[XAP] [Source] [Mango] Webserver

Nice works my friends... I Like It
Thankx

@fiinix:

Thx for porting the webserver to Mango !

As I remember the initial version from Davux had an on device execute feature.

Do you plan to implement execute feature ?

Could be very useful for exploring all .exe files in the windows folder.


Greetz

contable

Freaking awesome, man!

One suggestion: I don't believe this app does anything that requires ID_CAP_INTEROPSERVICES (that is, it doesn't need to open any driver handles). I may be mistaken about that, of course. If it doesn't, however, there's a real benefit to removing that capability as people with interop-locked phones could then run it. Note that the library used may try to do things requiring interop even though the app doesn't need it to.

In addition to its uses as a hacker's tool, I also want to point out that this app can be used to store files on the phone for easy transfer between computers. It's less convenient than true USB Mass Storage, but it works (even if you don't have the USB cable with you) so long as there's a WiFi access point that the phone and PC can both connect to.

Oh, and by the way, this app will run happily in the background if you use JaxBot's no-dehydrate hack. You can do other things then, even browsing the webserver from the phone's own browser! Of course, it will also use some resources.

Now slimmer, and no ID_CAP_INTEROPSERVICES

OK, this is just a modification of the XAP file - I didn't even recompile the source (thank you so much for including it, though!)

Things I did:
Removed ID_CAP_INTEROPSERVICES from the AppManifest. This will allow the app to be installed on interop-locked phones. It wasn't using it anyhow.
Removed the OEM-specific DLLs that are only useful if you have ID_CAP_INTEROPSERVICES. They weren't being used, but they made the download and install bigger.

Result: A smaller app that works exactly the same and can be installed on any Dev-unlocked Mango phone.

Really neat. Mind if I design some sort of decent icon for this app?


Regards, Suicide Clown

//Update:

finished the Icon:



Hope you like it.

I added the new NativeIO_Mango.dll to my battery status app instead of the old filesystem.dll. I hope that's okay. Thanks so much for your great libraries.

I could swear it didn't work without the filesystem.dll one time I tried haha. I guess that was something else

Thanks~

perfect! Now we'll look for regedit editing & file transfering. Any ideas?

Fiinix this is just amazing work! Because of you, I've need to rewrite a chapter of my thesis

Let me ask some questions regarding the supplied source code:

There are four folders inside the rar archive:
The Lib folder contains all OEM DLLs from Samsung, HTC and LG.
The Homebrew folder contains all old code from davux that is necessary to open up the sockets, files and registry entries (if needed?)
NativeIO_Mango contains your altered native DLL that can be used under Mango
The Webserver folder contains the actual WP7 application, that glues everything together into one nice app.

From the underlying workings:
Davux tried to build an API that resembles C# Sockets from the desktop. This way the C# Webserver project of jgauffin can be reused in the WP7 application. You removed from Davux's NativeIO project the references to all parts that require the native OEM DLLs (which is why GoodDayToDie stripped the unneeded DLL files and removed ID_CAP_INTEROPSERVICE to allow users without interop-unlock to use the app).

If this is so far correct, I'm wondering how some things in this application could work:

• Ok, so you've removed the code that allows access to the filesystem and registry which uses the native OEM DLLs. How is it possible, that this application can access folders outside its Isolated Storage??? The application should not be allowed to access the windows folder nor any other folders? I know only of one folder, that should be read/writeable. Its a folder that heathcliff found in the policies, I think it was some kind of log folder. Or is readable access with WM6 native API to all files possible?
• In WMAppManifest.xml stands ID_CAP_NETWORKING. This is necessary for navigating between different XAML pages but also necessary if we want to do something with the native network access. Can this capability removed or will the application break?

To sum up, if these assumptions are all correct, the policy system is partly useless from the moment on, where someone is capable to call native code, that does not require ID_CAP_INTEROP. This would theoretically allow a submission to the Marketplace?

Right now, I'm heavily confused and irritated, please explain me my error in thinking

PS: I tried to build the NativeIO_Mango project. I changed to release target and build. However, it exits with error message regarding the missing _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA setting. I've added it, but then I get 19 more errors. Each time it is unresolved external symbol.

Hi Rudelm,

I can't answer exactly what Fiinix did, but I can resolve a couple other points for you.

The OEM DLLs allow higher-than-normal app permissions (breaking out of the low-privilege "sandbox" that apps normally operate in). However, there are a few parts of the filesystem that can be accessed even without them, by design. One of those is the Isolated Storage for the app, which obviously needs to be readable and writable by the app. Another one is the install directory, which only needs to be readable so libraries and resources can be loaded (the webserver app doesn't allow you to browse this folder, but I'm confident that it could if it was coded to). The third is the Windows directory, which is also read-only (and many files and folders within it can't be read) but is similarly required because the app needs to be able to load system libraries (including the TaskHost.exe binary that hosts the app DLL). "Normal" apps can't access these folders simply because the Silverlight API doesn't have a function to open or list an arbitrary location on the filesystem (only within the isostore, which it abstracts the path to).

I don't know what happens if ID_CAP_NETWORKING is removed. It's quite likely the app would break, since that capability may be checked any time the app tries to open a socket (directly as this app does, or indirectly via the Silverlight APIs). You could experiment and do some research to find out, though. It would be interesting to see.

I wouldn't worry too much about apps in the marketplace running amok with native code (even in the low-privileged process, they could still do some harm). The ComBridge Silverlight API that is required to access native code at all is prohibited from use by independent software vendors - only Microsoft and their partners are allowed to use it for Marketplace apps. Somebody tried submitting a Homebrew app to the marketplace (another opportunity for some research, if you'd like to find out more) and discovered that the use of ComBridge is detected and blocked during the submission process.

thanks for the explaination!

It seems like a plausible idea that the native code and the WP7 app needs to access some of the folders to work. So the silverlight managed code won't grant access by design to the Windows folder. Can you tell me where this folder for the installation packages is?

Regarding the capabilities: I've checked it with the marketplace capability test tool:


Result Details
[INFORMATION] : Capabilities used by application :
ID_CAP_PUSH_NOTIFICATION
ID_CAP_NETWORKING
ID_CAP_IDENTITY_DEVICE


I've removed ID_CAP_NETWORKING and it immediately stopped working. No dialogue that shows the IP address, only username and password. That is at least good to hear

Regarding the marketplace certification: You could be right, I've also read somewhere that COM is only available to some third parties like Adobe and manufacturers. Maybe I try to submit a little test app that uses interop.

Nice, thanks for the policy entry. Where did you find it?

Regarding the installation path: I thought you ment a special path to the place where the compressed xap is deployed or something like that before installation. But now it is clearer to me why the application is able to access Windows, installation dir and isolated storage

I've tried to upload a small app with native code but as GoodDayToDie said, the marketplace will see that it contains access to native API and that my account isn't allowed to do that.

So the world is safe again, I'm calmed down now hehe

I don't know if it's possible but can you add access to /My Documents?