I had no problem browsing these keys and deleting them. My push tiles are working again.
WP7 Root Tools - Announcement: Coming to MANGO and to other devices: SAMSUNG, HTC, LG
- Thread starter Heathcliff74
- Start date
Sounds Great! Thank you so much Heathcliff74. These type of tools are so cool to have, and without Dev's like you, a lot of us would be in the dark. Well dark ages.
Really looking forward to where the tool is headed.
Oh oh oh. You make it sound so easy. You only scratch the surface. Of course there is no documentation
Try to do this yourself and make it work stable. Oh oh oh. You make it sound so easy. You only scratch the surface. Of course there is no documentation
I think the intent was not to make it sound easy, but rather to understand how it works. Especially because it isn't easy. When you have some free time, care to write a few blog posts to explain your background work?
G
GuestK00306
Guest
No. I'm not going to throw it out there. If someone has a very good reason I might share code on a need to know basis. Too much blood, sweat and tears in this. This is my tool and feel free to (ab)use it
Sent from my OMNIA7 using XDA Windows Phone 7 App
Heathcliff, you've done some amazing work here! Thanks for this.
However, I cannot understand your reasoning for not releasing the source code for this application? You are making it free, and you are not even asking for donations. Can't you release this under a restrictive open-source license which prohibits resale/distribution?
I feel all of these projects would move a lot faster if people just shared their research. More people want to use your code for ideas & to further research into gaining full "root" access than want to take credit for your hard work.
I am not demanding anything, or saying you should do this or that - just stating that it would be helpful to the entire community if you could share the source.
I repect devs wishes to keep the app closed source. But i have to agree with above.
If putting in limited source for distribution others could learn and understand WP better
If putting in limited source for distribution others could learn and understand WP better
Well, you have a very good point. But I said "If someone has a very good reason I might share code on a need to know basis". And in private mail I have already discussed some possibilities with other developers. The main reason for not throwing this in the open is that I want to prevent that my tools will soon be disabled. But maybe I'm wrong there. I will think about it.
I think the intent was not to make it sound easy, but rather to understand how it works. Especially because it isn't easy. When you have some free time, care to write a few blog posts to explain your background work?
Thank you,
Can you share which syncml specification you used?
Found only this so far: http://www.openmobilealliance.org/T...19-A/OMA-TS-DS_Protocol-V1_2_2-20090319-A.pdf
http://msdn.microsoft.com/en-us/library/ms890704.aspx
Last edited:
I think the intent was not to make it sound easy, but rather to understand how it works. Especially because it isn't easy. When you have some free time, care to write a few blog posts to explain your background work?
Well, Flow already corrected himself a bit there. If you look at his post and the quote in my reply and the fact that he edited the post in the time between his post and my reply, then you see he removed the word 'just'. And that was the part that made it sound so simple. I just did that and that... I didn't think that was the way to ask for something.
And as I stated before, I fear that exposing info about a hack may shorten the time that the hack will work. Other people may try to prevent the hack.
But I will think about writing a blog or open source my tool.
Last edited:
I corrected it because, it was mean and i didn't wanted to be mean. The problem is for me at least, when someone trys to break open a closed system and then by himself produces another closed system, that really pisses me off.
Ok it's your right to do so, but if you don't want that somebody closes a backdoor that you use, don't share anything at all.
So, honestly, sorry i didn't wanted to turn down your efforts, as they are really great!
Ok it's your right to do so, but if you don't want that somebody closes a backdoor that you use, don't share anything at all.
So, honestly, sorry i didn't wanted to turn down your efforts, as they are really great!
Last edited:
Okay, no hard feelings then
About the closed source discussion here: I see it differently. I'm not trying to break open a system and then produce a closed system for myself. Well, actually I do, but really the point is that I want to break open the system in a way that we keep it open.
And if you're so pissed about the closed system, you should really try to break that system yourself and not breaking the tools of your friends. Just don't be pissed at someone who's helping you. But enough about that now. I will think about open-sourcing it.
actually open sourcing wouldn't be too bad of an idea imho it should help and further develop on samsung based platforms and other platforms. Luckily, unlike previous samsung devices, the wp7 devices are at least popular enough to garner developer attention. Plus maybe it could help you heathcliff
not a bad idea at all.
not a bad idea at all.
Great job Heathcliff Ive been following you and many other talented peopled on here! Just want to know if theres a way to access the registry through the desktop pc rather than directly through the phone , it seems the battery life sucks royally when "playing around" inside the registry! If I were able to "ghost" image or usb inside I might be able to look for stuff without trashing the battery just curious and once again great job dont worry about others , some people that cant engineer like to make it an assualt on the others who can , cheers to those can!
G
GuestK00306
Guest
Sorry if i'm missing the point here, but since you would need to be connected to the computer to do this, couldn't you just charge your phone while editing the registry instead? Seems like a simpler solution
Used this tool to fix my broken live tiles, works like a charm! I had to switch my theme to dark because the titles on the folders are hardcoded to White, but I'll forgive it since it's an alpha
Haha. Well, that battery-sucking is quite understandable. I'm using such a big work-around to get the info I need that it is probably very CPU intensive. Also your amoled will do its share of draining. You could of course keep it on the charger while browsing.
An import- and export-function is on my ToDo-list. That might help you out. Not sure when that will be done.
Thanks for the compliment.
Ciao,
Heathcliff.
Sorry if i'm missing the point here, but since you would need to be connected to the computer to do this, couldn't you just charge your phone while editing the registry instead? Seems like a simpler solution
Used this tool to fix my broken live tiles, works like a charm! I had to switch my theme to dark because the titles on the folders are hardcoded to White, but I'll forgive it since it's an alpha
I will see if I can make an escrow build for the light-theme.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
93Hi hackers!
IMPORTANT ANNOUNCEMENT!
WP7 Root Tools will soon be available for Mango!
More info HERE
With this tool you get root-access to parts of your WP7 device. The first release only contains a registry-editor. The file-explorer and certificate stores will follow.
This tool is in alpha stage. That means that it is not feature complete and it is not yet properly tested. This tool also provides you with high privileges with which you can alter low level settings and data on this device. All this may result in unexpected and undesired behaviour, which may ultimately damage your device. Use this tool with care and use it at your own risk. The developer of this tool cannot be hold responsible for any kind of damages, caused directly or indirectly by using this tool.
The current version of this tool can only be used on Samsung devices. A small part of the code uses Samsung-specific functionality. The performance of the tool may sometimes be slow. This is the result of the way access to the system is elevated. The goal is to make this tool device-independent and to elevate access more directly in the future, but that requires more research.
To install this you need a developer-unlocked Windows Phone 7 device. For questions about unlocking your device, please refer to the appropriate threads.
If you have bug-reports or feature-requests, please give a full description.
If you like this, hit the "Thanks" and/or "Donate to me" button.
Ciao,
Heathcliff74
Update 2011/04/06:
1. Some people requested a possibility for donations. I opened a paypal-account and the "Donate to me" should work. Thanks!
2. I get an overwhelming amount of comments and pm's. I can't answer them all right now. I will try to answer them a bit later. Sorry.
Thanks for all the support guys!
Update 2011/04/13: RELEASE "WP Root Tools 0.2 alpha"
Consider this an "interim build". Most changes are under the hood. I did a lot of refactoring for performance improvements and paving the way for the file-explorer. This version does not include the file-explorer just yet. That will be the next release. Fixes in the new 0.2 alpha version:
- Compatible with light theme.
- Navigate out of the app with back-button.
- Due to refactoring and better use of the exploit I gained a lot of performance. It is very fast compared to the previous version. Should also reduce battery drain significantly.
Update 2011/04/14: RELEASE "WP Root Tools 0.3 alpha"
Mightyhog found a regression bug in the 0.2 version. HKLM\Software\Microsoft\ was not listed properly. It is fixed in the 0.3 alpha version.
Update 2011/04/18: Info about known limitations
Yesterday I added some info here which, after more research, did not seem to be entirely correct. I misinterpreted some of the file-flags I was seeing. So here's some more detailed info about the know limitations of the current Registry Editor and the File Explorer which is coming soon. It seems that having TCB privileges still has some limitations on accessing the filesystem and the registry.
Some registry values can be changed but they are reset back to their default value after the device is restarted. One example of such value is:
HKLM\System\CurrentControlSet\Control\Power\Timeouts\BattUserIdle DWord 300
Possible explanations:
- The value is stored in a ROM registry hive. The change is made in RAM and after the device is restarted and RAM is cleared, the value is read from ROM.
- In the boot sequence of the device some xml-files which contain settings, are provisioned and overwrite changes made to the registry.
- A certain service or startup-program simply overwrites settings on system-startup.
I'm working on the File Explorer now. While testing I found out that eventhough I have TCB privileges some access is still restricted, because system-files are mapped directly in ROM. There are 2 file-flags that have impact on this:
- 0x0040 = FILE_ATTRIBUTE_INROM - This file is an OS file stored in ROM. Most files in the \Windows folder have this attribute. These files cannot be moved, modified, renamed or removed. Only a firmware update can change these files.
- 0x2000 = FILE_ATTRIBUTE_ROMMODULE - The exe- and dll-files in the \Windows folder also have this flag set. These ROM files are mapped directly into executable read-only address-space, rather than being first copied to RAM. They cannot even be accessed as a file. They can only be executed. And therefore these files also can't be copied to another location, ie. we don't even have read-access on these files. However, I may have found a way to access these files anyway. This needs a bit more research, but I hope that I can at least copy the files to a location where they can be accessed.
Everything else seems to be possible. Creating files in the \Windows folder is no problem. I hope to be able to release a version with a File Explorer soon. I guess it will be in about two weeks or something. Bear with me.
Update 2011/04/19: No luck on reading the ROM modules
I did more testing. I wanted to have at least read-access to the exe- and dll-files in the \Windows folder. As it is not possible to call CreateFile() on those files, I tried LoadLibrary(). That works. With CreateToolhelp32Snapshot(), Module32First() and Module32Next() I can enumerate the modules and find the one I loaded. I also get a baseaddress and size of the module. The problem is that I can't access that memory. I tried direct-access and I tried using ReadProcessMemory(). ReadProcessMemory() returns "Incorrect parameter" as soon as I try to access the ROM memory. Also using VirtualProctect() to unlock the memory gives me "Incorrect parameter" all the time. So it seems we won't have read-access to the exe- and dll-files in the \Windows folder for now. I will now concentrate on other functionality for the File Browser. I will try to get access to the ROM modules later on.
Update 2011/06/14: RELEASE "WP Root Tools 0.4 alpha"
It has taken me a long time, here's a new release, finally. Actually this release is not very useful yet, because the file-explorer is read-only so far. The "Cut / Copy / Paste / Delete / Rename" will follow soon. The browsing part has been extremely difficult. The main problem was the performance. Opening a folder could take up to 4 minutes. Ouch! Through a combination of multi-threading techniques, caching and combining multiple exploits I finally got this to a stable solution where browsing can be done in quite an acceptable way. The write actions don't have these performance issues, because it is not a real problem when copying a file will take a few seconds more or less. I already started on implementing this. This release also has a few minor fixes to the Registry editor, but no new functionality. I also did a lot of testing on the certificate stores. I got full read / write access to all the stores, but none of that is implemented in the WP7 Root Tools yet. That will be next.
Update 2011/06/24: RELEASE "WP Root Tools 0.5 alpha"
In this version I implemented the basic file-operations and a certificate installer.
You might wonder why I created a certificate installer, because it is already possible to add certificates. When you email a certificate to yourself and tap that attachment, WP7 will install it. But if you install like this, the certificate will always be installed in the "Root" certificate store. With my certificate installer you can also install in "CA", "My" and "Code Integrity" stores. This may be very useful for hacking attempts. You can install a certificate by browsing to the ".cer" file and tap it. The possibilities for getting a certificate file on your phone will follow below. If you start installing certificates on your phone you should consider making backups in advance. I once experienced Zune going totally bezerk after installing certs. Zune took 100% and lost connection with the phone all the time. Everything was back to normal when I deleted the certs. In this version there is no view on the certificate stores available yet. In a future version you will be able to view the contents of all the certificate store and also uninstall certificates from there.
I specifically mentioned that this version has basic file-operations, because not everything is implemented. This is what you can do:
- Cut / Copy / Paste / Delete / Rename single files
- Delete empty folders
- Create new folders
This is what you can't do (will be possible in later versions):
- Cut / Copy / Paste multiple files or entire folders
- Delete folders with content
- Rename folders
Last, but not least: I fixed some performance issues. Mainly memory-leaks in native code and in COM interop. I'm not sure if I got all leaks now, because it's not easy to do native C++ without debugger and profiler. But improvement is clearly noticeable.
This version does not have a connection with the PC. So it is not possible to use WP7 Root Tools to transfer files between the phone and the PC. You can however, use other tools to get files onto your phone and then use WP7 Root Tools to move the files to the desired location. WP7 Root Tools has write access on every folder of your phone.
How to transfer files to your phone:
- Mail the file to yourself. Use your phone to go to your mailbox (not webmail). The attachment will be downloaded in the background. Then use WP7 Root Tools to navigate to \Application Data\Volatile\EmailAttachments\Attachments(number). You have to look which attachment is the one you want. The filename may be changed. The extension is the same.
- Install Davux' webserver on your phone. Configure a password in that webserver. The IP of the phone is visible in the webserver app. Browse to the phone like this: http://192.168.1.2/IsolatedStorage using the IP of the phone. Upload a file to the phone. Open WP7 Root Tools 0.5 alpha. Navigate to this folder: \Applications\Data\9BFACECD-C655-4E5B-B024-1E6C2A7456AC\Data\IsolatedStore\. There's your file. You can copy it to another location if you want.
- Use the Zune storage hack, described here and here. If you copied the files to your phone in this way, they will be located at \My Documents\Zune\Content in one of the subfolders. Again, the files here are renamed. You have to find the file you want and then rename it.
Have fun!
Some screenshots:
20WP7 Root Tools coming to MANGO!!
Hi all!
I just figured out how to run native DLL's in a Silverlight App on MANGO. This is a major breakthrough! This means that I will be able to port all code and exploits that I got so far to Mango.
A little while ago I announced that the next version of WP7 Root Tools would have support for HTC and LG too (Samsung was supported from the beginning). I found all the necessary exploits for that and I was busy putting the puzzle together. But on the side, I've also been working on Mango. And it started to frustrate me more and more, that native homebrew code was not possible on Mango, because everyone is migrating to Mango and our tools would become unusable. Unacceptable!!
These are the pieces of the puzzle I got now:
- Support for Mango (running native DLL's)
- Full Root Access to all resources and API's with possibility to enable/disable per app (also bringing huge performance improvements)
- Support for HTC and LG
- Building an SDK for other developers
I have to be a little bit reticent! I am making these announcements because I've done a lot of research in finding all the pieces of the puzzle. And in theory they will all fit together. But I have to do more work to make a complete tool of it all. I can only be real sure that everything works, when I got it all finished.
Having said that, I will start with piece number 1 by releasing a version for Mango asap. It will be exactly the same as the previous version, but now also supporting Mango. I know I promised HTC and LG support in the next version, but releasing a version for Mango is easier for me now, so that will come first. Sorry to HTC and LG users. Just a little more patience please.
Shortly after, I will release a version with pieces 2 and 3. HTC, LG and Full Root Access per app.
And shortly after that, I will release piece number 4; the SDK.
Ciao,
Heathcliff748New release: version 0.2 alpha
Hi, I'm back!
I got a new release of the WP7 Root Tools. Consider this an "interim build". It's version 0.2 alpha. Most changes are under the hood. I did a lot of refactoring for performance improvements and paving the way for the file-explorer. This version does not include the file-explorer just yet. That will be the next release. Fixes in the new 0.2 alpha version:
- Compatible with light theme.
- Navigate out of the app with back-button.
- Due to refactoring and better use of the exploit I gained a lot of performance. It is very fast compared to the previous version. Should also reduce battery drain significantly.
If you like this, hit the "Thanks" and/or "Donate to me" button.
Ciao,
Heathcliff74
Edit: attachment of version 0.2 alpha removed. Newer version is now in the opening post.7Full Root Access
Hi hackers!
I have not posted much lately. But that doesn't mean that I haven't been hacking
First a little info on the Windows Phone 7 security mechanisms. WP7 RTM has the Developer lock and the policy engine. The developer lock was broken by ChevronWP7 and the policy engine was partly broken by the exploits I created for WP7 Root Tools. NoDo got improved developer locking, but other than that it was unchanged. In Mango there is a third security mechanism: No native code is allowed for unsigned apps.
Today I had a little breakthrough. I have now Root Access on my Samsung Omnia7 with NoDo. You might think that I already had root access, because the WP7 Root Tools work really well. That's true, but I did not have Full root access yet. The main exploit I used was a very complicated work-around. And it was extremely slow. I had to use all kinds of multi-threading tricks to make WP7 Root Tools usable, performance wise. If you would use the native API's that are meant for Filesystem access and Registry access, the system is much faster. But we are not allowed to use those API's. They will usually return error 0x000004ec, which means "Blocked by policy". Also, the native API's provide much more functionality than the exploits I used. Having access to all the native API's also provides new perspectives for future development.
So I started working on the policy engine. See this thread for more info. I got some help from fiinix there. Later on I was contacted by YukiXDA, who was working on a custom ROM for HTC HD2 with Root Access. We combined our knowledge so I could work on a version of WP7 Root Tools that would work on his HD2 ROM. I've been working on that for the last couple of weeks and I'm making good progress now. In the mean time I continued research on the policy engine with a different approach than YukiXDA is using. And now I have found a way to apply root access to selected apps. This was important to me. I didn't want to break down the security of WP7 all together, because that would mean we're back to WM6 with security. And one rogue app could mess up your device or leak all private info to the web. So I wanted to let the user decide which apps he trusts to give root access and which apps should retain in their sandbox. And that's what I got working now! The security mechanism that Microsoft has implemented for WP7 is actually really cool, but I think they should have made it possible for users to select apps that can break out of the sandbox and apply tweaks to the system. We hackers and tweakers are smart enough to decide that.
To get this working I'm installing some prerequisites. And for that I'm still using Samsung specific exploits at the moment. But I'm quite sure I can get that working for HTC's and LG's too. But that needs a bit more research.
So with Chevron WP7 Labs and this new Root Access we finally have full control over our NoDo devices. But for now, we still can't run native code on Mango yet. But I have a couple of attack-vectors, that I want to try for that. I have good faith that I can defeat that. But before I start working on Mango, I first want to finish the next version of WP7 Root Tools, which will work faster and will also work in HTC HD2 and possibly other devices.
I have had so many requests from people who asked me to share source code of the exploits, that I have decided to create a WP7 Root Tools SDK. This will be released after the next version of WP7 Root Tools. The SDK will contain libraries that allow other apps to get full access to the registry and filesystem. By then everybody can start working on cool backup-apps and tweak-apps, etc.
Will keep you posted on progress of the new version and SDK.
Ciao,
Heathcliff745Hi,
I did more testing. I got WP7 Root Tools running now on my Samsung Omnia 7 with Mango RTM. Wonderful! I have to finish up some things and I think I'll be able to release version 0.6 tomorrow.
Nope, I have my own Full Root Access And you don't even need to flash anything! Cotulla also has exploits to run native executables. This will not be possible with my WP7 Root Tools. Though I'm pretty sure that I have the exploits to do that now too. I just haven't tested it yet. I may try this later on.
A) Will work with shipped Mango!
B) It will probably work on (almost) any dll, but the chance is that it need to be recompiled. I will post guides on how to do it. I can't guarantee things, because I know for a fact that Microsoft has removed some API's in Mango that were present on NoDo. But as fas as I can see, all the good stuff is still there
C) Let me explain. First WP7 Root Tools needs to get Full Root Access. Then WP7 Root Tools will be able to provide Full Root Access for other apps. These apps don't need any device-specific DLL's at all. Once your app is provided with Full Root Access, you can use any native or managed API you want. For native DLL's you will need to follow the guide I will write later on. You can also use the SDK I will create later, but that is just to make it easier. Using the SDK is mandatory. BUT... For WP7 Root Tools to get Full Root Access I still need device-specific exploits. As of now I have the necessary exploits for Samsung, HTC and LG. So your app will only work on these devices. Because the users will need to install WP7 Root Tools to give your app Full Root Access.
D) I will share my technique in the form of the WP7 Root Tools and the SDK. The real magic underneath will be my trade-secret.
Wow! I've been following this thread since the first release and it's just wonderful to see how fast things go on Heathcliff74, in my opinion you're one of the best programmers i've ever seen! This would be the first common registry editor.. (by 'common' i mean: working on all devices )
This will make things much easier.. can't wait for it to be released!
Thanks for the compliment. It will be almost common. As I explain in the my response to GoodDayToDie there is still some need of device-specific exploits. And I have these exploits for Samsung, HTC and LG now. Later on I may try to find exploits for Dell, Asus, etc.
Ciao,
Heathcliff74