Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
View Poll Results: What should have first priority after releasing the next version of WP7 Root Tools?
Support for Mango 304 88.89%
Multi-selecting files for file-transactions 64 18.71%
Sync and remote control with PC 74 21.64%
Multiple Choice Poll. Voters: 342. You may not vote on this poll

Post Reply

WP7 Root Tools - Announcement: Coming to MANGO and to other devices: SAMSUNG, HTC, LG

OP Heathcliff74

4th April 2011, 01:49 AM   |  #1  
Heathcliff74's Avatar
OP Recognized Developer
Thanks Meter: 2,056
 
1,439 posts
Join Date:Joined: Dec 2010
Donate to Me
Hi hackers!

IMPORTANT ANNOUNCEMENT!
WP7 Root Tools will soon be available for Mango!
More info HERE


With this tool you get root-access to parts of your WP7 device. The first release only contains a registry-editor. The file-explorer and certificate stores will follow.

This tool is in alpha stage. That means that it is not feature complete and it is not yet properly tested. This tool also provides you with high privileges with which you can alter low level settings and data on this device. All this may result in unexpected and undesired behaviour, which may ultimately damage your device. Use this tool with care and use it at your own risk. The developer of this tool cannot be hold responsible for any kind of damages, caused directly or indirectly by using this tool.

The current version of this tool can only be used on Samsung devices. A small part of the code uses Samsung-specific functionality. The performance of the tool may sometimes be slow. This is the result of the way access to the system is elevated. The goal is to make this tool device-independent and to elevate access more directly in the future, but that requires more research.

To install this you need a developer-unlocked Windows Phone 7 device. For questions about unlocking your device, please refer to the appropriate threads.

If you have bug-reports or feature-requests, please give a full description.

If you like this, hit the "Thanks" and/or "Donate to me" button.

Ciao,
Heathcliff74


Update 2011/04/06:

1. Some people requested a possibility for donations. I opened a paypal-account and the "Donate to me" should work. Thanks!
2. I get an overwhelming amount of comments and pm's. I can't answer them all right now. I will try to answer them a bit later. Sorry.

Thanks for all the support guys!

Update 2011/04/13: RELEASE "WP Root Tools 0.2 alpha"

Consider this an "interim build". Most changes are under the hood. I did a lot of refactoring for performance improvements and paving the way for the file-explorer. This version does not include the file-explorer just yet. That will be the next release. Fixes in the new 0.2 alpha version:

- Compatible with light theme.
- Navigate out of the app with back-button.
- Due to refactoring and better use of the exploit I gained a lot of performance. It is very fast compared to the previous version. Should also reduce battery drain significantly.

Update 2011/04/14: RELEASE "WP Root Tools 0.3 alpha"

Mightyhog found a regression bug in the 0.2 version. HKLM\Software\Microsoft\ was not listed properly. It is fixed in the 0.3 alpha version.

Update 2011/04/18: Info about known limitations

Yesterday I added some info here which, after more research, did not seem to be entirely correct. I misinterpreted some of the file-flags I was seeing. So here's some more detailed info about the know limitations of the current Registry Editor and the File Explorer which is coming soon. It seems that having TCB privileges still has some limitations on accessing the filesystem and the registry.

Some registry values can be changed but they are reset back to their default value after the device is restarted. One example of such value is:

HKLM\System\CurrentControlSet\Control\Power\Timeou ts\BattUserIdle DWord 300

Possible explanations:
- The value is stored in a ROM registry hive. The change is made in RAM and after the device is restarted and RAM is cleared, the value is read from ROM.
- In the boot sequence of the device some xml-files which contain settings, are provisioned and overwrite changes made to the registry.
- A certain service or startup-program simply overwrites settings on system-startup.

I'm working on the File Explorer now. While testing I found out that eventhough I have TCB privileges some access is still restricted, because system-files are mapped directly in ROM. There are 2 file-flags that have impact on this:

- 0x0040 = FILE_ATTRIBUTE_INROM - This file is an OS file stored in ROM. Most files in the \Windows folder have this attribute. These files cannot be moved, modified, renamed or removed. Only a firmware update can change these files.
- 0x2000 = FILE_ATTRIBUTE_ROMMODULE - The exe- and dll-files in the \Windows folder also have this flag set. These ROM files are mapped directly into executable read-only address-space, rather than being first copied to RAM. They cannot even be accessed as a file. They can only be executed. And therefore these files also can't be copied to another location, ie. we don't even have read-access on these files. However, I may have found a way to access these files anyway. This needs a bit more research, but I hope that I can at least copy the files to a location where they can be accessed.

Everything else seems to be possible. Creating files in the \Windows folder is no problem. I hope to be able to release a version with a File Explorer soon. I guess it will be in about two weeks or something. Bear with me.

Update 2011/04/19: No luck on reading the ROM modules

I did more testing. I wanted to have at least read-access to the exe- and dll-files in the \Windows folder. As it is not possible to call CreateFile() on those files, I tried LoadLibrary(). That works. With CreateToolhelp32Snapshot(), Module32First() and Module32Next() I can enumerate the modules and find the one I loaded. I also get a baseaddress and size of the module. The problem is that I can't access that memory. I tried direct-access and I tried using ReadProcessMemory(). ReadProcessMemory() returns "Incorrect parameter" as soon as I try to access the ROM memory. Also using VirtualProctect() to unlock the memory gives me "Incorrect parameter" all the time. So it seems we won't have read-access to the exe- and dll-files in the \Windows folder for now. I will now concentrate on other functionality for the File Browser. I will try to get access to the ROM modules later on.

Update 2011/06/14: RELEASE "WP Root Tools 0.4 alpha"

It has taken me a long time, here's a new release, finally. Actually this release is not very useful yet, because the file-explorer is read-only so far. The "Cut / Copy / Paste / Delete / Rename" will follow soon. The browsing part has been extremely difficult. The main problem was the performance. Opening a folder could take up to 4 minutes. Ouch! Through a combination of multi-threading techniques, caching and combining multiple exploits I finally got this to a stable solution where browsing can be done in quite an acceptable way. The write actions don't have these performance issues, because it is not a real problem when copying a file will take a few seconds more or less. I already started on implementing this. This release also has a few minor fixes to the Registry editor, but no new functionality. I also did a lot of testing on the certificate stores. I got full read / write access to all the stores, but none of that is implemented in the WP7 Root Tools yet. That will be next.

Update 2011/06/24: RELEASE "WP Root Tools 0.5 alpha"

In this version I implemented the basic file-operations and a certificate installer.

You might wonder why I created a certificate installer, because it is already possible to add certificates. When you email a certificate to yourself and tap that attachment, WP7 will install it. But if you install like this, the certificate will always be installed in the "Root" certificate store. With my certificate installer you can also install in "CA", "My" and "Code Integrity" stores. This may be very useful for hacking attempts. You can install a certificate by browsing to the ".cer" file and tap it. The possibilities for getting a certificate file on your phone will follow below. If you start installing certificates on your phone you should consider making backups in advance. I once experienced Zune going totally bezerk after installing certs. Zune took 100% and lost connection with the phone all the time. Everything was back to normal when I deleted the certs. In this version there is no view on the certificate stores available yet. In a future version you will be able to view the contents of all the certificate store and also uninstall certificates from there.

I specifically mentioned that this version has basic file-operations, because not everything is implemented. This is what you can do:

- Cut / Copy / Paste / Delete / Rename single files
- Delete empty folders
- Create new folders

This is what you can't do (will be possible in later versions):

- Cut / Copy / Paste multiple files or entire folders
- Delete folders with content
- Rename folders

Last, but not least: I fixed some performance issues. Mainly memory-leaks in native code and in COM interop. I'm not sure if I got all leaks now, because it's not easy to do native C++ without debugger and profiler. But improvement is clearly noticeable.

This version does not have a connection with the PC. So it is not possible to use WP7 Root Tools to transfer files between the phone and the PC. You can however, use other tools to get files onto your phone and then use WP7 Root Tools to move the files to the desired location. WP7 Root Tools has write access on every folder of your phone.

How to transfer files to your phone:
  1. Mail the file to yourself. Use your phone to go to your mailbox (not webmail). The attachment will be downloaded in the background. Then use WP7 Root Tools to navigate to \Application Data\Volatile\EmailAttachments\Attachments(number) . You have to look which attachment is the one you want. The filename may be changed. The extension is the same.
  2. Install Davux' webserver on your phone. Configure a password in that webserver. The IP of the phone is visible in the webserver app. Browse to the phone like this: http://192.168.1.2/IsolatedStorage using the IP of the phone. Upload a file to the phone. Open WP7 Root Tools 0.5 alpha. Navigate to this folder: \Applications\Data\9BFACECD-C655-4E5B-B024-1E6C2A7456AC\Data\IsolatedStore\. There's your file. You can copy it to another location if you want.
  3. Use the Zune storage hack, described here and here. If you copied the files to your phone in this way, they will be located at \My Documents\Zune\Content in one of the subfolders. Again, the files here are renamed. You have to find the file you want and then rename it.

Have fun!

Some screenshots:

Attached Files
File Type: xap WP7RootTools 0.3 alpha.xap - [Click for QR Code] (627.4 KB, 7481 views)
File Type: xap WP7RootTools 0.4 alpha.xap - [Click for QR Code] (642.9 KB, 2226 views)
File Type: xap WP7RootTools 0.5 alpha.xap - [Click for QR Code] (648.5 KB, 12688 views)
Last edited by Heathcliff74; 16th September 2011 at 01:11 AM.
The Following 96 Users Say Thank You to Heathcliff74 For This Useful Post: [ View ]
4th April 2011, 02:19 AM   |  #2  
voluptuary's Avatar
Senior Member
Flag Mukwonago
Thanks Meter: 745
 
941 posts
Join Date:Joined: Dec 2010
Donate to Me
More
so what you are saying is you have been able to get read/write access to the file system on the focus? or is that something you just "hope" to add later?

EDIT: I'm sorry if that came off rude, I don't mean it to be I'm just excited about the idea of file system access!
Last edited by voluptuary; 4th April 2011 at 02:49 AM.
4th April 2011, 02:25 AM   |  #3  
Member
Thanks Meter: 16
 
33 posts
Join Date:Joined: Mar 2011
very nice tool, needed a good registry editor for the samsung focus and this is perfect. thanks!
4th April 2011, 03:26 AM   |  #4  
dude6595's Avatar
Senior Member
Flag Texas
Thanks Meter: 238
 
679 posts
Join Date:Joined: Nov 2006
More
ur f-n awesome bro!
4th April 2011, 04:39 AM   |  #5  
Senior Member
Thanks Meter: 118
 
1,918 posts
Join Date:Joined: Jun 2007
brilliant heathcliff
4th April 2011, 05:03 AM   |  #6  
Junior Member
Thanks Meter: 0
 
7 posts
Join Date:Joined: Jan 2011
Very nice - works really well with the Focus.

Do you have any timeline for the file browser part? I'd love to see functionality that can copy files on and off the system folders.

Thanks for the tool!
4th April 2011, 06:23 AM   |  #7  
lucasryan's Avatar
Senior Member
Flag Tennessee
Thanks Meter: 75
 
438 posts
Join Date:Joined: Dec 2010
Donate to Me
More
EXCELLENT WORK Heathcliff, finally a way to write to the parts of the registry that we wasnt able to before. NOW we are getting somewhere with the Focus!!
4th April 2011, 07:00 AM   |  #8  
eried's Avatar
Recognized Developer
Thanks Meter: 125
 
291 posts
Join Date:Joined: May 2010
Donate to Me
Nice! Looks pretty neat!
4th April 2011, 07:05 AM   |  #9  
Junior Member
Thanks Meter: 0
 
6 posts
Join Date:Joined: Dec 2008
Live tiles on Samsung Focus work now!
This is exactly what I was looking for to accomplish the live tile fix on my Samsung Focus detailed on wmpoweruser.

how-to-fix-live-tiles-which-are-not-updating-without-a-hard-reset-only-developer-unlocked-devices

Thanks, dude!
TOM.
4th April 2011, 08:39 AM   |  #10  
Heathcliff74's Avatar
OP Recognized Developer
Thanks Meter: 2,056
 
1,439 posts
Join Date:Joined: Dec 2010
Donate to Me
Quote:
Originally Posted by voluptuary

so what you are saying is you have been able to get read/write access to the file system on the focus? or is that something you just "hope" to add later?

EDIT: I'm sorry if that came off rude, I don't mean it to be I'm just excited about the idea of file system access!

Yes I have 'full' access to the filesystem. The are 2 exceptions I found so far, using my hack:

1. I don't have access to files that are in use by the system. So, driver-files that are currently used cannot be accessed. Not even read-access. Possible work-around: I want to try to make a kind of copy-on-boot. I've already seen locations in the registry, where I can possibly add a startup-item that copies a file to a temporary location, when the file is not in use yet. But I have not tried that yet.

2. I can't overwrite or modify files that have the systemfile-flag. But I can copy the files, as long as they are not in use. Possible work-around: I have not tried all possibilities for changing file-flags. I might be able to do that.

I do have access through the entire file-system, including the \Windows folder and to the IsolatedStorage-folders of other apps. So that should give you a full file-explorer. Working on that now.

Quote:
Originally Posted by sorcy

Very nice - works really well with the Focus.

Do you have any timeline for the file browser part? I'd love to see functionality that can copy files on and off the system folders.

Thanks for the tool!

Well, there is not really a time-line yet. I wanted to finish the first release of this tool for a long time now. But I got some serious family issues. My grandpa died and my mother got a stroke and needed brain-surgery. Surgery went ok, but she needs rehabilitation right now. You can understand that I spent a lot of time with family over last weeks. I'm not sure how things will go. Situation with my mother looks promising. I visit her every other day now and it is a long ride. So that makes planning for this tool a bit difficult. But a lot of code that I made now is reusable for the other parts of WP7 Root Tools. So that should be a lot easier. I guess it won't take too long before I can add the file-explorer and certificate-stores. Just bear with me.
Last edited by Heathcliff74; 4th April 2011 at 08:42 AM.

The Following 3 Users Say Thank You to Heathcliff74 For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
root access, wp7 root tools
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes