia 1520 without Interop unlock
Click to expand...
Click to collapse
How exactly did you do that? My assumption was that you need interop-unlock in order to access the file system, including the hosts file. If you are not interop-unlocked, I would assume you have some other kind of unlock. Developer-unlock?
compu829 said:
I did this AGES ago on my 8X. Didn't think it was post-worth lol.
Click to expand...
Click to collapse
You know, right after my first "hack" for WP7 (also it was my first post here ), a lot of websites and forums are announced this hack without reference to me or xda. But (he-he ) , just AFTER my post...
This hack (from the user experience) is one of the most useful hacks for WP. But as a developer with ads-based apps, I was in a quandary - should I post it here or not...
BigBlue007 said:
How exactly did you do that? My assumption was that you need interop-unlock in order to access the file system, including the hosts file. If you are not interop-unlocked, I would assume you have some other kind of unlock. Developer-unlock?
Click to expand...
Click to collapse
No Interop Unlock, nor developer unlock, I used my own "Root Tool" app from windows store. Which is capable of all second party capabilities.
My pleasure.
djamol said:
No Interop Unlock, nor developer unlock, I used my own "Root Tool" app from windows store. Which is capable of all second party capabilities.
My pleasure.
Click to expand...
Click to collapse
Is there a way you can walk me through the process to use your app
Oh, I've got your "Root Tool" - still no luck for handsets without SD-card
P.S. He-he, I believe, I'll get WP10 Lumia-940 before someone will release hack for the Lumias without sd-card...
@djamol: I'm curious, how'd you manage to replace the HOSTS file on a non-Samsung phone? Root Tool doesn't allow moving files out of Windows directory, or copying or moving files in, unless you're using the Samsung CRPComponent.
Similarly, while you can get read access to the Windows directory via MTP when using Root Tool, you can't get full FS access; most of the file system (like the Windows dir) will be read-only or even totally unavailable.
I edited the HOSTS file on my Samsung - in fact, I wrote an app to do it, because I had to do it for work sometimes - but that was using CRPComponent or Full FS Access via MTP, neither of which are currently possible on a Lumia using any public hack I know of...
GoodDayToDie said:
@djamol: I'm curious, how'd you manage to replace the HOSTS file on a non-Samsung phone? Root Tool doesn't allow moving files out of Windows directory, or copying or moving files in, unless you're using the Samsung CRPComponent.
Similarly, while you can get read access to the Windows directory via MTP when using Root Tool, you can't get full FS access; most of the file system (like the Windows dir) will be read-only or even totally unavailable.
I edited the HOSTS file on my Samsung - in fact, I wrote an app to do it, because I had to do it for work sometimes - but that was using CRPComponent or Full FS Access via MTP, neither of which are currently possible on a Lumia using any public hack I know of...
Click to expand...
Click to collapse
He used this http://www.windowsphone.com/en-in/store/app/root-tool/f4acc009-ea1e-4063-9bab-fec50195aa1e
GoodDayToDie said:
@djamol: I'm curious, how'd you manage to replace the HOSTS file on a non-Samsung phone? Root Tool doesn't allow moving files out of Windows directory, or copying or moving files in, unless you're using the Samsung CRPComponent.
Similarly, while you can get read access to the Windows directory via MTP when using Root Tool, you can't get full FS access; most of the file system (like the Windows dir) will be read-only or even totally unavailable.
I edited the HOSTS file on my Samsung - in fact, I wrote an app to do it, because I had to do it for work sometimes - but that was using CRPComponent or Full FS Access via MTP, neither of which are currently possible on a Lumia using any public hack I know of...
Click to expand...
Click to collapse
So what i told you before a many times. I've mentioned you a lots of time in my posts.
http://forum.xda-developers.com/showthread.php?t=3014867
http://forum.xda-developers.com/showpost.php?p=58925177&postcount=7
On Lumia device there is a lots of some pretty well arbitrary resources that can allow us to access the "SYSTEM" resources.
I think we had a big miss-understanding about the RPCComponent. because of RPCComponent uses "DeviceIOControl" for registry access and not the RPC functionality. (forgive me if i wrong in my knowledge. I'm a student and new to WP/.Net Platform)
On Lumia Device there is .winmd component known as "Nokia.SilentInstaller.Runtime.winmd" uses "DeviceIOControl" API.
For the "FileSystem" API it works fine without any restrictions which is implemented in "Nokia.SilentInstaller.Runtime.winmd"
But registry access could not getting a well token privileges. we need to find some unlocking trick for registry access (like NonProductionErrors.txt) for that .winmd component to handle the "CreateFileW" function for "DeviceIOControl" API.
About the "Root Tool" App.
There is no update for "Root Tool" app. It is still on the FIRST Release.
Currently I'm working for the "Root Tool Beta" update and I've implemented such resources in my "BETA" build.
I can't do a fast development because of my less/poor Programming knowledge and due to my college busy scheduled.
Thanks.
Can someone make a tutorial how to make it work on lumia 735 please ? i'm new on WP and doesn't understand everything for now
@djamol: My apologies, I somehow missed that you'd managed to get file access working. That's great!
Looking at the APIs that NdtkClient.dll imports, I'm pretty sure it's using RPC, not DeviceIoControl (IOCTL). That's not really important, though; both require INTEROPSERVICES. It's just easier to write our own code using IOCTLs than using RPC, but since we already have a client library, hopefully that won't be needed...
@GoodDayToDie, @djamol: guys, could you please be a little bit more specific? Do you have a .winmd for this dll or function prototypes (not just exports)? NdtkClient.dll library is already on \Windows\system32? Or it should be ingested to the app package? (in this case, the app will be banned on automatic certification process).
As for the "Root Tool" (published in store), it's not using NdtkClient.dll (as far as I know). The file access via FileSystem.winmd/FileSystem.dll to system areas is read-only...
Could you share your finds to general public here or (at least) in private mail? Thanks!
@GoodDayToDie
Yes, Both requires ID_CAP_INTEROPSERVICES.
Can you send me FileSystem's code which is you developed base on the RPCComponent ?
I'll try to port it for lumia using NtdkSvc as possible.
I hope you can port it also for lumia in minutes but I'll try though.
@sensboston
There is no .winmd file for "NtdkClient.dll". You will find that .dll in extras+info app.
and "NtdkSvc.dll" in this path "C:\Windows\System32\NdtkSvc.dll".
There is a very simple trick to bypass the Store Submission process including with kernel libs.
sensboston said:
FileSystem.winmd/FileSystem.dll to system areas is read-only...
Click to expand...
Click to collapse
Even those cap's cant write here until using any System Resources.
"C:\Data\Users\PUBLIC"
But can write here.
"C:\Data\SharedData\OEM\Public"
"C:\PROGRAMS\CommonFiles\OEM\Public"
FileMoveEdit alpha-ish thing
Here you go. It's not been updated in ages, aside from some really minor tweaks I made just now. It's a WP8.0 app; it'll run on a sufficiently-unlocked 8.1 phone, but uses no 8.1 APIs. It also has some known bugs that I really ought to fix, though I'm working on other stuff at the moment.
You can probably get at least some of its tricks working on Lumias, though you may need to drop the symlink functionality as that both requires full capability-unlock and requires editing the NTFS configuration settings in the registry (the same key that, on desktop Windows, is edited by the "fsutil" program).
@GoodDayToDie
Sad thing happened for me. My device screen got broken
So I'm opening a new thread for "Root Tool" app public development.
It would be great for everyone.
Can anyone suggest me for which is best method for public development or any github/codeplex useful ?
@djamol, github is allright.
before some days extra+info get upadated WP10TP and also on Wp8.1. aftrer update we can't install extra+info to SDcard..now how to mod vcreg with extra+info.. for WP8.1 ..
any one can give me the list of cap. and path of cap_ so i will try to edit CAp_ with modded PDF 3. i think this might be worked
you cant do anything... be patient and wait news...
I think it's better to wait for w10 .
ngame said:
I think it's better to wait for w10 .
Click to expand...
Click to collapse
ya we understand:::;;
waiting for new tweaks:::
done:good::good::good::good::good::good:
A AJAY said:
ya we understand:::;;
waiting for new tweaks:::
done:good::good::good::good::good::good:
Click to expand...
Click to collapse
You are not alone my friend T_T
ciao!! Good news for you, some weeks ago i patched an old version of extra & info, deploy and move it to sd!! try!!
https://mega.nz/#!R5YmVTLI!NpzDEkY80rcqYKaDV94UmFbDagvatsH2IzMTWDA5wQk
canapo92 said:
ciao!! Good news for you, some weeks ago i patched an old version of extra & info, deploy and move it to sd!! try!!
https://mega.nz/#!R5YmVTLI!NpzDEkY80rcqYKaDV94UmFbDagvatsH2IzMTWDA5wQk
Click to expand...
Click to collapse
no luck with the windows application deployment tool, error 0x81030120
I believe this error is related to having interop capabilities in one of the libraries included in your XAP.
is there another deployer tha would work? (i already tested WPV xap deployer, also, no luck with that)
i'm not correct, maybe it's impossible to move e&i into sd, sorry
rickastillo said:
no luck with the windows application deployment tool, error 0x81030120
I believe this error is related to having interop capabilities in one of the libraries included in your XAP.
is there another deployer tha would work? (i already tested WPV xap deployer, also, no luck with that)
Click to expand...
Click to collapse
Have you tried with wppt ??? Or with this modified version of deployment tool http://forum.xda-developers.com/windows-phone-8/development/tool-appdeploy-8-1-capabilities-t3158053
ca_guri01 said:
Have you tried with wppt ??? Or with this modified version of deployment tool http://forum.xda-developers.com/windows-phone-8/development/tool-appdeploy-8-1-capabilities-t3158053
Click to expand...
Click to collapse
nah, tested both tools and nothing
I tried full FS access by patching an old version of CustomPFD to see if i could replace extras&info directly from phone memory.
I think some directories are hidden so i could not find the directory where the apps use to be installed.
However, i found a directory with the OEM apps (touch, extra&info, etc), but it seems that it's there only to be applied after a hard reset or something like that, so just replacing files wasn't enough. Extras&Info wasn't the only app with Interop Caps, but almost any app that is under settings has that cap.
So i unistalled touch settings and downloaded it from SD then i used MetroCommander to replace the SD files the old way (before CustomWPSystem was created, lol). Got nothing but an endless "Loading..." screen, but i guess i did something wrong.
But technically (someone correct me if i'm wrong) we can do Interop+Caps unlock using some other app from settings, right?
I'm pretty sure i've seen a settings app with a lot of capabilities in the manifest, not just InteropCapabilities, i don't remember exactly but it had something to do with SMS
TheBITLINK said:
I tried full FS access by patching an old version of CustomPFD to see if i could replace extras&info directly from phone memory.
I think some directories are hidden so i could not find the directory where the apps use to be installed.
However, i found a directory with the OEM apps (touch, extra&info, etc), but it seems that it's there only to be applied after a hard reset or something like that, so just replacing files wasn't enough. Extras&Info wasn't the only app with Interop Caps, but almost any app that is under settings has that cap.
So i unistalled touch settings and downloaded it from SD then i used MetroCommander to replace the SD files the old way (before CustomWPSystem was created, lol). Got nothing but an endless "Loading..." screen, but i guess i did something wrong.
But technically (someone correct me if i'm wrong) we can do Interop+Caps unlock using some other app from settings, right?
I'm pretty sure i've seen a settings app with a lot of capabilities in the manifest, not just InteropCapabilities, i don't remember exactly but it had something to do with SMS
Click to expand...
Click to collapse
Well , i think that we just have to remain with vanilla wp 8.1 until they fix wp10 annoying bugs, everytime i think i found a work around for a bug, there appear more bugs, my fault though, i chose the fast ring...
Now that Groove supports gapless playback, i'm considering going back to W10M (downgraded last week to WP8.1). But it's a hard choice, it sure has nice features but some bugs are just too annoying.
Did they fix the screenshots not appearing in Messenger/WA bug in 10549?
any updates on this? i have WP8.1 Update 2 and i'm having the same issues, not being able to install extras&info to SD card. i read somewhere on reddit (i think) that someone found a method that works currently, but searching around, i can't seem to find out the procedure..
cpshelley2 said:
i read somewhere on reddit (i think) that someone found a method that works currently, but searching around, i can't seem to find out the procedure..
Click to expand...
Click to collapse
And marmot puts it chocolate in the alu-foil...
dxdy said:
And marmot puts it chocolate in the alu-foil...
Click to expand...
Click to collapse
thank you for that wholly worthless response to an honest inquiry..
Try to push this cab using this metod: http://forum.xda-developers.com/win...ile/guide-deploying-astoria-packages-t3214481
Read this http://forum.xda-developers.com/showpost.php?p=63446863&postcount=58 , in cab folder put this unarchived :
augustinionut said:
Try to push this cab using this metod: http://forum.xda-developers.com/win...ile/guide-deploying-astoria-packages-t3214481
Read this http://forum.xda-developers.com/showpost.php?p=63446863&postcount=58 , in cab folder put this unarchived :
Click to expand...
Click to collapse
not work .gives an error and not restart as like project astoria cabs..so it not work.
This is in a similar vein to the samsung and lumia ones. I just reversed a bunch of LG VW820 stuff, having come across the files on my travels, and there's a hidden "diagnostic" app, that contains a native COM DLL and WinMD, that talks to a service lgdevicesvc.exe
The exposed methods allow among other things for read/write to any string or DWORD value in HKLM with privileges.
This can obviously be used for interop unlock and bootstrapping Myria's exploit etc.
There are actually a few xaps preinstalled with CAP_INTEROP_SERVICES, not sure if the SD Card trick can be done on WP8.1 on one of these phones. On WM10 it'd be easy of course, just enable developer mode and sideload the app.
Anyway, I don't have one of these LG phones, and i'm not sure if others too have this service but they probably do.
I would code my own app for this but i've never devved a WP app before and I'm not installing the whole of visual studio, when SharpDevelop can do.
Besides, this would be a nice addition to Root Tools.
Since Microsoft just updated Windows Device Recovery Tool to support the VW820 I just happen to have a newly unbricked VW820 that I'm not using sitting here. Already replaced it with a L735. Just dumped the ffu. A quick look at rdata after unpacking lgdevicesvc.exe shows quite a lot going on. How to access?
Link to ffu, vhd, and dumped partitions...
https://onedrive.live.com/redir?resid=1EF905E4DA386676!280632&authkey=!APVdiCsfeK95lms&ithint=file%2cffu
Here's the dll and winmd...
Wack0Distractor said:
Here's the dll and winmd...
Click to expand...
Click to collapse
this Component I think has enough access to RPC and Registry .
if you could please upload xap files with ID_CAP_INTEROPSERVICES capability maybe we can create an app to replace the original one and get some unlocks .
I think if we can't use RPC functions to set interop unlock reg values maybe we can enable test signing mode and use cab files to do Interop Unlock .
Here's all the OEM xaps with ID_CAP_INTEROPSERVICES
tonbonz said:
Since Microsoft just updated Windows Device Recovery Tool to support the VW820 I just happen to have a newly unbricked VW820 that I'm not using sitting here. Already replaced it with a L735. Just dumped the ffu. A quick look at rdata after unpacking lgdevicesvc.exe shows quite a lot going on. How to access?
Link to ffu, vhd, and dumped partitions...
https://onedrive.live.com/redir?resid=1EF905E4DA386676!280632&authkey=!APVdiCsfeK95lms&ithint=file%2cffu
Click to expand...
Click to collapse
The link dead. Do you have another copy? I am interested in those drivers for MSM8916.
LG Service codes
Code:
3845* = LG Hidden Menu
2945* = SIM Unlock App
468 = IOT Menu
5473784236368 = LG Hidden Menu
228378 = All Auto Test
33284 = Debug
7764726 = Program
3328873 = Feature
Here is first version of Interop Unlocker for LG.
Works on Win10 only.
Since I don't have device no one really knows what will happen!
imbushuo said:
The link dead. Do you have another copy? I am interested in those drivers for MSM8916.
Click to expand...
Click to collapse
https://mega.nz/#F!L01gjazB!y9HQveR1FV0j-NI1xQll1A
-W_O_L_F- said:
LG Service codes
Click to expand...
Click to collapse
Helo. How to activate this codes?